CN105897409B - A method of the management of the key based on crypto chip - Google Patents

Abstract

The present invention provides a kind of method of key management based on crypto chip, it includes the management of key and the method for restructuring allocation, it splits and the execution efficiency of recombination is high, includes defining original private, splitting original private, with storage of data structure, distribution share and the method for restoring password.

Description

A method of the management of the key based on crypto chip

Technical field

The present invention relates to data structure techniques field, the method for specially a kind of key management based on crypto chip.

Background technique

Crypto chip etc. related fieldss, in order to realize the safe and secret of information, people are mainly using the means of encryption Carry out confidential information, and the core encrypted is the privacy problem of key, key management directly affects the safety of communication.Privacy sharing It is a kind of method that can solve cipher key management considerations, original secret can be divided into several shares by privacy sharing, then will These shares give several people or tissue keeping.When needing to restore original private again, all required parts Volume is recombined.If these shares when fractionation and recombination can part share first combine, then combination obtains New share can continue to combine, to form the combination of hierarchical.In this process, the data of these shares are deposited Storage, can use tree structure, but the storage organization of traditional tree such as child's chained list representation, parents' representation and brother The modes such as child's chained list representation this application seem efficiency be not it is very high, especially in the more feelings of the quantity of share Than more prominent under condition.

Summary of the invention

In view of the above-mentioned problems, the present invention provides a kind of method of key management based on crypto chip comprising key The method of management and restructuring allocation, splits and the execution efficiency of recombination is high.

Its technical solution is such that

A method of the management of the key based on crypto chip is mainly used for the key management of crypto chip, feature It is, comprising the following steps:

(1) it defines:

Crypto chip receives original private k, and original private k includes several share { k₁, k₂, k₃..., k_n}；

(2) it splits:

Step A1: the original private k, which carries out function fractionation operation using Lagrange interpolation polynomial, obtains each part Volume k_ij, the aggregate form of the share after fractionation are as follows: { k_1r, k_(r+1)2, k_(t+1)u..., k_vnWherein 1≤r < t, t < u≤v, v≤ N, r=2, v=4, n=5；

Step A2: several shares obtained after step A1 is split continue to tear open using Lagrange interpolation polynomial Point, k_vn{ k can be split into_vy, k_(y+1)z, k_(z+1)a..., k_bn, wherein v≤y < z, z < a < b, b≤n；

Step A3: repeating above step A2, until splitting terminates；

(3) it stores

Share set after fractionation is stored with tree structure, definition has tree G, and node number is n, each knot in tree Point stores the information of each share, and each node is with four-tuple < D_ic, D_i, D_i5, D_ie> form composition sequence list stored, Define D_icIndicate node D_iThe locating number of plies, D_iIndicate D_iThe specific node data of node, D_i5And D_ieRespectively indicate D_iNode Child node is in D_ic+ 1 layer of beginning serial number from left to right and end serial number, 0≤i≤n；Original private k after fractionation can use tree G It can store are as follows: f (G)={ < D_1c, D₁, D_1s, D_le>,<D_2c, D₂, D_2s, D_2e> ..., < D_ic, D_i, D_is, D_ie>...,<D_nc, D_n, D_ns, D_ne>, all four-tuple<D in f (G)_ic, D_i, D_is, D_ie>: be all according to tree G node from top to bottom, from a left side to Right sequence is successively stored, i.e., is arranged by the sequence of the number of plies from small to large, if D_isAnd D_ieEqual to 0, then it represents that D_iNode There is no child node；

(4) distribute: needing to split obtained each share after original private k fractionation and give each custodian:

Defining Travel (G) indicates that traversal sets all leaf nodes in G and exports ergodic sequence, and Travel (G) will set G's Each node in the four-tuple table of f (G) is examined successively whether meet D_is=0 and D_ie=0, it will be corresponding if meeting D_iOutput, then by all D of output_iIt is distributed to each custodian；

(5) restore: the tree G obtained after original private k is split reassembles into original password k, comprising the following steps:

Step B1: reading the tree G in crypto chip, owns < D in f (G)_ic, D_i, D_is, D_ie> form four-tuple in Successively obtain all D_is=0 and D_ie=0 D_i；

Step B2: by all D of acquirement_iIt is compared with all shares provided by recovery original private k are attempted, if Lack in the share of offer or increase any share and thinks this time to restore to be unauthorized, recovery process termination；

Step B3: the share merging that user provides is reverted into upper one layer of share, the share of recovery and f (G) are compared It is right, restore to combine and compare successfully and merge recovery if the share restored is identical as f (G), otherwise should terminate recovery journey Sequence；

Step B4: repeating step B3, until original private k recovery terminates.

Further, calculate that father node, restoring the calculating of upper one layer of share, steps are as follows:

Step C1: defining Parent (G, M) indicates to calculate the father node of M node in tree G；

Step C2: successively more each D in f (G)_iWhether value is equal to M；

Step C3: if not finding node M in f (G), M node is not present in tree G, and algorithm terminates；

Step C4: if finding M node in f (G), setting σ (G, A) is the same level knot for calculating A node in f (G) Arrangement serial number in point；

The number of plies for defining M node is M_cIf M_c- 1=0, then M node is the root node for setting G, so M node is tied without father Point；If M_c- 1 > 0 then successively compares and all in f (G) meets D_ic=M_c- 1 D_iWhether node meets D_is≤ σ (G, M)≤ D_ieIf met, Parent (G, M)=D_i, if there is no some D_iNode meets D_is≤ σ (G, M)≤D_ie, then f (G) Store mistake.

Calculate child node, steps are as follows for the calculating of i.e. next layer share:

Step D1: defining Child (G, M) indicates to calculate the child node of M node in tree G；

Step D2: successively more each D in f (G)_iWhether value is equal to M；

Step D3: if not finding M node in f (G), M node is not present in tree G, and algorithm terminates；

Step D4: if finding M node in f (G), four-tuple < M of M node is extracted_c, M, M_s, M_e>, obtain M knot The locating number of plies M of point_c, M_sAnd M_eDistribution indicates the child node of M node in M_c+ 1 layer of beginning serial number from left to right and end sequence Number, if M_sAnd M_eIt is equal to 0, then M node terminates without child node, algorithm；

Step D5: Child (G, M)={ D is calculated_j, D_j+1, D_j+2..., D_k, wherein the corresponding D of each node_jc, D_(j+1)c, D_(j+2)c..., D_kc=M_c+ 1, M_s≤ j, j+1, j+2 ..., k≤M_e。

Defining Height (G) indicates to calculate the height of tree G, calculates the height extraction < D of tree G_nc, D_n, D_ns, D_ne> in layer Number D_ncFor the height of the tree, i.e. Height (G)=D_nc。

The beneficial effects of the present invention are: being had the advantage that using the storage organization of tree G of the invention

(1) hierachy number of the height or node that calculate tree is more efficient than traditional storage organization, and Height (G) is indicated The height of tree G or the hierachy number of node G are calculated, using the storage organization of tree G, Height (G) is calculated very simply, only needs Directly to extract < D_nc, D_n, D_ns, D_ne> in hierachy number D_nc, i.e. Height (G)=D_nc.The time complexity of the algorithmic procedure is O (1), efficiency are apparently higher than other existing various storage modes.Locating for the height or node set by the above process Hierachy number can be calculated when restoring original private according to the hierachy number amount for setting or being presently in node it is whole The progress situation of a recovery process avoids the occurrence of to be supplied to the enough information feedbacks of operator and is unable to estimate recovery process The case where progress.

(2) storage organization proposed by the present invention is stored using sequence list, has sequence list itself can be according to subscript Number is written and is read the random access capabilities of data, greatly improves the efficiency of access, compared to traditional child's chained list table Show that method, fraternal child's chained list are this more quick using the storage mode of chained list.In addition, relatively traditional child's chained list indicates Method, this storage mode using chained list of fraternal child's chained list, it is empty that storage method proposed by the present invention does not need additional storage Between store junction associated address information, to improve the utilization rate of memory space.Storage organization proposed by the present invention and side Method has the higher service efficiency of traditional storage method over time and space.

Detailed description of the invention

Fig. 1 is the structure of the tree of embodiment 1.

Fig. 2 is the structure of the tree of embodiment 2.

Specific embodiment

In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, The present invention will be described in further detail.

A method of the management of the key based on crypto chip is mainly used for the key management of crypto chip, feature It is, comprising the following steps:

(1) it defines:

Crypto chip receives original private k, and original private k includes several share { k₁, k₂, k₃..., k_n}；

(2) it splits:

Step A1: the original private k, which carries out function fractionation operation using Lagrange interpolation polynomial, obtains each part Volume k_ij, the aggregate form of the share after fractionation are as follows: { k_1r, k_(r+1)2, k_(t+1)u..., k_vnWherein 1≤r < t, t < u≤v, v≤ N, r=2, v=4, n=5；

Step A2: several shares obtained after step A1 is split continue to tear open using Lagrange interpolation polynomial Point, k_vn{ k can be split into_vy, k_(y+1)z, k_(z+1)a..., k_bn, wherein v≤y < z, z < a < b, b≤n；

Step A3: repeating above step A2, until splitting terminates；

(3) it stores

Share set after fractionation is stored with tree structure, definition has tree G, and node number is n, each knot in tree Point stores the information of each share, and each node is with four-tuple < D_ic, D_i, D_is, D_ie> form composition sequence list stored, Define D_icIndicate node D_iThe locating number of plies, D_iIndicate D_iThe specific node data of node, D_isAnd D_ieRespectively indicate D_iNode Child node is in D_ic+ 1 layer of beginning serial number from left to right and end serial number, 0≤i≤n；Original private k after fractionation can use tree G It can store are as follows: f (G)={ < D_1c, D₁, D_1s, D_le>,<D_2c, D₂, D_2s, D_2e> ..., < D_ic, D_i, D_is, D_ie>...,<D_nc, D_n, D_ns, D_ne>, all four-tuple<D in f (G)_ic, D_i, D_iS, D_ie>: be all according to tree G node from top to bottom, from a left side to Right sequence is successively stored, i.e., is arranged by the sequence of the number of plies from small to large, if D_isAnd D_ieEqual to 0, then it represents that D_iNode There is no child node；

(4) distribute: needing to split obtained each share after original private k fractionation and give each custodian:

Defining Travel (G) indicates that traversal sets all leaf nodes in G and exports ergodic sequence, and Travel (G) will set G's Each node in the four-tuple table of f (G) is examined successively whether meet D_is=0 and D_ie=0, it will be corresponding if meeting D_iOutput, then by all D of output_iIt is distributed to each custodian；

(5) restore: the tree G obtained after original private k is split reassembles into original password k, comprising the following steps:

Step B1: reading the tree G in crypto chip, owns < D in f (G)_ic, D_i, D_is, D_ie> form four-tuple in Successively obtain all D_is=0 and D_ie:=0 D_i；

Step B2: by all D of acquirement_iIt is compared with all shares provided by recovery original private k are attempted, if Lack in the share of offer or increase any share and thinks this time to restore to be unauthorized, recovery process termination；

Step B3: the share merging that user provides is reverted into upper one layer of share, the share of recovery and f (G) are compared It is right, restore to combine and compare successfully and merge recovery if the share restored is identical as f (G), otherwise should terminate recovery journey Sequence；

Step B4: repeating step B3, until original private k recovery terminates.

Calculate that father node, restoring the calculating of upper one layer of share, steps are as follows:

Step C1: defining Parent (G, M) indicates to calculate the father node of M node in tree G；

Step C2: successively more each D in f (G)_iWhether value is equal to M；

Step C3: if not finding node M in f (G), M node is not present in tree G, and algorithm terminates；

Step C4: if finding M node in f (G), setting σ (G, A) is the same level knot for calculating A node in f (G) Arrangement serial number in point；

The number of plies for defining M node is M_cIf M_c- 1=0, then M node is the root node for setting G, so M node is tied without father Point；If M_c- 1 > 0 then successively compares and all in f (G) meets D_ic=M_c- 1 D_iWhether node meets D_is≤ σ (G, M)≤ D_ieIf met, Parent (G, M)=D_i, if there is no some D_iNode meets D_is≤ σ (G, M)≤D_ie, then f (G) Store mistake.

Calculate child node, steps are as follows for the calculating of i.e. next layer share:

Step D1: defining Child (G, M) indicates to calculate the child node of M node in tree G；

Step D2: successively more each D in f (G)_iWhether value is equal to M；

Step D3: if not finding M node in f (G), M node is not present in tree G, and algorithm terminates；

Step D4: if finding M node in f (G), four-tuple < M of M node is extracted_c, M, M_s, M_e>, obtain M knot The locating number of plies M of point_c, M_sAnd M_eDistribution indicates the child node of M node in M_c+ 1 layer of beginning serial number from left to right and end sequence Number, if M_sAnd M_eIt is equal to 0, then M node terminates without child node, algorithm；

Step D5: Child (G, M)={ D is calculated_j, D_j+1, D_j+2..., D_k, wherein the corresponding D of each node_jc, D_(j+1)c, D_(j+2)c..., D_kc=M_c+ 1, M_s≤ j, j+1, j+2 ..., k≤M_e。

Defining Height (G) indicates to calculate the height of tree G, calculates the height extraction < D of tree G_nc, D_n, D_ns, D_ne> in layer Number D_ncFor the height of the tree, i.e. Height (G)=D_nc。

The beneficial effects of the present invention are: being had the advantage that using the storage organization of tree G of the invention

(1) hierachy number of the height or node that calculate tree is more efficient than traditional storage organization, and Height (G) is indicated The height of tree G or the hierachy number of node G are calculated, using the storage organization of tree G, Height (G) is calculated very simply, only needs Directly to extract < D_nc, D_n, D_ns, D_ne> in hierachy number D_nc, i.e. Height (G)=D_nc.The time complexity of the algorithmic procedure is O (1), efficiency are apparently higher than other existing various storage modes.Locating for the height or node set by the above process Hierachy number can be calculated when restoring original private according to the hierachy number amount for setting or being presently in node it is whole The progress situation of a recovery process avoids the occurrence of to be supplied to the enough information feedbacks of operator and is unable to estimate recovery process The case where progress.

(2) storage organization proposed by the present invention is stored using sequence list, has sequence list itself can be according to subscript Number is written and is read the random access capabilities of data, greatly improves the efficiency of access, compared to traditional child's chained list table Show that method, fraternal child's chained list are this more quick using the storage mode of chained list.In addition, relatively traditional child's chained list indicates Method, this storage mode using chained list of fraternal child's chained list, it is empty that storage method proposed by the present invention does not need additional storage Between store junction associated address information, to improve the utilization rate of memory space.Storage organization proposed by the present invention and side Method has the higher service efficiency of traditional storage method over time and space.

Embodiment 1, there are secret k, are split as (k, k using method of the invention₁₂, k₃, k₄₅, k₁, k₂, k₄, k₅, with tree Structure is as described in Figure 1, can use tree G storage are as follows: and f (G)=<1, k, 1,3>,<2, k₁₂, 1,2 >, < 2, k₃, 0,0 >, < 2, k₄₅, 3,4>,<3, k₁, 0,0>,<3, k₂, 0,0 >, < 3, k₄, 0,0>,<3, k₅, 0,0 > }

Parent (G, k₄₅) indicate to calculate k₄₅The father node of node, σ (G, k₄₅) it is to calculate node k₄₅Same layer in f (G) Arrangement serial number in minor node is all in 3, f (G) to meet D_ic=M_c- 1 D_iNode has a k, and k node is<1, k, 1,3>, Meet D_is≤ σ (G, M)≤D_ie, therefore be Parent (G, k₄₅) it is k.

It indicates to calculate node k₄₅Child node, searching out f (G), there are k₄₅Node, k₄₅The number of plies of node is 2, at f (G) Four-tuple in find k₄₅The child node of node is in 3 layers of beginning serial number from left to right and terminates serial number 3,4, can be obtained Child (G, k₄₅) it is k₄And k₅。

Wherein Height (G) is 3.

Embodiment 2 splits to obtain { A, B, C, D, EF, G, H } using method of the invention there are secret T, as described in Figure 2, Tree T storage can be used are as follows: f (T)=1, A, 1,3>,<2, B, 1,3>,<2, C, 4,4>,<2, D, 0,0>,<3, E, 0,0>,<3, F, 0,0>,<3, G, 0,0>,<3, H, 0,0>} Parent (T, F) indicate calculate node F father node, σ (T, F) be calculate F knot Arrangement serial number of the point in the same layer minor node in f (T), is 2, all in f (T) to meet D_ic=M_c- 1 D_icNode have B, C, D point, B node are < 2, B, 1, and 3 > meet D_is≤ σ (G, M)≤D_ie, C and D point is not met, therefore Parent (G, k₄₅) it is B.

The child node for indicating calculating F node, searching out f (T), there are node F, and the number of plies of F node is 3, in the quaternary of f (T) K is found in group₄₅The child node of node is 0 in 3 layers of beginning serial number from left to right and end serial number, and node F, which can be obtained, not to be had Child node.

Wherein Height (T) is 3.

Claims (4)

1. a kind of method of the management of the key based on crypto chip, is mainly used for the key management of crypto chip, feature exists In, comprising the following steps:

(1) it defines:

Crypto chip receives original private k, and original private k includes several share { k₁, k₂, k₃..., k_n}；

(2) it splits:

Step A1: the original private k, which carries out function fractionation operation using Lagrange interpolation polynomial, obtains each share K_ij, The aggregate form of share after fractionation are as follows: { k_1r, k_(r+1)2, k_(t+1)u..., k_vn, wherein 1≤r < t, t <u≤v, v≤n, r=2, V=4, n=5；

Step A2: several shares obtained after step A1 is split continue to split using Lagrange interpolation polynomial, k_vn { k can be split into_vy,k_(y+1)z,k_(z+1)a,…,k_bn, wherein v≤y < z, z < a <b, b≤n；

Step A3: repeating above step A2, until splitting terminates；

(3) it stores

Share set after fractionation is stored with tree structure, definition has tree G, and node number is n, and each node in tree is deposited The information of each share is stored up, each node is with four-tuple < D_ic, D_i, D_is, D_ieThe form composition sequence list of > is stored, and is defined D_icIndicate node D_iThe locating number of plies, D_iIndicate D_iThe specific node data of node, D_isAnd D_ieRespectively indicate D_iThe son knot of node Point is in D_ic+ 1 layer of beginning serial number from left to right and end serial number, 0≤i≤n；Original private k after fractionation can be with tree G Storage are as follows:

F (G)={ < D_1c, D₁, D_1s, D_1e>,<D_2c, D₂, D_2s, D_2e>...,<D_ic, D_i, D_is, D_ie>...,<D_nc, D_n, D_ns, D_ne>, All four-tuple < D in f (G)_ic, D_i, D_is, D_ie> be all according to tree G node sequence from top to bottom, from left to right according to Secondary storage is arranged by the sequence of the number of plies from small to large, if D_isAnd D_ieEqual to 0, then it represents that D_iNode does not have child node；

(4) distribute: needing to split obtained each share after original private k fractionation and give each custodian:

Defining Travel (G) indicates that traversal sets all leaf nodes in G and exports ergodic sequence, and Travel (G) will set the f (G) of G Four-tuple table in each node be examined successively whether meet D_is=0 and D_ie=0, by corresponding D if meeting_iIt is defeated Out, then by all D of output_iIt is distributed to each custodian；

(5) restore: the tree G obtained after original private k is split reassembles into original password k, comprising the following steps:

Step B1: the tree G, all < D in f (G) in crypto chip are read_ic, D_i, D_is, D_ieIn the four-tuple of the form of > successively Obtain all D_is=0 and D_ie=0 D_i；

Step B2: by all D of acquirement_iIt is compared with all shares provided by recovery original private k are attempted, if mentioning Lack in the share of confession or increase any share and thinks this time to restore to be unauthorized, recovery process termination；

Step B3: the share merging that user provides is reverted into upper one layer of share, the share of recovery is compared with f (G), such as The share that fruit restores is identical as f (G), restores to combine and compares successfully and merge recovery, otherwise should terminate recovery routine；

Step B4: repeating step B3, until original private k recovery terminates.

2. a kind of method of the management of key based on crypto chip according to claim 1, it is characterised in that: calculate father Node, restoring the calculating of upper one layer of share, steps are as follows:

Step C1: defining Parent (G, M) indicates to calculate the father node of M node in tree G；

Step C2: successively more each D in f (G)_iWhether value is equal to M；

Step C3: if not finding node M in f (G), M node is not present in tree G, and algorithm terminates；

Step C4: if finding M node in f (G), setting σ (G, A) is to calculate A node in the same layer minor node in f (G) Arrangement serial number；

The number of plies for defining M node is M_cIf M_c- 1=0, then M node is the root node for setting G, so M node is without father node；Such as Fruit M_c- 1 > 0 then successively compares and all in f (G) meets D_ic=M_c- 1 D_iWhether node meets D_is≤ σ (G, M)≤D_ieIf Meet, then Parent (G, M)=D_i, if there is no some D_iNode meets D_is≤ σ (G, M)≤D_ie, then f (G) stores mistake.

3. a kind of method of the management of key based on crypto chip according to claim 1, it is characterised in that: calculate son Steps are as follows for the calculating of node, i.e. next layer share:

Step D1: defining Child (G, M) indicates to calculate the child node of M node in tree G；

Step D2: successively more each D in f (G)_iWhether value is equal to M；

Step D3: if not finding M node in f (G), M node is not present in tree G, and algorithm terminates；

Step D4: if finding M node in f (G), four-tuple < M of M node is extracted_c, M, M_s, M_e>, it obtains locating for M node Number of plies M_c, M_sAnd M_eDistribution indicates the child node of M node in M_c+ 1 layer of beginning serial number from left to right and end serial number, if M_s And M_eIt is equal to 0, then M node terminates without child node, algorithm；

Step D5: Child (G, M)={ D is calculated_j, D_j+1, D_j+2..., D_k, wherein each node is corresponding

D_jc, D_(j+1)c, D_(j+2)c..., D_kc=M_c+ 1, M_s≤ j, j+1, j+2 ..., k≤M_e。

4. a kind of method of the management of key based on crypto chip according to claim 1, it is characterised in that: definition Height (G) indicates the height of calculating tree G, and the height for calculating tree G extracts < D_nc, D_n, D_ns, D_neHierachy number D in >_ncFor the tree Height, i.e. Height (G)=D_nc。