CN113708925A - Group using method and system for common cryptographic algorithm key - Google Patents

Group using method and system for common cryptographic algorithm key Download PDF

Info

Publication number
CN113708925A
CN113708925A CN202110906854.6A CN202110906854A CN113708925A CN 113708925 A CN113708925 A CN 113708925A CN 202110906854 A CN202110906854 A CN 202110906854A CN 113708925 A CN113708925 A CN 113708925A
Authority
CN
China
Prior art keywords
secret
cryptographic
key
group
scheme
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110906854.6A
Other languages
Chinese (zh)
Other versions
CN113708925B (en
Inventor
龙毅宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University of Technology WUT
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN202110906854.6A priority Critical patent/CN113708925B/en
Publication of CN113708925A publication Critical patent/CN113708925A/en
Application granted granted Critical
Publication of CN113708925B publication Critical patent/CN113708925B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The group using method of the common cryptographic algorithm key comprises the following steps: decomposing the common cryptographic algorithm key d into d0、d1,d1Is a group member with a prime number n; if d is to be replaced1Decomposition into d1=d11+d12Then the cryptographic operation using d has a corresponding cooperative computing scheme based on secret sharing, wherein one party has d0、d11The other party has d12(ii) a Will d1Sharing secret sharing between the password server and the group members according to the (2, t) threshold; when one member in the group uses the secret key d to carry out the cryptographic operation, the cryptographic server calculates the secret d for recovering the group member according to the threshold secret sharing1D of11Cryptographic means of group members are calculated for recovery d by threshold secret sharing1D of12Then the group member's password is used by the cooperative computing program12Password Server use d0、d11Adopting a secret sharing-based cryptographic operation cooperative computing scheme to obtain the use secretThe cryptographic operation result of the key d.

Description

Group using method and system for common cryptographic algorithm key
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a group use method and a group use system of a common cryptographic algorithm key.
Background
Group-oriented cryptography enables members of a group to perform cryptographic operations on behalf of the group, such as digital signature (group signature), data decryption (group encryption), using keys, while providing some anonymity. Group-oriented passwords include threshold passwords that use the same key for multiple group members and non-threshold passwords that use different keys for one group member (e.g., group signatures). For group-oriented cryptography using (different) keys for individual group members, a common approach at present is to design new cryptographic algorithms, which can cause a series of problems: for example, cryptographic components or cryptographic devices that support new cryptographic algorithms need to be developed; the new cryptographic algorithm and the existing cryptographic algorithm have an interoperation problem; replacing existing passwords can cause various problems, such as extra cost and modification of deployed systems, and for example, due to the doubt on the security of the newly designed cryptographic algorithm, the newly designed cryptographic algorithm is not always acceptable to users; the use of cryptographic algorithms often requires obtaining corresponding national authorities 'approval, whereas newly designed cryptographic algorithms are difficult to obtain national authorities' approval before obtaining extensive evaluation and acceptance. At present, various non-group-oriented cryptographic algorithms are widely applied and approved by national authorities, and in practical application, for such a common non-group-oriented cryptographic algorithm, a single group member needs to perform cryptographic operation on a group representative group using a key, but the existing scheme cannot well meet the requirement.
Disclosure of Invention
The invention aims to provide a corresponding solution for the problems of the existing group-oriented password in practical application so as to meet the requirement of performing password operation on a group user by using a secret key in the password application adopting a common password algorithm.
Aiming at the purpose of the invention, the solution proposed by the invention comprises a group using method and a system of a common cryptographic algorithm key, and the following detailed description is given.
The group using method of the common cryptographic algorithm key of the invention is concretely as follows.
The common cryptographic algorithm is a cryptographic algorithm not designed for group members to use keys (i.e., a non-group-oriented cryptographic algorithm); the types of the common cryptographic algorithms include symmetric key cryptographic algorithms and asymmetric key cryptographic algorithms (e.g., common ECC algorithms such as SM2, identity cryptographic algorithms such as SM9, etc.);
the method involves the use of a key d or a key-dependent secret d of the generic cryptographic algorithm, where d is an element of a group (note: d is typically a non-zero or non-unitary element of a group); the key-dependent secret is a secret (data) that can be used to recover a key from non-secret (data) or can be used in place of a key to perform a cryptographic operation;
decomposing the d into secret shares d0、d1Wherein d is1Is an element in a group of order prime n (e.g. d is decomposed into d ═ d)0d1Or d ═ d1d0Or d ═ d0+d1Where d, d0、d1The group can be various groups, such as integer group, elliptic curve point group, d0、d1Not necessarily belonging to the same group, where "+" is the addition of a group element);
if d is to be replaced1Decomposition into d1=d11+d12Said common cryptographic algorithm then has a corresponding secret-sharing based cooperative calculation scheme for cryptographic operations using a secret key d or a secret key related to secret d, where d is0、d11For cooperatively computing secret shares of a party, d12Is the secret share of the other party of the cooperative calculation (in this case, d ═ d)0(d11+d12) Or d ═ d (d)11+d12)d0Or d ═ d0+d11+d12);
The method also involves a password server and a set of group users, wherein the password server holds the secret share d0
Will d1Sharing between a cryptographic server and group members according to a (2, t) threshold secret sharing scheme (e.g., Shamir threshold secret sharing or Lagrange threshold secret sharing, or other threshold secret sharing schemes), wherein the cryptographic server has one secret share, each group member has one secret share, and any two secret shares can recover d1
The (2, t) threshold secret share of the cryptographic server is securely maintained by the cryptographic server; (2, t) threshold secret shares for each group member are securely maintained by the group member's cryptographic device; the cryptographic means is a component (software component or a combination of software and hardware) that stores and uses secret shares (and other keys) for cryptographic operations;
when one member in the group needs to use the secret key d or the secret d related to the secret key to perform the cryptographic operation, the cryptographic server calculates the secret d for recovering the current member (i.e. the member needing to perform the cryptographic operation by using the secret key d) according to a threshold secret sharing scheme1Secret share d of11The cryptographic devices of the group members calculate the value for recovering d according to a threshold secret sharing scheme1Secret share d of12(in this case, there is d1=d11+d12) Then the password in the computing device of the group member cooperates with the computing program to use d12The cryptographic server uses secret shares d0、d11And adopting a cooperative computing scheme of secret sharing-based cryptographic operation to obtain a result of the cryptographic operation by using the d through cooperative computing.
For the group using method of the above general cryptographic algorithm key, the cryptographic server excludes the cooperative computation of the cryptographic operation with the revoked group member through the saved group member revocation information (for example, for Shamir and lagrangian threshold secret sharing scheme, the identification information for identifying the revoked group member is the integer corresponding to the secret share of the revoked group member).
For the group using method of the above-mentioned general cryptographic algorithm key, if the key d or the secret d related to the key is used for digital signature and it is necessary to identify the signer, the identification information (for example, an integer corresponding to the secret share for the Shamir and lagrangian threshold secret sharing scheme) of the group member performing digital signature is signed as a part of the data to be signed (the party participating in the signature operation, the cryptographic cooperation calculation program in the cryptographic server or the computing device of the group member and the cryptographic device of the group member).
For the group usage method of the above-mentioned common cryptographic algorithm key, if d is a secret share of a key or a key-related secret (i.e. d itself is a secret share), and d together with other secret shares for this key or this key-related secret, for the common cryptographic algorithm, there is a cooperative computation scheme based on a secret-shared cryptographic operation, the cooperative computation scheme based on d and a cryptographic operation for this key or this other secret share of the key-related secret is referred to as an outer cooperative computation scheme (of the cryptographic operation);
if the secret share d is further decomposed into secret shares d in the manner described above0、d11、d12The outer layer collaborative computation scheme has a corresponding or equivalent secret share d-based for cryptographic operations using secret shares d0、d11、d12In which one party has a secret share d (referred to as an inner-tier collaborative computing scheme)0、d11The other having secret shares d12In the outer layer cooperative computing scheme, the group using method for the common cryptographic algorithm key is also applicable to the cryptographic operation using the secret share d (that is, the group using method for the common cryptographic algorithm key can be used in the outer layer cooperative computing scheme for the cryptographic operation using the secret share d, and the result obtained by computing the group using method for the common cryptographic algorithm key for d can replace the result obtained by directly using the secret share d for the cryptographic operation in the outer layer cooperative computing scheme); the corresponding secret-based shares d0、d11、d12The cooperative computing scheme refers to a secret share d-based design designed for cryptographic operation by using the secret share d in the outer-layer cryptographic cooperative computing scheme0、d11、d12The collaborative computing scheme of (1); the equivalent secret-based shares d0、d11、d12The cooperative computing scheme refers to a secret share d-based computing result which can replace the result of the cryptographic operation performed by using the secret share d in the outer-layer cryptographic cooperative computing scheme (and ensure that the final cryptographic operation result is correct)0、d11、d12The collaborative computing scheme of (1).
(ideally, but not necessarily, a computation result of a cryptographic operation performed by a party holding secret share d in an outer layer collaborative computation scheme using secret share d does not depend on a cryptographic operation performed by another party using another secret share for a key or a secret related to the key, or only depends on a computation result of a cryptographic operation performed by another party using another secret share for a key or a secret related to the key, but does not depend on a cryptographic operation performed by another party using another secret share for a key or a secret related to the key)
The group using system of the common cryptographic algorithm key based on the group using method of the common cryptographic algorithm key comprises a cryptographic server for implementing the cooperative computing of cryptographic operation, a cryptographic device of a group member, a computing device of the group member and a client program for implementing the cooperative computing of cryptographic operation in the computing device of the group member; when the group member needs to use a secret key d or secret d related to the secret key to carry out the cryptographic operation, the system carries out the cryptographic operation according to the group using method of the common cryptographic algorithm secret key.
It can be seen from the summary of the invention and the embodiments in the detailed description that, based on the technical solution of the present invention, on the basis of the existing general cryptographic algorithm, such as the SM2 elliptic curve cryptographic algorithm, the SM9 mark cryptographic algorithm, and even the symmetric key cryptographic algorithm, the group use of the cryptographic key can be realized without introducing a new cryptographic algorithm, thereby effectively avoiding various problems caused by introducing a new algorithm.
Drawings
FIG. 1: the structure of the invention is schematically shown
Detailed Description
The following examples further illustrate embodiments of the present invention. The following examples are intended to illustrate only a few possible embodiments of the invention, and are not intended to be a limitation of the invention.
Examples 1,
This example serves to illustrate the application of the invention to SM2 digital signatures. SM2 is an elliptic curve public key cryptographic algorithm issued by the national crypto-authority (see specification SM2 elliptic curve public key cryptographic algorithm, national crypto-authority, 12 months 2010), and based on the algorithm, digital signature, data encryption and key exchange can be realized.
Let G be the base point in the SM2 elliptic curve point group, and the order of G be the prime number n. SM2 private key is dAA secret sharing based SM2 digital signature co-generation scheme was devised as follows.
With a private key dAThe secret of interest is d ═ 1+ dA)-1. Get d0=((d1)-1d) mod n, where d1Is in [1, n-1 ]]An internal randomly selected integer, then (d)0d1) mod n ═ d. Where mod n is the modulo n operator (the notation mod n is used in the SM2 specification), a-1Such as (d)1)-1、(1+dA)-1Denotes the inverse of the modulo n multiplication, i.e. (a)-1a) mod n is 1, and a is given below unless otherwise specified-1Both representing the modulo n multiplication inverse). If d is to be1Is decomposed into d1=(d11+d12) mod n, where d11、d12Is [0, n-1 ]](or [1, n-1 ]]) An integer of from, and d11、d12One is in [0, n-1 ]](or [1, n-1 ]]) An integer selected at random and assuming that the first party has a secret share d0、d11The second party has a secret share d12Then there is the following secret sharing based SM2 digital signature co-generation scheme:
is calculated in advance as Gd=[(d1)-1]G, wherein]Representing a number-times or multiple-point addition operation. When required using dAWhen a message M is digitally signed, a first party and a second party are respectively at [1, n-1 ]]Internally randomly selecting a k1、k2Integer, respectively calculating Q1=[k1]Gd,Q2=[k2]Gd(ii) a The first or second party calculates Q ═ Q1+Q2Taking (x)1,y1)=Q,r=(e+x1) mod n, where e is the message hash value (hash value, see SM2 specification) computed from data such as message M; second party calculates s2=(k2+rd12) mod n, submitted to the first party; first party calculates s1=(d0(s2+k1+rd11))mod n,s=(s1-r) mod n then (r, s) are digital signatures for message M, etc。
In order to use d in group membersADigitally signing messages can be performed by (2, t) threshold secret sharing, such as Shamir or Lagrange threshold secret sharing, by1Sharing among the cryptographic server and the group members; when a group member needs to use dAWhen digitally signing a message, the cryptographic server addresses the current member (i.e., needs to use d)AMembers digitally signed by the associated secret d) calculated for recovery d according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program in the group member's computing device that implements secret sharing based SM2 digital signature co-generation then uses the calculated secret share d12The cryptographic server uses secret shares d0And the calculated secret share d11The method adopts the secret sharing-based SM2 digital signature collaborative generation scheme to finish using d, namely the private key dAA digital signature of the message.
Examples 2,
This example serves to illustrate the application of the invention to the decryption of SM2 data.
The key to SM2 data decryption is the use of the user private key dBCalculate [ dB]C1In which C is1=[k]G, k is that the encryption party is [1, n-1 ] when data is encrypted]Internal randomly selected integer (d)BCorresponding to d) of the present invention. Get d0=((d1)-1dB) mod n, where d1Is in [1, n-1 ]]An internal randomly selected integer, then (d)0d1)mod n=dB. If d is to be1Is decomposed into d1=(d11+d12) mod n, where d11、d12Is [0, n-1 ]](or [1, n-1 ]]) An integer of from, and d11、d12Is in [0, n-1 ]](or [1, n-1 ]]) An integer selected at random and assuming that the first party has a secret share d0、d11The second party has a secret share d12Then there is the following secret sharing based SM2 data decryption collaborative computing scheme:
when [ d ] needs to be calculated in decrypting the dataB]C1Then, the second party calculates Q2=[d12]C1Submitting to the first party; first, calculate Q ═ d0](Q2+[d11]C1) Then Q is [ d ]B]C1. Then, [ d ] is obtained based on the calculationB]C1The data decryption can be completed.
In order to use d in group membersBThe data is decrypted and d may be shared according to a (2, t) threshold secret sharing, such as Shamir or Lagrangian threshold secret sharing1Sharing among the cryptographic server and the group members; when the group member needs to use dBWhen decrypting data, the cryptographic server addresses the current member (i.e., needs to use d)BMembers performing data decryption) calculated for recovery d according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program in the group member's computing device that implements the secret sharing based SM2 data decryption collaborative computation then uses the computed secret share d12The cryptographic server uses secret shares d0And the calculated secret share d11Using d is accomplished using the secret sharing based SM2 data decryption collaborative computing scheme described aboveBDecryption of the data.
Examples 3,
This example serves to illustrate the application of the invention to SM9 digital signatures. SM9 is an identification cryptographic algorithm based on bilinear mapping (pairing operation) issued by the national crypto authority (see GM/T0044.2-2016 SM9 identification cryptographic algorithm, published in 2016 3 months, which is currently the national standard), and it provides cryptographic functions such as digital signature, data encryption, key encapsulation, key exchange, etc.
Let SM9 bilinear map (pairing operation) be: e: g1×G2→GTIn which G is1、G2Is an additive cyclic group, GTIs a multiplication loop group, G1、G2、GTIs a prime number n (note: in the SM9 specification, G1、G2、GTThe order of (1) is given by the capital letter N, and the patent application uses the lower case N). P1Is G1The generator of (1), P2Is G2The generator of (1).
Let SM9 sign private key be dADesigning a secret sharing based SM2 digital signature cooperative generation scheme (d)ACorresponding to d) of the present invention.
Calculating d0=[(d1)-1]dAWherein d is1Is in [1, n-1 ]]An internal randomly selected integer, then d1d0=dA. If d is to be1Is decomposed into d1=(d11+d12) mod n, where d11、d12Is [0, n-1 ]](or [1, n-1 ]]) An integer of from, and d11、d12One is in [0, n-1 ]](or [1, n-1 ]]) Internally randomly selected integer and assuming that the first party has a secret d0、d11The second party having a secret d12Then there is the following secret sharing based SM9 digital signature co-generation scheme:
precalculate gd=g^(d1)-1Wherein g ═ e (P)1,Ppub-s),Ppub-sIs the master public key for digital signatures, ksIs a master private or master key (P) for digital signaturespub-s=[ks]P2) A represents an exponentiation (exponentiation of the previous element);
when a message M needs to be digitally signed, the first party and the second party are respectively at [1, n-1 ]]Randomly selecting one r1、r2Integer, calculating g respectively1=gd^r1,g2=gd^r2(ii) a The first party or the second party calculates w-g1g2Calculating H as H2(M | | w, n), wherein H2For the hash function specified in SM9, M | | | w represents the merging of strings of M and w, and n is G1、G2、GT(iii) order (see SM9 specification); second party calculates s2=(r2-hd12) mod n, tiHanded over to the first party; first, calculate S ═ S2+r1-hd11]d0Then (h, S) is a digital signature for message M, etc.
In order to use d in group membersADigitally signing messages can be performed by (2, t) threshold secret sharing, such as Shamir or Lagrange threshold secret sharing, by1Sharing among the cryptographic server and the group members; when the group member needs to use dAWhen digitally signing a message, the cryptographic server addresses the current member (i.e., needs to use d)AMembers digitally signed by the associated secret d) calculated for recovery d according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program implementing the cooperative generation of the SM9 digital signature based on secret sharing in the computing devices of the group members then uses the calculated secret d12The cryptographic server uses secret shares d0And d calculated11Using d is accomplished using the secret sharing based SM9 digital signature collaborative generation scheme described aboveAA digital signature of the message.
Examples 4,
This example serves to illustrate the application of the invention to the decryption of SM9 data.
The key to SM9 data decryption is the use of private key d of user SM9BCalculate e (C)1,dB) In which C is1=[r]QBAnd r is [1, n-1 ] when data is encrypted]Internal randomly selected integer (d)BCorresponding to d), Q of the inventionB=[H1(IDB||hid,N)]P1+Ppub-eIn which P ispub-e=[ke]P1Is the master public key, k, for encryptioneIs a master key or master private key for encryption.
Secret key dBDecomposition into dB=d0+d1Wherein d is0、d1Is a group G1Meta (how to decompose is easy and not discussed here). If d is to be1Is decomposed into d1=d11+d12Wherein d is11、d12Is a group G1Is (how easy to divide, not discussed here) and assumes that the first party has a secret d0、d11The second party having a secret d12Then there is the following secret sharing based SM2 data decryption collaborative computing scheme:
when e (C) needs to be calculated in decrypting the data1,dB) Then, the first party calculates w1=e(C1,d0+d12) The second party calculates w2=e(C1,d12) (ii) a Calculating w ═ w by the first party or the second party1w2W is e (C)1,dB). Then, e (C) is obtained based on the calculation1,dB) The data decryption can be completed.
In order to use d in group membersBThe data is decrypted and d may be shared according to a (2, t) threshold secret sharing, such as Shamir or Lagrangian threshold secret sharing1Shared among the cryptographic servers and group members (for how to implement Shamir or lagrangian threshold secret sharing in elliptic curve point groups of order prime n is not discussed here); when the group member needs to use dBWhen decrypting data, the cryptographic server addresses the current member (i.e., needs to use d)BMembers performing data decryption) calculated for recovery d according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program in the computing device of the group member that implements the secret sharing based SM9 data decryption collaborative computation then uses the computed secret d12The cryptographic server uses secret shares d0And d calculated11Using d is accomplished using the secret sharing based SM9 data decryption collaborative computing scheme described aboveBDecryption of the data.
Examples 5,
This embodiment serves to illustrate the application of the invention in SM2 digital signatures when d itself is a secret share of the secret associated with the key.
Let dAIs the SM2 signature private key, (d + c) mod n=(1+dA)-1Then d, c are the private key dACorrelation secret (1+ d)A)-1Is given. Assuming that d is owned by a first party and c is owned by a second party, the following secret sharing based digital signature collaborative generation scheme:
is calculated in advance as Gb=[1+dA]G; when the private key d is required to be usedAWhen digitally signing the message M, the first party is at [1, n-1 ]]Randomly selecting an integer kdCalculating Qd=[kd]GbThe second party is [1, n-1 ]]Randomly selecting an integer kcCalculating Qc=[kc]Gb(ii) a One of the two parties calculates Q ═ Qc+Qd,r=(e+x1) mod n; first party calculates sd=(kd+ rd) mod n, the second party computing sc=(kc+ rc) mod n; one of the last two calculates s ═ s ((s)d+sc) R) mod n, then (r, s) is a digital signature for message M.
The invention is implemented for secret shares d, with d being re-decomposed in the manner described in example 1 (i.e. d0=((d1)-1d)mod n,(d1d0) mod n ═ d), and d is added1Shared among password servers, group members, and c is owned by a single entity, such as an administrator.
When a message M needs to be digitally signed, the administrator (administrator and the cryptographic device, computing device and associated collaborative computing program used by the administrator) is set at [1, n-1 ]]Randomly selecting an integer kcCalculating Qc=[kc]Gb(ii) a Password Server, group Member calculate Q in the manner of example 11、Q2Calculating Qd=Q1+Q2(ii) a One or the other of c and d calculates Q ═ Qc+Qd,r=(e+x1) mod n; administrator side calculation sc=(kc+ rc) mod n, the cryptographic server, the group members, calculated as in example 1 to obtain s1(ii) a And s1And sdAre identical (in the calculation result s in the digital signature cooperative generation scheme using d, c)K of (a)d(1+dA) Corresponding to (k) in the calculation result s of example 11+k2)(d1)-1) I.e. s1Is sdIn the secret share based collaborative generation scheme (inner layer collaborative generation scheme), s is used in the secret share d, c based digital signature collaborative generation scheme1Generation process of (1) and result substitution(s)dThe process and result of (a) results in a digital signature for message M, so that the last party or entity calculates s ═ s ((s)c+s1) R) mod n, then (r, s) is a digital signature for message M.
Examples 6,
This embodiment serves to illustrate the application of the invention in the decryption of SM2 data when d itself is a secret share of a secret associated with a key.
Assume that the user's SM2 decrypts the private keyd BIs decomposed intod B=(dB+dc) mod n, secret shares dcOwned by an entity, dBSharing among the password server, group members in the manner of example 2 (d)BCorresponding to d) of the present invention.
Calculation is required when decrypting data encrypted with the SM2 algorithmd B]C1Then, the password server and the group members calculate Q in the way of the embodiment 21=[d12]C1,QB=[d0](Q1+[d11]C1) (ii) a Having dcThe entity of (2) calculates to obtain Qc=[dc]C1(ii) a Last party or entity calculates QB+QcNamely [ solution ]d B]C1
Example 7,
This embodiment serves to illustrate the application of the invention in SM9 digital signatures when d itself is a secret share of the secret associated with the key.
Suppose SM9 signs private key dASigning SM9 with private keyd BDecomposition into dA=dB+dCSuppose that the first party has secret share dBThe second party has a secret share dCThen there is the following secret sharing based SM9 digital signature co-generation scheme (d)B、dCRespectively corresponding to d) of the present invention:
precalculate gA=g^b,PA=[b]dAB is [1, n-1 ]]A secret integer selected at random; when required using dAWhen digitally signing a message M, the first party is [1, n-1 ]]Randomly selecting an integer rBCalculating wB=gA^rBThe second party is [1, n-1 ]]Randomly selecting an integer rCCalculating wC=gA^rC(ii) a One of the two parties calculates w ═ wBwC,h=H2(M | | w, n); first party calculates SB=[rB]PA+[-h]dBThe first party calculates SC=[rC]PA+[-h]dC(ii) a One of the two parties calculates S ═ SB+SCThen (h, S) is a digital signature for message M.
Assume secret share dB、dCRespectively, group B, C. Now follows how to collaboratively generate S by implementing the inventionB、SC
To implement the invention in group B, d is calculatedB1=[(dB0)-1]dBWherein d isB0Is in [1, n-1 ]]An internal randomly selected integer, then dB0dB1=dB. If d is to beB1Is decomposed into dB1=dB11+dB12Wherein d isB11、dB12Is a group G1And assuming that the first party has a secret dB0、dB11The second party having a secret dB12(this is the first party, the second party in the inner layer cooperation calculation, the same applies below), the following is the case for SBThe collaborative generation scheme of (1):
is pre-calculated to have PB=[(dB0)-1]PA,PBNon-secrecy;
when a message M needs to be digitally signed, the first party and the second party are respectively at [1, n-1 ]]Randomly selecting one rB1、rB2Integer, calculating g respectivelyB1=gA^rB1,gB2=gA^rB2(ii) a Calculating w by the first or second partyB=gB1gB2(ii) a Second party calculates SB2=[rB2]PB+[-h]dB12Submitting to the first party; first party calculates SB1=[dB0](SB2+[rB1]PB+[-h]dB11) Wherein H is H ═ H2(M | | w, n) is calculated, wherein w ═ wBwC(wCCalculated from group C in the cooperative calculation process), S at this timeB1For using d in outer layer cooperative computing schemeBCalculating SBCan replace the previous use of secret shares d in the outer layer collaborative computing schemeBCalculated SB
Similarly, d can be used in group C by implementing the inventionCIs calculated to obtain Sc1Instead of using secret shares d directly in the outer layer co-computation schemeCCalculated SC
Example 8,
This embodiment serves to illustrate the application of the invention in the decryption of SM9 data when d is a secret share of a secret associated with a key.
Suppose SM9 decrypts the private keyd BTwo groups B and C.
Decrypting SM9 private keysd BIs decomposed intod B=dB+dCD is mixingBRe-decomposed as described in example 3, shared among members of group B, cipher server, and dCRe-decomposed as described in example 3, shared among members of group C, the password server (d)B、dCRespectively, corresponding to d) of the present invention.
Calculation of e (C) is required when data decryption is performed1,d B) Then, the cryptographic server and the members of the group B calculate w as in example 4B=e(C1,dB) The members of the password server and group C are calculated as in example 4To wC=e(C1,dC) If w is equal to wBwCIs e (C)1,d B)。
The secret sharing based cooperative computing approach for cryptographic algorithms of SM2 and SM9 given in the above examples 1-8 is not the only possible cooperative computing approach, but also other possible cooperative computing approaches, and thus the implementation of the present invention given above for cryptographic algorithms of SM2 and SM9 is not the only possible implementation, but also other possible implementations. In addition to the SM2, SM9 cryptographic algorithms, the present invention may be implemented for other public key cryptographic algorithms based on the same or similar principles.
Examples 9,
The foregoing embodiments are all implementations of the method of the present invention in public key cryptographic applications (asymmetric key cryptographic applications), and are seen in implementations of the present invention in symmetric key cryptographic applications.
Let G be the base point of the elliptic curve point group whose order is prime number n (the generator of the elliptic curve point group whose order is prime number n). It is assumed that data is encrypted and decrypted by a symmetric key cryptographic algorithm (either one of them), and the key for encryption and decryption is represented by HASH ([ k ])]Gd) Is generated wherein Gd=[d]G is not secret, and d is a [1, n-1 ]]Secret integer of (k) is a data encryption side in [1, n-1 ]]Internal randomly selected integer, Gk=[k]G is stored with the encrypted data (d is the seed key that generates the symmetric key, which is a secret associated with the key). Now d serves as a group key for decryption of the data. For this purpose, d may be decomposed into d ═ d (d) first0+d1) mod n, where d0、d1Is [0, n-1 ]](or [1, n-1 ]]) Internal integer, d0、d1Is [0, n-1 ]](or [1, n-1 ]]) An internal randomly selected integer, and d1Not equal to 0. If d is to be1Is decomposed into d1=(d11+d12) mod n, where d11、d12Is [0, n-1 ]](or [1, n-1 ]]) An integer of (i) has a value of d0、d11Party of (1) and hold d12The party of (2) can conveniently obtain the symmetric key for data decryption in a collaborative calculation:hold d0、d11One of (1) calculates Q1=[d0+d11]GkHold d12One of (1) calculates Q2=[d12]Gk,Q1+Q2Is [ k ]]Gd. Co-computing to get [ k]GdThen, one of the two parties calculates HASH ([ k ]]Gd) And the data is decrypted by taking the key as a symmetric key.
To use d in a group member, d may be shared by a (2, t) threshold secret sharing, such as Shamir or lagrangian threshold secret sharing1Sharing among the cryptographic server and the group members; when the group member needs to decrypt the data by using the key d (when generating a decrypted symmetric key), the cryptographic server calculates the recovery d for the current member (i.e. the member needing to perform cryptographic operation by using the key d) according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program in the computing device of the group member that implements the cooperative computing of cryptographic operations based on secret sharing then uses the computed secret d12The cryptographic server uses secret shares d0And d is calculated11And generating a symmetric key for data decryption based on a secret shared cryptographic operation cooperative computing scheme, thereby completing data decryption.
The computing device running the password collaborative computing program of the group member can be a Personal Computer (PC), a portable computer, a tablet computer, a mobile phone and other mobile terminals; the cryptographic means storing the secret shares of the group members may be software components, or may be a combination of software and hardware components, or may even be pure hardware.
Other specific technical implementations not described are well known to those skilled in the relevant art and will be apparent to those skilled in the relevant art.

Claims (5)

1. A group using method of a common cryptographic algorithm key is characterized in that:
the common cryptographic algorithm is a cryptographic algorithm which is not designed for group members to use keys; the types of the common cryptographic algorithms comprise symmetric key cryptographic algorithms and asymmetric key cryptographic algorithms;
the method involves the use of a key d or a key-dependent secret d of the general cryptographic algorithm, where d is an element of a group; the secret related to the secret key is a secret number which can recover the secret key from the insecure number or can replace the secret key to carry out cryptographic operation;
decomposing the d into secret shares d0、d1Wherein d is1Is an element in an addition group of order prime n;
if d is to be replaced1Decomposition into d1=d11+d12Said common cryptographic algorithm then has a corresponding secret-sharing based cooperative calculation scheme for cryptographic operations using a secret key d or a secret key related to secret d, where d is0、d11For cooperatively computing secret shares of a party, d12A secret share that is another party to the collaborative computation;
the method also involves a password server and a set of group users, wherein the password server holds the secret share d0
Will d1Sharing between a cryptographic server and group members according to a (2, t) threshold secret sharing scheme, wherein the cryptographic server has one secret share, each group member has one secret share, any two secret shares are capable of recovering d1
The (2, t) threshold secret share of the cryptographic server is securely maintained by the cryptographic server; (2, t) threshold secret shares for each group member are securely maintained by the group member's cryptographic device; the cryptographic device is a component that stores and uses secret shares for cryptographic operations;
when one member in the group needs to use the secret key d or secret d related to the secret key to carry out the cryptographic operation, the cryptographic server calculates the secret d for recovering the current member according to a threshold secret sharing scheme1Secret share d of11The cryptographic devices of the group members calculate the value for recovering d according to a threshold secret sharing scheme1Secret share d of12Then groupCryptographic co-computation program usage in computing devices of group members12The cryptographic server uses secret shares d0、d11And adopting a cooperative computing scheme of secret sharing-based cryptographic operation to obtain a result of the cryptographic operation by using the d through cooperative computing.
2. The group use method of a general cryptographic algorithm key as claimed in claim 1, wherein:
and the password server discharges the cooperative calculation of the password operation with the revoked group members through the stored group member revocation information.
3. The group use method of a general cryptographic algorithm key as claimed in claim 1, wherein:
if the key d or the secret d associated with the key is used for digital signature and the signer needs to be identified, the identification information of the group member performing the digital signature is signed as a part of the data to be signed.
4. The group use method of a general cryptographic algorithm key as claimed in claim 1, wherein:
if d is a secret share of a key or key-related secret and d together with other secret shares for this key or this key-related secret, for the ordinary cryptographic algorithm, there is a cooperative calculation scheme based on a secret-shared cryptographic operation, the cooperative calculation scheme based on d and a cryptographic operation for this key or this other secret share of the key-related secret is referred to as an outer cooperative calculation scheme;
if the secret share d is further decomposed into secret shares d in the manner described above0、d11、d12The outer layer collaborative computation scheme has a corresponding or equivalent secret share d-based for cryptographic operations using secret shares d0、d11、d12In which one party has a secret share d0、d11The other having secret shares d12Then, thenIn the outer layer cooperative computing scheme, the group using method of the common cryptographic algorithm key is also applicable to cryptographic operation using secret share d; the corresponding secret-based shares d0、d11、d12The cooperative computing scheme refers to a secret share d-based design designed for cryptographic operation by using the secret share d in the outer-layer cryptographic cooperative computing scheme0、d11、d12The collaborative computing scheme of (1); the equivalent secret-based shares d0、d11、d12The cooperative computing scheme refers to a secret share d-based computing result which can replace the result of the cryptographic operation using the secret share d in the outer-layer cryptographic cooperative computing scheme0、d11、d12The collaborative computing scheme of (1).
5. A group use system of a general cryptographic algorithm key based on the group use method of a general cryptographic algorithm key according to any one of claims 1 to 4, characterized in that:
the system comprises a password server for implementing the cooperative computing of the password operation, a password device of a group member, a computing device of the group member and a client program for implementing the cooperative computing of the password operation in the computing device of the group member; when the group member needs to use a secret key d or secret d related to the secret key to carry out the cryptographic operation, the system carries out the cryptographic operation according to the group using method of the common cryptographic algorithm secret key.
CN202110906854.6A 2021-08-09 2021-08-09 Group using method and system for common cryptographic algorithm key Active CN113708925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110906854.6A CN113708925B (en) 2021-08-09 2021-08-09 Group using method and system for common cryptographic algorithm key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110906854.6A CN113708925B (en) 2021-08-09 2021-08-09 Group using method and system for common cryptographic algorithm key

Publications (2)

Publication Number Publication Date
CN113708925A true CN113708925A (en) 2021-11-26
CN113708925B CN113708925B (en) 2023-12-12

Family

ID=78652090

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110906854.6A Active CN113708925B (en) 2021-08-09 2021-08-09 Group using method and system for common cryptographic algorithm key

Country Status (1)

Country Link
CN (1) CN113708925B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060033424A (en) * 2004-10-15 2006-04-19 학교법인 성균관대학 Method generating session key for group communication in mobile environment
CN103609059A (en) * 2010-09-20 2014-02-26 安全第一公司 Systems and methods for secure data sharing
CN104717232A (en) * 2015-04-09 2015-06-17 武汉理工大学 Cryptosystem facing to group
CN106357401A (en) * 2016-11-11 2017-01-25 武汉理工大学 Private key storage method and private key use method
CN111918285A (en) * 2020-06-17 2020-11-10 南京如般量子科技有限公司 Anti-quantum computing group communication method and system based on ID cryptography

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060033424A (en) * 2004-10-15 2006-04-19 학교법인 성균관대학 Method generating session key for group communication in mobile environment
CN103609059A (en) * 2010-09-20 2014-02-26 安全第一公司 Systems and methods for secure data sharing
CN104717232A (en) * 2015-04-09 2015-06-17 武汉理工大学 Cryptosystem facing to group
CN106357401A (en) * 2016-11-11 2017-01-25 武汉理工大学 Private key storage method and private key use method
CN111918285A (en) * 2020-06-17 2020-11-10 南京如般量子科技有限公司 Anti-quantum computing group communication method and system based on ID cryptography

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
闫鸿滨: "基于环Z_n上的圆锥曲线的多秘密共享方案", 计算机仿真, vol. 31, no. 5, pages 171 - 174 *

Also Published As

Publication number Publication date
CN113708925B (en) 2023-12-12

Similar Documents

Publication Publication Date Title
CN108173639B (en) Two-party cooperative signature method based on SM9 signature algorithm
CN107707358B (en) EC-KCDSA digital signature generation method and system
Kumar et al. Secure storage and access of data in cloud computing
US7634085B1 (en) Identity-based-encryption system with partial attribute matching
US8429408B2 (en) Masking the output of random number generators in key generation protocols
CN107733648B (en) Identity-based RSA digital signature generation method and system
US7397917B2 (en) Method and apparatus for generating a cryptographic key
CN108111540B (en) Hierarchical access control system and method supporting data sharing in cloud storage
US8589679B2 (en) Identifier-based signcryption with two trusted authorities
CN110545279A (en) block chain transaction method, device and system with privacy and supervision functions
US20040123098A1 (en) Method and apparatus for use in relation to verifying an association between two parties
CN107872322A (en) Digital signature collaboration generation method and system based on homomorphic cryptography
CN107086912B (en) Ciphertext conversion method, decryption method and system in heterogeneous storage system
Yao et al. A novel revocable and identity-based conditional proxy re-encryption scheme with ciphertext evolution for secure cloud data sharing
CN111355582A (en) Two-party combined signature and decryption method and system based on SM2 algorithm
JP2024506026A (en) Threshold key exchange
CN110784300B (en) Secret key synthesis method based on multiplication homomorphic encryption
CN110166235B (en) SM9 digital signature collaborative generation method and system for enhancing security
US20050220300A1 (en) Public key cryptographic methods and systems
CN114095161A (en) Identity base pierceable encryption method supporting equality test
CN114095171A (en) Identity-based wearable proxy re-encryption method
US20050135610A1 (en) Identifier-based signcryption
CN110798313B (en) Secret dynamic sharing-based collaborative generation method and system for number containing secret
CN116318696B (en) Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties
CA2742530C (en) Masking the output of random number generators in key generation protocols

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant