CN111865578A - SM 2-based multi-receiver public key encryption method - Google Patents

SM 2-based multi-receiver public key encryption method Download PDF

Info

Publication number
CN111865578A
CN111865578A CN202010654604.3A CN202010654604A CN111865578A CN 111865578 A CN111865578 A CN 111865578A CN 202010654604 A CN202010654604 A CN 202010654604A CN 111865578 A CN111865578 A CN 111865578A
Authority
CN
China
Prior art keywords
receiver
public key
ciphertext
public
par
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010654604.3A
Other languages
Chinese (zh)
Other versions
CN111865578B (en
Inventor
赖俊祚
黄正安
翁健
吴永东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Priority to CN202010654604.3A priority Critical patent/CN111865578B/en
Publication of CN111865578A publication Critical patent/CN111865578A/en
Application granted granted Critical
Publication of CN111865578B publication Critical patent/CN111865578B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Abstract

The invention discloses a multi-receiver public key encryption method based on SM 2. The traditional public key encryption method with multiple receivers depends on the traditional public key encryption method and has the defects of low encryption efficiency and high communication bandwidth requirement. Aiming at the defects, the invention provides a random number reuse SM 2-based multi-receiver public key encryption method, so that the method has the advantages of high encryption efficiency and low communication bandwidth requirement. The sender may use this method to encrypt a message into a ciphertext and then broadcast the ciphertext over the network to multiple recipients. The receiving party can decrypt the ciphertext through the private key to obtain the message of the sending party. The invention has been proved by formalization to achieve the security of random number reuse resistant indistinguishable selection ciphertext attack (RR-IND-CCA), effectively reduce the calculated amount of a sender, and meet the requirements of practical work and application in the aspects of security and efficiency.

Description

SM 2-based multi-receiver public key encryption method
Technical Field
The invention relates to the technical field of information security, in particular to a multi-receiver public key encryption method based on SM 2.
Background
The multi-receiver Public key encryption method was originally proposed by Bellare and boldyeva et al in the document "Public-key encryption in a multi-user setting: Security procedures and improvements", and authors proposed in the paper that the Security of the Public key encryption method can be generalized by a single receiver to multiple receivers, i.e.: the same message is encrypted for n times by n different public keys to obtain a broadcast ciphertext, and the receiver decrypts the broadcast ciphertext by the private key of the receiver to obtain the message. However, in the case of multiple receivers, the random number needs to be reselected every time the sender encrypts, which requires a huge amount of calculation, and reduces the overall efficiency.
Subsequently, Bellare and Boldyreva et al propose a concept of reproducible public key encryption (reproducible PKE) in the document Multi repeatable encryption schemes, How to save on base and computation with out ciphering security, and suggest that if a reproducible public key encryption method satisfies security against indiscriminate chosen ciphertext attack (IND-CCA), a public key encryption method for random number reuse constructed by using the method as an underlying method can achieve security against indiscriminate chosen ciphertext attack (RR-IND-CCA). The method can meet the actual application requirements in terms of safety, but is based on the traditional public key encryption method, has the defects of low encryption efficiency and high communication bandwidth requirement, and is not suitable for popularization and application in actual application.
Disclosure of Invention
The invention aims to solve the defects in the prior art, and provides a multi-receiver public key encryption method based on SM2, and a multi-receiver public key encryption method based on SM2, which is expanded to reuse random numbers. The method comprises the steps of firstly constructing a bottom-layer multi-receiver public key encryption method based on SM2, then providing a replication algorithm Rep to expand a bottom-layer scheme to improve encryption efficiency, and finally providing a multi-receiver public key encryption method based on SM 2. The method can effectively reduce the calculated amount of the sender, improve the encryption efficiency and be more effectively suitable for practical application scenes.
The purpose of the invention can be achieved by adopting the following technical scheme:
a multi-receiver public key encryption method based on SM2 comprises the following steps:
s1, generating public parameter, generating algorithm PGen (1) through public parameterκ) Input of safety parameters 1κOutputting a prime q, q order cyclic group
Figure BDA0002576261890000021
And
Figure BDA0002576261890000022
wherein the binary representation of q is a string of n bits long; additionally outputting a hash function
Figure BDA0002576261890000023
Figure BDA0002576261890000024
And a hash function
Figure BDA0002576261890000025
Wherein
Figure BDA0002576261890000026
Figure BDA0002576261890000027
Each representing the length of the string of output hash values and
Figure BDA0002576261890000028
wherein
Figure BDA0002576261890000029
Representing a set of natural numbers. The final output discloses a parameter par, specifically, the par comprises a parameter
Figure BDA00025762618900000210
S2, generating public and private key of receiver, UiBy calculation of key generationThe method KGen (par) inputs a public parameter par into the group
Figure BDA00025762618900000211
In the method, positive integer x [ i ] is randomly selected]Calculating h [ i ]]=gx[i]Output receiver UiPublic key pk i]=h[i]And a private key sk [ i]=x[i]. Wherein, the receiving party UiPublic key pk i]Publicly available, receiving side UiPrivate key sk [ i]Secret storage, i ═ 1, 2, 3,. and n;
s3, message encrypting step and encryption algorithm of sender
Figure BDA00025762618900000212
Is composed of
Figure BDA00025762618900000213
Figure BDA00025762618900000214
Encryption algorithm
Figure BDA00025762618900000215
Defining the sender as a common parameter par, receiver UiPublic key pk i]And a message m [ i ] ]As input, randomly selecting a positive integer r, and calculating a ciphertext ci]1=grAnd by a hash function H1Computing a hash value pair (k [ i ]]1,k[i]2)=H1(h[i]r) Wherein k [ i ]]1、k[i]2All represent a hash function H1The generated hash value; computing ciphertext
Figure BDA0002576261890000031
Wherein
Figure BDA0002576261890000032
Representing an exclusive or operation; by a hash function H2Computing a computation ciphertext c [ i ]]3=H2(c[i]1,k[i]2,c[i]2) Finally, the ciphertext c [ i ] is output]=(c[i]1,c[i]2,c[i]3)。
S4, message decryption step and message decryption step of the receiving partySecret algorithm Dec (par, sk [ i)],c[i]) Is composed of
Figure BDA0002576261890000033
Figure BDA0002576261890000034
The decryption algorithm Dec specifies the receiver UiWith the common parameter par, the receiver UiPrivate key sk [ i]And ciphertext c [ i]As input, a hash value pair (k [ i ]) is computed by a hash function H1]1,k[i]2)=H1(c[i]1 x[i]) By a hash function H2Calculating a hash value H2(c[i]1,k[i]2,c[i]2) If c [ i ]]3≠H2(c[i]1,k[i]2,c[i]2) Is represented by c [ i ]]If not, outputting error information T; otherwise, outputting the message
Figure BDA0002576261890000035
Further, the encryption algorithm in step S3
Figure BDA0002576261890000036
The method comprises the following specific steps:
the bottom layer encryption algorithm Enc uses a public parameter par and a receiver UiPublic key pk i]And a message m [ i ]]As input, and in random number space
Figure BDA0002576261890000037
In which different random numbers are selected for different receivers
Figure BDA0002576261890000038
As an input, wherein
Figure BDA0002576261890000039
Represents from
Figure BDA00025762618900000310
Uniformly and randomly selecting one element r [ i ]]Computing the ciphertext c [ i ]]1=gr[i]And by a hash function H1Computing a hash value pair (k [ i ]]1,k[i]2)=H1(h[i]r[i]) Wherein k [ i ]]1、k[i]2All represent a hash function H 1The generated hash value; computing ciphertext
Figure BDA00025762618900000311
Wherein
Figure BDA00025762618900000312
Representing an exclusive or operation; by a hash function H2Computing a computation ciphertext c [ i ]]3=H2(c[i]1,k[i]2,c[i]2) Finally, the ciphertext c [ i ] is output]=(c[i]1,c[i]2,c[i]3). However, the underlying encryption algorithm Enc has the disadvantage that when the sender encrypts each new receiver, the sender needs to randomly select a positive integer r [ i [ ] again]The amount of computation of the sender is increased.
In order to solve the defects of the bottom layer encryption algorithm Enc, improve the encryption efficiency and reduce the communication bandwidth requirement, a recurrent algorithm Rep for random number reuse is provided, and the recurrent algorithm Rep receives input parameters (par, pk, sk, c, m ', pk ', sk '), wherein the common parameters
Figure BDA00025762618900000313
The private key sk is x, x is in the group
Figure BDA00025762618900000314
In which the public key pk ═ h ═ g is randomly selected positive integerxCryptograph
Figure BDA00025762618900000315
Figure BDA00025762618900000316
r is from random number space
Figure BDA00025762618900000317
One element, k, selected uniformly and randomly1,k2Each represents a hash value generated by a hash function H1, m 'represents a message, private key sk' x ', public key pk' gx′And x' is in group
Figure BDA0002576261890000041
Wherein the positive integer is randomly selected. Replication algorithm Rep computes hash value pairs (k) by means of a hash function H11′,k2′)=H1((gr)x′) Wherein k is1′,k2' all represent hash function H1Generating hash value, calculating cipher text
Figure BDA0002576261890000042
Wherein
Figure BDA0002576261890000043
Representing an exclusive-or operation, and then passing through a hash function H2Computing the ciphertext c 3′=H2(gr,k2′,c2'), and finally outputs a ciphertext c' ═ g (g)r,c2′,c3') due to (g)r)x′=(pk′)rTherefore, the output result of the Rep is Enc (par, pk ', m') really, the effect of reusing random numbers is realized, and the encryption efficiency is improved;
encryption algorithm
Figure BDA0002576261890000044
Evolved according to the bottom encryption algorithm Enc and the reproduction algorithm Rep, and requires a public parameter par and a receiver UiPublic key pk i]And a message m [ i ]]And in random number space
Figure BDA0002576261890000045
A random number selected from
Figure BDA0002576261890000046
As an input, wherein
Figure BDA0002576261890000047
Represents from
Figure BDA0002576261890000048
Uniformly and randomly selecting an element r from the intermediate and the intermediate, and calculating a ciphertext c [ i]1=grHash value pair (k [ i ]]1,k[i]2)=H1(h[i]r) Cipher text
Figure BDA0002576261890000049
And ciphertext c [ i]3=H2(c[i]1,k[i]2,c[i]2) To obtain a ciphertext c [ i ]]=(c[i]1,c[i]2,c[i]3) Finally output receiver UiC [ i ] of]。
Encryption algorithm
Figure BDA00025762618900000410
The correctness requirements are as follows: for any common parameter par ← PGen (1)κ) Key pair ((pk [ i))],sk[i])←KGen(par))i∈[n]Free message
Figure BDA00025762618900000411
Ciphertext c ← Enc (par, pk, m) and arbitrary i ∈ [ n ]]All have Dec (par, sk [ i)],c[i])=m[i]Where the symbol ← denotes the generation of parameters by an algorithm, [ n ]]Representing a set 1, 2, a, n,
Figure BDA00025762618900000412
representing the plaintext space generated by the common parameter par.
Compared with the prior art, the invention has the following advantages and effects:
compared with the prior art, the invention constructs a multi-receiver public key encryption scheme based on SM2 by using a random number reuse technology, and has the advantages of higher encryption efficiency and lower communication bandwidth requirement. In addition, the invention has a strict formalization security model and a strict security proof, proves that the security of random number reuse resistant indistinguishable selection ciphertext attack (RR-IND-CCA) can be achieved, and the security of the scheme in practical application is ensured. Therefore, the present invention can satisfy the practical application requirements in terms of efficiency and safety.
Drawings
Fig. 1 is a flowchart of a multi-receiver public key encryption method based on SM2 disclosed in the embodiment of the present invention;
fig. 2 is a schematic use case diagram of a multi-receiver public key encryption method based on SM2 according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
The SM 2-based multi-receiver public key encryption method disclosed by the invention can be applied to the technical field of information security for data encryption protection. For example, when a sender needs to send secret information to multiple receivers in a one-to-many manner, the invention can be used for encrypting the related data into a ciphertext and then broadcasting and sending the ciphertext to the multiple receivers. Each receiver acquires the corresponding ciphertext and performs decryption operation by means of the private key of the receiver to acquire the corresponding secret information, so that safe data sharing is performed on the premise of guaranteeing the safety and high efficiency of user data.
The following describes in detail a specific procedure of the SM 2-based multi-receiver public key encryption method disclosed in this embodiment with reference to fig. 1.
A SM 2-based multi-receiver public key encryption method (shown schematically in a use case in FIG. 2) mainly comprises two roles: sender and receiver UiThe method mainly comprises the following steps: public parameter generation, receiver public and private key generation, sender encryption message, and receiver decryption message. The multi-receiver public key method is realized as follows:
s1, common parameter generating stepPublic parameter generating algorithm PGen (1)κ) Input of safety parameters 1κOutputting a prime q, q order cyclic group
Figure BDA0002576261890000061
And
Figure BDA0002576261890000062
wherein the binary representation of q is a string of n bits long; additionally outputting a hash function
Figure BDA0002576261890000063
Figure BDA0002576261890000064
And a hash function
Figure BDA0002576261890000065
Wherein
Figure BDA0002576261890000066
Figure BDA0002576261890000067
Each representing the length of the string of output hash values and
Figure BDA0002576261890000068
wherein
Figure BDA0002576261890000069
Representing a set of natural numbers. The final output discloses a parameter par, specifically, the par comprises a parameter
Figure BDA00025762618900000610
S2, generating public and private key of receiver, UiInputting public parameter par into the group through a key generation algorithm KGen (par)
Figure BDA00025762618900000611
In the method, positive integer x [ i ] is randomly selected]Calculating h [ i ]]=gx[i]Output ofReceiver UiPublic key pk i]=h[i]And a private key sk [ i ]=x[i]. Wherein, the receiving party UiPublic key pk i]Publicly available, receiving side UiPrivate key sk [ i]Secret storage, i ═ 1, 2, 3,. and n;
s3, message encrypting step and encryption algorithm of sender
Figure BDA00025762618900000612
Is composed of
Figure BDA00025762618900000613
Figure BDA00025762618900000614
pk[i]=h[i],m[i]). Inputting public parameter par, receiving party UiPublic key sk i]And a message m [ i ]]Randomly selecting a positive integer r, and calculating a ciphertext ci]1=grAnd by a hash function H1Computing a hash value pair (k [ i ]]1,k[i]2)=H1(h[i]r) Wherein k [ i ]]1、k[i]2All represent a hash function H1The generated hash value; computing ciphertext
Figure BDA00025762618900000615
Wherein
Figure BDA00025762618900000616
Representing an exclusive or operation; by a hash function H2Computing a computation ciphertext c [ i ]]3=H2(c[i]1,k[i]2,c[i]2) Finally, the ciphertext c [ i ] is output]=(c[i]1,c[i]2,c[i]3) And then broadcast to the receiver.
S4, message decryption step by the receiver, decryption algorithm Dec (par, sk [ i ] i)],c[i]) Is composed of
Figure BDA00025762618900000617
Figure BDA00025762618900000618
The decryption algorithm Dec specifies the receiver UiWith the public referenceNumber par, receiver UiPrivate key sk [ i]And ciphertext c [ i]As input, a hash value pair (k [ i ]) is computed by a hash function H1]1,k[i]2)=H1(c[i]1 x[i]) By a hash function H2Calculating a hash value H2(c[i]1,k[i]2,c[i]2) If c [ i ]]3≠H2(c[i]1,k[i]2,c[i]2) Is represented by c [ i ]]If not, outputting error information T; otherwise, outputting the message
Figure BDA00025762618900000619
Receiver UiReceiving a corresponding ciphertext c [ i ]]Decrypting the ciphertext according to a decryption algorithm Dec to obtain the message
Figure BDA00025762618900000620
Example two
The SM 2-based multi-receiver public key encryption method disclosed by the invention can be applied to data encryption protection on a block chain. For example, in the blockchain system in the financial industry, a user only wants to share the asset information and the asset transaction information to some appointed collaborators for business, and related data can be encrypted by adopting the invention and then broadcast and uploaded to the blockchain system. Each partner is used as a receiving party to obtain the ciphertext of the corresponding user on the block chain, and the private key of each partner is used for carrying out decryption operation to obtain the asset information of the user, so that the safe data sharing is carried out on the premise of ensuring the safety of the user data.
The following describes in detail a specific procedure of the SM 2-based multi-receiver public key encryption method disclosed in this embodiment with reference to fig. 1.
A SM 2-based multi-receiver public key encryption method (shown schematically in a use case in FIG. 2) mainly comprises two roles: sender and receiver UiThe method mainly comprises the following steps: public parameter generation, receiver public and private key generation, sender encryption message, and receiver decryption message. The multi-receiver public key method is realized as follows:
s1, generating public parameter, generating algorithm PGen (1) through public parameterκ) Input of safety parameters 1κOutputting a prime q, q order cyclic group
Figure BDA0002576261890000071
And
Figure BDA0002576261890000072
wherein the binary representation of q is a string of n bits long; additionally outputting a hash function
Figure BDA0002576261890000073
Figure BDA0002576261890000074
And a hash function
Figure BDA0002576261890000075
Wherein
Figure BDA0002576261890000076
Figure BDA0002576261890000077
Each representing the length of the string of output hash values and
Figure BDA0002576261890000078
wherein
Figure BDA0002576261890000079
Representing a set of natural numbers. The final output discloses a parameter par, specifically, the par comprises a parameter
Figure BDA00025762618900000710
S2, generating public and private key of receiver, UiInputting public parameter par into the group through a key generation algorithm KGen (par)
Figure BDA00025762618900000711
In the method, positive integer x [ i ] is randomly selected]Calculating h [ i ]]=gx[i]Output receiver UiPublic key pk i]=h[i]And a private key sk [ i ]=x[i]. Wherein, the receiving party UiPublic key pk i]Publicly available, receiving side UiPrivate key sk [ i]Secret storage, i ═ 1, 2, 3,. and n;
s3, message encrypting step and encryption algorithm of sender
Figure BDA00025762618900000712
Is composed of
Figure BDA00025762618900000713
Figure BDA0002576261890000081
Inputting public parameter par, receiving party UiPublic key sk i]And a message m [ i ]]Randomly selecting a positive integer r, and calculating a ciphertext ci]1=grAnd by a hash function H1Computing a hash value pair (k [ i ]]1,k[i]2)=H1(h[i]r) Wherein k [ i ]]1、k[i]2All represent a hash function H1The generated hash value; computing ciphertext
Figure BDA0002576261890000082
Wherein
Figure BDA0002576261890000083
Representing an exclusive or operation; by a hash function H2Computing a computation ciphertext c [ i ]]3=H2(c[i]1,k[i]2,c[i]2) Finally, the ciphertext c [ i ] is output]=(c[i]1,c[i]2,c[i]3). The sender will receive the UiThe ciphertext of (1) is packed into a blockchain.
S4, message decryption step by the receiver, decryption algorithm Dec (par, sk [ i ] i)],c[i]) Is composed of
Figure BDA0002576261890000084
Figure BDA0002576261890000087
The decryption algorithm Dec specifies the receiver UiWith the common parameter par, the receiver UiPrivate key sk [ i]And ciphertext c [ i]As input, by a hash function H1Computing a hash value pair (k [ i ]]1,k[i]2)=H1(c[i]1 x[i]) By a hash function H2Calculating a hash value H2(c[i]1,k[i]2,c[i]2) If c [ i ]]3≠H2(c[i]1,k[i]2,c[i]2) Is represented by c [ i ]]If not, outputting error information T; otherwise, outputting the message
Figure BDA0002576261890000085
Receiver UiReceive the corresponding ciphertext c [ i ] on the blockchain]Decrypting the ciphertext according to a decryption algorithm Dec to obtain the message
Figure BDA0002576261890000086
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (5)

1. A multi-receiver public key encryption method based on SM2 is characterized in that the multi-receiver public key encryption method comprises the following steps:
s1, generating public parameter, generating PGen (1) through parameter generating algorithmκ) Input of safety parameters 1κWhere κ is a positive integer, outputting a common parameter par;
s2, generating public and private key of receiver, UiInputting public parameter par and outputting receiving party U through key generation algorithm KGen (par)iPublic key pk i]And a private key sk [ i]Wherein the receiving side UiPublic key pk i]Publicly available, receiving side UiPrivate key sk [ i]Secure storage, i ═ 1,2,3, …, n;
s3, the step of encrypting the message by the sender through the encryption algorithm
Figure FDA0002576261880000011
Wherein m [ i ]]Indicating sender to receiver UiThe message of (2) inputting the common parameter par, the receiver UiPublic key pk i]And a message m [ i ]]Output receiver UiC [ i ] of]And c [ i ]]Broadcasting and sending;
s4, message decryption step by the receiver, and receiver UiObtaining a ciphertext c [ i ]]By the decryption algorithm Dec (par, sk [ i ]],c[i]) Inputting public parameter par, receiver UiPrivate key sk [ i]And a receiver UiC [ i ] of]Outputting the message
Figure FDA0002576261880000012
2. The SM 2-based multi-receiver public key encryption method according to claim 1, wherein the public parameter generation algorithm PGen (1) in step S1 κ) Input of safety parameters 1κOutputting a prime q, q order cyclic group
Figure FDA0002576261880000016
And
Figure FDA0002576261880000017
wherein the binary representation of q is a string of n bits long; additionally, a hash function H is output1:
Figure FDA0002576261880000015
Figure FDA0002576261880000014
And a hash function H2:
Figure FDA0002576261880000013
Wherein lmsg、lkey、lctxEach representing a string length of the output hash value andmsg,lkey,
Figure FDA0002576261880000019
wherein
Figure FDA0002576261880000018
Representing a set of natural numbers, and finally outputting a public parameter par, wherein the public parameter par comprises parameters
Figure FDA00025762618800000110
3. The SM 2-based multi-receiver public key encryption method according to claim 2, wherein the key generation algorithm KGen (par) in step S2 is
Figure FDA00025762618800000111
Figure FDA0002576261880000026
The key generation algorithm KGen specifies the receiver UiWith the common parameter par as input, in the group
Figure FDA0002576261880000027
In the method, positive integer x [ i ] is randomly selected]Calculating h [ i ]]=gx[i]Output receiver UiPublic key pk i]=h[i]And a private key sk [ i]=x[i]。
4. The SM 2-based multi-receiver public key encryption method according to claim 3, wherein the encryption algorithm in step S3
Figure FDA0002576261880000021
Is composed of
Figure FDA0002576261880000022
Figure FDA0002576261880000023
Encryption algorithm
Figure FDA0002576261880000028
Defining the sender as a common parameter par, receiver UiPublic key pk i]And a message m [ i ]]As input, randomly selecting a positive integer r, and calculating a ciphertext ci]1=grAnd by a hash function H1Computing a hash value pair (k [ i ]]1,k[i]2)=H1(h[i]r) Wherein k [ i ]]1、k[i]2All represent a hash function H 1The generated hash value; computing ciphertext
Figure FDA0002576261880000024
Wherein
Figure FDA0002576261880000025
Representing an exclusive or operation; by a hash function H2Computing the ciphertext c [ i ]]3=H2(c[i]1,k[i]2,c[i]2) Finally, the ciphertext c [ i ] is output]=(c[i]1,c[i]2,c[i]3) And broadcast-transmitted.
5. The SM 2-based multi-receiver public key decryption method of claim 4, wherein the decryption algorithm Dec (par, sk [ i ] i) in step S4],c[i]) Is composed of
Figure FDA0002576261880000029
Figure FDA00025762618800000210
Receiver UiObtaining a ciphertext c [ i ]]The decryption algorithm Dec is used to input the public parameter par, the receiver UiPrivate key sk [ i]And ciphertext c [ i]By a hash function H1Computing a hash value pair (k [ i ]]1,k[i]2)=H1(c[i]1 x[i]) Go through and HaHight function H2Calculating a hash value H2(c[i]1,k[i]2,c[i]2) If c [ i ]]3≠H2(c[i]1,k[i]2,c[i]2) Is represented by c [ i ]]If not, outputting error information T; otherwise, outputting the message
Figure FDA00025762618800000211
CN202010654604.3A 2020-07-09 2020-07-09 SM 2-based multi-receiver public key encryption method Active CN111865578B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010654604.3A CN111865578B (en) 2020-07-09 2020-07-09 SM 2-based multi-receiver public key encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010654604.3A CN111865578B (en) 2020-07-09 2020-07-09 SM 2-based multi-receiver public key encryption method

Publications (2)

Publication Number Publication Date
CN111865578A true CN111865578A (en) 2020-10-30
CN111865578B CN111865578B (en) 2022-11-29

Family

ID=73153723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010654604.3A Active CN111865578B (en) 2020-07-09 2020-07-09 SM 2-based multi-receiver public key encryption method

Country Status (1)

Country Link
CN (1) CN111865578B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113872757A (en) * 2021-09-23 2021-12-31 武汉大学 Broadcast encryption method based on SM2 public key encryption algorithm

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2913153A1 (en) * 2007-02-28 2008-08-29 France Telecom Identity based cryptographic method for encrypting and decrypting electronic message, involves encrypting electronic message using symmetric encryption key in transmitting entity, and diffusing cryptogram and encrypted message from entity
CN105763528A (en) * 2015-10-13 2016-07-13 北方工业大学 Multi-recipient anonymous encryption apparatus under hybrid mechanism
CN108199835A (en) * 2018-01-19 2018-06-22 北京江南天安科技有限公司 A kind of multi-party joint private key decryption method and system
CN111130786A (en) * 2019-10-25 2020-05-08 武汉大学 Multi-party cooperative SM2 key generation and ciphertext decryption method and medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2913153A1 (en) * 2007-02-28 2008-08-29 France Telecom Identity based cryptographic method for encrypting and decrypting electronic message, involves encrypting electronic message using symmetric encryption key in transmitting entity, and diffusing cryptogram and encrypted message from entity
CN105763528A (en) * 2015-10-13 2016-07-13 北方工业大学 Multi-recipient anonymous encryption apparatus under hybrid mechanism
CN108199835A (en) * 2018-01-19 2018-06-22 北京江南天安科技有限公司 A kind of multi-party joint private key decryption method and system
CN111130786A (en) * 2019-10-25 2020-05-08 武汉大学 Multi-party cooperative SM2 key generation and ciphertext decryption method and medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MIHIR BELLARE等: "Multirecipient Encryption Schemes How to Save on Bandwidth and Computation Without Sacrificing Security", 《IEEE TRANSACTIONS ON INFORMATION THEORY》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113872757A (en) * 2021-09-23 2021-12-31 武汉大学 Broadcast encryption method based on SM2 public key encryption algorithm
CN113872757B (en) * 2021-09-23 2024-01-12 武汉大学 Broadcast encryption method based on SM2 public key encryption algorithm

Also Published As

Publication number Publication date
CN111865578B (en) 2022-11-29

Similar Documents

Publication Publication Date Title
CN107707358B (en) EC-KCDSA digital signature generation method and system
CN110113155B (en) High-efficiency certificateless public key encryption method
Iyer et al. A novel idea on multimedia encryption using hybrid crypto approach
CN110719295B (en) Identity-based food data security-oriented proxy re-encryption method and device
CN112564907B (en) Key generation method and device, encryption method and device, and decryption method and device
CN108183791B (en) Intelligent terminal data security processing method and system applied to cloud environment
CN104158880A (en) User-end cloud data sharing solution
CN110784314A (en) Certificateless encrypted information processing method
CN111049738B (en) E-mail data security protection method based on hybrid encryption
US8458452B1 (en) System and method for encryption and decryption of data transferred between computer systems
CN104486756A (en) Encryption and decryption method and system for secret letter short message
CN114095171A (en) Identity-based wearable proxy re-encryption method
CN107070900B (en) It can search for re-encryption method based on what is obscured
CN113468582A (en) Anti-quantum computing encryption communication method
JP2009088641A (en) Transmission reception method, communication system and transmitter
CN111865578B (en) SM 2-based multi-receiver public key encryption method
CN106534077B (en) A kind of identifiable proxy re-encryption system and method based on symmetric cryptography
CN107682158A (en) It is a kind of can trustship authentication encryption method
Nalwaya et al. A cryptographic approach based on integrating running key in feedback mode of elgamal system
US20130058483A1 (en) Public key cryptosystem and technique
JP2005114870A (en) Cryptocommunication system
CN114070549A (en) Key generation method, device, equipment and storage medium
JP2004246350A (en) Enciphering device, deciphering device, enciphering system equipped with the same, enciphering method, and deciphering method
JP3694242B2 (en) Signed cryptographic communication method and apparatus
KR20200055672A (en) Encryption systems and method using permutaion group based cryptographic techniques

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant