CN102347840A - Public key encryption method based on relatively prime sequence and lever function - Google Patents

Abstract

The invention provides a public key encryption method based on a relatively prime sequence and a lever function, and belongs to the field of password technology and computer technology. The method comprises three parts, namely key generation, encryption and decryption, wherein a user of a receiving side has two keys, one key is only private, called as private key, and the other key can be public, called public key obtained according the formula Ci=(AiWl(i)) delta (percent of M), and a private key ({Ai}, W, delta) cannot be deduced from the public key; a transmitting side converts plaintext into a ciphertext (encrypted) by using the public key of the receiving side; and the receiving side reduces the ciphertext into the plaintext (decrypted) by using the private key of the receiving side. The method has the characteristics of short modular length, high safety, high calculation speed, use convenience of the private key, and the like, can be publicized and can be used for private storage and transmission of any file and data in a computer and a communication network.

Description

A kind of key encrypt method based on coprime sequence and lever function

(1) technical field

Public key encryption method (being called for short key encrypt method or public key cryptography scheme) belongs to cryptographic technique and field of computer technology, is one of core technology of electronic banking safety, e-commerce security, electronic political administration and security, information security, authentication and Trusted Computing.

(2) background technology

Classic cryptographic technique, symmetric cryptographic technique and public key cryptography technology three phases have been experienced in the development of cryptographic technique.1976, American scholar Diffie and Hellman proposed the thought of public key cryptography, indicate the arriving of public key cryptography technology.At present, the public key cryptography technology that generally uses has schemes such as RSA and ElGamal (referring to " applied cryptography ", U.S. Bruce Schneier is outstanding, and Wu Shizhong, Zhu Shixiong etc. translates, China Machine Press, in January, 2000,334-342 page or leaf).In order to shorten parameter length, the ElGamal scheme is everlasting, and simulation realizes that at this moment, it is called as the ECC scheme on the elliptic curve.In addition, Chinese scholar Tao Renji professor once proposed FAPKC1, FAPKC3 scheme (referring to " Chinese journal of computers ", 1985 (n11), pp.401-409).In addition, one of author of the present invention doctor Su Shenghui in calendar year 2001 proposed REESSE1 public key encryption and digital signature scheme (referring to " computer engineering and science ", 2003 (n5), pp.13-16).

Scheme such as RSA and ElGamal all is that the American invents.Their fail safe is respectively based on a big integer factorization problem (IFP) and a discrete logarithm difficult problem (DLP), and promptly in limited or effective time or space, big integer is carried out factorization or asks discrete logarithm almost is impossible.This is a kind of asymptotic safety.Along with the raising of computer run speed, it is increasing that their security parameter has become, greatly increased the running time of encrypting and deciphering system.The particularly appearance of quantum computer in the future makes big number factorization and discrete logarithm find the solution and can in polynomial time, realize, this has constituted essential threat to RSA, ElGamal and ECC system.

Simultaneously, for various reasons, FAPKC3 and REESSE1 public key system really do not use in practice.

(3) summary of the invention

The present invention is used for the encryption and decryption of various data such as computer and communication network character, literal, figure, pictures and sounds and file; Kept secure and transmission to guarantee data, file content can be widely used in electronic banking, the e-commerce and e-government.

The present invention hopes that our country can have the core technology of oneself in the public key encryption field, to guarantee information security, economic security and the safety with sovereign right of country, improves the technological means that finance and tax swindle are taken precautions against by China simultaneously.

In this Section has omitted the proof to related properties and conclusion, fills if desired, and we will present immediately.

In this article, multiplying " x * y " writes a Chinese character in simplified form " xy ", and " % " represents modular arithmetic mod, and " gcd (x, y) " represents greatest common divisor, and " || x|| " represented the rank of x%M,

Represent negating of bit, the assignment of " ← " expression variable, " ≡ " expression both sides are equal to the modulus complementation,

Expression is chosen arbitrarily, and the value of " ∈ " expression left side variable belongs to certain interval or set, and " x|y " expression x is divided exactly y,

The aliquant y of expression x,

The last integer of x is got in representative, and lgx representes that x asks logarithm to 2,

Representative { A ₁..., A _nIn maximum number.

3.1 three basic conceptions

3.1.1 the definition of coprime sequence and character

Definition 1: suppose A ₁..., A _nThe＞1st, n different in twos integer, and

A _j(i ≠ j) satisfies gcd (A _i, A _j)=1 or gcd (A _i, A _j)=H ≠ 1, and

J ∈ [1, n] has

With

Claim that then these integers are a coprime sequence, are designated as { A ₁..., A _n, note by abridging and be { A _i.

Character 1: if from { A ₁..., A _nThe middle individual element of picked at random m ∈ [1, n], construct a sub-sequence or subclass { Ax ₁..., Ax _m, so, subclass is long-pending

$G={\mathrm{\Π}}_{i=1}^m{A}_{x_i}=A_{x_1}...A_{x_m}$

Confirmed uniquely, promptly from G to { Ax ₁..., Ax _mMapping be man-to-man.

Proof slightly.

3.1.2 lever function

Definition 2: for the public key digital signature system of prime field

on (M); Parameter l in the key conversion formula (i) is called as lever function, if it has following properties:

1. l (.) is an injective function, and its domain of definition is [1, n], codomain Ω be (1, subclass M), n＜M here;

2. the mapping between i and the l (i) is confirmed at random, and does not have the mapping from l (.) to PKI of any dominance;

3. when attempting from PKI extraction private key, any opponent has to consider all arrangements of element among the Ω;

4. when deciphering or during digital signature, the private key owner only need consider element among the Ω add up with.

Obviously, { l (i) } is big in " disclosing " end amount of calculation, and little in " privately owned " end amount of calculation, it has just in time played the effect of " lever ".

Character 2 (uncertainty of l (.)): order C _i≡ A _iW ^{L (i)}(%M) (i=1 ..., n), then

With Subsidiary z ≠ x, y have

1. when l (x)+(y)=l (z), have $l\left(x\right)+\left|\right|W\left|\right|+l\left(y\right)+\left|\right|W\left|\right|\≠l\left(z\right)+\left|\right|W\left|\right|(\%\stackrel{\‾}{M});$

2. when l (x)+l (y) ≠ l (z), the total existence

C _x≡ A ' _xW ' ^l' ^(x), C _y≡ A ' _yW ' ^l' ^(y)And C _z≡ A ' _zW ' ^l' ^(z)(%M) satisfy l ' (x)+(y) ≡ l ' is (z) for l '

And Here

It is the largest prime that is allowed in the coprime sequence.

Proof slightly.

3.1.3 bit shadow string

If the bit clear packets is b ₁... b _n

Definition 3: make b ₁... b _n≠ 0 is a Bit String, generates by following rule b ₁... b _nBe known as bit shadow string: if b _i=0, then b _i=0; If b _i≠ 0, then b _iEqual b _iThe number of front continuous 0 adds 1; If b _iBe rightmost 1, then b _iEqual b _iThe number of front and back continuous 0 adds 1.

For example, if b ₁... b ₁₂=100001011100, then b ₁... b ₁₂=100005021300.Be understood that

arranged

Character 3: make { A ₁..., A _nBe a coprime sequence, b ₁... b _nBe b ₁... b _n≠ 0 bit shadow string is then from b ₁... b _nArrive Mapping be man-to-man.

Proof slightly.

3.2 technical scheme of the present invention

Attention: in this article, sequence { A ₁, A ₂..., A _nSometimes write a Chinese character in simplified form { A _i, sequence { C ₁, C ₂..., C _nSometimes write a Chinese character in simplified form { C _i, lever function l (1), l (2) ..., l (n) } write a Chinese character in simplified form { l (i) } sometimes.

The present invention is a kind of key encrypt method based on coprime sequence and lever function, is called for short the REESSE1+ encryption method.

Based on this method, key be can make and chip, encryption chip and deciphering chip generated, perhaps develop key and generate software, encryption software and decryption software etc.Therefore, the present invention is a kind of production public key encryption and decryption product mandatory basic principle of institute and technical scheme, rather than physical product itself.

The present technique scheme is made up of three parts such as key generation, encryption and decryption.

3.2.1 public key encryption and decryption oprerations

Encrypting file before or data, encrypt file afterwards or data herein, ciphertext expressly.

Suppose that user V desire sends a file or data through network to user U, and carry out with the mode of maintaining secrecy.User V and user U desire realize so secure communication conception, and its process is following:

Key generates: at first; User U goes to third party authoritative institution; Be that a pair of private key (Private Key) and PKI (Public Key) that is generated parts output by key got at CA certificate center (Certificate Authentication), private key must must not be divulged a secret by user U oneself keeping; PKI then allows openly to provide to the external world with the form of public key certificate, so that use when encrypting.

Cryptographic operation: user V obtains the public key certificate of user U from the ca authentication center, the plaintext that on the machine of operation encryption unit, desire is sent is encrypted, and obtains ciphertext, and sends ciphertext to user U through network.

Decryption oprerations: after user U receives the ciphertext that user V sends, on the machine of operation deciphering parts, ciphertext is deciphered, recover plaintext with own private key.

In key encrypt method, in order to improve the efficient of encryption, adopt mixed cipher technology usually, promptly come encrypting plaintext with DSE arithmetic, encrypt with public-key cryptosystem again and transmit symmetric key.

3.2.2 key generates part

Make Ω={ 5; 7; ..., 2n+3}.

Make p ₁..., p _nBe preceding n prime number in the natural number.

Key generates part and supplies the ca authentication center to use, and is used for producing a pair of private key and PKI, and its implementation is:

(1) produces coprime sequence { A at random ₁..., A _nAnd each A _i∈ Λ

(2) seek a prime number

Make Wherein k satisfies

And p _k≤2n+3

(3) picked at random l (1); ..., l (n) ∈ Ω and

have l (i) ≠ l (j)

(4) picked at random δ,

Make

With || W||>=2 ^N-20

(5) calculate C _i← (A _iW ^{L (i)}) ^δ%M is for i=1 ..., n finishes

At last, with ({ C _i, M) be PKI, with ({ A _i, W, δ, M) be private key, { l (i) } can abandon.

Definition 4: from C _i≡ (A _iW ^{L (i)}) ^δ(%M) seek original { A _i, { l (i) }, W, δ be called as multivariable array problem (Multivariate Permutation Problem, MPP).

Character 4:MPP is equivalent to the DLP in the same prime field at least on difficulty in computation.

Proof slightly.

3.2.3 encryption section

Encryption section supplies transmit leg to use, and is used for to expressly encrypting.Transmit leg is recipient's PKI for obtaining encryption key, must obtain recipient's public key certificate from the CA center.

Suppose ({ C _i, M) be PKI, b ₁... b _nIt is the clear packets of n bit.Then the implementation method of encryption section is:

(1) puts

k ← 0, i ← 1

(2) if b _i=0, make k ← k+1, b _i← 0, otherwise do b _i← k+1, k ← 0,

(3) make i ← i+1, if i≤n goes to (2)

(4) if b _n=0, do b _n-k ← b _N-k+ k,

At last, ciphertext

Obtained.

Definition 5: known { C ₁..., C _nAnd From

Ask original b ₁... b _nBe called as the long-pending difficult problem of non-model subclass (Anomalous Subset Product Problem, ASPP).

Character 5:ASPP is equivalent to the DLP in the same prime field at least on difficulty in computation.

What need further specify is that at present, we do not find the subset index time algorithm of ASPP.

Proof is referring to Asymptotic Granularity Reduction and Its Application one literary composition (Theoretical Computer Science; Vol.412 (39), Sep.2011, pp.5374-5386.Shenghui Su; Shuwang L ü, and Xiubin Fan).

3.2.4 decryption portion

Decryption portion supplies the recipient to use, and is used for ciphertext is deciphered.The recipient with oneself private key as decruption key.

Suppose ({ A _i, W, δ, M) be private key, Be ciphertext (note because

Be even number,

Must be even number).Then the implementation method of decryption portion is:

(1) calculates $\stackrel{\‾}{G}\←{\stackrel{\‾}{G}}^{{\mathrm{\δ}}^{-1}}\%M$

(2) calculate $\stackrel{\‾}{G}\←\stackrel{\‾}{G}{W}^{-2}\%M$

(3) put b ₁... b _n← 0,

I ← 1, k ← 0

(4) if

Do

b _i← 1, k ← 0

Otherwise, make k ← k+1

(5) make i ← i+1, if i≤n and G ≠ 1 forward (4) to

(6) if k ≠ 0 and (A _N-k) ^k| G, be G ← G/ (A _N-k) ^k

(7) if G ≠ 1 forwards (2) to, otherwise, finish

At last, original plaintext is divided into groups or symmetric key b ₁... b _nBe resumed.Obviously; As long as

is a real ciphertext, this decrypt scheme total energy fair termination.

3.2.5 the correctness of deciphering

Because

Be abelian group,

W ^k (W ^-1) ^k ≡ 1 (%M).Make b ₁... b _nBe that n compares the Temin.Know from 3.2.3,

Wherein, b _iBe the bit shadow, C _i≡ (A _iW ^{L (i)}) ^δ(%M).Order $G\≡{\mathrm{\Π}}_{i=1}^n{A_i}^{{\underset{\‾}{b}}_i}(\%M),$ $\underset{\‾}{k}\≡{\mathrm{\Σ}}_{i=1}^{n}l\left(i\right){\underset{\‾}{b}}_i(\%\stackrel{\‾}{M}).$ Therefore we need proof ${\stackrel{\‾}{G}}^{{\mathrm{\δ}}^{-1}}{\left(W^{-1}\right)}^{\underset{\‾}{k}}\≡G(\%M).$ Proof:, have according to key schedule and AES

$\stackrel{\‾}{G}\≡{\mathrm{\Π}}_{i=1}^n{C_i}^{{\underset{\‾}{b}}_i}\≡{\mathrm{\Π}}_{i=1}^n{\left({\left(A_i{W}^{l\left(i\right)}\right)}^{\mathrm{\δ}}\right)}^{{\underset{\‾}{b}}_i}$

$\≡W^{\left({\mathrm{\Σ}}_{i=1}^n{\underset{\‾}{b}}_{i}l\left(i\right)\right)\mathrm{\δ}}{\mathrm{\Π}}_{i=1}^n{\left(A_i\right)}^{\mathrm{\δ}{\underset{\‾}{b}}_i}$

$\≡W^{\underset{\‾}{k}\mathrm{\δ}}{\left({\mathrm{\Π}}_{i=1}^n{A_i}^{{\underset{\‾}{b}}_i}\right)}^{\mathrm{\δ}}(\%M).$

δ is opened on the equation both sides simultaneously ^-1Th root has

${\stackrel{\‾}{G}}^{{\mathrm{\δ}}^{-1}}\≡{\left(W^{\underset{\‾}{k}\mathrm{\δ}}{\left({\mathrm{\Π}}_{i=1}^n{A_i}^{{\underset{\‾}{b}}_i}\right)}^{\mathrm{\δ}}\right)}^{{\mathrm{\δ}}^{-1}}$

$\≡W^{\underset{\‾}{k}}\left({\mathrm{\Π}}_{i=1}^n{A_i}^{{\underset{\‾}{b}}_i}\right)(\%M).$

(W is multiply by on top equation both sides simultaneously ^-1) ^k , have

${\stackrel{\‾}{G}}^{{\mathrm{\δ}}^{-1}}{\left(W^{-1}\right)}^{\underset{\‾}{k}}\≡W^{\underset{\‾}{k}}\left({\mathrm{\Π}}_{i=1}^n{A_i}^{{\underset{\‾}{b}}_i}\right){\left(W^{-1}\right)}^{\underset{\‾}{k}}$

$\≡W^{\underset{\‾}{k}}\left({\mathrm{\Π}}_{i=1}^n{A_i}^{{\underset{\‾}{b}}_i}\right){\left(W^{\underset{\‾}{k}}\right)}^{-1}$

$\≡{\mathrm{\Π}}_{i=1}^n{A_i}^{{\underset{\‾}{b}}_i}\≡G(\%M).$

Above-mentioned proof procedure has also provided the method for seeking G.

Note, in practical application, clear packets b ₁... b _nBe ignorant in advance, therefore, we can not directly calculate h.Yet because k is ∈ [5, n (2n+3)], scope is very narrow, and we can be through taking advantage of W ^-2%M searches for exploratoryly k, and checking G is at quilt { A _iIn some power whether equal 1 after dividing exactly.Be understood that, when condition G=1 is satisfied, original plaintext b ₁... b _nAlso obtained.

3.3 advantage and good effect

3.3.1 it is safe

Based on character 4 and 5, be infeasible in polynomial time expressly from PKI derivation private key, from the ciphertext decoding.

In addition, (n is sizable M), and therefore, it also is infeasible that attempt utilizes the continued fraction method to attack private key owing to δ ∈.

3.3.2 modulus length is shorter

Be not difficult to find that as clear packets length n=80,96,112,128 the time, the bit length of modulus M comparatively speaking, is short between 696 and 1216 through calculating.

3.3.3 arithmetic speed is very fast

The cryptographic operation of this method only need be done the individual modular multiplication of O (n), and through relatively finding: it is than popular RSA, the fast manyfold of ECC scheme.

Decryption oprerations and probability correlation, its expected time complexity is O (n ²) individual modular multiplication, also fast than the RSA scheme of equal safe coefficient.

3.3.4 key is easy to use

This method has been used two keys, and one can disclose, and is used for encrypting, and one can only be privately owned, is used for deciphering.Therefore, avoided the trouble of transmission decruption key.

3.3.5 technology can disclose

Realization technology of the present invention can disclose fully, and user's PKI also can openly be provided to the external world fully.As long as private key is not divulged a secret, just can guarantee the safety of ciphertext fully.

3.3.6 it is favourable to national security

The Internet is a kind of open net, and is obvious, and the various information of transmission must be encrypted in the above.

Because internet usage was as means of communication already for important departments such as the Chinese government, national defence, finance, the tax, therefore, information security is related to national sovereignty safety and economic security.

Angle from the password containing; The information security of a great country can not be based upon on the external cryptography scheme basis; Therefore, fully public key encryption autonomous, original innovation and digital signature scheme seem imperative, very urgent and are significant to study us.

(4) embodiment

Characteristics based on the key encrypt method of coprime sequence and lever function are that it can let each user obtain two keys, and a key can disclose, and are used for encrypting, and a key can only the individual have, and are used for deciphering.Like this, can not worry that key divulged a secret in the transmittance process on the net.When the agreement correspondent was transmitted information on the net, the sender used recipient's PKI that file or message are encrypted, and the recipient uses the private key of oneself that it is deciphered after receiving ciphertext.

Each user can arrive the CA digital certificate center of appointment and obtain the corresponding secret key certificate.The CA center is that the user is registered, manages, and the mechanism that key is produced, distributes and controls.It utilizes key generation method output user's a pair of PKI and private key.

This encryption method can realize that it comprises three parts with logic circuit chip or program language: 1. develop key according to the 3.2.2 joint and generate chip or software module, used by the CA center; 2. develop according to the 3.2.3 joint and encrypt square chip or software module, use by encrypting user; 3. develop deciphering chip or software module according to the 3.2.4 joint, use by decrypted user.

Claims (1)

1. key encrypt method based on coprime sequence and lever function; Form by key generation, three parts of encryption and decryption; Key generates part and supplies third party authoritative institution to produce recipient user's a pair of private key and PKI; Encryption section supplies transmit leg to use recipient's PKI to convert plaintext into ciphertext, and decryption portion supplies the recipient to use the private key of oneself to be reduced into ciphertext expressly, it is characterized in that

Key generates part and has adopted the following step:

1) produces coprime sequence { A at random ₁..., A _nAnd each A _i∈ Λ

2) seek a prime number Make

Wherein k satisfies

And p _k≤2n+3

3) picked at random l (1); ..., l (n) ∈ Ω and

have l (i) ≠ l (j)

4) picked at random δ,

Make

With || W||>=2 ^N-20

5) calculate C _i← (A _iW ^{L (i)}) ^δ%M is for i=1 ..., n finishes

At last, with ({ C _i, M) be PKI, with ({ A _i, W, δ, M) be private key, and private key can not leak;

Encryption section has adopted the following step:

Transmit leg is with recipient's PKI ({ C _i, M) as encryption key, to the clear packets b of n bit ₁... b _nDo

(1) puts

k ← 0, i ← 1

(2) if b _i=0, make k ← k+1, b _i← 0, otherwise do b _i← k+1, k ← 0,

(3) make i ← i+1, if i≤n goes to (2)

(4) if b _n=0, do b _N-k← b _N-k+ k,

At last, it will be sent out to the recipient to obtain ciphertext

;

Decryption portion has adopted the following step:

The recipient is with the private key ({ A of oneself _i, W, δ, M) as decruption key, and to ciphertext

Do

1. calculate $\stackrel{\‾}{G}\←{\stackrel{\‾}{G}}^{{\mathrm{\δ}}^{-1}}\%M$

2. calculate $\stackrel{\‾}{G}\←\stackrel{\‾}{G}{W}^{-2}\%M$

3. put b ₁... b _n← 0, I ← 1, k ← 0

4. if

Do

b _i← 1, k ← 0

Otherwise, make k ← k+1

5. make i ← i+1, if 4. i≤n and G ≠ 1 forward to

6. if k ≠ 0 and (A _N-k) ^k| G, be G ← G/ (A _N-k) ^k

7. as if G ≠ 1, forward to 2., otherwise, finish

At last, the recipient recovers the original plaintext b of transmit leg ₁... b _n