CN114070549B - Key generation method, device, equipment and storage medium - Google Patents
Key generation method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114070549B CN114070549B CN202010760561.7A CN202010760561A CN114070549B CN 114070549 B CN114070549 B CN 114070549B CN 202010760561 A CN202010760561 A CN 202010760561A CN 114070549 B CN114070549 B CN 114070549B
- Authority
- CN
- China
- Prior art keywords
- terminal
- communication
- key
- value
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 93
- 238000004891 communication Methods 0.000 claims abstract description 303
- 230000003993 interaction Effects 0.000 claims abstract description 22
- 238000012795 verification Methods 0.000 claims description 78
- 230000006870 function Effects 0.000 claims description 28
- 239000013598 vector Substances 0.000 claims description 20
- 238000004364 calculation method Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 description 15
- 230000005540 biological transmission Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- JDFUJAMTCCQARF-UHFFFAOYSA-N tatb Chemical compound NC1=C([N+]([O-])=O)C(N)=C([N+]([O-])=O)C(N)=C1[N+]([O-])=O JDFUJAMTCCQARF-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a key generation method, a device, equipment and a storage medium, which relate to the technical field of information security and are used for improving the security of information. The method comprises the following steps: generating a shared secret key between a communication home terminal and a communication opposite terminal; and generating a session key of the communication home terminal according to the shared key and random information corresponding to the current data encryption interaction of the communication opposite terminal. The embodiment of the invention can improve the information security.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for generating a key.
Background
At present, modes of data protection by using encryption and decryption technology can be divided into two major types of symmetric encryption and asymmetric encryption technology. The symmetric encryption technology has the advantages that only one common key is used by both sides during encryption and decryption, the operation capability is high, the resource cost is low, and the disadvantage is that all transmitted data encryption and decryption can be cracked once the key is stolen. Asymmetric encryption techniques have the advantage of using cryptographic techniques to generate two keys, a so-called Public Key (Public Key) and a private Key (PRIVATE KEY). When the sender transmits data, the sender encrypts the data with the public key disclosed by the receiver. When the encrypted data is transmitted to the receiving end, the receiving end decrypts the encrypted data by using the private key of the receiving end. This approach, while safer than symmetric encryption, may still suffer from theft of keys due to improper key management by the generating recipient or sender. Therefore, the development of hybrid public-cryptography systems, which combines the advantages of symmetric and asymmetric encryption techniques, is a major direction in the cryptography field.
Existing hybrid public-key cryptosystems include knapsack public-key cryptosystems, elliptic curve cryptosystems (Elliptic Curve Cryptosystem, ECC), and the like. But the security of these systems does not meet the requirement of high security for the user. Therefore, a key generation method needs to be proposed to improve the security of information.
Disclosure of Invention
The embodiment of the invention provides a key generation method, a device, equipment and a storage medium, which are used for improving the security of information.
In a first aspect, an embodiment of the present invention provides a key generating method, including:
Generating a shared secret key between a communication home terminal and a communication opposite terminal;
and generating a session key of the communication home terminal according to the shared key and random information corresponding to the current data encryption interaction of the communication opposite terminal.
In a second aspect, an embodiment of the present invention provides a key generating apparatus, including:
the first generation module is used for generating a shared secret key between the communication home terminal and the communication opposite terminal;
And the second generation module is used for generating a session key of the communication home terminal according to the shared key and random information corresponding to the current data encryption interaction of the communication opposite terminal.
In a third aspect, an embodiment of the present invention further provides an electronic device, including: a memory, a processor and a program stored on the memory and executable on the processor, the processor implementing the steps in the method as described in the first aspect above when the program is executed.
In a fourth aspect, embodiments of the present invention also provide a readable storage medium having stored thereon a program which, when executed by a processor, implements the steps of the method as described in the first aspect above.
In the embodiment of the invention, a shared secret key between a communication home terminal and a communication opposite terminal is generated, and a session secret key of the communication home terminal is generated according to the shared secret key and random information corresponding to the data encryption interaction of the communication opposite terminal. Because the session key is obtained according to the shared key between the communication home terminal and the communication opposite terminal and the random information corresponding to the data encryption interaction of the communication opposite terminal, the session key obtained by the embodiment of the invention has higher security, thereby improving the security during information transmission.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
FIG. 1 is a flow chart of a key generation method provided by an embodiment of the present invention;
FIG. 2 is a schematic diagram of interaction between a client and an authentication center according to an embodiment of the present invention;
FIG. 3 is one of the interaction diagrams of the client A and the client B according to the embodiment of the present invention;
FIG. 4 is a second schematic diagram of interaction between a client A and a client B according to an embodiment of the present invention;
fig. 5 is a block diagram of a key generation apparatus according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 1 is a flowchart of a key generation method provided in an embodiment of the present invention, as shown in fig. 1, including the following steps:
step 101, a shared secret key between a communication local end and a communication opposite end is generated.
The communication home terminal and the communication opposite terminal refer to two communication parties. In the embodiment of the invention, the meaning of communication refers to that both parties perform data encryption interaction, including encryption interaction of information, encryption interaction of files and the like.
For example, the communication home terminal may refer to an encryption terminal, and the communication peer terminal may refer to a decryption terminal. Vice versa.
Specifically, in this step, a shared key of the communication home terminal is generated according to the private key of the communication home terminal and the obtained public key of the communication opposite terminal.
The shared secret key of the communication home terminal is calculated by the following formula:
K=sK2×S1
Wherein K represents the shared key of the communication home terminal, sK 2 represents the private key of the communication opposite terminal, and S 1 represents the public key of the communication home terminal.
Before step 101, to further improve the security of the generated key, the method may further include:
And verifying the communication opposite terminal according to the acquired knapsack value of the communication opposite terminal, the public key of the authentication center and the verification public key of the communication opposite terminal. And if the verification of the communication opposite terminal is passed, generating a shared secret key between the communication local terminal and the communication opposite terminal.
Specifically, in the verification process, a verification key of the communication local terminal is generated according to the knapsack value of the communication opposite terminal, the public key of the authentication center and the verification public key of the communication opposite terminal. And then, comparing the verification key of the communication local terminal with the public key of the communication opposite terminal. And if the verification key of the communication home terminal is consistent with the public key of the communication opposite terminal, the verification of the communication opposite terminal is passed.
If the communication home terminal is an encryption terminal, the communication opposite terminal is a decryption terminal, and the verification key of the encryption terminal is generated according to the following formula:
Wherein S' represents the authentication key of the encryption side, PK B represents the authentication public key of the decryption side, Representing a knapsack value of the decryption end, wherein PK CA represents a public key of an authentication center; g represents an elliptic curve base point; q ax 1 represents the abscissa of the verification public key of the decryption end, and h () represents the hash function;
if the communication home terminal is a decryption terminal, the communication opposite terminal is an encryption terminal, and the verification key of the decryption terminal is generated according to the following formula:
Wherein S' represents the authentication key of the decryption side, PK A represents the authentication public key of the encryption side, Representing a knapsack value of the encryption end, wherein PK CA represents a public key of an authentication center; g represents an elliptic curve base point; q ax denotes the abscissa of the verification public key of the encryption side, and h () denotes the hash function.
Step 102, generating a session key of the communication home terminal according to the shared key and random information corresponding to the current data encryption interaction of the communication opposite terminal.
1. The communication home terminal is an encryption terminal, the communication opposite terminal is a decryption terminal, and the shared key is the shared key of the encryption terminal:
The random information includes a first random number of the encryption end. In this step, a session key of the encryption end is generated according to the first random number of the encryption end and the shared key of the encryption end. According to the scheme, the random number is utilized for generating the session key of the encryption end, so that the safety of information transmission can be further improved by utilizing the scheme of the embodiment of the invention.
The encryption terminal obtains a first random number of the encryption terminal according to the intermediate random number of the decryption terminal, the time stamp random number of the encryption terminal, the shared secret key of the encryption terminal, the time stamp random number of the decryption terminal and a base point corresponding to the time stamp random number of the decryption terminal.
Specifically, the first random number is obtained in the following manner:
WA=tATB
TB=RB-KAB
RB=KAB+TB
TB=tBP′
Wherein W A represents a first random number, t A represents a time stamp random number of the encryption end, t B represents a time stamp random number of the decryption end, P' represents a base point corresponding to the time stamp random number of the decryption end, K AB represents a shared key of the encryption end, and R B represents an intermediate random number of the decryption end.
To improve security, in an embodiment of the present invention, before step 102, the method further includes:
The encryption end verifies whether a first hash operation value is matched with a second hash operation value (if yes, the first hash operation value is equal to the second hash operation value), wherein the first hash operation value is transmitted to the encryption end after being calculated by the decryption end; the second hash operation value is obtained by self-calculation of the encryption end. And if the first hash operation value is matched with the second hash operation value, generating a session key of the encryption end.
And after the first random number is obtained, obtaining the second hash operation value according to the first random number of the encryption end, the knapsack value of the encryption end and the knapsack value of the decryption end. For example, the first random number of the encryption end, the knapsack value of the encryption end and the knapsack value of the decryption end may be hashed to obtain the second hash operation value.
Wherein the second hash value may be calculated as follows:
wherein Auth (2) represents the second hash value, For the backpack value at the encrypted end,The value of the back packet at the decryption end is represented by W A, the first random number, and h () the hash function.
In order to facilitate the decryption end to verify the encryption end, before the encryption end verifies whether the first hash operation value and the second hash operation value match, the method may further include: and obtaining an intermediate random number of the encryption end according to the time stamp random number of the encryption end, a base point corresponding to the time stamp random number of the encryption end and the shared key of the encryption end, and then sending the intermediate random number to the decryption end, wherein the intermediate random number is used for calculating the first hash operation value by the decryption end.
Wherein the intermediate random number may be calculated as follows:
TA=tA P
RA=KAB+TA
Wherein R A represents an intermediate random number, K AB represents a first shared key, t A represents a time stamp random number of the encryption end, and P represents a base point corresponding to the time stamp random number of the encryption end.
Optionally, after generating the session key of the encrypted terminal, the method may further include: and generating a third hash operation value according to the knapsack value of the encryption end, the knapsack value of the decryption end and the session key of the encryption end, and sending the third hash operation value to the decryption end. For example, hash operations may be performed on the knapsack value of the encryption end, the knapsack value of the decryption end, and the session key of the encryption end, to obtain the third hash operation value.
Wherein the third hash operation value may be calculated as follows:
GAB=WA+KAB
Wherein Auth (3) represents a third hash value, For the backpack value at the encrypted end,Representing the back-packet value at the decryption end, G AB representing the first session key, h () representing the hash function, K AB representing the first shared key at the encryption end, and W A representing the first random number.
2. The communication home terminal is a decryption terminal, the communication opposite terminal is an encryption terminal, and the shared key is the shared key of the decryption terminal:
Wherein the random information includes a second random number of the decryption end. In the process of generating the session key of the decryption end, the decryption end generates the session key of the decryption end according to the second random number of the decryption end and the shared key of the decryption end. In this way, the generation of the session key at the decryption end uses the random number, so the scheme of the embodiment of the invention can further improve the security of the transmission information.
The decryption end obtains a second random number of the decryption end according to the intermediate random number of the encryption end, the timestamp random number of the decryption end, the shared secret key of the decryption end, the timestamp random number of the encryption end and a base point corresponding to the timestamp random number of the encryption end, and then obtains the fourth hash operation value according to the second random number of the decryption end, the knapsack value of the encryption end and the knapsack value of the decryption end. For example, the second random number at the decryption end, the knapsack value according to the encryption end, and the knapsack value at the decryption end may be hashed to obtain the fourth hash operation value.
Specifically, the second random number is obtained as follows:
RA=KAB+TA
TA=tA P
Wherein, W B represents a second random number, t B represents a timestamp random number of the decryption end, t A represents a timestamp random number of the encryption end, P represents a base point corresponding to the timestamp random number of the encryption end, K AB' represents a shared key of the decryption end, K AB represents a shared key of the encryption end, and R A represents an intermediate random number of the encryption end.
Wherein the fourth hash operation value may be calculated as follows:
wherein Auth (4) represents a fourth hash value, For the backpack value at the encrypted end,The value of the back packet at the decryption end is represented by W B, the second random number, and h () the hash function.
In order to further improve the security, the encryption and decryption end can also perform mutual authentication before generating the session key of the decryption end. Specifically, the decryption end verifies whether a third hash operation value is matched with a fourth hash operation value, wherein the third hash operation value is transmitted to the decryption end after being calculated by the encryption end; the fourth hash operation value is obtained by self-calculation of the decryption end. And if the third hash operation value is matched with the fourth hash operation value, generating a session key of a decryption end for encrypting the data.
In order to facilitate the decryption end to verify the encryption, before verifying whether the third hash operation value and the fourth hash operation value match, the method further comprises: the decryption end obtains an intermediate random number of the decryption end according to the time stamp random number of the decryption end, a base point corresponding to the time stamp random number of the decryption end and the shared key of the decryption end, and sends the intermediate random number to the encryption end, wherein the intermediate random number is used for calculating a second hash operation value by the decryption end.
Wherein the intermediate random number may be calculated as follows:
TB=tBP′
RB=KAB′+TB
Wherein R B represents an intermediate random number, K AB 'represents a shared key of a decryption terminal, t B represents a time stamp random number of the decryption terminal, and P' represents a base point corresponding to the time stamp random number of the decryption terminal.
In addition, in order to facilitate the encryption end to verify the decryption end, the decryption end may further obtain a first hash operation value according to the intermediate random number of the encryption end, the session key of the decryption end, the shared key of the decryption end, the timestamp random number of the encryption end, a base point corresponding to the timestamp random number of the encryption end, the knapsack value of the encryption end, and the knapsack value of the decryption end, and send the first hash operation value to the encryption end.
Wherein the first hash operation value may be calculated as follows:
GAB′=WB+KAB′
wherein Auth (1) represents a first hash value, For the backpack value at the encrypted end,The back packet value of the decryption end is represented, G AB 'represents the session key of the decryption end, K AB' represents the shared key of the decryption end, W B represents the second random number, and h () represents the hash function.
In the embodiment of the invention, a shared secret key between a communication home terminal and a communication opposite terminal is generated, and a session secret key of the communication home terminal is generated according to the shared secret key and random information corresponding to the data encryption interaction of the communication opposite terminal. Because the session key is obtained according to the shared key between the communication home terminal and the communication opposite terminal and the random information corresponding to the data encryption interaction of the communication opposite terminal, the session key obtained by the embodiment of the invention has higher security, thereby improving the security during information transmission.
In addition, before executing the embodiment of the invention, the communication home terminal can also perform authentication, registration and the like with the authentication center.
Specifically, the communication home terminal obtains a knapsack public key vector of the authentication center and an authentication center public key from the authentication center. And obtaining the knapsack value of the communication home terminal by using the knapsack public key vector of the authentication center, the identity information of the communication home terminal and the device identifier of the communication home terminal. The identity information may include a name, an identification card number, a telephone number, etc. And then, generating a signature file of the communication home terminal by using the knapsack value of the communication home terminal. And finally, sending the knapsack value of the communication local terminal and the signature file to the authentication center.
In practical application, the communication home terminal may obtain the knapsack value of the communication home terminal by using the knapsack public key vector of the authentication center, the identity information of the communication home terminal and the device identifier of the communication home terminal according to the following formula, including:
CID=a1m1+a2m2+…+anmn
wherein C ID represents the knapsack value of the communication home terminal, For the knapsack public key vector of the authentication center, ID represents the identity information of the communication home terminal, id= { id||uid }, ID represents the identity authentication information of the communication home terminal, UID represents the device identifier of the communication home terminal, and (ID) 2=m1,m2…mn,mi∈{0,1},(ID)2 is in a binary n-carry form of the identity information ID.
Specifically, the generating the signature file of the communication home terminal by using the knapsack value of the communication home terminal through the following formula includes:
V=h(ja||CID)·G
Wherein V represents a signature file of the communication home terminal, j a represents a random number, C ID represents a knapsack value of the communication home terminal, G represents an elliptic curve base point, and h () represents a hash function.
In the embodiment of the invention, in order to further improve the security, the communication home terminal may further obtain the verification public key of the communication home terminal and the signature of the communication home terminal from the authentication center. And then, generating a private key of the communication home terminal according to the signature of the communication home terminal and the knapsack value of the communication home terminal. And then, verifying the verification public key of the communication home terminal by using the private key of the communication home terminal.
Specifically, the generating the private key of the communication home terminal by using the signature of the communication home terminal and the knapsack value of the communication home terminal through the following formula comprises:
SK=[W+h(ja||CID)]
Wherein SK represents a private key of the communication home terminal, W represents a signature of the communication home terminal, j a represents a random number, C ID represents a knapsack value of the communication home terminal, and h () represents a hash function.
In the process of verifying the public key of the authentication center, the authentication is performed in the following manner:
(1) Obtaining a first value by using a private key of the communication home terminal and an elliptic curve base point obtained from the authentication center;
Wherein the first value is obtained by the following formula:
Sp=SK·G
Wherein S p represents the first value, SK represents the private key of the communication home terminal, and G represents the elliptic curve base point.
(2) And obtaining a second value by using the verification public key of the communication home terminal, the knapsack value of the communication home terminal, the ordinate of the verification public key of the communication home terminal and the public key of the authentication center.
Wherein the second value is obtained by the following formula:
Sq=PK+h(CID)·G+(qay+h(CID))·PKCA
wherein Sq represents the second value, PK represents the verification public key of the communication home terminal, G represents the elliptic curve base point, q ay represents the ordinate of the authentication public key of the communication home terminal, C ID represents the knapsack value of the communication home terminal, h () represents a hash function, and PK CA represents the public key of the authentication center.
(3) And matching the first value with the second value.
(4) And if the first value is equal to the second value, the verification public key of the communication home terminal passes the verification.
In the embodiment of the invention, a shared secret key between a communication home terminal and a communication opposite terminal is generated, and a session secret key of the communication home terminal is generated according to the shared secret key and random information corresponding to the data encryption interaction of the communication opposite terminal. Because the session key is obtained according to the shared key between the communication home terminal and the communication opposite terminal and the random information corresponding to the data encryption interaction of the communication opposite terminal, the session key obtained by the embodiment of the invention has higher security, thereby improving the security during information transmission.
Based on the embodiment shown in fig. 1, the method of the embodiment of the present invention may further include:
And generating a block key of the communication local terminal by using the session key of the communication local terminal. Specifically, the block key of the communication home terminal may be generated using the following formula:
K=H(GAB)
where K represents a block key of the communication home terminal, G AB represents a session key of the communication home terminal, and H () represents a hash function.
Based on the embodiment shown in fig. 1, the method of the embodiment of the present invention may further include: and generating a streaming key of the communication home terminal by using the session key of the communication home terminal.
Specifically, the session key of the communication home terminal is generated into a streaming key seed through a linear feedback shift register, and then the streaming key seed and a self-selected random function are operated to obtain an operation result. And then, generating the streaming key of the communication local terminal through the operation result by using a linear feedback shift register.
The foregoing aspects of embodiments of the present invention are described in detail below with reference to specific embodiments.
The foregoing aspects of embodiments of the present invention are described in detail below with reference to specific embodiments. It is assumed that the client a and the client B perform data interaction, where both the client a and the client B may be used as encryption ends, and the other end is a decryption end. If the identities of client a and client B are interchanged, the implementation principle is the same.
1. Registration and verification process between client and authentication center
The authentication center selects a large prime number q with the length of more than 224bits, selects a safe elliptic curve E (F q) on a finite field F q, and selects a base point G with the first order number (order) of n on E (F q) so that n.G=o. Wherein o is the infinity point of the elliptic curve system selected in the embodiment of the invention. In addition, a one-way collision-free hash function h (). Wherein the public key of the authentication center is PK cA, and parameters are disclosed to the client: e (F q)、G、n、PKcA, h ().
Specifically, the authentication center selects a random parameter SK CA∈zq, and sets SK CA as the authentication center private key, and z q represents the integer set. The authentication center calculates an authentication center public key according to the following formula (1).
PKcA=SKCA·G (1)
The authentication center randomly selects any super-increment knapsack vectorArbitrarily selecting two backpack vectorsWherein u i,vi is a positive integer and satisfies b i=ui+vi, i=1, …, n.
The authentication center optionally has two integers M 1 and M 2, which satisfy the followingGCD (M 1,M2) =1 is satisfied. The authentication center calculates the vector by using the Chinese remainder theorem Where a i=ui(mod M1),ai=vi(mod M2), i=1, …, n.
Then, the authentication center sends the knapsack public key vector to the clientAnd sets M 1 and M 2 as private keys of the authentication center. The authentication center itself sets a random identifier UID M.
Access control is the first concern of data security, and if the stored material is easily accessible without any authentication, the data is exposed to high risk environments. Therefore, a security mechanism to enhance the registration and authentication phase is necessary. In the authentication and registration process, in conjunction with fig. 2, the process may specifically include:
Firstly, the client and the authentication center are provided with a random knapsack module and a safe elliptic curve module (built-in identification) which are selected to meet the conditions. When the client A registers with the authentication center, the client A obtains the public key of the authentication center and the knapsack public key vector of the client A from the authentication center, encrypts the identity information idA and the device identifier UID A by the knapsack public key vector, and calculates to obtain a knapsack value And generating a signature file, encrypting the signature file by using the public key of the authentication center, and transmitting the signature file to the authentication center.
The identity information may include, for example, a name, an identification number, a phone, a client name, etc. The obtained identity information ID A is: ID A={idA||UIDA }.
Next, client a converts the share information ID A into binary n-carry form:
(IDA)2=m1,m2…mn,mi∈{0,1}
client a will then (ID A)2=m1,m2…mn with knapsack public key vector Encrypting to obtain knapsack value of client A
The authentication center receives the encryptionThereafter, an ID A is calculated and an associated parameter registration is established.
Let b=c p+cq, from b and the super increment knapsack vectorThe authentication center may recover that the identity ID A,m1 is the most significant bit of the binary representation and m n is the least significant bit of the binary representation.
On the client A side, client A uses knapsack valuesAnd a randomly selected parameter j a, generating a signature file V A by a one-way collision-free hash function h (). Thereafter, it will generateAnd sending the result to an authentication center, wherein the calculation mode of V A is as shown in formula (2).
The authentication center calculates the verification public key Pk A and signature w A of the client a by using a random parameter k CA in the following manner:
Where (q ax,qay) represents the coordinates of the authentication public key of client a.
The authentication center then sends PK A,WA to client a.
After receiving the information, the client a calculates the private key of the client a, specifically as formula (3):
in order to verify the verification public key of the encrypted terminal, the client a performs the following processing:
s p is calculated, wherein S p=SKA.G (4).
And then calculating SK A.G by using the following formula (5):
and (3) comparing the values of the formula (4) and the formula (5), and if the values are consistent, finishing registration and verification with the verification center through the verification of the verification public key of the encryption end.
The client A calculates the private key and verifies the validity of the public key, and completes registration and verification operation. All clients can complete the registration and verification procedure with the authentication center according to the process, and after obtaining the self (W m,PKm), the self authentication of the two parties can be directly completed in the subsequent communication stage under the condition of not depending on the authentication center.
Assume that encrypted information needs to be transferred between client a and client B. After registration and verification with the authentication center are completed as described above, the communication procedure between the client a and the client B is as follows.
1. Computing a common key
1. Mutual authentication of client a and client B.
With reference to FIG. 3, client A utilizes knapsack valuesThe client B performs authentication by using its own knapsack value as in the case of the client BAnd the client A performs authentication. Specifically, client A willSend to client B, client B willAnd sending the message to the client A.
Taking the client B as an example, the client B calculates according to the following formula (6)Thereafter, determineWhether or not it is. If so, the verification of the client A is passed.
(Q ax,qay) coordinates of a verification public key of the client A, PK CA represents a public key of an authentication center, G represents an elliptic curve base point, PK A represents a verification public key of the client A,Representing the knapsack value of client a, S A represents the public key of client a.
Similarly, client A may also calculate according to equation (7)And verifyWhether or not it is. If so, the verification of the client B is passed.
(Q ax 1,qay 1) coordinates of a verification public key of the client B, PK CA represents a public key of an authentication center, G represents an elliptic curve base point, PK B represents a verification public key of the client B,Representing the knapsack value of client B, S B represents the public key of client B.
2. Client a and client B each generate a shared key as shown in equation (8):
KAB=sKA×SB,KAB1=sKB×SA (8)
K AB represents the shared key calculated by client a, and K AB1 represents the shared key calculated by client B. Where sK A,sKB represents the private keys of client a and client B, respectively.
2. Computing session keys
After the client a and the client B have the shared key, the two sides can be authenticated by using a "challenge-response" manner, and in combination with fig. 4, the following is specific:
1. The client A randomly selects a time stamp random number, and sends information to the client B after calculation according to formulas (9) and (10).
Client a randomly selects a timestamp random number t A∈ZP(ZP to represent an integer set) and calculates according to formulas (9) and (10):
TA=tA P (10)
RA=KAB+TA (11)
Where P represents a base point corresponding to the timestamp random number of client a.
Thereafter, client A willAnd transmitted to the client B, R A represents the intermediate random number of the client a.
2. After receiving the request, the client B randomly selects a time stamp random number t B, verifies the identity of the client a by using K AB1 and the received R A, and generates a session key and a verification hash value.
When the client B receives the request, a time stamp random number t B∈ZP is randomly selected and calculated according to formulas (12) and (13).
TB=tBP′ (12)
RB=KAB1+TB (13)
Where P' represents a base point corresponding to the timestamp parameter of client B, and R B represents an intermediate random number of client B.
Client B calculates as per (14) with K AB1 and received R A.
If the identity of client a is correct, then, since client B has the correct K AB1, so,That is, ifThen the identity of client a is authenticated.
Next, the client B calculates a second random number W B:
Then, the client B generates the second session key G AB1 and hash values Auth (B) and Auth (a) * for authentication purposes, and calculates the values as shown in formulas (15), (16) and (17):
GAB1=WB+KAB1 (15)
finally, client B sends (C IDA,CIDB,Auth(A)*) to client a.
3. Client a verifies whether the received Auth (a) * is equal to the self-calculated Auth (B) * before generating the session key, wherein Auth (B) * is calculated in the following manner as shown in equations (18) - (20).
W A denotes the first random number of client a.
If not, client a immediately ceases the connection of the communication. If so, the client A calculates the first session key G AB and the hash value Auth (A) as shown in equations (21) and (22), respectively:
GAB=WA+KAB (21)
In addition, client a may also send Auth (a) to client B.
After receiving the request, the client B verifies whether the received Auth (A) is equal to the self-calculated Auth (B), if so, the communication verification procedure is completed.
4. Encryption and decryption of information
After the client A and the client B generate the session keys of the current communication of the two parties, the two parties can form an efficient hybrid data protection mechanism by using the session keys as keys for transmitting data encryption and decryption, and the problems of key management and distribution and identity authentication of a password system can be solved.
Specifically, suppose that client B transmits information M to client a. Firstly, the client B converts the plaintext M into (M) 2, and encrypts the plaintext M by using the knapsack public key vector disclosed by the client A to obtain an information encryption knapsack value C M. The client B encrypts C M by using the session key of the client B and sends the encrypted C M to the client A. After receiving the request, the client A decrypts the request by using its own session key to obtain an information encrypted knapsack value C M, and decrypts the information encrypted knapsack value C M by its own knapsack private key vector to obtain a plaintext M.
As can be seen from the above description, when the clients a and B communicate by using the above method, the clients a and B verify both sides by using the knapsack value, and protect the information data by using the common session key generated by the current communication.
In order to provide a faster, efficient and lightweight encryption scheme, considering that the amount of information required for information protection by the lightweight device is small and the format is fixed, in the embodiment of the present invention, a hybrid public key cryptosystem for protecting data information according to block encryption is also provided.
Since each plaintext block may be encrypted or decrypted using the same key, in the embodiment of the PRESENT invention, after the session key is generated according to the above procedure, the session key is operated by using a hash function according to the following formula (23) to obtain the fixed-length block key K conforming to the PRESENT encryption method:
K=H(GAB1) (23)
When the information needs to be transferred, the information can be encrypted by using the key K. In the decryption process, the decryption end can generate a block key in the same way to decrypt the encrypted information.
Wherein the encryption function may be c=e PREENT (P), and the decryption function may be p=e PPEENT (C).
When the information quantity of the information protection required by the light weight device is not large, the embodiment of the invention takes the PRESENT block encryption as the data information protection, and at the moment, the hardware embedding can be designed and realized, so that the required application resources are smaller, and the operation efficiency is faster.
In order to provide a faster, high-efficiency and light-weight encryption design, consider that the information to be protected by the light-weight device needs to be transmitted in real time and the size of the information is uncertain, or the information to be protected may be real-time video and audio encrypted information, when the information is unstable, the embodiment of the invention uses stream encryption as a data protection hybrid public key cryptosystem.
In order to generate different keys each time the streaming key is online, taking the client B as an example, the embodiment of the present invention uses the session key G AB1 generated in the manner of the above embodiment as a key seed. This converts the key seed to a blocking key at client B, which transfers the session key G AB1 to a Linear Feedback shift register (Linear Feedback SHIFT REGISTER, LFSR) to a streaming key seed S S and uses it as a new seed value. Assuming that the client B needs to encrypt the data information, in order to achieve the security mechanism, the streaming key seed S S is mixed with a random number PI (PI), and after a decimal point is randomly obtained by using a bit function as a starting point, the key length is continuously lengthened and the data information is scrambled, so as to obtain the streaming key. And then, carrying out stream encryption and decryption by using the key, and ensuring that the keys transmitted each time are different. The specific process is as follows:
1. A streaming key seed is generated.
(1) Acquiring conference key G AB1∶GAB1∶GAB1=SB
(2) A feedback polynomial is selected and calculated to obtain an array S S { i }, wherein the selected feedback polynomial is shown in equation (24).
f(x)=1+C1x+C2x2+…CL-1xL-1+CLxl (24)
Wherein, C L =1, L is the number of stages of the feedback polynomial, and the number of feedback coefficients C i (1.ltoreq.i.ltoreq.l-1) which is not 0 is called the term number of the feedback polynomial.
Here, let: l=256, C 17、C47、C197、C215、C219、C256 =1, and the remaining coefficients are all 0, and the expression as (25) can be obtained:
f(x)=1+x17+x47+x197+x215+x219+x256 (25)
through the above procedure, a plurality of S S { i } can be obtained.
Finally, f (x) =s S { i } is obtained and sent to client a.
After f (x) =s S { i } is obtained, a random number PI (PI) is selected because the probability is very high considering that the length of the password is smaller than the information length. The random number is known to be about 5 megabits, approximately infinite non-cyclic decimal. In order to make the length of the encryption and decryption key of the series flow be always larger than the length of the information and avoid that pi is counted from the first bit after the small number is applied each time, the operation standard of each time is different, therefore, a bit taking function pi (i) is used for representing the initial position of the fetch, and the data information is ensured to be scrambled.
Thereafter, the key seed is mixed with the bit function pi (i):
i=0:π(L+i)=π(256)=(5)10=(0101)2
i=0:π(L+i)=π(256)=(5)10=(0101)2
…
i=Len(M)-1:π(L+Len(M)-1)
After performing an XOR operation on S S { i } and pi (Len (M) -1), the stream key K S2 is obtained by LFSR calculation. Specific calculation formulas are as follows (26):
In order to enhance the encryption speed, the embodiment of the invention adopts one-time XOR operation and key encryption. In the stream encryption stage, the encryption mode is as follows (27):
client a may generate a streaming key for client a in the same manner as described above.
The client a receives the ciphertext encrypted data from the client B, and therefore, the embodiment of the invention only uses one-time XOR operation to perform decryption operation, and decrypts the received encrypted data by using the stream key K S1 of the client a. Specifically as shown in formula (28):
By this formula, the data M can be decrypted.
It should be noted that, in the above embodiment, if the identities of the client a and the client B are interchanged, the principle of implementation is the same as that described above.
As can be seen from the above description, the hybrid public key cryptosystem based on multiple difficulties in the embodiments of the present invention enables the random knapsack crypto algorithm to perform public key encryption and decryption computation in elliptic curve environments. Meanwhile, the algorithm of the embodiment of the invention can finish self-authentication, two-party verification and encryption and decryption operations, has few calculation steps and high calculation efficiency, and can meet the requirements of confidentiality, integrity, authentication and non-repudiation.
The embodiment of the invention also provides a key generation device. Referring to fig. 5, fig. 5 is a block diagram of a key generation apparatus according to an embodiment of the present invention. Since the principle of solving the problem of the key generation device is similar to that of the key generation method in the embodiment of the present invention, the implementation of the key generation device can refer to the implementation of the method, and the repetition is omitted.
As shown in fig. 5, the key generation apparatus 500 includes:
A first generating module 501, configured to generate a shared key between a communication home terminal and a communication peer terminal; and the second generating module 502 is configured to generate a session key of the communication home terminal according to the shared key and random information corresponding to the current data encryption interaction of the communication peer terminal.
Optionally, the first generating module 501 is configured to generate a shared key of the communication home terminal according to the private key of the communication home terminal and the obtained public key of the communication peer terminal.
Optionally, the apparatus may further include:
the first verification module is used for verifying the communication opposite terminal according to the acquired knapsack value of the communication opposite terminal, the public key of the authentication center and the verification public key of the communication opposite terminal; the first generating module 501 is configured to generate a shared key between the communication home terminal and the communication peer terminal if the authentication of the communication peer terminal passes.
Optionally, the first verification module may include: the first generation sub-module is used for generating a verification key of the communication local terminal according to the knapsack value of the communication opposite terminal, the public key of the authentication center and the verification public key of the communication opposite terminal; the first comparison sub-module is used for comparing the verification key of the communication local terminal with the public key of the communication opposite terminal; and the first verification sub-module is used for indicating that the verification of the communication opposite terminal passes if the verification key of the communication home terminal is consistent with the public key of the communication opposite terminal.
Wherein the process of generating the authentication key may be as described with reference to the previous embodiments.
And if the communication home terminal is an encryption terminal, the communication opposite terminal is a decryption terminal, and the shared key is the shared key of the encryption terminal. In this case:
The device may further comprise: the second verification module is used for verifying whether the first hash operation value is matched with the second hash operation value or not, wherein the first hash operation value is transmitted to the encryption end after being calculated by the decryption end; the second hash operation value is obtained by self-calculation of the encryption end; the second generation module is configured to generate a session key of the encryption end if the first hash operation value matches with the second hash operation value.
Optionally, the apparatus may further include: the first acquisition module is used for acquiring the intermediate random number of the encryption end according to the time stamp random number of the encryption end, the base point corresponding to the time stamp random number of the encryption end and the shared key of the encryption end; the first sending module is used for sending the intermediate random number to the decryption end, and the intermediate random number is used for calculating the first hash operation value by the decryption end.
Optionally, the random information includes a first random number of the encryption end; the device may further comprise:
The first calculation module is used for obtaining a first random number of the encryption end according to the intermediate random number of the decryption end, the timestamp random number of the encryption end, the shared secret key of the encryption end, the timestamp random number of the decryption end and a base point corresponding to the timestamp random number of the decryption end; and the second calculation module is used for obtaining the second hash operation value according to the first random number of the encryption end, the knapsack value of the encryption end and the knapsack value of the decryption end. The second generation module is configured to generate a session key of the encryption end according to the first random number of the encryption end and the shared key of the encryption end.
Optionally, the apparatus may further include: and the third generation module is used for generating a third hash operation value according to the knapsack value of the communication local terminal, the knapsack value of the communication opposite terminal and the session key, and sending the third hash operation value to the communication opposite terminal.
And if the communication home terminal is a decryption terminal, the communication opposite terminal is an encryption terminal, and the shared secret key is the shared secret key of the decryption terminal. In this case:
Optionally, the apparatus may further include: the third verification module is used for verifying whether a third hash operation value is matched with a fourth hash operation value or not, wherein the third hash operation value is transmitted to the decryption end after being calculated by the encryption end; the fourth hash operation value is obtained by self-calculation of the decryption end. The second generation module is configured to generate a session key of the decryption end if the third hash operation value matches with the fourth hash operation value.
The random information comprises a second random number of the decryption end; the device may further comprise: the second acquisition module is used for obtaining a second random number of the decryption end according to the intermediate random number of the encryption end, the timestamp random number of the decryption end, the shared secret key of the decryption end, the timestamp random number of the encryption end and a base point corresponding to the timestamp random number of the encryption end; and the third acquisition module is used for obtaining the fourth hash operation value according to the second random number of the decryption end, the knapsack value of the encryption end and the knapsack value of the decryption end.
Optionally, the second generating module is configured to generate a session key of the decryption end according to the second random number of the decryption end and the shared key of the decryption end.
Optionally, the apparatus may further include: and the third calculation module is used for obtaining a first hash operation value according to the intermediate random number of the encryption end, the shared key of the decryption end, the session key of the decryption end, the timestamp random number of the encryption end, a base point corresponding to the timestamp random number of the encryption end, the knapsack value of the encryption end and the knapsack value of the decryption end, and sending the first hash operation value to the encryption end.
Optionally, the apparatus may further include: a fourth calculation module, configured to obtain an intermediate random number of the decryption end according to the timestamp random number of the decryption end, a base point corresponding to the timestamp random number of the decryption end, and the shared key of the decryption end; and the fifth calculation module is used for sending the intermediate random number to the encryption end, and the intermediate random number is used for calculating a second hash operation value by the decryption end.
Optionally, the apparatus may further include:
A fourth obtaining module, configured to obtain, from an authentication center, a knapsack public key vector of the authentication center and an authentication center public key; a fifth obtaining module, configured to obtain a knapsack value of the communication home terminal by using a knapsack public key vector of the authentication center, identity information of the communication home terminal, and a device identifier of the communication home terminal; a fourth generation module, configured to generate a signature file of the communication home terminal by using the knapsack value of the communication home terminal; and the first sending module is used for sending the knapsack value of the communication local terminal and the signature file to the authentication center.
Optionally, the apparatus may further include:
A sixth obtaining module, configured to obtain, from the authentication center, a verification public key of the communication home terminal and a signature of the communication home terminal; a fifth generation module, configured to generate a private key of the communication home terminal according to the signature of the communication home terminal and the knapsack value of the communication home terminal; and the fourth verification module is used for verifying the verification public key of the communication home terminal by using the private key of the communication home terminal.
Optionally, the fourth verification module includes:
The first acquisition sub-module is used for obtaining a first value by utilizing the private key of the communication home terminal and the elliptic curve base point acquired from the authentication center; the second obtaining sub-module is used for obtaining a second value by using the verification public key of the communication home terminal, the knapsack value of the communication home terminal, the ordinate of the verification public key of the communication home terminal and the public key of the authentication center; a first matching sub-module, configured to match the first value and the second value; the first verification sub-module is used for indicating that the verification public key of the communication home terminal passes verification if the first value is equal to the second value;
Wherein the first value is obtained by the following formula:
Sp=SK·G
Wherein S p represents the first value, SK represents the private key of the communication home terminal, and G represents the elliptic curve base point;
The second value is obtained by the following formula:
Sq=PK+h(CID)·G+(qay+h(CID))·PKCA
wherein Sq represents the second value, PK represents the verification public key of the communication home terminal, G represents the elliptic curve base point, q ay represents the ordinate of the authentication public key of the communication home terminal, C ID represents the knapsack value of the communication home terminal, h () represents a hash function, and PK CA represents the public key of the authentication center.
Optionally, the apparatus may further include:
and the sixth generation module is used for generating a block key of the communication local terminal by using the session key of the communication local terminal. The specific manner of generating the blocking key may be referred to the description of the method embodiments described above.
Optionally, the apparatus may further include:
and a seventh generation module, configured to generate a streaming key of the communication home terminal by using the session key of the communication home terminal.
Optionally, the seventh generating module includes:
The first generation sub-module is used for generating a streaming key seed from the session key of the communication home terminal through a linear feedback shift register; the first calculation sub-module is used for calculating the streaming-type key seed and the self-selection random function to obtain an operation result; and the second generation submodule is used for generating the streaming key of the communication home terminal through the linear feedback shift register by the operation result.
The device provided by the embodiment of the present invention may execute the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein.
In addition, the embodiment of the invention also provides electronic equipment, which comprises: memory, a processor, and a program stored on the memory and executable on the processor. The processor is configured to read a program in the memory to implement a process of any of the method embodiments described above.
In addition, the embodiment of the present invention further provides a readable storage medium, where a program is stored, where the program, when executed by a processor, implements each process of the foregoing embodiment of the key generation method, and the same technical effects can be achieved, so that repetition is avoided, and no further description is given here. The readable storage medium is, for example, a Read-Only Memory (ROM), a random access Memory (Random Access Memory RAM), a magnetic disk, an optical disk, or the like.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. In light of such understanding, the technical solutions of the present invention may be embodied essentially or in part in the form of a software product stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a cell phone, computer, server, air conditioner, or network device, etc.) to perform the methods described in the various embodiments of the present invention.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and many forms may be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the claims, which are to be protected by the present invention.
Claims (28)
1. A key generation method, comprising:
Generating a shared secret key between a communication home terminal and a communication opposite terminal;
Generating a session key of the communication home terminal according to the shared key and random information corresponding to the current data encryption interaction of the communication opposite terminal;
if the communication home terminal is an encryption terminal, the communication opposite terminal is a decryption terminal, and the random information comprises a first random number of the encryption terminal; the first random number is obtained by:
Obtaining the first random number according to the intermediate random number of the decryption end, the timestamp random number of the encryption end, the shared secret key of the encryption end, the timestamp random number of the decryption end and a base point corresponding to the timestamp random number of the decryption end;
Or alternatively
If the communication home terminal is a decryption terminal, the communication opposite terminal is an encryption terminal, and the random information comprises a second random number of the decryption terminal; the second random number is obtained by:
And obtaining the second random number according to the intermediate random number of the encryption end, the timestamp random number of the decryption end, the shared key of the decryption end, the timestamp random number of the encryption end and the base point corresponding to the timestamp random number of the encryption end.
2. The method of claim 1, wherein generating the shared key between the communication home terminal and the communication peer terminal comprises:
And generating a shared secret key of the communication home terminal according to the private key of the communication home terminal and the acquired public key of the communication opposite terminal.
3. The method of claim 1, wherein prior to said generating the shared key between the communication home terminal and the communication peer terminal, the method further comprises:
Verifying the communication opposite terminal according to the acquired knapsack value of the communication opposite terminal, the public key of the authentication center and the verification public key of the communication opposite terminal;
The generating the shared secret key between the communication local end and the communication opposite end comprises the following steps:
And if the verification of the communication opposite terminal is passed, generating a shared secret key between the communication local terminal and the communication opposite terminal.
4. The method according to claim 3, wherein the authenticating the communication partner based on the acquired knapsack value of the communication partner, the public key of the authentication center, and the authentication public key of the communication partner includes:
Generating a verification key of the communication home terminal according to the knapsack value of the communication opposite terminal, the public key of the authentication center and the verification public key of the communication opposite terminal;
Comparing the verification key of the communication local terminal with the public key of the communication opposite terminal;
and if the verification key of the communication home terminal is consistent with the public key of the communication opposite terminal, the verification of the communication opposite terminal is passed.
5. The method of claim 4, wherein the step of determining the position of the first electrode is performed,
If the communication home terminal is an encryption terminal and the communication opposite terminal is a decryption terminal, generating a verification key of the communication home terminal according to the knapsack value of the communication opposite terminal, the public key of the authentication center and the verification public key of the communication opposite terminal, and calculating according to the following formula:
Where S' represents the authentication key of the encryption side, PK B represents the authentication public key of the decryption side, The back packet value of the decryption end is represented, and PK CA represents the public key of the authentication center; g represents an elliptic curve base point; q ax 1 represents the abscissa of the verification public key of the decryption end, and h () represents the hash function;
If the communication home terminal is a decryption terminal and the communication opposite terminal is an encryption terminal, generating a verification key of the communication home terminal according to the knapsack value of the communication opposite terminal, the public key of the authentication center and the verification public key of the communication opposite terminal, and calculating according to the following formula:
Where S' represents the authentication key of the decryption side, PK A represents the authentication public key of the encryption side, Representing a knapsack value of an encryption end, wherein PK CA represents a public key of an authentication center; g represents an elliptic curve base point; q ax denotes the abscissa of the verification public key of the encryption side, and h () denotes the hash function.
6. The method according to claim 1, wherein if the communication home terminal is an encryption terminal, the communication peer terminal is a decryption terminal, and the shared key is a shared key of the encryption terminal;
Before the session key of the communication home terminal is generated according to the shared key and the random information corresponding to the current data encryption interaction of the communication opposite terminal, the method further comprises:
Verifying whether a first hash operation value is matched with a second hash operation value, wherein the first hash operation value is transmitted to the encryption end after being calculated by the decryption end; the second hash operation value is obtained by self-calculation of the encryption end;
The generating the session key of the communication home terminal comprises the following steps:
And if the first hash operation value is matched with the second hash operation value, generating a session key of the encryption end.
7. The method of claim 6, wherein prior to said verifying whether the first hash value matches the second hash value, the method further comprises:
Obtaining an intermediate random number of the encryption end according to the time stamp random number of the encryption end, a base point corresponding to the time stamp random number of the encryption end and a shared key of the encryption end;
and sending the intermediate random number to the decryption end, wherein the intermediate random number is used for calculating the first hash operation value by the decryption end.
8. The method of claim 6, wherein calculating the second hash value comprises:
And obtaining the second hash operation value according to the first random number of the encryption end, the knapsack value of the encryption end and the knapsack value of the decryption end.
9. The method of claim 8, wherein generating the session key for the encrypted end comprises:
and generating a session key of the encryption end according to the first random number of the encryption end and the shared key of the encryption end.
10. The method of claim 9, wherein after the generating the session key for the encrypted end, the method further comprises:
And generating a third hash operation value according to the knapsack value of the encryption end, the knapsack value of the decryption end and the session key of the encryption end, and sending the third hash operation value to the decryption end.
11. The method according to claim 1, wherein if the communication home terminal is a decryption terminal, the communication peer terminal is an encryption terminal, and the shared key is a shared key of the decryption terminal;
Before generating the session key of the communication home terminal according to the shared key and the random information corresponding to the current data encryption interaction of the communication opposite terminal, the method further comprises:
Verifying whether a third hash operation value is matched with a fourth hash operation value, wherein the third hash operation value is transmitted to the decryption end after being calculated by the encryption end; the fourth hash operation value is obtained by self-calculation of the decryption end;
The generating the session key of the communication home terminal comprises the following steps:
and if the third hash operation value is matched with the fourth hash operation value, generating a session key of the decryption end.
12. The method of claim 11, wherein calculating the fourth hash value comprises:
And obtaining the fourth hash operation value according to the second random number of the decryption end, the knapsack value of the encryption end and the knapsack value of the decryption end.
13. The method of claim 12, wherein generating the session key for the decryption side comprises:
and generating a session key of the decryption terminal according to the second random number of the decryption terminal and the shared key of the decryption terminal.
14. The method of claim 11, wherein prior to said verifying whether the third hash value matches the fourth hash value, the method further comprises:
And obtaining a first hash operation value according to the intermediate random number of the encryption end, the shared key of the decryption end, the session key of the decryption end, the time stamp random number of the encryption end, a base point corresponding to the time stamp random number of the encryption end, the knapsack value of the encryption end and the knapsack value of the decryption end, and sending the first hash operation value to the encryption end.
15. The method of claim 11, wherein prior to said verifying whether the third hash value matches the fourth hash value, the method further comprises:
obtaining an intermediate random number of the decryption terminal according to the time stamp random number of the decryption terminal, a base point corresponding to the time stamp random number of the decryption terminal and the shared key of the decryption terminal;
And sending the intermediate random number to the encryption end, wherein the intermediate random number is used for calculating a second hash operation value by the decryption end.
16. The method of claim 1, wherein prior to said generating the shared key between the communication home terminal and the communication peer terminal, the method further comprises:
Obtaining a knapsack public key vector of the authentication center and an authentication center public key from the authentication center;
obtaining a knapsack value of the communication home terminal by using the knapsack public key vector of the authentication center, the identity information of the communication home terminal and the device identifier of the communication home terminal;
generating a signature file of the communication home terminal by using the knapsack value of the communication home terminal;
and sending the knapsack value of the communication local terminal and the signature file to the authentication center.
17. The method of claim 16, wherein obtaining the knapsack value for the communication home terminal using the knapsack public key vector for the authentication center, the identity information for the communication home terminal, and the device identifier for the communication home terminal according to the following formula comprises:
CID=a1m1+a2m2+…+anmn
wherein C ID represents the knapsack value of the communication home terminal, For the knapsack public key vector of the authentication center, ID represents the identity information of the communication home terminal, id= { id||uid }, ID represents the identity authentication information of the communication home terminal, UID represents the device identifier of the communication home terminal, and (ID) 2=m1,m2…mn,mi∈{0,1},(ID)2 is in a binary n-carry form of the identity information ID.
18. The method of claim 16, wherein generating the signature file of the communication home terminal using the backpack value of the communication home terminal by the following formula comprises:
V=h(ja||CID)·G
Wherein V represents a signature file of the communication home terminal, j a represents a random number, C ID represents a knapsack value of the communication home terminal, G represents an elliptic curve base point, and h () represents a hash function.
19. The method of claim 16, wherein the method further comprises:
Acquiring a verification public key of the communication home terminal and a signature of the communication home terminal from the authentication center;
generating a private key of the communication home terminal according to the signature of the communication home terminal and the knapsack value of the communication home terminal;
and verifying the verification public key of the communication home terminal by using the private key of the communication home terminal.
20. The method of claim 19, wherein generating the private key of the communication home terminal using the signature of the communication home terminal and the backpack value of the communication home terminal by the following formula comprises:
SK=[W+h(ja||CID)]
Wherein SK represents a private key of the communication home terminal, W represents a signature of the communication home terminal, j a represents a random number, C ID represents a knapsack value of the communication home terminal, and h () represents a hash function.
21. The method of claim 19, wherein said verifying the public key of the communication home terminal with the private key of the communication home terminal comprises:
Obtaining a first value by using a private key of the communication home terminal and an elliptic curve base point obtained from the authentication center;
Obtaining a second value by using the verification public key of the communication home terminal, the knapsack value of the communication home terminal, the ordinate of the verification public key of the communication home terminal and the public key of the authentication center;
Matching the first value with the second value;
if the first value is equal to the second value, the verification public key of the communication home terminal passes the verification;
Wherein the first value is obtained by the following formula:
Sp=SK·G
Wherein S p represents the first value, SK represents the private key of the communication home terminal, and G represents the elliptic curve base point;
The second value is obtained by the following formula:
Sq=PK+h(CID)·G+(qay+h(CID))·PKCA
wherein Sq represents the second value, PK represents the verification public key of the communication home terminal, G represents the elliptic curve base point, q ay represents the ordinate of the authentication public key of the communication home terminal, C ID represents the knapsack value of the communication home terminal, h () represents a hash function, and PK CA represents the public key of the authentication center.
22. The method according to claim 1, wherein the method further comprises:
and generating a block key of the communication local terminal by using the session key of the communication local terminal.
23. The method of claim 22, wherein generating the block key of the communication home terminal using the session key of the communication home terminal comprises:
K=H(GAB)
where K represents a block key of the communication home terminal, G AB represents a session key of the communication home terminal, and H () represents a hash function.
24. The method according to claim 1, wherein the method further comprises:
And generating a streaming key of the communication home terminal by using the session key of the communication home terminal.
25. The method of claim 24, wherein the generating the streaming key of the communication home terminal using the session key of the communication home terminal comprises:
generating a streaming type key seed by the session key of the communication home terminal through a linear feedback shift register;
Performing operation on the streaming type key seeds and the random function to obtain an operation result;
And generating the streaming key of the communication local terminal through the operation result by using a linear feedback shift register.
26. A key generation apparatus, comprising:
the first generation module is used for generating a shared secret key between the communication home terminal and the communication opposite terminal;
the second generation module is used for generating a session key of the communication home terminal according to the shared key and random information corresponding to the current data encryption interaction of the communication opposite terminal;
if the communication home terminal is an encryption terminal, the communication opposite terminal is a decryption terminal, and the random information comprises a first random number of the encryption terminal; the first random number is obtained by:
Obtaining the first random number according to the intermediate random number of the decryption end, the timestamp random number of the encryption end, the shared secret key of the encryption end, the timestamp random number of the decryption end and a base point corresponding to the timestamp random number of the decryption end;
Or alternatively
If the communication home terminal is a decryption terminal, the communication opposite terminal is an encryption terminal, and the random information comprises a second random number of the decryption terminal; the second random number is obtained by:
And obtaining the second random number according to the intermediate random number of the encryption end, the timestamp random number of the decryption end, the shared key of the decryption end, the timestamp random number of the encryption end and the base point corresponding to the timestamp random number of the encryption end.
27. An electronic device, comprising: a memory, a processor, and a program stored on the memory and executable on the processor; the processor for reading a program implementation in a memory comprising the steps of the key generation method according to any of claims 1 to 25.
28. A readable storage medium storing a program, wherein the program, when executed by a processor, implements steps comprising the key generation method of any one of claims 1 to 25.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010760561.7A CN114070549B (en) | 2020-07-31 | 2020-07-31 | Key generation method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010760561.7A CN114070549B (en) | 2020-07-31 | 2020-07-31 | Key generation method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114070549A CN114070549A (en) | 2022-02-18 |
| CN114070549B true CN114070549B (en) | 2024-07-19 |
Family
ID=80227726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010760561.7A Active CN114070549B (en) | 2020-07-31 | 2020-07-31 | Key generation method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114070549B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117254913B (en) * | 2023-11-17 | 2024-01-30 | 央视频融媒体发展有限公司 | Interactive data identification method and device |
| CN118174967B (en) * | 2024-05-14 | 2024-08-06 | 中国电信股份有限公司 | Information verification method and related equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109639412A (en) * | 2018-12-05 | 2019-04-16 | 成都卫士通信息产业股份有限公司 | A kind of communication means, system and electronic equipment and storage medium |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6628786B1 (en) * | 1997-09-30 | 2003-09-30 | Sun Microsystems, Inc. | Distributed state random number generator and method for utilizing same |
| KR20040009766A (en) * | 2002-07-25 | 2004-01-31 | 학교법인 성균관대학 | Apparatus and method for transmitting and receiving in encryption system |
| KR20050083566A (en) * | 2002-12-03 | 2005-08-26 | 마츠시타 덴끼 산교 가부시키가이샤 | Key sharing system, shared key creation device, and shared key restoration device |
| KR100989185B1 (en) * | 2008-08-26 | 2010-10-20 | 충남대학교산학협력단 | A password authenticated key exchange method using the RSA |
| CN107437993A (en) * | 2016-05-26 | 2017-12-05 | 中兴通讯股份有限公司 | One kind is based on without the side's authentication key agreement method of certificate two and device |
| KR102125047B1 (en) * | 2018-12-26 | 2020-06-19 | 한전케이디엔 주식회사 | Key Management and Operation Method for Improving Security of Distribution Intelligence System |
| KR102030049B1 (en) * | 2019-04-30 | 2019-10-08 | (주)그린아이티코리아 | Integrated emergency broadcasting system and method supporting lightweight security |
| CN109995530B (en) * | 2019-05-09 | 2022-02-15 | 东南大学 | Safe distributed database interaction system suitable for mobile positioning system |
| CN111314076B (en) * | 2020-03-31 | 2023-04-21 | 四川九强通信科技有限公司 | Certificate-free key negotiation method supporting two-way authentication |
| CN111416715B (en) * | 2020-04-09 | 2022-11-01 | 南京如般量子科技有限公司 | Quantum secret communication identity authentication system and method based on secret sharing |
-
2020
- 2020-07-31 CN CN202010760561.7A patent/CN114070549B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109639412A (en) * | 2018-12-05 | 2019-04-16 | 成都卫士通信息产业股份有限公司 | A kind of communication means, system and electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114070549A (en) | 2022-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107947913B (en) | Anonymous authentication method and system based on identity | |
| US7814320B2 (en) | Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks | |
| CN107659395B (en) | Identity-based distributed authentication method and system in multi-server environment | |
| US20130073850A1 (en) | Hybrid encryption schemes | |
| CN112564907B (en) | Key generation method and device, encryption method and device, and decryption method and device | |
| US11870891B2 (en) | Certificateless public key encryption using pairings | |
| US20240356730A1 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
| CN110011995B (en) | Encryption and decryption method and device in multicast communication | |
| CN110113150B (en) | Encryption method and system based on non-certificate environment and capable of repudiation authentication | |
| CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
| US20200235915A1 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
| CN113098681B (en) | Port order enhanced and updatable blinded key management method in cloud storage | |
| CN114070549B (en) | Key generation method, device, equipment and storage medium | |
| Jaung | Efficient three-party key exchange using smart cards | |
| CN111669275B (en) | Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment | |
| CN111526131B (en) | Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station | |
| CN114070550B (en) | Information processing method, device, equipment and storage medium | |
| CN109412815B (en) | Method and system for realizing cross-domain secure communication | |
| Qin et al. | Strongly secure and cost-effective certificateless proxy re-encryption scheme for data sharing in cloud computing | |
| CN111541669A (en) | Broadcast encryption method and system | |
| CN114095151B (en) | Encryption and decryption method, authentication method, device, equipment and storage medium | |
| CN114697001B (en) | Information encryption transmission method, equipment and medium based on blockchain | |
| CN115664651A (en) | SM 9-based online and offline encryption and decryption method, system, equipment and medium | |
| CN115550007A (en) | Signcryption method and system with equivalence test function based on heterogeneous system | |
| CN110572788B (en) | Wireless sensor communication method and system based on asymmetric key pool and implicit certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |