CN103200000B - Shared key method for building up under a kind of quantum computation environment - Google Patents

Abstract

The present invention relates to field of information security technology, particularly relate to the shared key method for building up under a kind of quantum computation environment, comprise the system of foundation and communicating pair A and B sets up shared key two steps.The present invention adopts polynomial homomorphism problem to give a kind of method for building up of shared key, there is the advantage such as attack that implementation efficiency is high, do not need cipher code arithmetic assisting processor, tight security, anti-quantum computer, in the security fields such as smart card, radio sensing network, than traditional secrete key exchange agreement as Diffie-Hellman IKE etc. has superiority.Method provided by the invention can be widely used in the information safety system such as network security, ecommerce field.

Description

Shared key method for building up under a kind of quantum computation environment

Technical field

The present invention relates to field of information security technology, particularly relate to the shared key method for building up under a kind of quantum computation environment.

Background technology

For a difficult problem for key management complexity in DSE arithmetic, within 1976, Diffie and Hellman proposes the concept of " public-key cryptosystem " in a creative way, points out to transmit secret information on overt channel.Thus and be not suitable for directly encrypting mass data compared with symmetric cryptography, the general more complicated of encryption and decryption computing in common key cryptosystem, implementation efficiency are low.Common way is: the cryptographic technique that uses public-key (Key Establishing Protocol) sets up a shared session key; Then, a large amount of cleartext information is encrypted with session key as the key of symmetric cryptography.

In general, Key Establishing Protocol can be divided into: key distribution protocol and cipher key change (negotiation) agreement.In key distribution protocol, transmit leg A selects a session key and sends it to recipient B safely, usually needs third party to be responsible for or assists to set up.And in IKE, communicating pair produces session key jointly, this value can be determined in advance without any a side.From certain meaning, IKE has certain advantage compared with key distribution protocol.Classical Diffie-Hellman IKE also exists the defect of man-in-the-middle attack, and the method for improvement introduces authentication mechanism.According to the demand of development, on the basis of Diffie-Hellman IKE, occur again the agreement of many improvement, wherein, MQV agreement has become IEEEP1363 standard.But these agreements are mostly based on discrete logarithm or Elliptic Curve Discrete Logarithm, can not resist the attack of quantum calculation.Therefore, the Key Establishing Protocol of quantum calculation safety is worth us to further investigate.

Key Establishing Protocol in quantum cryptology is in fact also divided into key distribution protocol and cipher key change (negotiation) agreement, is generally referred to as quantum key distribution (QKD) agreement.Usually, a basic point-to-point QKD link is a random symmetric key dissemination system, and its fail safe effectively eavesdrops detection based on to quantum communications process.On quantum channel, carry out quantum key distribution at present relatively practical, but quantum channel directly can not be carried out the secure communication of cleartext information as natural cryptochannel.

At present, the research of anti-quantum calculation field of cryptography mainly concentrates on public key encryption and digital signature aspect, and the IKE with anti-quantum calculation potentiality is studied less.Anshel in 1999 etc. propose the IKE based on general noncommutative group, calendar year 2001 they propose both sides' IKE based on braid group again, these two agreements were proved to be unsafe afterwards.In U.S. secret meeting in 2000, Ko etc. propose the conjugate problem (DHCP) of so-called Diffie-Hellman type, and suppose based on the difficulty of this problem, propose both sides' IKE of a Diffie-Hellman type, but, Cheon in 2003 etc. give the polynomial time algorithm solving this problem, and Myasnikon in 2005 etc. provide a more efficient method for solving.Boucher in 2010 etc. propose a kind of both sides' IKE based on the special non-exchange multiplication multinomial of one in PQCrypto2010 meeting, and this agreement is broken through by Dubois etc. subsequently.

Summary of the invention

For the technical problem of above-mentioned existence, the object of this invention is to provide the shared key method for building up under a kind of quantum computation environment.

For achieving the above object, the present invention adopts following technical scheme:

A shared key method for building up under quantum computation environment, is characterized in that, comprise the following steps:

Step 1: set up system:

Select finite field gf (q), the m on random selecting GF (q) ties up square formation T ₀square formation U is tieed up with n ₀, and the nonlinear transformation F that forms of n variable m quadratic polynomial, F can be expressed as:

F(x ₁，…，x _n)＝(f ₁(x ₁，…，x _n)，…，f _m(x ₁，…，x _n))

Here, f _ifor n unit quadratic polynomial function, form is as follows:

$f_i(x_1,\mathrm{...},x_n)=\underset{1\≤j\≤k\≤n}{\Σ}{c}_{ijk}{x}_j{x}_k+\underset{1\≤j\≤n}{\Σ}{b}_{ij}{x}_j+a_i$

Wherein, all parameter x _j, x _k, a _i, b _ij, c _ijk∈ GF (q) (1≤j≤k≤n, 1≤i≤m);

Step 2: communicating pair A and B sets up shared key; Its process comprises 6 sub-steps:

(1) A random selecting α _i, β _j∈ GF (q), wherein 0≤i≤m, 0≤j≤n, calculate private key

$T_a={\Σ}_{i=0}^m{\mathrm{\α}}_i{T}_0^i,U_a={\Σ}_{j=0}^n{\mathrm{\β}}_j{U}_0^j,$

Calculate session information G simultaneously _a=T _aο F ο U _a;

(2) B random selecting γ _i, δ _j∈ GF (q), wherein 0≤i≤m, 0≤j≤n, calculate private key

$T_b={\Σ}_{i=0}^m{\mathrm{\γ}}_i{T}_0^i,U_b={\Σ}_{j=0}^n{\mathrm{\δ}}_j{U}_0^j,$

Calculate session information G simultaneously _b=T _bο F ο U _b;

(3) A sends session information G _ato B;

(4) B sends session information G _bto A;

(5) the A private key of oneself calculates shared key G _ba=T _aο G _bο U _a;

(6) the B private key of oneself calculates shared key G _ab=T _bο G _aο U _b;

Wherein, in above-mentioned steps (1) (2) (5) (6), symbol " ο " represents the compound operation between mapping.

The present invention has the following advantages and good effect:

1. the present invention is the very high IKE of a kind of fail safe.Its fail safe performance is mainly based on polynomial homomorphism problem, and this problem has been proved to be as NPC problem, and in addition, the present invention inherits the advantage of traditional multivariate public key cryptography system, and therefore the present invention has the potentiality that opposing quantum computer is attacked;

2. the present invention is a kind of IKE of efficient lightweight, and its computing is mainly the multiplying in finite field, if we select less field parameter as GF (2 ⁸), then multiplication can adopt and table look-up, and efficiency is higher, and this programme can be widely used in the limited embedded device of computing capability.

Accompanying drawing explanation

Fig. 1: the flow chart being the shared key method for building up under quantum computation environment of the present invention.

Embodiment

Shared key method for building up under the quantum computation environment of the present invention's proposition is described below in conjunction with the drawings and specific embodiments.

Ask for an interview Fig. 1, the shared key method for building up under quantum computation environment of the present invention, comprises the following steps:

Step 1: set up system:

Select finite field gf (2 ¹⁶), random selecting GF (2 ¹⁶) on 10 dimension square formation T ₀with 12 dimension square formation U ₀, and the nonlinear transformation F that forms of 12 variablees, 10 quadratic polynomials, F can be expressed as:

F(x ₁，…，x ₁₂)＝(f ₁(x ₁，…，x ₁₂)，…，f ₁₀(x ₁，…，x ₁₂))

Here, f _ibe 12 yuan of quadratic polynomial functions, form is as follows:

$f_i(x_1,\mathrm{...},x_{12})=\underset{1\≤j\≤k\≤12}{\Σ}{c}_{ijk}{x}_j{x}_k+\underset{1\≤j\≤12}{\Σ}{b}_{ij}{x}_j+a_i$

Wherein, all parameter x _i, a _i, c _ijk∈ GF (2 ¹⁶) (1≤j≤k≤12,1≤i≤10);

Step 2: communicating pair A and B sets up shared key; Its process comprises 6 sub-steps:

(1) A random selecting α _i, β _j∈ GF (2 ¹⁶), wherein 0≤i≤10,0≤j≤12, calculate private key

$T_a={\Σ}_{i=0}^{10}{\mathrm{\α}}_i{T}_0^i,U_a={\Σ}_{j=0}^{12}{\mathrm{\β}}_j{U}_0^j,$

Calculate session information G simultaneously _a=T _aο F ο U _a;

(2) B random selecting γ _i, δ _j∈ GF (q), wherein 0≤i≤10,0≤j≤12, calculate private key

$T_b={\Σ}_{i=0}^{10}{\mathrm{\γ}}_i{T}_0^i,U_b={\Σ}_{j=0}^{12}{\mathrm{\δ}}_j{U}_0^j,$

Calculate session information G simultaneously _b=T _bο F ο U _b;

(3) A sends session information G _ato B;

(4) B sends session information G _bto A;

(5) the A private key of oneself calculates shared key G _ba=T _aο G _bο U _a;

(6) the B private key of oneself calculates shared key G _ab=T _bο G _aο U _b;

Wherein, in above-mentioned steps (1) (2) (5) (6), symbol " ο " represents the compound operation between mapping.

The level of security of the present embodiment is about its main computing is finite field gf (2 ¹⁶) on multiplying, secondly implementation efficiency is high, and be applicable to software and hardware and realize, PKI is 134680 bits, and private key is 3904 bits, much smaller compared with the size of key of SFLASH Standard signatures algorithm.

The content that this specification is not described in detail belongs to the known prior art of those skilled in the art.

The present invention adopts polynomial homomorphism problem to give a kind of method for building up of shared key, there is the advantage such as attack that implementation efficiency is high, do not need cipher code arithmetic assisting processor, tight security, anti-quantum computer, in the security fields such as smart card, radio sensing network, than traditional secrete key exchange agreement as Diffie-Hellman IKE etc. has superiority.Method provided by the invention can be widely used in the information safety system such as network security, ecommerce field.

The above embodiment is only that protection scope of the present invention is not limited thereto in order to absolutely prove the preferred embodiment that the present invention lifts.The equivalent alternative or conversion that those skilled in the art do on basis of the present invention, all within protection scope of the present invention.Protection scope of the present invention is as the criterion with claims.

Claims (1)

1. the shared key method for building up under quantum computation environment, is characterized in that, comprise the following steps:

Step 1: set up system:

Select finite field gf (q), the m on random selecting GF (q) ties up square formation T ₀square formation U is tieed up with n ₀, and the nonlinear transformation F that forms of n variable m quadratic polynomial, F can be expressed as:

F(x ₁，…，x _n)＝(f ₁(x ₁，…，x _n)，…，f _m(x ₁，…，x _n))

Here, f _ifor n unit quadratic polynomial function, form is as follows:

$f_i(x_1,...,x_n)=\underset{1\≤j\≤k\≤n}{\Σ}{c}_{ijk}{x}_j{x}_k+\underset{1\≤j\≤n}{\Σ}{b}_{ij}{x}_j+a_i$

Wherein, all parameter x _j, x _k, a _i, b _ij, c _ijk∈ GF (q) (1≤j≤k≤n, 1≤i≤m);

Step 2: communicating pair A and B sets up shared key; Its process comprises 6 sub-steps:

(1) A random selecting α _i, β _j∈ GF (q), wherein 0≤i≤m, 0≤j≤n, calculate private key

$T_a={\mathrm{\Σ}}_{i=0}^m{\mathrm{\α}}_i{T}_0^i,U_a={\mathrm{\Σ}}_{j=0}^n{\mathrm{\β}}_j{U}_0^j,$

Calculate session information G simultaneously _a=T _aο F ο U _a;

(2) B random selecting γ _i, δ _j∈ GF (q), wherein 0≤i≤m, 0≤j≤n, calculate private key

$T_b={\mathrm{\Σ}}_{i=0}^m{\mathrm{\γ}}_i{T}_0^i,U_b={\mathrm{\Σ}}_{j=0}^n{\mathrm{\δ}}_j{U}_0^j,$

Calculate session information G simultaneously _b=T _bο F ο U _b;

(3) A sends session information G _ato B;

(4) B sends session information G _bto A;

(5) the A private key of oneself calculates shared key G _ba=T _aο G _bο U _a;

(6) the B private key of oneself calculates shared key G _ab=T _bο G _aο U _b;

Wherein, in above-mentioned steps (1) (2) (5) (6), symbol " ο " represents the compound operation between mapping.