CN109728906A - Anti- quantum calculation asymmet-ric encryption method and system based on unsymmetrical key pond - Google Patents
Anti- quantum calculation asymmet-ric encryption method and system based on unsymmetrical key pond Download PDFInfo
- Publication number
- CN109728906A CN109728906A CN201910027042.7A CN201910027042A CN109728906A CN 109728906 A CN109728906 A CN 109728906A CN 201910027042 A CN201910027042 A CN 201910027042A CN 109728906 A CN109728906 A CN 109728906A
- Authority
- CN
- China
- Prior art keywords
- key
- public
- ciphertext
- public key
- private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The present invention relates to anti-quantum calculation asymmet-ric encryption methods and system based on unsymmetrical key pond, participant is configured with key card, public-key cryptographic keys pond and private key are stored in key card, the private key includes the first private key for implementing Elgamal algorithm and the second private key for implementing RSA Algorithm, the first public key corresponding with first private key is stored in the public-key cryptographic keys pond, and the second public key corresponding with second private key, and the first public key is related to storage address of second public key in key card;The anti-quantum calculation asymmet-ric encryption method, when encryption include: that the first public key corresponding with recipient and the second public key are obtained from key card;Shared key is generated using the first public key, and obtains the first ciphertext using shared key encryption message original text;The relevant information for generating shared key is encrypted using the second public key to obtain the second ciphertext;First ciphertext and second ciphertext are sent to recipient so that decryption obtains message original text.
Description
Technical field
The present invention relates to Elgamal public-key cryptosystems and unsymmetrical key pool technology technology, and in particular to asymmetric to add
The anti-quantum calculation Elgamal encryption method of dense body system.
Background technique
The Internet of rapid development brings huge convenience to people's lives, work, and people can be sitting in family
It sent and received e-mail, made a phone call by Internet, carrying out the activities such as shopping online, bank transfer.The network information security simultaneously
It is increasingly becoming a potential huge problem.In general the network information is faced with following several security risks: the network information
It is stolen, information is tampered, attacker palms off information, malicious sabotage etc..
The key technology of the current guarantee network information security is exactly cryptographic technique, and in field of cryptography of today, it is main
Will there are two types of cryptographic system, first is that symmetric key cryptosystem, i.e. encryption key and decruption key use it is same.The other is
Public key cryptosystem, i.e. encryption key and decruption key difference, one of them can be disclosed.
The safety of symmetric key cryptosystem relies on following two factor.First, Encryption Algorithm must be it is sufficiently strong,
Being based only on ciphertext itself and removing solution confidential information is impossible in practice;Second, the safety of encryption method is from key
Secret, rather than the secret of algorithm.The problem of symmetric encryption system maximum be key distribution and management it is extremely complex,
It is of a high price.Symmetric encipherment algorithm, which has another disadvantage that, is not easily accomplished digital signature.So in current mobile e-business
Encryption Algorithm realization in field depends primarily on RSA arithmetic.
The encryption key pair (public key) and decryption key (private key) that Public Key Cryptographic Systems uses are different.Due to encryption
Key be it is disclosed, the distribution of key and management are just very simple, and Public Key Cryptographic Systems can also be easily carried out number
Signature.
Since public key encryption comes out, scholars propose many kinds of public key encryption methods, their safety is all base
In complicated difficult math question.Classified according to the difficult math question being based on, have following three classes system be presently believed to be safety and
It is effective: big integer factorization system (representative to have RSA), Discrete log systems (representative to have DSA) and ellipse from
It dissipates Logarithmic system (ECC).
In cryptography, ElGamal Encryption Algorithm is that the asymmetric encryption based on the graceful key exchange of diffie-hellman is calculated
Method.It was proposed in 1985 by Ta Xier lid More.It is applied in many cryptographic systems such as GnuPG and PGP
ElGamal algorithm.ElGamal Encryption Algorithm can be defined on any cyclic group G.Its safety depends on discrete on G
Logarithm problem.
ElGamal encryption system is typically used in Hybrid Encryption system.Such as: disappeared with symmetric key cryptography system to encrypt
Then breath transmits key using ElGamal Encryption Algorithm.This is because ElGamal Encryption Algorithm is made under same security level
It is usually slower than symmetric key cryptography system for a kind of Asymmetric Cryptography system.The key of symmetric encipherment algorithm disappears with what is transmitted
Manner of breathing much shorter than usually, so then being encrypted in contrast with symmetric cryptography using ElGamal encryption key arbitrarily long
The message of degree, in this way will be more faster.
But with the development of quantum computer, classical asymmetric-key encryption algorithm will be no longer safe, no matter encryption and decryption
Or private key can be calculated in key exchange method, quantum computer by public key, therefore currently used asymmetric close
Key will have very big security risk in the quantum epoch.
Summary of the invention
The present invention provides a kind of anti-quantum calculation asymmet-ric encryption method and system for further increasing safety.
The present invention is based on the anti-quantum calculation asymmet-ric encryption method in unsymmetrical key pond, participant is configured with key card,
Be stored with public-key cryptographic keys pond and private key in key card, the private key include for implement the first private key of Elgamal algorithm, with
And the second private key for implementing RSA Algorithm, corresponding with first private key is stored in the public-key cryptographic keys pond
One public key, and the second public key corresponding with second private key, and the first public key with the second public key depositing in key card
It is related to store up address;
The anti-quantum calculation asymmet-ric encryption method, when encryption include:
The first public key corresponding with recipient and the second public key are obtained from key card;
Shared key is generated using the first public key, and obtains the first ciphertext using shared key encryption message original text;
The relevant information for generating shared key is encrypted using the second public key to obtain the second ciphertext;
First ciphertext and second ciphertext are sent to recipient so that decryption obtains message original text.
Optionally, the mode of corresponding with recipient the first public key and the second public key is obtained from key card are as follows:
To issue the key card cipher key management services station send request, and from the cipher key management services station obtain with
The corresponding public key pointer address of recipient;
The first public key corresponding with recipient and the second public key are obtained from key card according to the public key pointer address.
Optionally, the first public key and the second public key of all users are stored in public-key cryptographic keys pond, for same user's
The storage address of first public key and the second public key in key card is adjacent.
Optionally, the parameter { G, q, g } of cyclic group G is stored in the key card, when generating the shared key, packet
It includes:
The first true random number is generated, is in the parameter k in { 1 ..., q-1 } range using the true random number;Described
One public key and parameter k carry out operation and obtain the shared key.
Optionally, when obtaining the first ciphertext using shared key encryption message original text, comprising:
Element m message original text being mapped in cyclic group G;
Element m and shared key are subjected to operation and obtain first ciphertext.
Optionally, when encrypting the relevant information for generating shared key to obtain the second ciphertext using the second public key, comprising:
The relevant information for generating shared key is calculated, the relevant information is c1=g^k;
The relevant information and the second public key are subjected to operation and obtain second ciphertext.
Optionally, when encrypting the relevant information for generating shared key to obtain the second ciphertext using the second public key, comprising:
Sender generates the second true random number;
Using second true random number, the relevant information for generating shared key is encrypted to obtain first part, the phase
Pass information is c1=g^k;
Second part is obtained using second the second true random number of public key encryption;
The first part and second part form second ciphertext.
Optionally, include: when decryption
Receive first ciphertext and second ciphertext from sender;
The second ciphertext is decrypted using the second private key, obtains the relevant information for generating shared key;
Shared key is obtained using the relevant information of generation shared key, in conjunction with the first private key;
The first ciphertext, which is decrypted, using shared key obtains message original text.
The present invention also provides a kind of anti-quantum calculation asymmetric encipherment system based on unsymmetrical key pond, participant configuration
There is key card, public-key cryptographic keys pond and private key are stored in key card, the private key includes for implementing Elgamal algorithm
One private key and the second private key for implementing RSA Algorithm, are stored with and the first private key phase in the public-key cryptographic keys pond
Corresponding first public key, and the second public key corresponding with second private key, and the first public key and the second public key are in key
Storage address in card is related;
The anti-quantum calculation asymmetric encipherment system, comprising:
First module, for obtaining the first public key corresponding with recipient and the second public key from key card;
Second module for generating shared key using the first public key, and is obtained using shared key encryption message original text
First ciphertext;
Third module obtains the second ciphertext for encrypting the relevant information for generating shared key using the second public key;
4th module, for first ciphertext and second ciphertext to be sent to recipient so that decryption obtains message
Original text.
The present invention also provides a kind of anti-quantum calculation asymmetric encipherment system based on unsymmetrical key pond, participant configuration
There is key card, public-key cryptographic keys pond and private key are stored in key card, the private key includes for implementing Elgamal algorithm
One private key and the second private key for implementing RSA Algorithm, are stored with and the first private key phase in the public-key cryptographic keys pond
Corresponding first public key, and the second public key corresponding with second private key, and the first public key and the second public key are in key
Storage address in card is related;
Participant includes memory and processor, is stored with computer program in memory, which executes computer
The anti-quantum calculation asymmet-ric encryption method is realized when program.
In the present invention, the key card used is independent hardware isolated equipment.Other phases such as public key, private key and true random number
It is big to close a possibility that parameter generates in server, stores in key card, steal key by Malware or malicious operation
It is big to reduce, it will not be obtained and be cracked by quantum computer.Since public key does not transmit and relevant parameter exists in a network
What is transmitted in network is only the pointer address of public key, so the public and private key of communicating pair is stolen, a possibility that cracking is lower.?
In group, resulting c1 after asymmetric encryption or symmetric cryptography by being sent after encrypting between object, and asymmetric encryption
The public key of algorithm is not to disclosure outside group, so it is safer to compare classical Elgamal algorithm, and public and private key is not easy to be broken
Solution, has ensured communication security of the communicating pair in group.
Detailed description of the invention
Fig. 1 is that public key pond public key is distributed and public private key pair answers relational graph;
Fig. 2 is the flow chart for encrypting message in embodiment 1 to weevil;
Fig. 3 is the flow chart that object second decrypts message in embodiment 1;
Fig. 4 is the flow chart for encrypting message in embodiment 2 to weevil;
Fig. 5 is the flow chart that object second decrypts message in embodiment 2.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
In order to better describe and illustrate embodiments herein, one or more attached drawing can refer to, but attached for describing
The additional detail or example of figure are not construed as to present invention creation, current described embodiment or preferred side
The limitation of the range of any one in formula.
It should be understood that there is no stringent sequences to limit for the execution of each step unless expressly stating otherwise herein,
These steps can execute in other order.Moreover, at least part step may include multiple sub-steps or multiple ranks
Section, these sub-steps or stage are not necessarily to execute completion in synchronization, but can execute at different times, this
The execution sequence in a little step perhaps stage be also not necessarily successively carry out but can be with other steps or other steps
Sub-step or at least part in stage execute in turn or alternately.
The present invention realizes scene arbitrarily to possess two of unsymmetrical key pond in group to weevil, second.In the present invention
Key card not only can store a large amount of data, also have the ability of processing information.In the present invention, to the sheet of weevil and object second
All there is the algorithm of corresponding demand in ground system.
The description of key card is visible, and application No. is the patent applications of " 201610843210.6 ".It is close when for mobile terminal
Key card is preferably key SD card;When for fixed terminal, key card is preferably key USBkey or host key board.
With application No. is compared with the patent application of " 201610843210.6 ", key card to issue mechanism different.This
The key card side of issuing of invention is the supervisor side of key card, the generally administrative department of group, such as certain enterprise or public institution
Administrative department;The member that the key card side of being awarded is managed by the supervisor side of key card, generally certain enterprise or public institution
Employees at different levels.Supervisor side's application that user terminal arrives key card first is opened an account.After user terminal carries out registering granted, will
To key card (there is unique key card ID).Key card stores client enrollment register information.User side in key card is close
Key is all downloaded from down the same cipher key management services station, and for the supervisor side of the same key card, each key issued
The pool of keys stored in card is completely the same.Preferably, the pool of keys size stored in key card can be 1G, 2G, 4G,
8G, 16G, 32G, 64G, 128G, 256G, 512G, 1024G, 2048G, 4096G etc..
Key card is developed from smart card techniques, is combined with real random number generator (preferably quantum random number
Generator), cryptological technique, the authentication of hardware security isolation technology and encryption and decryption product.The embedded chip of key card and
Operating system can provide the functions such as secure storage and the cryptographic algorithm of key.Due to it with independent data-handling capacity and
Good safety, key card become the safety barrier of private key and pool of keys.Each key card has the protection of hardware PIN code,
PIN code and hardware constitute two necessary factors that user uses key card.I.e. so-called " double factor authentication ", user is only simultaneously
The key card and user's PIN code for saving relevant authentication information are obtained, it just can be with login system.Even if the PIN code of user is let out
Dew, as long as the key card that user holds is not stolen, the identity of legitimate user would not be counterfeit;If the key card of user is lost
It loses, the person of picking up also cannot counterfeit the identity of legitimate user due to not knowing user's PIN code.
For key card in registration, Key Management server can specify one group identities of key card, and give in group
ID.Key card can be written into a public-key cryptographic keys pond.Server can generate and group member number phase when creating a group
The same public private key pair for the public private key pair of Elgamal encryption and for RSA cryptographic algorithms.All Elgamal algorithms are public
Key and RSA Algorithm public key, which can be written in same file, forms public key file, Elgamal algorithm public key and RSA Algorithm public key
It is spaced from each other, specific modes of emplacement is as shown in Figure 1.In key card registration, server is close in addition to that can be stored in public key file
In key card, while also the key card can be distributed to by randomly selecting one in unappropriated Elgamal algorithm private key and will corresponded to
Public key pointer address be stored in key card, public key pointer address is for searching and the public key of private key pair.Meanwhile it will be above-mentioned
RSA Algorithm private key corresponding to the RSA Algorithm public key of next pointer address of corresponding public key is stored in the key card.Separately
Outside, the parameter { G, q, g } of cyclic group G is stored in key card, cyclic group G is defined when being server creation group, is used for
The public and private key of Elgamal algorithm generates and encryption and decryption.
If the object of this system key agreement is respectively to weevil and object second.It is the sender of message, object to weevil
Second is the recipient of message.If Elgamal algorithm public private key pair corresponding to weevil is that (A, a), A are public key, and a is private key;It is right
As the corresponding Elgamal algorithm public private key pair of second be (B, b), B is public key, and b is private key, and a and b are in { 1 ..., q-1 }
In range.Assuming that being (Ea, da) to the public and private key of the RSA Algorithm of weevil, the public and private key of the RSA Algorithm of object second is (Eb, db).
In conjunction with Fig. 1, participant is configured with key card in the present invention, is stored with public-key cryptographic keys pond and private key in key card,
By taking member 1 as an example, similarly, the private key includes: other members
Elgamal private key 1 for implementing the first private key of Elgamal algorithm, i.e., in figure;
RSA private key 1 for implementing the second private key of RSA Algorithm, i.e., in figure;
The first public key corresponding with first private key is stored in the public-key cryptographic keys pond, i.e., in figure
1~N of Elgamal public key;And the second public key corresponding with second private key, i.e., 1~N of RSA public key in figure.
First public key is related to storage address of second public key in key card;The first public key for same user and
Storage address of two public keys in key card is adjacent.Such as the Elgamal public key 1 in figure is adjacent with 1 storage address of RSA public key.
The anti-quantum calculation asymmet-ric encryption method based on unsymmetrical key pond of the application, when encryption include:
The first public key corresponding with recipient and the second public key are obtained from key card;
To issue the key card cipher key management services station send request, and from the cipher key management services station obtain with
The corresponding public key pointer address of recipient;
The first public key corresponding with recipient and the second public key are obtained from key card according to the public key pointer address.
Due in sender's key card, storing public key corresponding with multiple users, therefore for some particular user,
Its corresponding public key position needs to request to obtain to the cipher key management services station for issuing the key card, specifically includes:
To issue the key card cipher key management services station send request, and from the cipher key management services station obtain with
The corresponding public key pointer address of recipient;
The first public key corresponding with recipient and the second public key are obtained from key card according to the public key pointer address.
After sender obtains the first public key and the second public key, the first public key is recycled to generate shared key, and utilized shared
Key encryption message original text obtains the first ciphertext;
The parameter { G, q, g } of cyclic group G is stored in the key card, when generating the shared key, comprising:
The first true random number is generated, is in the parameter k in { 1 ..., q-1 } range using the true random number;Described
One public key and parameter k carry out operation and obtain the shared key.
When obtaining the first ciphertext using shared key encryption message original text, comprising:
Element m message original text being mapped in cyclic group G;
Element m and shared key are subjected to operation and obtain first ciphertext.
After sender obtains the first public key and the second public key, the relevant information of shared key will be also generated using the second public key
Encryption obtains the second ciphertext.
The second ciphertext is obtained there are two types of mode, and one is the relevant information for generating shared key to be encrypted using the second public key
When obtaining the second ciphertext, comprising:
The relevant information for generating shared key is calculated, the relevant information is c1=g^k;
The relevant information and the second public key are subjected to operation and obtain second ciphertext.
Obtain second of the second ciphertext are as follows:
Sender generates the second true random number;
Using second true random number, the relevant information for generating shared key is encrypted to obtain first part, the phase
Pass information is c1=g^k;
Second part is obtained using second the second true random number of public key encryption;
The first part and second part form second ciphertext.
After sender obtains the first ciphertext and second ciphertext, first ciphertext and second ciphertext are sent to
Recipient obtains message original text for decryption.
Include: when recipient's decryption
Receive first ciphertext and second ciphertext from sender;
The second ciphertext is decrypted using the second private key, obtains the relevant information for generating shared key;
Shared key is obtained using the relevant information of generation shared key, in conjunction with the first private key;
The first ciphertext, which is decrypted, using shared key obtains message original text.
Encryption process is further described below in conjunction with Fig. 2~Fig. 5.
Embodiment 1
Step 1: shared key being generated to weevil, and encrypts message and is sent to object second
1.1 pairs of weevils obtain object second public key: sending acquisition pair to the cipher key management services station for issuing key card to weevil
As the request of the corresponding public key pointer address of second, cipher key management services station is to the public key pointer address to weevil returning an object value second
Pb.Object nail root taken out from the file of public key pond according to pointer address Pb Elgamal public key B=g^b corresponding to object second to get to
First public key.
Object nail root takes out RSA public key Eb corresponding to object second according to pointer address (Pb+1) from the file of public key pond, i.e.,
Obtain the second public key.
1.2 pairs of weevils calculate shared key: generating a true random number R i.e. the first random number to weevil.Weevil is utilized
Assignment algorithm calculates the k that random number sequence R is in { 1 ..., q-1 } range.C1=g^k is calculated to weevil, simultaneously
Shared key s=B^k is calculated.
1.3 pairs of weevils encrypt message, and are sent to object second: obtaining a message original text M element for being mapped to G to weevil
To m.C2=ms is calculated to weevil, is equivalent to obtain the first ciphertext.
Rsa encryption is carried out to c1 using RSA public key Eb to weevil, { c1 } Eb is calculated, is equivalent to obtain the second ciphertext.
Weevil is combined c2 and { c1 } Eb to obtain ({ c1 } Eb, c2), and sends object second for ({ c1 } Eb, c2).
Step 2: object second generates key and decrypts message
2.1 object second parse message: object second is received from the message ({ c1 } Eb, c2) to weevil ', and parse and obtain
{ c1 } Eb ' and c2 '.
2.2 object second decrypt to obtain c1: object second is using RSA Algorithm private key db i.e. the second private key of one's own side to { c1 } Eb '
It carries out RSA decipherment algorithm and c1 ' is calculated.
Object second takes out i.e. the first private key of Elgamal algorithm private key b of one's own side, and shared key s '=c1 ' ^ is calculated
b。
2.3 object second decrypt to obtain message in plain text: meter is decrypted using shared key s ' and cipher-text message c2 ' in object second
Calculation obtains m '=c2 ' s '-1。s-1It is inverse element of the s on group G.It utilizes m ' to be mapped to cyclic group G and obtains message original text M '.
According to foregoing description it is found that m '=c2 ' s '-1=mBk·(c1’b)-1=mgbk·g-kb=m, i.e., it is implementable
Corresponding encryption and decryption.
Embodiment 2
Step 1: shared key being generated to weevil, and encrypts message and is sent to object second
1.1 pairs of weevils obtain object second public key: step 1.1 of the step with embodiment 1.
1.2 pairs of weevils calculate shared key: step 1.2 of the step with embodiment 1.
1.3 pairs of weevils encrypt message, and are sent to object second: obtaining a message original text M element for being mapped to G to weevil
To m.C2=ms is calculated to weevil, is equivalent to obtain the first ciphertext.
One true random number kt i.e. the second random number is generated to weevil, kt is subjected to symmetric cryptography as key pair c1 and is obtained
{ c1 } kt to get arrive first part.
{ kt } Eb is calculated to kt progress rsa encryption to get second part is arrived using Eb to weevil.
First part and second part form the second ciphertext, i.e. { c1 } kt and { kt } Eb.
C2, { c1 } kt and { kt } Eb are combined to obtain ({ c1 } kt, { kt } Eb, c2) by weevil, and by ({ c1 } kt, { kt }
Eb, c2) it is sent to object second.
Step 2: object second generates key and decrypts message
2.1 object second parse message: object second is received from the message ({ c1 } kt, { kt } Eb, c2) to weevil ', and
Parsing obtains { c1 } kt ', { kt } Eb ' and c2 '.
2.2 object second decrypt to obtain c1: object second is using RSA Algorithm private key db i.e. the second private key of one's own side to { kt } Eb '
It carries out RSA decipherment algorithm and kt ' is calculated.
Object second utilizes kt ' to carry out specified symmetry algorithm to { c1 } kt ' and decrypts to obtain c1 '.Object second takes out one's own side's
I.e. the first private key of Elgamal algorithm private key b, and shared key s '=c1 ' ^b is calculated.
2.3 object second decrypt to obtain message in plain text: meter is decrypted using shared key s ' and cipher-text message c2 ' in object second
Calculation obtains m '=c2 ' s '-1。s-1It is inverse element of the s on group G.It utilizes m ' to be mapped to cyclic group G and obtains message original text M '.
According to foregoing description it is found that m '=c2 ' s '-1=mBk·(c1’b)-1=mgbk·g-kb=m, i.e., it is implementable
Corresponding encryption and decryption.
In one embodiment, a kind of anti-quantum calculation asymmetric encipherment system based on unsymmetrical key pond is provided,
Participant is configured with key card, is stored with public-key cryptographic keys pond and private key in key card, the private key includes for implementing
First private key of Elgamal algorithm and the second private key for implementing RSA Algorithm, are stored in the public-key cryptographic keys pond
The first public key corresponding with first private key, and the second public key corresponding with second private key, and the first public key
It is related to storage address of second public key in key card;
The anti-quantum calculation asymmetric encipherment system, comprising:
First module, for obtaining the first public key corresponding with recipient and the second public key from key card;
Second module for generating shared key using the first public key, and is obtained using shared key encryption message original text
First ciphertext;
Third module obtains the second ciphertext for encrypting the relevant information for generating shared key using the second public key;
4th module, for first ciphertext and second ciphertext to be sent to recipient so that decryption obtains message
Original text.
In one embodiment, the anti-quantum calculation asymmetric encipherment system, further includes:
5th module, for receiving first ciphertext and second ciphertext from sender;
6th module obtains the relevant information for generating shared key for decrypting the second ciphertext using the second private key;
7th module, for using generating the relevant information of shared key, in conjunction with the first private key obtain shared key;
8th module obtains message original text for decrypting the first ciphertext using shared key.
Specific restriction about anti-quantum calculation asymmetric encipherment system may refer to non-above for anti-quantum calculation
The restriction of symmetric cryptography, details are not described herein.Above-mentioned modules can come real fully or partially through software, hardware and combinations thereof
It is existing.Above-mentioned each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also be with software shape
Formula is stored in the memory in computer equipment, executes the corresponding operation of the above modules in order to which processor calls.
In one embodiment, a kind of computer equipment is provided, i.e., based on a kind of anti-quantum by unsymmetrical key pond
Asymmetric encipherment system is calculated, which can be terminal, and internal structure may include connecting by system bus
Processor, memory, network interface, display screen and input unit.Wherein, the processor of the computer equipment is for providing calculating
And control ability.The memory of the computer equipment includes non-volatile memory medium, built-in storage.The non-volatile memories are situated between
Matter is stored with operating system and computer program.The built-in storage is operating system and computer in non-volatile memory medium
The operation of program provides environment.The network interface of the computer equipment is used to communicate with external terminal by network connection.It should
To realize above-mentioned anti-quantum calculation asymmet-ric encryption method when computer program is executed by processor.The display of the computer equipment
Screen can be liquid crystal display or electric ink display screen, and the input unit of the computer equipment can be and cover on display screen
Touch layer, be also possible to the key being arranged on computer equipment shell, trace ball or Trackpad, can also be external key
Disk, Trackpad or mouse etc..
Wherein in an embodiment, a kind of anti-quantum calculation asymmetric encipherment system based on unsymmetrical key pond is provided, is joined
It is configured with key card with side, is stored with public-key cryptographic keys pond and private key in key card, the private key includes for implementing Elgamal
First private key of algorithm and the second private key for implementing RSA Algorithm, are stored with and described in the public-key cryptographic keys pond
Corresponding first public key of one private key, and the second public key corresponding with second private key, and the first public key and the second public affairs
Storage address of the key in key card is related;
Participant includes memory and processor, is stored with computer program in memory, which executes computer
The anti-quantum calculation asymmet-ric encryption method is realized when program.
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
The limitation to invention scope therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art,
Under the premise of not departing from present inventive concept, various modifications and improvements can be made, and these are all within the scope of protection of the present invention.
Therefore, protection scope of the present invention should be determined by the appended claims.
Claims (10)
1. the anti-quantum calculation asymmet-ric encryption method based on unsymmetrical key pond, which is characterized in that participant is configured with key
Block, public-key cryptographic keys pond and private key are stored in key card, the private key includes private for implementing the first of Elgamal algorithm
Key and the second private key for implementing RSA Algorithm, are stored with corresponding with first private key in the public-key cryptographic keys pond
The first public key, and the second public key corresponding with second private key, and the first public key and the second public key are in key card
Storage address it is related;
The anti-quantum calculation asymmet-ric encryption method, when encryption include:
The first public key corresponding with recipient and the second public key are obtained from key card;
Shared key is generated using the first public key, and obtains the first ciphertext using shared key encryption message original text;
The relevant information for generating shared key is encrypted using the second public key to obtain the second ciphertext;
First ciphertext and second ciphertext are sent to recipient so that decryption obtains message original text.
2. the anti-quantum calculation asymmet-ric encryption method based on unsymmetrical key pond as described in claim 1, which is characterized in that
The mode of corresponding with recipient the first public key and the second public key is obtained from key card are as follows:
Request is sent to the cipher key management services station for issuing the key card, and obtains and receives from the cipher key management services station
The corresponding public key pointer address in side;
The first public key corresponding with recipient and the second public key are obtained from key card according to the public key pointer address.
3. the anti-quantum calculation asymmet-ric encryption method based on unsymmetrical key pond as described in claim 1, which is characterized in that
The first public key and the second public key of all users are stored in public-key cryptographic keys pond, it is public for the first public key of same user and second
Storage address of the key in key card is adjacent.
4. the anti-quantum calculation asymmet-ric encryption method based on unsymmetrical key pond as described in claim 1, which is characterized in that
The parameter { G, q, g } of cyclic group G is stored in the key card, when generating the shared key, comprising:
The first true random number is generated, is in the parameter k in { 1 ..., q-1 } range using the true random number;Described first is public
Key and parameter k carry out operation and obtain the shared key.
5. the anti-quantum calculation asymmet-ric encryption method based on unsymmetrical key pond as claimed in claim 4, which is characterized in that
When obtaining the first ciphertext using shared key encryption message original text, comprising:
Element m message original text being mapped in cyclic group G;
Element m and shared key are subjected to operation and obtain first ciphertext.
6. the anti-quantum calculation asymmet-ric encryption method based on unsymmetrical key pond as claimed in claim 4, which is characterized in that
When encrypting the relevant information for generating shared key to obtain the second ciphertext using the second public key, comprising:
The relevant information for generating shared key is calculated, the relevant information is c1=g^k;
The relevant information and the second public key are subjected to operation and obtain second ciphertext.
7. the anti-quantum calculation asymmet-ric encryption method based on unsymmetrical key pond as claimed in claim 4, which is characterized in that
When encrypting the relevant information for generating shared key to obtain the second ciphertext using the second public key, comprising:
Sender generates the second true random number;
Using second true random number, the relevant information for generating shared key is encrypted to obtain first part, the related letter
Breath is c1=g^k;
Second part is obtained using second the second true random number of public key encryption;
The first part and second part form second ciphertext.
8. the anti-quantum calculation asymmet-ric encryption method as described in any one of claims 1 to 7 based on unsymmetrical key pond,
It is characterized in that, when decryption includes:
Receive first ciphertext and second ciphertext from sender;
The second ciphertext is decrypted using the second private key, obtains the relevant information for generating shared key;
Shared key is obtained using the relevant information of generation shared key, in conjunction with the first private key;
The first ciphertext, which is decrypted, using shared key obtains message original text.
9. the anti-quantum calculation asymmetric encipherment system based on unsymmetrical key pond, which is characterized in that participant is configured with key
Block, public-key cryptographic keys pond and private key are stored in key card, the private key includes private for implementing the first of Elgamal algorithm
Key and the second private key for implementing RSA Algorithm, are stored with corresponding with first private key in the public-key cryptographic keys pond
The first public key, and the second public key corresponding with second private key, and the first public key and the second public key are in key card
Storage address it is related;
The anti-quantum calculation asymmetric encipherment system, comprising:
First module, for obtaining the first public key corresponding with recipient and the second public key from key card;
Second module for generating shared key using the first public key, and obtains first using shared key encryption message original text
Ciphertext;
Third module obtains the second ciphertext for encrypting the relevant information for generating shared key using the second public key;
4th module, it is former so that decryption obtains message for first ciphertext and second ciphertext to be sent to recipient
Text.
10. the anti-quantum calculation asymmetric encipherment system based on unsymmetrical key pond, which is characterized in that it is characterized in that, participating in
Side is configured with key card, is stored with public-key cryptographic keys pond and private key in key card, the private key includes for implementing Elgamal calculation
First private key of method and the second private key for implementing RSA Algorithm, are stored with and described first in the public-key cryptographic keys pond
Corresponding first public key of private key, and the second public key corresponding with second private key, and the first public key and the second public key
Storage address in key card is related;
Participant includes memory and processor, is stored with computer program in memory, which executes computer program
Shi Shixian anti-quantum calculation asymmet-ric encryption method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910027042.7A CN109728906B (en) | 2019-01-11 | 2019-01-11 | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910027042.7A CN109728906B (en) | 2019-01-11 | 2019-01-11 | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109728906A true CN109728906A (en) | 2019-05-07 |
| CN109728906B CN109728906B (en) | 2021-07-27 |
Family
ID=66299107
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910027042.7A Active CN109728906B (en) | 2019-01-11 | 2019-01-11 | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109728906B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110417547A (en) * | 2019-07-19 | 2019-11-05 | 如般量子科技有限公司 | The key updating method and system of anti-quantum calculation secret communication based on no cryptographic certificate |
| CN110557248A (en) * | 2019-07-19 | 2019-12-10 | 如般量子科技有限公司 | Secret key updating method and system for resisting quantum computation signcryption based on certificateless cryptography |
| CN110620780A (en) * | 2019-09-26 | 2019-12-27 | 如般量子科技有限公司 | Anti-quantum computation two-dimensional code authentication method and system based on asymmetric key pool and timestamp |
| CN110650004A (en) * | 2019-08-28 | 2020-01-03 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on symmetric key pool and online and offline signature |
| CN110677253A (en) * | 2019-08-28 | 2020-01-10 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on asymmetric key pool and ECC |
| CN111314083A (en) * | 2020-01-21 | 2020-06-19 | 南京如般量子科技有限公司 | Quantum secret communication system and method based on secret sharing and asymmetric cryptography |
| CN111404950A (en) * | 2020-03-23 | 2020-07-10 | 腾讯科技(深圳)有限公司 | Information sharing method and device based on block chain network and related equipment |
| CN112118098A (en) * | 2020-09-16 | 2020-12-22 | 建信金融科技有限责任公司 | Method, device and system for enhancing digital envelope by post-quantum security |
| CN114520719A (en) * | 2022-02-25 | 2022-05-20 | 国网山东省电力公司临沂供电公司 | Endogenous secure network data processing method and system based on quantum key |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070185950A1 (en) * | 2006-02-09 | 2007-08-09 | Masayuki Yoshino | Modular multiplication processing apparatus |
| CN102043916A (en) * | 2010-12-01 | 2011-05-04 | 戴葵 | High-performance extensible public key password coprocessor structure |
| CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
| US8555082B1 (en) * | 2009-04-01 | 2013-10-08 | Marvell International Ltd. | Securing external memory data |
| US20160028547A1 (en) * | 2013-03-15 | 2016-01-28 | Fujian Landi Commercial Equipment Co., Ltd | Key downloading method, management method, downloading management method, device and system |
| CN106452740A (en) * | 2016-09-23 | 2017-02-22 | 浙江神州量子网络科技有限公司 | Quantum communication service station, quantum key management device, key configuration network, and key configuration method |
| CN106790253A (en) * | 2017-01-25 | 2017-05-31 | 中钞信用卡产业发展有限公司北京智能卡技术研究院 | Authentication method and device based on block chain |
| CN109150519A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond |
| CN109151053A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond |
-
2019
- 2019-01-11 CN CN201910027042.7A patent/CN109728906B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070185950A1 (en) * | 2006-02-09 | 2007-08-09 | Masayuki Yoshino | Modular multiplication processing apparatus |
| US8555082B1 (en) * | 2009-04-01 | 2013-10-08 | Marvell International Ltd. | Securing external memory data |
| CN102043916A (en) * | 2010-12-01 | 2011-05-04 | 戴葵 | High-performance extensible public key password coprocessor structure |
| CN103220270A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
| US20160028547A1 (en) * | 2013-03-15 | 2016-01-28 | Fujian Landi Commercial Equipment Co., Ltd | Key downloading method, management method, downloading management method, device and system |
| CN106452740A (en) * | 2016-09-23 | 2017-02-22 | 浙江神州量子网络科技有限公司 | Quantum communication service station, quantum key management device, key configuration network, and key configuration method |
| CN106790253A (en) * | 2017-01-25 | 2017-05-31 | 中钞信用卡产业发展有限公司北京智能卡技术研究院 | Authentication method and device based on block chain |
| CN109150519A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond |
| CN109151053A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond |
Non-Patent Citations (2)
| Title |
|---|
| ISMAIL MANSOUR: ""Key management in wireless sensor networks"", 《JOURNAL OF SENSOR AND ACTUATOR NETWORKS》 * |
| 李绛绛: ""SM2椭圆曲线密码系统的软件设计与实现"", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110417547A (en) * | 2019-07-19 | 2019-11-05 | 如般量子科技有限公司 | The key updating method and system of anti-quantum calculation secret communication based on no cryptographic certificate |
| CN110557248A (en) * | 2019-07-19 | 2019-12-10 | 如般量子科技有限公司 | Secret key updating method and system for resisting quantum computation signcryption based on certificateless cryptography |
| CN110417547B (en) * | 2019-07-19 | 2023-06-09 | 如般量子科技有限公司 | Secret key updating method and system for secret communication based on certificateless cryptography |
| CN110557248B (en) * | 2019-07-19 | 2023-06-09 | 如般量子科技有限公司 | Secret key updating method and system based on signcryption of certificateless cryptography |
| CN110677253A (en) * | 2019-08-28 | 2020-01-10 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on asymmetric key pool and ECC |
| CN110677253B (en) * | 2019-08-28 | 2022-11-15 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on asymmetric key pool and ECC |
| CN110650004A (en) * | 2019-08-28 | 2020-01-03 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on symmetric key pool and online and offline signature |
| CN110620780B (en) * | 2019-09-26 | 2021-10-22 | 如般量子科技有限公司 | Anti-quantum computation two-dimensional code authentication method and system based on asymmetric key pool and timestamp |
| CN110620780A (en) * | 2019-09-26 | 2019-12-27 | 如般量子科技有限公司 | Anti-quantum computation two-dimensional code authentication method and system based on asymmetric key pool and timestamp |
| CN111314083A (en) * | 2020-01-21 | 2020-06-19 | 南京如般量子科技有限公司 | Quantum secret communication system and method based on secret sharing and asymmetric cryptography |
| CN111314083B (en) * | 2020-01-21 | 2023-04-07 | 南京如般量子科技有限公司 | Quantum secret communication system and method based on secret sharing and asymmetric cryptography |
| CN111404950A (en) * | 2020-03-23 | 2020-07-10 | 腾讯科技(深圳)有限公司 | Information sharing method and device based on block chain network and related equipment |
| CN112118098A (en) * | 2020-09-16 | 2020-12-22 | 建信金融科技有限责任公司 | Method, device and system for enhancing digital envelope by post-quantum security |
| CN112118098B (en) * | 2020-09-16 | 2023-06-09 | 建信金融科技有限责任公司 | Post quantum security enhanced digital envelope method, device and system |
| CN114520719A (en) * | 2022-02-25 | 2022-05-20 | 国网山东省电力公司临沂供电公司 | Endogenous secure network data processing method and system based on quantum key |
| CN114520719B (en) * | 2022-02-25 | 2023-08-04 | 国网山东省电力公司临沂供电公司 | Endogenous security network data processing method and system based on quantum key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109728906B (en) | 2021-07-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109728906A (en) | Anti- quantum calculation asymmet-ric encryption method and system based on unsymmetrical key pond | |
| CN106961336B (en) | A kind of key components trustship method and system based on SM2 algorithm | |
| Tsai et al. | Novel anonymous authentication scheme using smart cards | |
| CN101569132B (en) | Systems and methods for distributing and securing data | |
| Liao et al. | A secure dynamic ID based remote user authentication scheme for multi-server environment | |
| US20150244525A1 (en) | Authentication | |
| Au et al. | Privacy-preserving personal data operation on mobile cloud—Chances and challenges over advanced persistent threat | |
| CN109756329A (en) | Anti- quantum calculation shared key machinery of consultation and system based on private key pond | |
| CN109450623A (en) | Anti- quantum calculation cryptographic key negotiation method based on unsymmetrical key pond | |
| US20150124963A1 (en) | Authentication | |
| CN109921905B (en) | Anti-quantum computation key negotiation method and system based on private key pool | |
| CN109936456B (en) | Anti-quantum computation digital signature method and system based on private key pool | |
| CN109818749A (en) | The point-to-point method for message transmission of anti-quantum calculation and system based on pool of symmetric keys | |
| CN111431897B (en) | Multi-attribute mechanism attribute-based encryption method with tracking function for cloud-assisted Internet of things | |
| CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
| CN109787758B (en) | Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal | |
| CN109905229A (en) | Anti- quantum calculation Elgamal encryption and decryption method and system based on group's unsymmetrical key pond | |
| CN109728905A (en) | Anti- quantum calculation MQV cryptographic key negotiation method and system based on unsymmetrical key pond | |
| CN109951274B (en) | Anti-quantum computing point-to-point message transmission method and system based on private key pool | |
| CN109660338A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on pool of symmetric keys | |
| CN110535626A (en) | The quantum communications service station secret communication method and system of identity-based | |
| CN110380859A (en) | Based on unsymmetrical key pond to and DH agreement quantum communications service station identity identifying method and system | |
| CN109495244A (en) | Anti- quantum calculation cryptographic key negotiation method based on pool of symmetric keys | |
| CN110176989A (en) | Quantum communications service station identity identifying method and system based on unsymmetrical key pond | |
| CN111447058B (en) | Book resource access control method based on Chinese remainder theorem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |