[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN117714052A - Method for authentication, encryption and key exchange of manageable pseudonyms - Google Patents

Method for authentication, encryption and key exchange of manageable pseudonyms Download PDF

Info

Publication number
CN117714052A
CN117714052A CN202410045192.1A CN202410045192A CN117714052A CN 117714052 A CN117714052 A CN 117714052A CN 202410045192 A CN202410045192 A CN 202410045192A CN 117714052 A CN117714052 A CN 117714052A
Authority
CN
China
Prior art keywords
signature
user terminal
pseudonym
trusted center
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410045192.1A
Other languages
Chinese (zh)
Inventor
李闯
王妮娜
许志澄
贾文义
马永彪
白亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Tonghe Shiyi Telecommunication Science And Technology Research Institute Co ltd
Data Communication Science & Technology Research Institute
Xingtang Telecommunication Technology Co ltd
Original Assignee
Beijing Tonghe Shiyi Telecommunication Science And Technology Research Institute Co ltd
Data Communication Science & Technology Research Institute
Xingtang Telecommunication Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Tonghe Shiyi Telecommunication Science And Technology Research Institute Co ltd, Data Communication Science & Technology Research Institute, Xingtang Telecommunication Technology Co ltd filed Critical Beijing Tonghe Shiyi Telecommunication Science And Technology Research Institute Co ltd
Priority to CN202410045192.1A priority Critical patent/CN117714052A/en
Publication of CN117714052A publication Critical patent/CN117714052A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method for authentication, encryption and key exchange of a manageable pseudonym, belongs to the technical field of information security, and solves the problem that the user privacy can be revealed in the user authentication mode of the existing third-party application software. The method comprises the following steps: the trusted center outputs system parameters according to the input security parameters, wherein the system parameters comprise a public key for encryption and a public key for signature verification, the trusted center secretly stores a private key for decryption and a private key for signature, and the system parameters are system parameters of a communication system formed by a plurality of user terminals; the trusted center and each user terminal generate respective long-term public and private key pairs and user identity marks of the user terminal according to the system parameters and the user identity of the user terminal; the trusted center and the user terminal generate a signature and a signature message of the user terminal at the trusted center according to domain name information to be accessed by the user terminal, the system parameters, the long-term public-private key pair and the user identity of the user terminal, the public-private key pair for encryption and decryption and the public-private key pair for signature/signature verification, wherein the signature message comprises a pseudonym identity of the user terminal on the domain name information; and carrying out digital signature verification, encryption and key exchange between the user terminals by utilizing the signature and the signature information of the other party at the trusted center.

Description

Method for authentication, encryption and key exchange of manageable pseudonyms
Technical Field
The invention relates to the technical field of information security, in particular to a method for authentication, encryption and key exchange of a manageable pseudonym.
Background
Currently, application software of mobile terminals such as mobile phones and the like mostly needs users to provide identity information (such as mobile phone numbers, real names, identity card numbers and the like) to realize identity authentication. On the one hand, the authentication mode can reveal the privacy of the user, and the application software can correlate the behavior of the user in using the application software with the true identity of the user, so that more privacy information such as the current physical health state, position, cognition level, consumption level, residence address and the like of the user can be analyzed. Once utilized by lawbreakers, this information can pose a significant hazard to the life and property security of individuals. This poses a serious threat to the safety and stability of society. On the other hand, many application software is developed and operated by the same group, and the behaviors of users among the application software are very easy to link, so that all network behaviors of the users are certainly under the monitoring of application software developers, but the developers of the application software cannot be guaranteed to protect private data according to laws and regulations.
Therefore, a method for stripping the true identity information from the login identity of the application software is needed, so that the application software cannot acquire the true identity of the user and cannot link the user behaviors between different applications. But at the same time we have to ensure that the user's behaviour is manageable. This is because once the user's behavior cannot be monitored, lawbreakers can utilize the convenience provided by the application software to organize personnel for lawless activities, jeopardizing social security. Thus, how to simultaneously ensure that user information is available to be administered by a government without being acquired by a service provider is a current urgent problem to be solved.
Disclosure of Invention
In view of the above analysis, the present invention aims to provide a method for authentication, encryption and key exchange of a manageable pseudonym, which is used for solving the problem that the user privacy is revealed in the user authentication mode of the existing third party application software.
The embodiment of the invention provides a method for authentication, encryption and key exchange of a manageable pseudonym, which comprises the following steps:
the trusted center outputs system parameters according to the input security parameters, wherein the system parameters comprise a public key for encryption and a public key for signature verification, the trusted center secretly stores a private key for decryption and a private key for signature, and the system parameters are system parameters of a communication system formed by a plurality of user terminals;
the trusted center and each user terminal generate respective long-term public and private key pairs and user identity marks of the user terminal according to the system parameters and the user identity of the user terminal;
the trusted center and the user terminal generate a signature and a signature message of the user terminal at the trusted center according to domain name information to be accessed by the user terminal, the system parameters, the long-term public-private key pair and the user identity of the user terminal, the public-private key pair for encryption and decryption and the public-private key pair for signature/signature verification, wherein the signature message comprises a pseudonym identity of the user terminal on the domain name information; and
and carrying out digital signature verification, encryption and key exchange between the user terminals by utilizing the signature and the signature information of the other party at the trusted center.
Based on further improvement of the method, the trusted center and the user terminal generate signature and signature information of the user terminal at the trusted center according to domain name information to be accessed by the user terminal, the system parameters, the long-term public-private key pair and the user identity of the user terminal, the public-private key for encryption and decryption and the public-private key pair for signature/signature verification:
the user terminal generates a pseudonym public-private key pair on the domain name information according to the domain name information to be accessed, the system parameters and the long-term public-private key pair of the user terminal;
the user terminal signs and encrypts the domain name information and the user identity by using the pseudonym private key and the system parameter;
the trusted center decrypts and verifies the encrypted ciphertext and signature of the user terminal according to the private key used for decrypting and signing;
if the signature verification is passed, the trusted center generates a pseudonym identity of the user terminal according to domain name information, a pseudonym public key of the user terminal and the system parameter; and
the trusted center signs the pseudonymous identity and the pseudonymous public key of the user terminal by using a private key used for signing, and the signature information of the user terminal at the trusted center are obtained.
Based on a further improvement of the above method, the digital signature verification between the user terminals by using the signature and the signature information of the counterpart at the trusted center comprises:
the signature message sender signs the message to be signed by using the pseudonym private key of the signature message sender on the domain name information;
a signature message sender sends the signature and the signature information thereof at a trusted center and the signature of the message to be signed and the message to be signed to a verifier;
and the verifier respectively performs signature verification on the signature of the signature message sender at the trusted center and the signature of the message to be signed by using a public key used for signature verification of the trusted center and the pseudonymous public key of the signature message sender.
Based on a further improvement of the above method, encrypting the signature and the signature information of each user terminal by using the other party at the trusted center comprises:
the sender performs signature verification on the signature of the receiver at the trusted center by using a public key for signature verification of the trusted center;
if the verification is passed, the sender acquires a pseudonym public key of the receiver from the signature information of the receiver at the trusted center, encrypts plaintext information by utilizing the pseudonym public key of the receiver, and sends ciphertext and the signature information of the receiver at the trusted center to the receiver; and
and the receiver calculates a pseudonym private key according to the system parameters and the received signature information and decrypts the ciphertext by using the pseudonym private key.
Based on a further improvement of the above method, the key exchange between the user terminals by using the signature of the counterpart at the trusted center and the signature information includes:
the user terminal for the session respectively sends the signature and the signature information of the user terminal at the trusted center to the other party;
the user terminal for the session verifies the signature of the counterpart by using the public key for signature verification of the trusted center, respectively;
the verification is passed, and the user terminal for the session respectively acquires the pseudonym public key of the opposite party from the signature information of the opposite party; and
the user terminal for the session performs a key exchange scheme in the SM2 elliptic curve public key cryptoalgorithm with the pseudonym public key of the counterpart as the public key of the counterpart, generating a session key.
Based on a further improvement of the above method, the manageable pseudonym authentication, encryption and key exchange method further comprises:
the user terminal sends the signature and the signature information of the user terminal at the trusted center to the trusted center;
the trusted center acquires the pseudonym public key of the user terminal from the received signature information, and performs signature verification on the received signature by using the pseudonym public key;
if the verification is passed, calculating a long-term public key of the user terminal according to parameters in the signature verification process, and determining the user identity of the user terminal according to the long-term public key.
Based on the further improvement of the method, the trusted center outputs system parameters according to the input safety parameters, wherein the system parameters comprise:
selecting a large prime number p and coefficients a and b of an elliptic curve, and constructing an elliptic curve E: y is 2 =x 3 +ax+bmod p;
Selecting an addition cyclic group G with a prime number q on an elliptic curve E 1 The generator is G;
selecting a hash function H: {0,1} →Z q * Hash function H id :{0,1}*→{0,1} l_id Wherein {0,1} is a bit string consisting of 0 and 1 of arbitrary length, Z q * Is a set of integers less than q and inter-prime with q, {0,1} l_id Bit strings consisting of arbitrary 0 and 1 of bit length l_id of a user identity;
from Z q * Is used for signing pub According to formula P pub =s pub G calculating a public key P for signature verification pub
From Z q * Is selected randomly by the private key s pub_enc And according to formula P pub_enc =s pub_enc G calculating public Key P pub The public-private key pair (P pub_enc ,s pub_enc ) Used for encryption and decryption; and
parameter G 1 、a、b、p、q、G、H、P pub 、P pub_enc Output as system parameters and secret preservation of secret key s pub Sum s pub_enc
Based on a further improvement of the above method, the trusted center generating the pseudonym identity of the user terminal based on the domain name information, the pseudonym public key of the user terminal and the system parameter comprises:
according to the formula pid=h id (id D ,R,P id-D ) Calculating a pseudonymous identity pid of the user terminal, wherein the id D According to the domain name information to be accessed for the user terminal, R is Z for the user terminal q * A random number selected randomly from the group consisting of P id-D And a pseudonym public key on the domain name information for the user terminal.
Based on further improvement of the method, the trusted center and each user terminal generate respective long-term public and private key pairs and user identity marks of the user terminal according to the system parameters and the user identity of the user terminal, and the method comprises the following steps:
the user terminal performs the steps of:
step S10: from Z q * Randomly selecting a first private key U, calculating an intermediate value U according to a formula U=uG, and transmitting a user identity id and the intermediate value U to a trusted center;
the trusted center performs the following steps:
step S20: from Z q * Randomly selecting a first random number R id And a second random number w, and performs the following calculation:
hid=H(id,R id ),W=wG,O=U+W,λ=H(P pub ,hid,O),t=w+λs pub ,P=O+λP pub wherein the parameter hid is the user identity;
step S30: parameters (R) id O, t) to the user terminal;
the user terminal performs the steps of:
step S40: the following calculations are performed:
hid=H(id,R id ),λ=H(P pub ,hid,O),P=O+λP pub and verifies whether the equation p= (u+t) G holds;
step S50: if equation P= (u+t) G holds, according to equation s id Calculation of the long-term private key s of the user terminal =u+t id And setting the parameter O as the long-term public key of the user terminal.
Step S60: preservation parameters (hids) id O, P) and sends an acknowledgement message t+1 back to the trusted center indicating that the message is valid.
The trusted center performs the following steps:
step S70: after receiving the acknowledgement message t+1, the parameters (id, R id O, P) are stored in a database.
Based on the further improvement of the method, the user terminal generates a pseudonym public-private key pair on the domain name information according to the domain name information to be accessed, the system parameters and the long-term public-private key pair of the user terminal, and the method comprises the following steps:
from Z q * A third random number R is randomly selected;
according to the formula d=h (id D ,hid,P,R,P pub ) Calculating a parameter d;
according to formula s id_D =ds id Calculating a pseudonym private key s of the user terminal on the domain name information id_D According to formula P id_D Calculation of the pseudonym public key P of the user terminal on the domain name information =dp id_D
Compared with the prior art, the invention has at least one of the following beneficial effects:
1. the scheme is a signature, encryption and authentication key negotiation algorithm based on an SM2 cryptographic algorithm, and the implementation and application processes are simple and efficient.
2. The scheme can ensure that the pseudonyms of the users in different domains are not linkable.
3. The scheme allows a user to generate multiple pseudonym public keys in the same domain.
4. The scheme can ensure the identity recognition of the user by the trusted center, and is convenient for supervision.
In the invention, the technical schemes can be mutually combined to realize more preferable combination schemes. Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and drawings.
Drawings
The drawings are only for purposes of illustrating particular embodiments and are not to be construed as limiting the invention, like reference numerals being used to designate like parts throughout the drawings;
fig. 1 is a flow diagram of a policable pseudonym authentication, encryption and key exchange method according to an embodiment of the invention.
Detailed Description
Preferred embodiments of the present invention will now be described in detail with reference to the accompanying drawings, which form a part hereof, and together with the description serve to explain the principles of the invention, and are not intended to limit the scope of the invention.
The SM2 algorithm is totally called as SM2 elliptic curve public key cryptographic algorithm, and is a password based on an elliptic curve. It is an asymmetric encryption algorithm in Chinese cryptography standard, issued by the national password administration. In 2016, the SM2 algorithm became the national password standard in china. The SM2 algorithm is based on elliptic curve discrete logarithm problem and is mainly used for cryptography applications such as digital signature, key exchange and encryption. As part of the chinese cryptography standard, the SM2 algorithm is widely used in various information security fields including electronic commerce, mobile payment, internet finance, and the like.
In the SM2 algorithm, encryption and decryption are tied together, requiring the use of a pair of keys, namely a public key and a private key. The sender encrypts by using the public key of the receiver, and the receiver decrypts by using the private key of the receiver.
The digital signature function is a function which can be independently used in the SM2 algorithm, and the sender can generate a digital signature by using the private key of the sender and attach the signature to the message to be sent to the receiver. The receiver uses the sender's public key to verify the validity of the digital signature, thereby ensuring the integrity and identity authentication of the message.
Fig. 1 is a flow chart of a method of policable pseudonym authentication, encryption and key exchange according to an embodiment of the invention.
An embodiment of the present invention is described below with reference to fig. 1.
As shown in fig. 1, the method for authentication, encryption and key exchange of the manageable pseudonym comprises the following steps:
step 101: the trusted center outputs system parameters according to the input security parameters, wherein the system parameters comprise a public key for encryption and a public key for signature verification, the trusted center secretly stores a private key for decryption and a private key for signature, and the system parameters are system parameters of a communication system formed by a plurality of user terminals.
In this embodiment, the trusted center may output system parameters according to an initialization algorithm. The initialization algorithm takes a security parameter as an input and outputs system parameters of a communication system consisting of a trusted center and a plurality of user terminals.
In some embodiments, initializing the algorithm includes performing the following:
the algorithm takes the security parameter kappa as input and performs the following operations:
1. selecting a large prime number p and coefficients a and b of an elliptic curve, and constructing an elliptic curve E: y is 2 =x 3 +ax+bmod p;
2. Selecting an addition cyclic group G with a prime number q on an elliptic curve E 1 The generator is G;
3. selecting a hash function H: {0,1} →Z q * Hash function H id :{0,1}*→{0,1} l_id Wherein {0,1} is a bit string consisting of 0 and 1 of arbitrary length, Z q * Is a set of integers less than q and inter-prime with q, {0,1} l_id Bit strings consisting of arbitrary 0 and 1 of bit length l_id of a user identity;
4. from Z q * Random selection ofPrivate key s selected for signing pub According to formula P pub =s pub G calculating a public key P for signature verification pub . From Z q * Is selected randomly by the private key s pub_enc And according to formula P pub_enc =s pub_enc G calculating public Key P pub_enc The public-private key pair (P pub_enc ,s pub_enc ) Used for encryption and decryption.
5. Parameter G 1 、a、b、p、q、G、H、P pub 、P pub_enc Output as system parameters and secret preservation of secret key s pub Sum s pub_enc
It should be noted that the security level of the system parameter may be determined by the input security parameter κ, for example, the greater the selected order is the prime number q, the higher the security level of the system parameter.
Step 102: and the trusted center and each user terminal generate respective long-term public and private key pairs and user identity marks of the user terminals according to the system parameters and the user identities of the user terminals.
In this embodiment, the long-term public-private key pair and the user identity may be generated for the user identity of each user terminal by a user key generation algorithm. The user key generation algorithm may be executed jointly by each user terminal and the trust center. The user key generation algorithm may take system parameters and user identity as inputs to generate a long-term public-private key pair and user identity for each user.
In some embodiments, the user key generation algorithm includes the steps of:
the user terminal performs the steps of:
step S10: from Z q * Randomly selecting a first private key U, calculating an intermediate value U according to a formula U=uG, and transmitting a user identity id and the intermediate value U to a trusted center;
the trusted center performs the following steps:
step S20: from Z q * Randomly selecting a first random number R id And a second random number w, and performs the following calculation:
hid=H(id,R id ),W=wG,O=U+W,λ=H(P pub ,hid,O),t=w+λs pub ,P=
O+λP pub wherein the parameter hid is the user identity;
step S30: parameters (R) id O, t) to the user terminal;
the user terminal performs the steps of:
step S40: the following calculations are performed:
hid=H(id,R id ),λ=H(P pub ,hid,O),P=O+λP pub and verifies whether the equation p= (u+t) G holds;
step S50: if equation P= (u+t) G holds, according to equation s id Calculation of the long-term private key s of the user terminal =u+t id And setting the parameter O as the long-term public key of the user terminal.
Step S60: preservation parameters (hids) id O, P) and sends an acknowledgement message t+1 back to the trusted center indicating that the message is valid.
The trusted center performs the following steps:
step S70: after receiving the acknowledgement message t+1, the parameters (id, R id O, P) are stored in a database.
Step 103: and the trusted center and the user terminal generate a signature and a signature message of the user terminal at the trusted center according to the domain name information to be accessed by the user terminal, the system parameters, the long-term public-private key pair and the user identity of the user terminal, the public-private key for encryption and decryption and the public-private key pair for signature/signature verification.
In this embodiment, the signature and signed message at the trust center may be generated for the user identity of each user terminal by a domain pseudonym generation algorithm. The domain pseudonym generation algorithm may be performed jointly by the user terminals and the trust center.
In some embodiments, the domain pseudonym generation algorithm comprises the steps of:
step S100: the user terminal generates a pseudonym public-private key pair on the domain name information according to the domain name information to be accessed, the system parameters and the long-term public-private key pair of the user terminal;
step S200: the user terminal signs and encrypts the domain name information and the user identity by using the pseudonym private key and the system parameter;
step S300: the trusted center decrypts and verifies the encrypted ciphertext and signature of the user terminal according to the private key used for decrypting and signing;
step S400: if the signature verification is passed, the trusted center generates a pseudonym identity of the user terminal according to domain name information, a pseudonym public key of the user terminal and the system parameter; and
step S500: the trusted center signs the pseudonymous identity and the pseudonymous public key of the user terminal by using a private key used for signing, and the signature information of the user terminal at the trusted center are obtained.
The following describes step S100 to step S500 in connection with a specific embodiment.
Assume that the domain name information to be accessed by the user terminal is id D The user identity of the user terminal is his, and the user terminal performs the following procedures:
1. from Z q * A third random number R is randomly selected.
2. According to the formula d=h (id D ,hid,P,R,P pub ) And calculating a parameter d.
3. According to formula s id_D =ds id Calculating a pseudonym private key s of the user terminal on the domain name information id_D According to formula P id_D Calculation of the pseudonym public key P of the user terminal on the domain name information =dp id_D
4. Using a pseudonymous private key s id_D Generating a message (id) D Standard SM2 signature σ of O, hid, R) id-D
5. Public key P using standard SM2 encryption algorithm and trusted center pub_enc Calculating plaintext (id) D ,O,hid,R,σ id-D ) Corresponding ciphertext C.
6. Send ciphertext C to the receiverCenter, and will (id D ,R,P id_D ) Stored in list L.
After receiving the ciphertext C, the trusted center executes the following steps:
1. using standard SM2 decryption algorithm and private key s pub_enc Decrypting ciphertext C to obtain plaintext (id D ,O,hid,R,σ id-D )。
2. Calculating λ=h (P pub ,hid,O),P=O+λP pub
3. Calculate d=h (id D ,hid,P,R,P pub ),P id_D =dP。
4. Using standard SM2 signature verification algorithm and pseudonym public key P id_D Verifying signature sigma id-D If the verification is not passed, the execution is terminated.
5. Calculating the pseudonymous identity pid=h of a user id (id D ,R,P id-D )。
6. Producing a message to be signed m= (HI, pid, P) id-D ) Where HI is signature related information such as signature date, etc.
7. Using private key s pub Generating a standard SM2 signature σ, comprising in particular: from Z q * The fourth random number k is randomly selected, and (x, y) =kg, t=h (kP) pub ),C 0 =t+d,M’=M||C 0 ,e=H(M’||Z A ),r=e+x,s=((1+s pub )-1(k-rs pub ))mod q。Z A The generation of (c) can be seen in the SM2 standard "5.5 th user other message". Signature σ= (r, s) of the user terminal at the trusted center, the signature message of the user terminal at the trusted center is M'.
8. Transmitting (sigma, M') back to the user terminal and saving the record (his, id) D ,R)。
Step 104: and carrying out digital signature verification, encryption and key exchange between the user terminals by utilizing the signature and the signature information of the other party at the trusted center.
In this embodiment, the public key P of the trusted center may be used before the digital signature verification, encryption and key exchange between the user terminals pub And SM2, the signature verification algorithm verifies whether the signature sigma of the opposite party at the trusted center is a legal SM2 signature of the signature information M' of the opposite party at the trusted center by the trusted center, and if the signature sigma is not verified, the signature is invalid; if the verification is passed, corresponding operations such as digital signature verification, encryption, key exchange and the like are executed.
In some embodiments, the digital signature verification between the user terminals using the signature and the signature information of the counterpart at the trusted center comprises:
step S110: and the signature message sender signs the message to be signed by using the pseudonym private key of the signature message sender on the domain name information.
Step S120: the signature message sender sends the signature and the signature information thereof at the trusted center and the signature of the message to be signed and the message to be signed to the verifier.
Step S130: and the verifier respectively performs signature verification on the signature of the signature message sender at the trusted center and the signature of the message to be signed by using a public key used for signature verification of the trusted center and the pseudonymous public key of the signature message sender.
Step S110 to step S130 will be described with reference to a specific embodiment.
Assume that the message to be signed of the sender of the signed message is M sign The user identity is his, and the signature process is as follows:
1. generating a pseudonymous private key S of the sender of the signed message on the domain name information according to steps S100-S500 id_D Public key P of pseudonym id_D And its signature sigma and signature information M' at the trusted center.
2. Using a pseudonymous private key s id_D Generating a message M to be signed sign Standard SM2 signature sigma M
3. Send message (sigma, M', sigma) M ,M sign ) To the verifier.
After the verifier receives the message (sigma, M', sigma) M ,M sign ) After that, the following procedure is performed:
1. using a trusted centrePublic key P of (2) pub And the SM2 signature verification algorithm verifies whether sigma is a legal SM2 signature of the trusted center on M', and if the verification is not passed, the signature is invalid.
2. Obtaining the pseudonymous public key P of the sender of the signed message from M id_D And a pseudonymous identity pid, using SM2 signature verification algorithm and public key P id_D Verify sigma M If the verification is not passed, the signature is invalid.
3. If the verification results are all passed, the verifier records signature sigma M For a legal user to message M sign Is a signature of (a).
In some embodiments, encrypting between the user terminals using the signature and the signature information of the counterpart at the trusted center comprises:
step S210: the sender performs signature verification on the signature of the receiver at the trusted center using the public key of the trusted center for signature verification.
Step S220: if the verification is passed, the sender acquires the pseudonym public key of the receiver from the signature information of the receiver at the trusted center, encrypts the plaintext information by utilizing the pseudonym public key of the receiver, and sends the ciphertext and the signature information of the receiver at the trusted center to the receiver.
Step S230: and the receiver calculates a pseudonym private key according to the system parameters and the received signature information and decrypts the ciphertext by using the pseudonym private key.
Step S210 to step S230 will be described with reference to a specific embodiment.
Suppose that the sender is to send message M Enc To the target user (i.e., the receiver), before transmission, the target user needs to generate a pseudonym private key S of the target user on domain name information according to steps S100-S500 id_D Public key P of pseudonym id_D And signature sigma and signature information M 'thereof at the trusted center, and transmits the signature sigma and signature information M' of the target user at the trusted center to the sender.
After the sender receives the message (σ, M'), the following encryption algorithm is performed:
1. public key P using trusted center pub And the SM2 signature verification algorithm verifies whether sigma is a legal SM2 signature of the trusted center on M', and if the verification is not passed, the signature is invalid.
2. Obtaining the sender's pseudonym public key P from M id_D And pseudonymous identity pid, and in P id_D Message M using standard SM2 encryption algorithm for public key Enc Standard SM2 encryption is performed, yielding the corresponding ciphertext C.
3. The message (M', C) is sent to the target user.
After the target user receives the message (M', C), the following decryption algorithm is performed:
1. resolving from M' to obtain a pseudonymous public key P id_D And a pseudonym identity pid, and the corresponding domain name information id is retrieved in the list L D And a third random number R.
2. According to the formula d=h (id D ,hid,P,R,P pub ) Calculating a parameter d and according to formula s id_D =ds id Calculating a pseudonym private key s id_D
3. Using SM2 decryption algorithm and pseudonymous private key s id_D Decrypting the ciphertext C to obtain the message M Enc
In some embodiments, the key exchange between the user terminals using the signature and the signature information of the counterpart at the trusted center comprises:
step S310: the user terminal for the session sends the signature and the signature information thereof at the trusted center, respectively, to the other party.
Step S320: the user terminals for the session verify the signature of each other using the public key for signature verification of the trust center, respectively.
Step S330: and the verification is passed, and the user terminal for the session acquires the pseudonym public key of the opposite party from the signature information of the opposite party respectively.
Step S340: the user terminal for the session performs a key exchange scheme in the SM2 elliptic curve public key cryptoalgorithm with the pseudonym public key of the counterpart as the public key of the counterpart, generating a session key.
Step S310 to step S340 will be described with reference to a specific embodiment.
Let the user identity of user terminal a be id A The user identity of the user terminal B is id B User terminal a needs to conduct a session with user terminal B, and user terminal a needs to generate a pseudonym public key P of user terminal a on domain name information according to steps S100-S500 A And its signature sigma at a trusted center A And signature information M' A And signs sigma thereof at a trusted center A And signature information M' A To the user terminal B. The user terminal B also needs to generate the pseudonym public key P of the user terminal B on the domain name information according to steps S100-S500 B And its signature sigma at a trusted center B And signature information M' B And signs sigma thereof at a trusted center B And signature information M' B To the user terminal a.
Next, user terminal a and user terminal B verify σ, respectively B Sum sigma A Whether or not it is a trusted center pair M' B And M' A If there is an invalid signature, terminating execution, otherwise from M' B And M' A Obtain the pseudonymous public key P B And P A And public key P of pseudonym B And P A The SM2 key exchange scheme is performed as a public key, resulting in a session key.
The method for supervising the pseudonym authentication, encryption and key exchange provided by the embodiment of the invention is mainly based on the signature, encryption and authentication key negotiation algorithm in the SM2 algorithm, and the realization and application processes are simple and efficient.
In this embodiment, in the domain pseudonym generation algorithm, the non-linkable property of the pseudonym is realized through the non-predictability of the hash function, so that the fact that the pseudonym of the user in different domains is not linkable is ensured.
In this embodiment, in the domain pseudonym generation algorithm, the generation of the pseudonym public key depends not only on the user identity and domain name, but also on the random number selected by the user, which ensures that multiple pseudonym public keys are generated in the same domain.
In some embodiments, the policable pseudonym authentication, encryption and key exchange method in fig. 1 further comprises:
step S410: the user terminal sends the signature and the signature information thereof at the trusted center to the trusted center.
Step S420: the trusted center acquires the pseudonym public key of the user terminal from the received signature information, and performs signature verification on the received signature by using the pseudonym public key.
Step S430: if the verification is passed, calculating a long-term public key of the user terminal according to parameters in the signature verification process, and determining the user identity of the user terminal according to the long-term public key.
Step S410 to step S430 will be described in connection with a specific embodiment.
If the trust center is to reveal the pseudonym identity of the user terminal, the user terminal needs to generate the signature sigma and the signature information M 'of the user terminal at the trust center according to step S100-step S500, and send the signature sigma and the signature information M' of the user terminal at the trust center to the trust center.
After the acquisition of the message (σ, M'), the trusted center performs the following algorithm:
1. and verifying the validity of the signature sigma by using a standard SM2 verification algorithm, and acquiring a calculated value kG in the execution of the signature verification algorithm.
2. Calculate t=h (kGs pub ),d=C 0 -t,P=d -1 P id_D And searching the user identity corresponding to the P in the database.
In the embodiment, when the domain pseudonym is generated, the true identity of the user is hidden in the signature information, so that only a trusted center can acquire the true identity of the user from the signature information, and the purpose of supervision is realized.
The present invention is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present invention are intended to be included in the scope of the present invention.

Claims (10)

1. A method of policable pseudonym authentication, encryption and key exchange comprising the steps of:
the trusted center outputs system parameters according to the input security parameters, wherein the system parameters comprise a public key for encryption and a public key for signature verification, the trusted center secretly stores a private key for decryption and a private key for signature, and the system parameters are system parameters of a communication system formed by a plurality of user terminals;
the trusted center and each user terminal generate respective long-term public and private key pairs and user identity marks of the user terminal according to the system parameters and the user identity of the user terminal;
the trusted center and the user terminal generate a signature and a signature message of the user terminal at the trusted center according to domain name information to be accessed by the user terminal, the system parameters, the long-term public-private key pair and the user identity of the user terminal, the public-private key pair for encryption and decryption and the public-private key pair for signature/signature verification, wherein the signature message comprises a pseudonym identity of the user terminal on the domain name information; and
and carrying out digital signature verification, encryption and key exchange between the user terminals by utilizing the signature and the signature information of the other party at the trusted center.
2. The method of claim 1, wherein the generating, by the trust center and the user terminal, the signature and signature message of the user terminal at the trust center based on the domain name information to be accessed by the user terminal, the system parameters, the long-term public-private key pair and the user identity of the user terminal, the public-private key for encryption and decryption, and the public-private key pair for signature/signature verification comprises:
the user terminal generates a pseudonym public-private key pair on the domain name information according to the domain name information to be accessed, the system parameters and the long-term public-private key pair of the user terminal;
the user terminal signs and encrypts the domain name information and the user identity by using a pseudonym private key and the system parameter;
the trusted center decrypts and verifies the encrypted ciphertext and signature of the user terminal according to the private key used for decrypting and signing;
if the signature verification is passed, the trusted center generates a pseudonym identity of the user terminal according to domain name information, a pseudonym public key of the user terminal and the system parameter; and
the trusted center signs the pseudonymous identity and the pseudonymous public key of the user terminal by using a private key used for signing, and the signature information of the user terminal at the trusted center are obtained.
3. The method of policable pseudonym authentication, encryption and key exchange of claim 2, characterized in that digital signature verification between user terminals using said signature and said signature information of the counterpart at a trusted center comprises:
the signature message sender signs the message to be signed by using the pseudonym private key of the signature message sender on the domain name information;
a signature message sender sends the signature and the signature information thereof at a trusted center and the signature of the message to be signed and the message to be signed to a verifier;
and the verifier respectively performs signature verification on the signature of the signature message sender at the trusted center and the signature of the message to be signed by using a public key used for signature verification of the trusted center and the pseudonymous public key of the signature message sender.
4. The policable pseudonym authentication, encryption and key exchange method of claim 2, characterized in that encrypting between the user terminals with the signature of the other party at the trust center and the signature information comprises:
the sender performs signature verification on the signature of the receiver at the trusted center by using a public key for signature verification of the trusted center;
if the verification is passed, the sender acquires a pseudonym public key of the receiver from the signature information of the receiver at the trusted center, encrypts plaintext information by utilizing the pseudonym public key of the receiver, and sends ciphertext and the signature information of the receiver at the trusted center to the receiver; and
and the receiver calculates a pseudonym private key according to the system parameters and the received signature information and decrypts the ciphertext by using the pseudonym private key.
5. The method of policable pseudonym authentication, encryption and key exchange according to claim 2, characterized in that the key exchange between the user terminals using the signature of the counterpart at the trust center and the signature information comprises:
the user terminal for the session respectively sends the signature and the signature information of the user terminal at the trusted center to the other party;
the user terminal for the session verifies the signature of the counterpart by using the public key for signature verification of the trusted center, respectively;
the verification is passed, and the user terminal for the session respectively acquires the pseudonym public key of the opposite party from the signature information of the opposite party; and
the user terminal for the session performs a key exchange scheme in the SM2 elliptic curve public key cryptoalgorithm with the pseudonym public key of the counterpart as the public key of the counterpart, generating a session key.
6. The policable pseudonym authentication, encryption and key exchange method of claim 2, further comprising:
the user terminal sends the signature and the signature information of the user terminal at the trusted center to the trusted center;
the trusted center acquires the pseudonym public key of the user terminal from the received signature information, and performs signature verification on the received signature by using the pseudonym public key;
if the verification is passed, calculating a long-term public key of the user terminal according to parameters in the signature verification process, and determining the user identity of the user terminal according to the long-term public key.
7. The method of policable pseudonym authentication, encryption and key exchange of claim 2, characterized in that the trust center outputs system parameters based on the entered security parameters, including:
selecting a large prime number p and coefficients a and b of an elliptic curve, and constructing an elliptic curve E: y is 2 =x 3 +ax+bmod p;
Selecting an addition cyclic group G with a prime number q on an elliptic curve E 1 The generator is G;
selecting a hash function H: {0,1} →Z q * Hash function H id :{0,1}*→{0,1} l_id Wherein {0,1} is a bit string consisting of 0 and 1 of arbitrary length, Z q * Is a set of integers less than q and inter-prime with q, {0,1} l_id Bit strings consisting of arbitrary 0 and 1 of bit length l_id of a user identity;
from Z q * Is used for signing pub According to formula P pub =s pub G calculating a public key P for signature verification pub
From Z q * Is selected randomly by the private key s pub_enc And according to formula P pub_enc =s pub_enc G calculating public Key P pub The public-private key pair (P pub_enc ,s pub_enc ) Used for encryption and decryption; and
parameter G 1 、a、b、p、q、G、H、P pub 、P pub_enc Output as system parameters and secret preservation of private key s pub Sum s pub_enc
8. The policable pseudonym authentication, encryption and key exchange method of claim 7, characterized in that the trusted center generating the pseudonym identity of the user terminal based on domain name information, the pseudonym public key of the user terminal and the system parameters comprises:
according to the formula pid=h id (id D ,R,P id-D ) Calculating a pseudonymous identity pid of the user terminal, wherein the id D According to the domain name information to be accessed for the user terminal, R is Z for the user terminal q * A random number selected randomly from the group consisting of P id-D And a pseudonym public key on the domain name information for the user terminal.
9. The method of claim 7, wherein the generating the long-term public-private key pair and the user identity of each of the user terminals by the trust center and each of the user terminals based on the system parameters and the user identity of the user terminal comprises:
the user terminal performs the steps of:
step S10: from Z q * Randomly selecting a first private key U, calculating an intermediate value U according to a formula U=uG, and transmitting a user identity id and the intermediate value U to a trusted center;
the trusted center performs the following steps:
step S20: from Z q * Randomly selecting a first random number R id And a second random number w, and performs the following calculation:
hid=H(id,R id ),W=wG,O=U+W,λ=H(P pub ,hid,O),t=w+λs pub ,P=O+λP pub wherein the parameter hid is the user identity;
step S30: parameters (R) id O, t) to the user terminal;
the user terminal performs the steps of:
step S40: the following calculations are performed:
hid=H(id,R id ),λ=H(P pub ,hid,O),P=O+λP pub and verifies whether the equation p= (u+t) G holds;
step S50:if equation P= (u+t) G holds, according to equation s id Calculation of the long-term private key s of the user terminal =u+t id And setting the parameter O as the long-term public key of the user terminal.
Step S60: preservation parameters (hids) id O, P) and sends an acknowledgement message t+1 back to the trusted center indicating that the message is valid.
The trusted center performs the following steps:
step S70: after receiving the acknowledgement message t+1, the parameters (id, R id O, P) are stored in a database.
10. The method of policable pseudonym authentication, encryption and key exchange of claim 9, characterized in that the user terminal generating a pseudonym public-private key pair on domain name information according to the domain name information to be accessed, the system parameters, the long-term public-private key pair of the user terminal comprises:
from Z q * A third random number R is randomly selected;
according to the formula d=h (id D ,hid,P,R,P pub ) Calculating a parameter d;
according to formula s id_D =ds id Calculating a pseudonym private key s of the user terminal on the domain name information id_D According to formula P id_D Calculation of the pseudonym public key P of the user terminal on the domain name information =dp id_D
CN202410045192.1A 2024-01-11 2024-01-11 Method for authentication, encryption and key exchange of manageable pseudonyms Pending CN117714052A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410045192.1A CN117714052A (en) 2024-01-11 2024-01-11 Method for authentication, encryption and key exchange of manageable pseudonyms

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410045192.1A CN117714052A (en) 2024-01-11 2024-01-11 Method for authentication, encryption and key exchange of manageable pseudonyms

Publications (1)

Publication Number Publication Date
CN117714052A true CN117714052A (en) 2024-03-15

Family

ID=90159100

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410045192.1A Pending CN117714052A (en) 2024-01-11 2024-01-11 Method for authentication, encryption and key exchange of manageable pseudonyms

Country Status (1)

Country Link
CN (1) CN117714052A (en)

Similar Documents

Publication Publication Date Title
Diffie et al. New directions in cryptography
CN114095181B (en) Threshold ring signature method and system based on cryptographic algorithm
CN110932865B (en) Linkable ring signature generation method based on SM2 digital signature algorithm
JP2008503966A (en) Anonymous certificate for anonymous certificate presentation
JP2001513227A (en) Management and use of secret latest random numbers in network environment
CN113067823B (en) Mail user identity authentication and key distribution method, system, device and medium
Chen et al. CL-ME: Efficient certificateless matchmaking encryption for Internet of Things
CN109981292B (en) SM9 algorithm-based authentication method, device and system
CN113711564A (en) Computer-implemented method and system for encrypting data
Diffie et al. New Directions in cryptography (1976)
Yin et al. Two‐Round Password‐Based Authenticated Key Exchange from Lattices
CN115396115B (en) Block chain data privacy protection method, device, equipment and readable storage medium
CN116318654A (en) SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution
Farash Cryptanalysis and improvement of ‘an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks’
CN111245615B (en) Digital signature password reverse firewall method based on identity
CN106453253A (en) Efficient identity-based concealed signcryption method
Byun A generic multifactor authenticated key exchange with physical unclonable function
Li et al. Two‐Party Attribute‐Based Key Agreement Protocol with Constant‐Size Ciphertext and Key
CN115955320A (en) Video conference identity authentication method
CN117714052A (en) Method for authentication, encryption and key exchange of manageable pseudonyms
CN114710294A (en) Novel block chain privacy protection method
CN116318636A (en) SM 2-based threshold signature method
Barker et al. SP 800-56A. recommendation for pair-wise key establishment schemes using discrete logarithm cryptography (revised)
JP5101535B2 (en) Authentication method, authentication system, program, and shared key generation method
Zhang et al. DssP: Efficient dual-server secret sharing protocol based on password authentication for cloud storage services

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination