CN111756727A - McElience system encryption and decryption method based on QC-LDPC code - Google Patents
McElience system encryption and decryption method based on QC-LDPC code Download PDFInfo
- Publication number
- CN111756727A CN111756727A CN202010579134.9A CN202010579134A CN111756727A CN 111756727 A CN111756727 A CN 111756727A CN 202010579134 A CN202010579134 A CN 202010579134A CN 111756727 A CN111756727 A CN 111756727A
- Authority
- CN
- China
- Prior art keywords
- matrix
- decryption
- mcelience
- client
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03M—CODING; DECODING; CODE CONVERSION IN GENERAL
- H03M13/00—Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
- H03M13/03—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words
- H03M13/05—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits
- H03M13/11—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits using multiple parity bits
- H03M13/1102—Codes on graphs and decoding on graphs, e.g. low-density parity check [LDPC] codes
- H03M13/1148—Structural properties of the code parity-check or generator matrix
- H03M13/116—Quasi-cyclic LDPC [QC-LDPC] codes, i.e. the parity-check matrix being composed of permutation or circulant sub-matrices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0056—Systems characterized by the type of code used
- H04L1/0061—Error detection codes
Abstract
The invention belongs to the field of cryptography based on error correction coding, and particularly relates to an McElience system encryption and decryption method based on QC-LDPC codes. In the field of error correction coding, the matrix decomposition problem cannot be overcome by quantum computers at present. Therefore, a variant McElience encryption and decryption system based on the QC-LDPC code is proposed based on a matrix decomposition problem. In the system, the client side adopts two public keys for encryption, the security is based on the problem that two large matrices are difficult to decompose, and the security level is higher. During decryption, the server side directly utilizes the Q decoder for decryption, and compared with the traditional BF decoding, the server side has higher decoding performance. In conclusion, the variant M system can replace an RSA public key encryption algorithm in the HTTPS protocol, so that the protocol is safer and can resist quantum attack.
Description
Technical Field
The invention belongs to the technical field of cryptography, and particularly relates to an McElience system encryption and decryption method based on QC-LDPC codes.
Background
In computer and communication networks, nodes in the network or users communicate with each other continuously, and the security of the communicated information is important nowadays. In the existing computer network, when a client or a browser communicates with a server, an HTTPS protocol is used, and the protocol has a main idea that symmetric keys are encrypted by using a public key cryptography theory, so that the client and the server have the same symmetric key, and then the symmetric keys are used for communication. A common public-key cryptography technique in use today is the RSA algorithm. The security of the RSA algorithm is based on the large integer decomposition difficulty problem. However, the quantum computing technology is developed rapidly at present, and a cryptosystem based on the problems of large integer decomposition and discrete logarithm difficulty is no longer safe. In the quantum computing era, a public key cryptosystem based on error correction coding can resist quantum attack, and a quantum computer cannot attack the problems of matrix decomposition and linear code decoding in an error correction code. Many researchers have begun studying the theory of cryptography based on error correcting codes. In the field of encryption algorithms, a scholars Goppa firstly proposes a McElience system based on Goppa codes, but the size of a check matrix of Goppa is too large to be practical, and later scholars such as Baldi and the like propose the McElience system based on QC-LDPC codes to reduce the storage space of public keys.
Disclosure of Invention
The invention aims to solve the problems, and aims to ensure that the HTTPS protocol of the network is more secure and can resist quantum attack. The RSA public key algorithm used in the protocol is replaced by a public key algorithm based on QC-LDPC codes, so that the original HTTPS protocol is safer and can resist quantum attack. In an error correcting code public key algorithm, in order to improve the decryption accuracy of the traditional McElience system based on QC-LDPC codes and the security of the system, an improved McElience system is provided based on the system. For convenience of description, the proposed modified mcelice regime will be referred to as the variant mcelice regime. In the variant McElience system, in order to directly utilize Q decoder decoding, a double public key is introduced for encryption, compared with BF decoding, the decryption performance is greatly improved, and due to the introduction of the double public key, the security of the system is based on the problem that two matrixes are difficult to decompose, so that the security is also greatly improved.
In order to make the technical scheme of the present invention easier to understand, some of the techniques employed in the present invention are explained as follows:
the check matrix H size of the QC-LDPC code is (n-k) x n. The size of the generator matrix G is k × n. The matrix H, G is used as the private key of the server side.
When introducing the public and private keys of the server side, the method applies to the circulant matrix, and the definition of the circulant matrix is given here.
The circulant matrix form is as follows. As long as its first row element is known, the elements of all following rows are based on cyclic shifts of the first row element. Assume a is a circulant matrix.
The order of the circulant matrix described below is p, and the row weight of the circulant matrix, i.e., the number of elements 1 in the first row of the circulant matrix. The circulant matrix is generated later in such a way that the elements of the first row are randomly generated based on the row weight, and then the entire circulant matrix is obtained based on the circulant characteristic. Thus, even if the row weights of several circulants are consistent, the resulting circulants may not be the same because the first row is randomly generated. The quasi-cyclic matrix mentioned later is formed by splicing a plurality of cyclic matrices.
The following describes a specific generation method of several private keys at the server side.
The server side needs to generate two random quasi-cyclic matrixes, Q, of n × n1And Q2. These are two private keys. And n is0·p=n,Q1And Q2Are all composed of n0×n0And p-order cyclic matrixes. The circulant matrix is determined by the first row of the matrix because each row element in the matrix is cyclically shifted right by one bit from the previous row. The server side generates a cyclic matrix through randomly generating the first row elements of the matrix and then through cyclic shift. Q1And Q2The general form Q of (a) is as follows.
Wherein Q isi,j(0≤i≤n0-1,0≤j≤n0-1) is also a circulant matrix of order p. Each of Qi,jRow rearrangement ofTo w (Q):
it can be seen that both the row and column weights of Q areQ has a size of (n)0·p)·(n0P). By generating each circulant matrix Qi,j(0≤i≤n0-1,0≤j≤n0-1), and finally the matrix Q is obtained by stitching. Q1And Q2Is the form produced by this method. Although Q is1And Q2Is consistent, the generation method is also consistent, but since the first row of the circulant matrix therein is randomly generated, Q is1And Q2And not the same.
Another private key H at the server side is shown below
H is a radical of n0And each cyclic matrix block. Hi(0≤i≤n0-1) is one of the circulant matrices, of order p, so that the size of H is p × (n)0P). The row weight of each circulant matrix is dv. The code rate of the QC-LDPC code is (n)0-1)/n0. Assume that the error correction capability of the H matrix is t'. After the elementary transformation, the check matrix H can be transformed as follows:
According to H.GT=0,GTRepresenting the transpose of matrix G. The check matrix H may be converted to a generator matrix G, the expression of which is shown below. Where the symbol T represents the transpose of a certain matrix. I denotes a unit matrix of order k.
The private key matrix S at the server side is a k-order invertible quasi-cyclic matrix. S is represented by k0×k0And p-order cyclic matrixes. And the parameter satisfies k ═ k0× p. its form is shown below.
Wherein S isi,j(0≤i≤k0-1,0≤j≤k0-1) is also a circulant matrix of order p. Each of Si,jRow reconstruction of (c) w (S):
it can be seen that both the row weight and the column weight of S areWhen in useWith an odd number, the matrix S is invertible. The size of S is (k)0·p)·(k0·p)。
The technical scheme of the invention is as follows:
the McElience system encryption and decryption method based on the QC-LDPC code is characterized by comprising the following steps of:
s1, generating private key Q by server side1、Q2S, H, G, public key SGQ2、Wherein Q is1、Q2S, H, G are given the detailed expression description before. This is briefly described here. Q1And Q2For a random quasi-cyclic matrix of n × n, assume Q1And Q2The row weight of (c) is h. S is a k-th order invertible quasi-cyclic matrix with the row weight of S being q. To ensure Q1、Q2S is reversible, h and q are odd numbers; g is generated based on the check matrix H of the QC-LDPC code,i is a unit matrix of order k;
the server sends the public key to the client;
s2, the client side encrypts to obtain a ciphertext c in the following way:
where e is a randomly generated error vector, the weight is t, the length is n bits, m is the plaintext, which is also the symmetric key generated by the client, and the length is k bits. The client sends the ciphertext c to the server;
and S3, the server side decrypts the ciphertext c:
S32, calculating through the matrix HBy means of a Q decoder, H, s and Q are input1Decoding output e, wherein t.h is less than or equal to t';
s33, calculatingAnd mixing it withAdding and offsetting to obtain mSG, and because the k columns before G are unit arrays, mS can be directly obtained;
s34, multiplying S to the right at mS-1And obtaining a plaintext m, namely a symmetric key.
In the above scheme, the decoding process of the adopted Q decoder is as follows: input to the Q decoder is the sum matrix H, Q1. The output is e. Q decoder performs up to lmaxAnd in the second iteration, either e is output or decryption fails. The first iteration of the algorithm is now shown. It should be noted that: the initial value of the algorithm is s(0)=(s)T, (n-bit all-zero vector). The data to be processed in the first iteration is s(l-1)Andthe data outputted is s(l)Andthe algorithm for the ith iteration is as follows:
Wherein, sigma(l)The number of check equations representing the errors involved in all codeword bits of a certain codeword. The number is [0, d ]v]In the meantime. Sigma(l)The value of some positions is larger, which indicates that the position corresponds to e ═ e · Q1 TIn the vector, 1 is more likely. I.e., ∑(l)And e' have an intrinsic relationship, according to ∑(l)E' can be estimated.
wherein the content of the first and second substances,is shown except for ζ(l)The element at these positions is a 1, and the other positions are n-bit vectors of 0.
Fifthly, updating the syndrome as follows:
wherein q isvRepresents Q1 TRow v.
If s is(l)Is a non-zero vector and the number of iterations l is less than lmaxGo back to step ① and continue the iteration if the number of iterations l ≧ lmaxAnd quitting the decoding algorithm and returning a decoding failure result.
The variable McElience system based on the QC-LDPC codes has the capability of resisting the attack of the current quantum computer, the safety of the variable McElience system is based on the problem of large matrix decomposition, and the variable McElience system based on the QC-LDPC codes is difficult to effectively crack by quantum computation. The confidentiality of the transmission symmetric key can be ensured. And because of using the excellent Q decoder of performance, the decryption accuracy of variant M system is higher, because of introducing the pair of public keys at the same time, the system will be based on the difficult problem of two large matrix decompositions, has also improved the security level. Therefore, in the current quantum computing era, the variant M system can be used to replace the RSA public key algorithm in the HTTPS protocol.
Drawings
When fig. 1 n is 1899, the decryption performance of the improved M scheme is compared with that of the original M scheme;
fig. 2 n 1266 shows a comparison between the decryption performance of the improved M scheme and that of the original M scheme;
when fig. 3 n is 1899, the decryption performance of the M variant and the original M system is compared with the row weight of the check matrix;
when fig. 4 n is 1266, the decryption performance of the M variant and the original M system is compared with the row weight of the check matrix.
Detailed Description
The technical scheme of the invention is described in detail in the following with the accompanying drawings and simulation examples:
taking QC-LDPC codes with different code lengths and code rates as an example; first, the simulation parameters are 1899 for the code length n, 633 for p, and n0=3,k0The code rate is 2/3, the number of simulated frames is 1000, the row weight of the check matrix is 9, d v3. Q in variant M regime1And Q2Has a row weight of 3, and the elements w (Q) in the formula (2) are all 1. In the formula (5)Wherein g is0=1,g12. The row weight q of the matrix S is 3. The simulation curve obtained under the parameters is shown in fig. 1. Meanwhile, simulation comparison is performed when the parameters are that the code rate is 1/2, the code length is 1266, and the row weight of the check matrix is 10, and the comparison graph is shown in fig. 2. Finally, under two code lengths 1899 and 1266, the influence of the row repetition of the check matrix on the decryption performance in the variant M system is obtained through simulation. And compared with the original M system. The comparative figures are shown in fig. 3 and 4, respectively.
As can be seen from the above sets of simulation comparison graphs, no matter the error vector weight changes or the rows of the check matrixIn a further variation, decryption performance is improved after the Q decoder is used in the modified M scheme. In general, the frame error rate of fig. 2 is higher than that of fig. 1, and the decryption performance is somewhat reduced because the check matrix corresponding to fig. 2 is more dense. Similarly, the frame error rate of fig. 4 is higher than that of fig. 3. It was also found on the above simulation chart that even for a Q decoder, there is still a small error rate for decryption at an error vector weight of 3 or 4. This is due to the fact that, firstly, BF decoding has a probabilistic decoding characteristic, and since a Q decoder is an improved algorithm based on a BF decoder, even if the weight of an error vector is small, it is likely to have a decoding error. Secondly, the error correction capability is not high due to the small code length setting. Because decryption requires solving the matrix Q2The code length of the inverse matrix is too long, and the calculation time is too long. Therefore, medium code length simulations were chosen. As shown in FIG. 1, when the code length is 1899, i.e., the p value is 633, n0=3,dvWhen the error correction capability of the Q decoder is 3, the error correction capability of the Q decoder is 4.
If the method is applied in practice, the inverse matrix of Q is calculated before communication at the server end, and direct operation is needed when decryption is carried out. And the code must have strong enough error correction capability, so the code length is long enough, and the check matrix is sparse enough. With the increase of the code length and the sparser check matrix, the decryption performance is better. However, because the Q decoder has a probabilistic decoding characteristic, when a suitable parameter is selected, few decoding errors still occur, which can be solved by retransmission mechanisms of both communication parties. And the client resends the message with the decryption error to complete the complete, accurate and safe transmission of the information. The message encrypted and decrypted by the variant M system is a symmetric key, and when the client and the server obtain the same symmetric key, symmetric communication is performed.
Claims (1)
1. The McElience system encryption and decryption method based on the QC-LDPC code is characterized by comprising the following steps of:
s1, generating private key Q by server side1、Q2S, G, public key SGQ2、The server sends the public key to the client; wherein Q is1And Q2Quasi-cyclic matrix of random n × n, Q1And Q2The row weight of (a) is h; s is a k-order reversible quasi-cyclic matrix, the row weight of S is q, and h and q are odd numbers; generating G by using a check matrix H based on QC-LDPC codes, wherein H is defined by n0Made up of blocks of circulant matrices of order p, i.e.H has a size p × (n)0P) code rate of QC-LDPC code is (n)0-1)/n0Transforming the check matrix H into a first class transform That is toInverse matrix of (I)n-kIs a unit matrix of order n-k, according to H.GT=0,GTExpressing the transposition of the matrix G, converting the check matrix H into a generating matrix G, and obtaining the expression of G asI is a unit matrix of order k;
s2, the client side encrypts to obtain a ciphertext c in the following way:
where e is a randomly generated error vector, weight is t, length is n bits; m is a plaintext, is a symmetric key generated by a client, and has a length of k bits; the client sends the ciphertext c to the server;
and S3, the server side decrypts the ciphertext c:
S32, calculating through the matrix HBy means of a Q decoder, H, s and Q are input1Decoding output e;
s33, calculatingAnd mixing it withAdding and canceling to obtain mSG, wherein mS can be directly obtained because the front k columns of the matrix G are unit arrays;
s34, multiplying S to the right at mS-1And obtaining a plaintext m, namely a symmetric key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010579134.9A CN111756727A (en) | 2020-06-23 | 2020-06-23 | McElience system encryption and decryption method based on QC-LDPC code |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010579134.9A CN111756727A (en) | 2020-06-23 | 2020-06-23 | McElience system encryption and decryption method based on QC-LDPC code |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111756727A true CN111756727A (en) | 2020-10-09 |
Family
ID=72676533
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010579134.9A Pending CN111756727A (en) | 2020-06-23 | 2020-06-23 | McElience system encryption and decryption method based on QC-LDPC code |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111756727A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113132100A (en) * | 2021-04-13 | 2021-07-16 | 电子科技大学 | McElience system encryption and decryption method based on sliding window QC-LDPC code |
CN115242550A (en) * | 2022-09-21 | 2022-10-25 | 江苏杰成电子科技有限公司 | Error correcting code matrix generation protection method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101729209A (en) * | 2008-11-04 | 2010-06-09 | 电子科技大学 | Joint design method of q-ary LDPC code and SSD-coding |
CN106911461A (en) * | 2017-01-13 | 2017-06-30 | 江苏大学 | A kind of McEliece public key mask encryption methods of secure lightweight |
-
2020
- 2020-06-23 CN CN202010579134.9A patent/CN111756727A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101729209A (en) * | 2008-11-04 | 2010-06-09 | 电子科技大学 | Joint design method of q-ary LDPC code and SSD-coding |
CN106911461A (en) * | 2017-01-13 | 2017-06-30 | 江苏大学 | A kind of McEliece public key mask encryption methods of secure lightweight |
Non-Patent Citations (3)
Title |
---|
FAN BU,ET.AL: "《An Improved McEliece Cryptosystem Based on QC-LDPC Codes》", 《SPRINGERLINK》 * |
YUAN XING LI,ET.AL: "《On the equivalence of McEliece’s public-key cryptosystem and Niederreiter’s public-key cryptosystem》", 《IEEE》 * |
杨磊鑫等: "《基于QC_LDPC码的Niederreiter公钥密码体制》", 《计算机应用》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113132100A (en) * | 2021-04-13 | 2021-07-16 | 电子科技大学 | McElience system encryption and decryption method based on sliding window QC-LDPC code |
CN115242550A (en) * | 2022-09-21 | 2022-10-25 | 江苏杰成电子科技有限公司 | Error correcting code matrix generation protection method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Jouguet et al. | Long-distance continuous-variable quantum key distribution with a Gaussian modulation | |
US11201731B2 (en) | Method and apparatus for asymmetric cryptosystem based on quasi-cyclic moderate density parity-check codes over GF(q) | |
JP2007086170A (en) | Device, method, program for calculating universal hash function family, and shared key generation system | |
CN111756727A (en) | McElience system encryption and decryption method based on QC-LDPC code | |
Hooshmand et al. | Improving the Rao-Nam Secret Key Cryptosystem Using Regular EDF-QC-LDPC Codes. | |
Hooshmand et al. | Secret key cryptosystem based on non-systematic polar codes | |
Moufek et al. | A new variant of the McEliece cryptosystem based on QC-LDPC and QC-MDPC codes | |
Vasseur | Post-quantum cryptography: a study of the decoding of QC-MDPC codes | |
CN107786327B (en) | Safe and reliable transmission method based on LDPC code | |
CN105933107B (en) | Error correction encryption method based on LDPC (Low Density parity check) transcoding technology | |
Vambol et al. | McEliece and Niederreiter Cryptosystems Analysis in the Context of Post-Quantum Network Security | |
Lakshmi et al. | A secure channel code‐based scheme for privacy preserving data aggregation in wireless sensor networks | |
CN110073618B (en) | Apparatus and method for generating low density parity check code for incremental redundancy HARQ communication device | |
Otmani et al. | Cryptanalysis of McEliece cryptosystem based on quasi-cyclic LDPC codes | |
Bagheri et al. | A secret key encryption scheme based on 1-level QC-LDPC lattices | |
Shooshtari et al. | Provably secure strong designated verifier signature scheme based on coding theory | |
Stuart et al. | Nonlinear cryptosystem based on QC-LDPC codes for enhanced security and reliability with low hardware complexity and reduced key size | |
Kumar et al. | McEliece cryptosystem: simulation and security vulnerabilities | |
CN113132100B (en) | McElience system encryption and decryption method based on sliding window QC-LDPC code | |
Juraphanthong et al. | An asymmetric cryptography using Gaussian integers. | |
Song et al. | An improved Durandal signature scheme | |
Sahu et al. | A code-based digital signature scheme using modified quasi-cyclic low-density parity-check codes (QC-LDPC) | |
CN112634092A (en) | Contract authentication method and device based on block chain and electronic equipment | |
Vambol et al. | Post-Quantum Network Security: McEliece and Niederreiter Cryptosystems Analysis and Education Issues | |
Bhatia et al. | Post-Quantum Cryptography |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201009 |