CN113708925A - Group using method and system for common cryptographic algorithm key - Google Patents
Group using method and system for common cryptographic algorithm key Download PDFInfo
- Publication number
- CN113708925A CN113708925A CN202110906854.6A CN202110906854A CN113708925A CN 113708925 A CN113708925 A CN 113708925A CN 202110906854 A CN202110906854 A CN 202110906854A CN 113708925 A CN113708925 A CN 113708925A
- Authority
- CN
- China
- Prior art keywords
- secret
- cryptographic
- key
- group
- scheme
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000000354 decomposition reaction Methods 0.000 claims abstract description 5
- 238000004364 calculation method Methods 0.000 claims description 17
- 230000001419 dependent effect Effects 0.000 claims description 3
- 238000013461 design Methods 0.000 claims description 3
- 238000011084 recovery Methods 0.000 abstract description 6
- 238000013459 approach Methods 0.000 description 4
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The group using method of the common cryptographic algorithm key comprises the following steps: decomposing the common cryptographic algorithm key d into d0、d1,d1Is a group member with a prime number n; if d is to be replaced1Decomposition into d1=d11+d12Then the cryptographic operation using d has a corresponding cooperative computing scheme based on secret sharing, wherein one party has d0、d11The other party has d12(ii) a Will d1Sharing secret sharing between the password server and the group members according to the (2, t) threshold; when one member in the group uses the secret key d to carry out the cryptographic operation, the cryptographic server calculates the secret d for recovering the group member according to the threshold secret sharing1D of11Cryptographic means of group members are calculated for recovery d by threshold secret sharing1D of12Then the group member's password is used by the cooperative computing program12Password Server use d0、d11Adopting a secret sharing-based cryptographic operation cooperative computing scheme to obtain the use secretThe cryptographic operation result of the key d.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a group use method and a group use system of a common cryptographic algorithm key.
Background
Group-oriented cryptography enables members of a group to perform cryptographic operations on behalf of the group, such as digital signature (group signature), data decryption (group encryption), using keys, while providing some anonymity. Group-oriented passwords include threshold passwords that use the same key for multiple group members and non-threshold passwords that use different keys for one group member (e.g., group signatures). For group-oriented cryptography using (different) keys for individual group members, a common approach at present is to design new cryptographic algorithms, which can cause a series of problems: for example, cryptographic components or cryptographic devices that support new cryptographic algorithms need to be developed; the new cryptographic algorithm and the existing cryptographic algorithm have an interoperation problem; replacing existing passwords can cause various problems, such as extra cost and modification of deployed systems, and for example, due to the doubt on the security of the newly designed cryptographic algorithm, the newly designed cryptographic algorithm is not always acceptable to users; the use of cryptographic algorithms often requires obtaining corresponding national authorities 'approval, whereas newly designed cryptographic algorithms are difficult to obtain national authorities' approval before obtaining extensive evaluation and acceptance. At present, various non-group-oriented cryptographic algorithms are widely applied and approved by national authorities, and in practical application, for such a common non-group-oriented cryptographic algorithm, a single group member needs to perform cryptographic operation on a group representative group using a key, but the existing scheme cannot well meet the requirement.
Disclosure of Invention
The invention aims to provide a corresponding solution for the problems of the existing group-oriented password in practical application so as to meet the requirement of performing password operation on a group user by using a secret key in the password application adopting a common password algorithm.
Aiming at the purpose of the invention, the solution proposed by the invention comprises a group using method and a system of a common cryptographic algorithm key, and the following detailed description is given.
The group using method of the common cryptographic algorithm key of the invention is concretely as follows.
The common cryptographic algorithm is a cryptographic algorithm not designed for group members to use keys (i.e., a non-group-oriented cryptographic algorithm); the types of the common cryptographic algorithms include symmetric key cryptographic algorithms and asymmetric key cryptographic algorithms (e.g., common ECC algorithms such as SM2, identity cryptographic algorithms such as SM9, etc.);
the method involves the use of a key d or a key-dependent secret d of the generic cryptographic algorithm, where d is an element of a group (note: d is typically a non-zero or non-unitary element of a group); the key-dependent secret is a secret (data) that can be used to recover a key from non-secret (data) or can be used in place of a key to perform a cryptographic operation;
decomposing the d into secret shares d0、d1Wherein d is1Is an element in a group of order prime n (e.g. d is decomposed into d ═ d)0d1Or d ═ d1d0Or d ═ d0+d1Where d, d0、d1The group can be various groups, such as integer group, elliptic curve point group, d0、d1Not necessarily belonging to the same group, where "+" is the addition of a group element);
if d is to be replaced1Decomposition into d1=d11+d12Said common cryptographic algorithm then has a corresponding secret-sharing based cooperative calculation scheme for cryptographic operations using a secret key d or a secret key related to secret d, where d is0、d11For cooperatively computing secret shares of a party, d12Is the secret share of the other party of the cooperative calculation (in this case, d ═ d)0(d11+d12) Or d ═ d (d)11+d12)d0Or d ═ d0+d11+d12);
The method also involves a password server and a set of group users, wherein the password server holds the secret share d0;
Will d1Sharing between a cryptographic server and group members according to a (2, t) threshold secret sharing scheme (e.g., Shamir threshold secret sharing or Lagrange threshold secret sharing, or other threshold secret sharing schemes), wherein the cryptographic server has one secret share, each group member has one secret share, and any two secret shares can recover d1;
The (2, t) threshold secret share of the cryptographic server is securely maintained by the cryptographic server; (2, t) threshold secret shares for each group member are securely maintained by the group member's cryptographic device; the cryptographic means is a component (software component or a combination of software and hardware) that stores and uses secret shares (and other keys) for cryptographic operations;
when one member in the group needs to use the secret key d or the secret d related to the secret key to perform the cryptographic operation, the cryptographic server calculates the secret d for recovering the current member (i.e. the member needing to perform the cryptographic operation by using the secret key d) according to a threshold secret sharing scheme1Secret share d of11The cryptographic devices of the group members calculate the value for recovering d according to a threshold secret sharing scheme1Secret share d of12(in this case, there is d1=d11+d12) Then the password in the computing device of the group member cooperates with the computing program to use d12The cryptographic server uses secret shares d0、d11And adopting a cooperative computing scheme of secret sharing-based cryptographic operation to obtain a result of the cryptographic operation by using the d through cooperative computing.
For the group using method of the above general cryptographic algorithm key, the cryptographic server excludes the cooperative computation of the cryptographic operation with the revoked group member through the saved group member revocation information (for example, for Shamir and lagrangian threshold secret sharing scheme, the identification information for identifying the revoked group member is the integer corresponding to the secret share of the revoked group member).
For the group using method of the above-mentioned general cryptographic algorithm key, if the key d or the secret d related to the key is used for digital signature and it is necessary to identify the signer, the identification information (for example, an integer corresponding to the secret share for the Shamir and lagrangian threshold secret sharing scheme) of the group member performing digital signature is signed as a part of the data to be signed (the party participating in the signature operation, the cryptographic cooperation calculation program in the cryptographic server or the computing device of the group member and the cryptographic device of the group member).
For the group usage method of the above-mentioned common cryptographic algorithm key, if d is a secret share of a key or a key-related secret (i.e. d itself is a secret share), and d together with other secret shares for this key or this key-related secret, for the common cryptographic algorithm, there is a cooperative computation scheme based on a secret-shared cryptographic operation, the cooperative computation scheme based on d and a cryptographic operation for this key or this other secret share of the key-related secret is referred to as an outer cooperative computation scheme (of the cryptographic operation);
if the secret share d is further decomposed into secret shares d in the manner described above0、d11、d12The outer layer collaborative computation scheme has a corresponding or equivalent secret share d-based for cryptographic operations using secret shares d0、d11、d12In which one party has a secret share d (referred to as an inner-tier collaborative computing scheme)0、d11The other having secret shares d12In the outer layer cooperative computing scheme, the group using method for the common cryptographic algorithm key is also applicable to the cryptographic operation using the secret share d (that is, the group using method for the common cryptographic algorithm key can be used in the outer layer cooperative computing scheme for the cryptographic operation using the secret share d, and the result obtained by computing the group using method for the common cryptographic algorithm key for d can replace the result obtained by directly using the secret share d for the cryptographic operation in the outer layer cooperative computing scheme); the corresponding secret-based shares d0、d11、d12The cooperative computing scheme refers to a secret share d-based design designed for cryptographic operation by using the secret share d in the outer-layer cryptographic cooperative computing scheme0、d11、d12The collaborative computing scheme of (1); the equivalent secret-based shares d0、d11、d12The cooperative computing scheme refers to a secret share d-based computing result which can replace the result of the cryptographic operation performed by using the secret share d in the outer-layer cryptographic cooperative computing scheme (and ensure that the final cryptographic operation result is correct)0、d11、d12The collaborative computing scheme of (1).
(ideally, but not necessarily, a computation result of a cryptographic operation performed by a party holding secret share d in an outer layer collaborative computation scheme using secret share d does not depend on a cryptographic operation performed by another party using another secret share for a key or a secret related to the key, or only depends on a computation result of a cryptographic operation performed by another party using another secret share for a key or a secret related to the key, but does not depend on a cryptographic operation performed by another party using another secret share for a key or a secret related to the key)
The group using system of the common cryptographic algorithm key based on the group using method of the common cryptographic algorithm key comprises a cryptographic server for implementing the cooperative computing of cryptographic operation, a cryptographic device of a group member, a computing device of the group member and a client program for implementing the cooperative computing of cryptographic operation in the computing device of the group member; when the group member needs to use a secret key d or secret d related to the secret key to carry out the cryptographic operation, the system carries out the cryptographic operation according to the group using method of the common cryptographic algorithm secret key.
It can be seen from the summary of the invention and the embodiments in the detailed description that, based on the technical solution of the present invention, on the basis of the existing general cryptographic algorithm, such as the SM2 elliptic curve cryptographic algorithm, the SM9 mark cryptographic algorithm, and even the symmetric key cryptographic algorithm, the group use of the cryptographic key can be realized without introducing a new cryptographic algorithm, thereby effectively avoiding various problems caused by introducing a new algorithm.
Drawings
FIG. 1: the structure of the invention is schematically shown
Detailed Description
The following examples further illustrate embodiments of the present invention. The following examples are intended to illustrate only a few possible embodiments of the invention, and are not intended to be a limitation of the invention.
Examples 1,
This example serves to illustrate the application of the invention to SM2 digital signatures. SM2 is an elliptic curve public key cryptographic algorithm issued by the national crypto-authority (see specification SM2 elliptic curve public key cryptographic algorithm, national crypto-authority, 12 months 2010), and based on the algorithm, digital signature, data encryption and key exchange can be realized.
Let G be the base point in the SM2 elliptic curve point group, and the order of G be the prime number n. SM2 private key is dAA secret sharing based SM2 digital signature co-generation scheme was devised as follows.
With a private key dAThe secret of interest is d ═ 1+ dA)-1. Get d0=((d1)-1d) mod n, where d1Is in [1, n-1 ]]An internal randomly selected integer, then (d)0d1) mod n ═ d. Where mod n is the modulo n operator (the notation mod n is used in the SM2 specification), a-1Such as (d)1)-1、(1+dA)-1Denotes the inverse of the modulo n multiplication, i.e. (a)-1a) mod n is 1, and a is given below unless otherwise specified-1Both representing the modulo n multiplication inverse). If d is to be1Is decomposed into d1=(d11+d12) mod n, where d11、d12Is [0, n-1 ]](or [1, n-1 ]]) An integer of from, and d11、d12One is in [0, n-1 ]](or [1, n-1 ]]) An integer selected at random and assuming that the first party has a secret share d0、d11The second party has a secret share d12Then there is the following secret sharing based SM2 digital signature co-generation scheme:
is calculated in advance as Gd=[(d1)-1]G, wherein]Representing a number-times or multiple-point addition operation. When required using dAWhen a message M is digitally signed, a first party and a second party are respectively at [1, n-1 ]]Internally randomly selecting a k1、k2Integer, respectively calculating Q1=[k1]Gd,Q2=[k2]Gd(ii) a The first or second party calculates Q ═ Q1+Q2Taking (x)1,y1)=Q,r=(e+x1) mod n, where e is the message hash value (hash value, see SM2 specification) computed from data such as message M; second party calculates s2=(k2+rd12) mod n, submitted to the first party; first party calculates s1=(d0(s2+k1+rd11))mod n,s=(s1-r) mod n then (r, s) are digital signatures for message M, etc。
In order to use d in group membersADigitally signing messages can be performed by (2, t) threshold secret sharing, such as Shamir or Lagrange threshold secret sharing, by1Sharing among the cryptographic server and the group members; when a group member needs to use dAWhen digitally signing a message, the cryptographic server addresses the current member (i.e., needs to use d)AMembers digitally signed by the associated secret d) calculated for recovery d according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program in the group member's computing device that implements secret sharing based SM2 digital signature co-generation then uses the calculated secret share d12The cryptographic server uses secret shares d0And the calculated secret share d11The method adopts the secret sharing-based SM2 digital signature collaborative generation scheme to finish using d, namely the private key dAA digital signature of the message.
Examples 2,
This example serves to illustrate the application of the invention to the decryption of SM2 data.
The key to SM2 data decryption is the use of the user private key dBCalculate [ dB]C1In which C is1=[k]G, k is that the encryption party is [1, n-1 ] when data is encrypted]Internal randomly selected integer (d)BCorresponding to d) of the present invention. Get d0=((d1)-1dB) mod n, where d1Is in [1, n-1 ]]An internal randomly selected integer, then (d)0d1)mod n=dB. If d is to be1Is decomposed into d1=(d11+d12) mod n, where d11、d12Is [0, n-1 ]](or [1, n-1 ]]) An integer of from, and d11、d12Is in [0, n-1 ]](or [1, n-1 ]]) An integer selected at random and assuming that the first party has a secret share d0、d11The second party has a secret share d12Then there is the following secret sharing based SM2 data decryption collaborative computing scheme:
when [ d ] needs to be calculated in decrypting the dataB]C1Then, the second party calculates Q2=[d12]C1Submitting to the first party; first, calculate Q ═ d0](Q2+[d11]C1) Then Q is [ d ]B]C1. Then, [ d ] is obtained based on the calculationB]C1The data decryption can be completed.
In order to use d in group membersBThe data is decrypted and d may be shared according to a (2, t) threshold secret sharing, such as Shamir or Lagrangian threshold secret sharing1Sharing among the cryptographic server and the group members; when the group member needs to use dBWhen decrypting data, the cryptographic server addresses the current member (i.e., needs to use d)BMembers performing data decryption) calculated for recovery d according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program in the group member's computing device that implements the secret sharing based SM2 data decryption collaborative computation then uses the computed secret share d12The cryptographic server uses secret shares d0And the calculated secret share d11Using d is accomplished using the secret sharing based SM2 data decryption collaborative computing scheme described aboveBDecryption of the data.
Examples 3,
This example serves to illustrate the application of the invention to SM9 digital signatures. SM9 is an identification cryptographic algorithm based on bilinear mapping (pairing operation) issued by the national crypto authority (see GM/T0044.2-2016 SM9 identification cryptographic algorithm, published in 2016 3 months, which is currently the national standard), and it provides cryptographic functions such as digital signature, data encryption, key encapsulation, key exchange, etc.
Let SM9 bilinear map (pairing operation) be: e: g1×G2→GTIn which G is1、G2Is an additive cyclic group, GTIs a multiplication loop group, G1、G2、GTIs a prime number n (note: in the SM9 specification, G1、G2、GTThe order of (1) is given by the capital letter N, and the patent application uses the lower case N). P1Is G1The generator of (1), P2Is G2The generator of (1).
Let SM9 sign private key be dADesigning a secret sharing based SM2 digital signature cooperative generation scheme (d)ACorresponding to d) of the present invention.
Calculating d0=[(d1)-1]dAWherein d is1Is in [1, n-1 ]]An internal randomly selected integer, then d1d0=dA. If d is to be1Is decomposed into d1=(d11+d12) mod n, where d11、d12Is [0, n-1 ]](or [1, n-1 ]]) An integer of from, and d11、d12One is in [0, n-1 ]](or [1, n-1 ]]) Internally randomly selected integer and assuming that the first party has a secret d0、d11The second party having a secret d12Then there is the following secret sharing based SM9 digital signature co-generation scheme:
precalculate gd=g^(d1)-1Wherein g ═ e (P)1,Ppub-s),Ppub-sIs the master public key for digital signatures, ksIs a master private or master key (P) for digital signaturespub-s=[ks]P2) A represents an exponentiation (exponentiation of the previous element);
when a message M needs to be digitally signed, the first party and the second party are respectively at [1, n-1 ]]Randomly selecting one r1、r2Integer, calculating g respectively1=gd^r1,g2=gd^r2(ii) a The first party or the second party calculates w-g1g2Calculating H as H2(M | | w, n), wherein H2For the hash function specified in SM9, M | | | w represents the merging of strings of M and w, and n is G1、G2、GT(iii) order (see SM9 specification); second party calculates s2=(r2-hd12) mod n, tiHanded over to the first party; first, calculate S ═ S2+r1-hd11]d0Then (h, S) is a digital signature for message M, etc.
In order to use d in group membersADigitally signing messages can be performed by (2, t) threshold secret sharing, such as Shamir or Lagrange threshold secret sharing, by1Sharing among the cryptographic server and the group members; when the group member needs to use dAWhen digitally signing a message, the cryptographic server addresses the current member (i.e., needs to use d)AMembers digitally signed by the associated secret d) calculated for recovery d according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program implementing the cooperative generation of the SM9 digital signature based on secret sharing in the computing devices of the group members then uses the calculated secret d12The cryptographic server uses secret shares d0And d calculated11Using d is accomplished using the secret sharing based SM9 digital signature collaborative generation scheme described aboveAA digital signature of the message.
Examples 4,
This example serves to illustrate the application of the invention to the decryption of SM9 data.
The key to SM9 data decryption is the use of private key d of user SM9BCalculate e (C)1,dB) In which C is1=[r]QBAnd r is [1, n-1 ] when data is encrypted]Internal randomly selected integer (d)BCorresponding to d), Q of the inventionB=[H1(IDB||hid,N)]P1+Ppub-eIn which P ispub-e=[ke]P1Is the master public key, k, for encryptioneIs a master key or master private key for encryption.
Secret key dBDecomposition into dB=d0+d1Wherein d is0、d1Is a group G1Meta (how to decompose is easy and not discussed here). If d is to be1Is decomposed into d1=d11+d12Wherein d is11、d12Is a group G1Is (how easy to divide, not discussed here) and assumes that the first party has a secret d0、d11The second party having a secret d12Then there is the following secret sharing based SM2 data decryption collaborative computing scheme:
when e (C) needs to be calculated in decrypting the data1,dB) Then, the first party calculates w1=e(C1,d0+d12) The second party calculates w2=e(C1,d12) (ii) a Calculating w ═ w by the first party or the second party1w2W is e (C)1,dB). Then, e (C) is obtained based on the calculation1,dB) The data decryption can be completed.
In order to use d in group membersBThe data is decrypted and d may be shared according to a (2, t) threshold secret sharing, such as Shamir or Lagrangian threshold secret sharing1Shared among the cryptographic servers and group members (for how to implement Shamir or lagrangian threshold secret sharing in elliptic curve point groups of order prime n is not discussed here); when the group member needs to use dBWhen decrypting data, the cryptographic server addresses the current member (i.e., needs to use d)BMembers performing data decryption) calculated for recovery d according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program in the computing device of the group member that implements the secret sharing based SM9 data decryption collaborative computation then uses the computed secret d12The cryptographic server uses secret shares d0And d calculated11Using d is accomplished using the secret sharing based SM9 data decryption collaborative computing scheme described aboveBDecryption of the data.
Examples 5,
This embodiment serves to illustrate the application of the invention in SM2 digital signatures when d itself is a secret share of the secret associated with the key.
Let dAIs the SM2 signature private key, (d + c) mod n=(1+dA)-1Then d, c are the private key dACorrelation secret (1+ d)A)-1Is given. Assuming that d is owned by a first party and c is owned by a second party, the following secret sharing based digital signature collaborative generation scheme:
is calculated in advance as Gb=[1+dA]G; when the private key d is required to be usedAWhen digitally signing the message M, the first party is at [1, n-1 ]]Randomly selecting an integer kdCalculating Qd=[kd]GbThe second party is [1, n-1 ]]Randomly selecting an integer kcCalculating Qc=[kc]Gb(ii) a One of the two parties calculates Q ═ Qc+Qd,r=(e+x1) mod n; first party calculates sd=(kd+ rd) mod n, the second party computing sc=(kc+ rc) mod n; one of the last two calculates s ═ s ((s)d+sc) R) mod n, then (r, s) is a digital signature for message M.
The invention is implemented for secret shares d, with d being re-decomposed in the manner described in example 1 (i.e. d0=((d1)-1d)mod n,(d1d0) mod n ═ d), and d is added1Shared among password servers, group members, and c is owned by a single entity, such as an administrator.
When a message M needs to be digitally signed, the administrator (administrator and the cryptographic device, computing device and associated collaborative computing program used by the administrator) is set at [1, n-1 ]]Randomly selecting an integer kcCalculating Qc=[kc]Gb(ii) a Password Server, group Member calculate Q in the manner of example 11、Q2Calculating Qd=Q1+Q2(ii) a One or the other of c and d calculates Q ═ Qc+Qd,r=(e+x1) mod n; administrator side calculation sc=(kc+ rc) mod n, the cryptographic server, the group members, calculated as in example 1 to obtain s1(ii) a And s1And sdAre identical (in the calculation result s in the digital signature cooperative generation scheme using d, c)K of (a)d(1+dA) Corresponding to (k) in the calculation result s of example 11+k2)(d1)-1) I.e. s1Is sdIn the secret share based collaborative generation scheme (inner layer collaborative generation scheme), s is used in the secret share d, c based digital signature collaborative generation scheme1Generation process of (1) and result substitution(s)dThe process and result of (a) results in a digital signature for message M, so that the last party or entity calculates s ═ s ((s)c+s1) R) mod n, then (r, s) is a digital signature for message M.
Examples 6,
This embodiment serves to illustrate the application of the invention in the decryption of SM2 data when d itself is a secret share of a secret associated with a key.
Assume that the user's SM2 decrypts the private keyd BIs decomposed intod B=(dB+dc) mod n, secret shares dcOwned by an entity, dBSharing among the password server, group members in the manner of example 2 (d)BCorresponding to d) of the present invention.
Calculation is required when decrypting data encrypted with the SM2 algorithmd B]C1Then, the password server and the group members calculate Q in the way of the embodiment 21=[d12]C1,QB=[d0](Q1+[d11]C1) (ii) a Having dcThe entity of (2) calculates to obtain Qc=[dc]C1(ii) a Last party or entity calculates QB+QcNamely [ solution ]d B]C1。
Example 7,
This embodiment serves to illustrate the application of the invention in SM9 digital signatures when d itself is a secret share of the secret associated with the key.
Suppose SM9 signs private key dASigning SM9 with private keyd BDecomposition into dA=dB+dCSuppose that the first party has secret share dBThe second party has a secret share dCThen there is the following secret sharing based SM9 digital signature co-generation scheme (d)B、dCRespectively corresponding to d) of the present invention:
precalculate gA=g^b,PA=[b]dAB is [1, n-1 ]]A secret integer selected at random; when required using dAWhen digitally signing a message M, the first party is [1, n-1 ]]Randomly selecting an integer rBCalculating wB=gA^rBThe second party is [1, n-1 ]]Randomly selecting an integer rCCalculating wC=gA^rC(ii) a One of the two parties calculates w ═ wBwC,h=H2(M | | w, n); first party calculates SB=[rB]PA+[-h]dBThe first party calculates SC=[rC]PA+[-h]dC(ii) a One of the two parties calculates S ═ SB+SCThen (h, S) is a digital signature for message M.
Assume secret share dB、dCRespectively, group B, C. Now follows how to collaboratively generate S by implementing the inventionB、SC。
To implement the invention in group B, d is calculatedB1=[(dB0)-1]dBWherein d isB0Is in [1, n-1 ]]An internal randomly selected integer, then dB0dB1=dB. If d is to beB1Is decomposed into dB1=dB11+dB12Wherein d isB11、dB12Is a group G1And assuming that the first party has a secret dB0、dB11The second party having a secret dB12(this is the first party, the second party in the inner layer cooperation calculation, the same applies below), the following is the case for SBThe collaborative generation scheme of (1):
is pre-calculated to have PB=[(dB0)-1]PA,PBNon-secrecy;
when a message M needs to be digitally signed, the first party and the second party are respectively at [1, n-1 ]]Randomly selecting one rB1、rB2Integer, calculating g respectivelyB1=gA^rB1,gB2=gA^rB2(ii) a Calculating w by the first or second partyB=gB1gB2(ii) a Second party calculates SB2=[rB2]PB+[-h]dB12Submitting to the first party; first party calculates SB1=[dB0](SB2+[rB1]PB+[-h]dB11) Wherein H is H ═ H2(M | | w, n) is calculated, wherein w ═ wBwC(wCCalculated from group C in the cooperative calculation process), S at this timeB1For using d in outer layer cooperative computing schemeBCalculating SBCan replace the previous use of secret shares d in the outer layer collaborative computing schemeBCalculated SB。
Similarly, d can be used in group C by implementing the inventionCIs calculated to obtain Sc1Instead of using secret shares d directly in the outer layer co-computation schemeCCalculated SC。
Example 8,
This embodiment serves to illustrate the application of the invention in the decryption of SM9 data when d is a secret share of a secret associated with a key.
Suppose SM9 decrypts the private keyd BTwo groups B and C.
Decrypting SM9 private keysd BIs decomposed intod B=dB+dCD is mixingBRe-decomposed as described in example 3, shared among members of group B, cipher server, and dCRe-decomposed as described in example 3, shared among members of group C, the password server (d)B、dCRespectively, corresponding to d) of the present invention.
Calculation of e (C) is required when data decryption is performed1,d B) Then, the cryptographic server and the members of the group B calculate w as in example 4B=e(C1,dB) The members of the password server and group C are calculated as in example 4To wC=e(C1,dC) If w is equal to wBwCIs e (C)1,d B)。
The secret sharing based cooperative computing approach for cryptographic algorithms of SM2 and SM9 given in the above examples 1-8 is not the only possible cooperative computing approach, but also other possible cooperative computing approaches, and thus the implementation of the present invention given above for cryptographic algorithms of SM2 and SM9 is not the only possible implementation, but also other possible implementations. In addition to the SM2, SM9 cryptographic algorithms, the present invention may be implemented for other public key cryptographic algorithms based on the same or similar principles.
Examples 9,
The foregoing embodiments are all implementations of the method of the present invention in public key cryptographic applications (asymmetric key cryptographic applications), and are seen in implementations of the present invention in symmetric key cryptographic applications.
Let G be the base point of the elliptic curve point group whose order is prime number n (the generator of the elliptic curve point group whose order is prime number n). It is assumed that data is encrypted and decrypted by a symmetric key cryptographic algorithm (either one of them), and the key for encryption and decryption is represented by HASH ([ k ])]Gd) Is generated wherein Gd=[d]G is not secret, and d is a [1, n-1 ]]Secret integer of (k) is a data encryption side in [1, n-1 ]]Internal randomly selected integer, Gk=[k]G is stored with the encrypted data (d is the seed key that generates the symmetric key, which is a secret associated with the key). Now d serves as a group key for decryption of the data. For this purpose, d may be decomposed into d ═ d (d) first0+d1) mod n, where d0、d1Is [0, n-1 ]](or [1, n-1 ]]) Internal integer, d0、d1Is [0, n-1 ]](or [1, n-1 ]]) An internal randomly selected integer, and d1Not equal to 0. If d is to be1Is decomposed into d1=(d11+d12) mod n, where d11、d12Is [0, n-1 ]](or [1, n-1 ]]) An integer of (i) has a value of d0、d11Party of (1) and hold d12The party of (2) can conveniently obtain the symmetric key for data decryption in a collaborative calculation:hold d0、d11One of (1) calculates Q1=[d0+d11]GkHold d12One of (1) calculates Q2=[d12]Gk,Q1+Q2Is [ k ]]Gd. Co-computing to get [ k]GdThen, one of the two parties calculates HASH ([ k ]]Gd) And the data is decrypted by taking the key as a symmetric key.
To use d in a group member, d may be shared by a (2, t) threshold secret sharing, such as Shamir or lagrangian threshold secret sharing1Sharing among the cryptographic server and the group members; when the group member needs to decrypt the data by using the key d (when generating a decrypted symmetric key), the cryptographic server calculates the recovery d for the current member (i.e. the member needing to perform cryptographic operation by using the key d) according to a threshold secret sharing scheme1D of11Cryptographic means of group members, calculated for recovering d according to a threshold secret sharing scheme1D of12(ii) a The program in the computing device of the group member that implements the cooperative computing of cryptographic operations based on secret sharing then uses the computed secret d12The cryptographic server uses secret shares d0And d is calculated11And generating a symmetric key for data decryption based on a secret shared cryptographic operation cooperative computing scheme, thereby completing data decryption.
The computing device running the password collaborative computing program of the group member can be a Personal Computer (PC), a portable computer, a tablet computer, a mobile phone and other mobile terminals; the cryptographic means storing the secret shares of the group members may be software components, or may be a combination of software and hardware components, or may even be pure hardware.
Other specific technical implementations not described are well known to those skilled in the relevant art and will be apparent to those skilled in the relevant art.
Claims (5)
1. A group using method of a common cryptographic algorithm key is characterized in that:
the common cryptographic algorithm is a cryptographic algorithm which is not designed for group members to use keys; the types of the common cryptographic algorithms comprise symmetric key cryptographic algorithms and asymmetric key cryptographic algorithms;
the method involves the use of a key d or a key-dependent secret d of the general cryptographic algorithm, where d is an element of a group; the secret related to the secret key is a secret number which can recover the secret key from the insecure number or can replace the secret key to carry out cryptographic operation;
decomposing the d into secret shares d0、d1Wherein d is1Is an element in an addition group of order prime n;
if d is to be replaced1Decomposition into d1=d11+d12Said common cryptographic algorithm then has a corresponding secret-sharing based cooperative calculation scheme for cryptographic operations using a secret key d or a secret key related to secret d, where d is0、d11For cooperatively computing secret shares of a party, d12A secret share that is another party to the collaborative computation;
the method also involves a password server and a set of group users, wherein the password server holds the secret share d0;
Will d1Sharing between a cryptographic server and group members according to a (2, t) threshold secret sharing scheme, wherein the cryptographic server has one secret share, each group member has one secret share, any two secret shares are capable of recovering d1;
The (2, t) threshold secret share of the cryptographic server is securely maintained by the cryptographic server; (2, t) threshold secret shares for each group member are securely maintained by the group member's cryptographic device; the cryptographic device is a component that stores and uses secret shares for cryptographic operations;
when one member in the group needs to use the secret key d or secret d related to the secret key to carry out the cryptographic operation, the cryptographic server calculates the secret d for recovering the current member according to a threshold secret sharing scheme1Secret share d of11The cryptographic devices of the group members calculate the value for recovering d according to a threshold secret sharing scheme1Secret share d of12Then groupCryptographic co-computation program usage in computing devices of group members12The cryptographic server uses secret shares d0、d11And adopting a cooperative computing scheme of secret sharing-based cryptographic operation to obtain a result of the cryptographic operation by using the d through cooperative computing.
2. The group use method of a general cryptographic algorithm key as claimed in claim 1, wherein:
and the password server discharges the cooperative calculation of the password operation with the revoked group members through the stored group member revocation information.
3. The group use method of a general cryptographic algorithm key as claimed in claim 1, wherein:
if the key d or the secret d associated with the key is used for digital signature and the signer needs to be identified, the identification information of the group member performing the digital signature is signed as a part of the data to be signed.
4. The group use method of a general cryptographic algorithm key as claimed in claim 1, wherein:
if d is a secret share of a key or key-related secret and d together with other secret shares for this key or this key-related secret, for the ordinary cryptographic algorithm, there is a cooperative calculation scheme based on a secret-shared cryptographic operation, the cooperative calculation scheme based on d and a cryptographic operation for this key or this other secret share of the key-related secret is referred to as an outer cooperative calculation scheme;
if the secret share d is further decomposed into secret shares d in the manner described above0、d11、d12The outer layer collaborative computation scheme has a corresponding or equivalent secret share d-based for cryptographic operations using secret shares d0、d11、d12In which one party has a secret share d0、d11The other having secret shares d12Then, thenIn the outer layer cooperative computing scheme, the group using method of the common cryptographic algorithm key is also applicable to cryptographic operation using secret share d; the corresponding secret-based shares d0、d11、d12The cooperative computing scheme refers to a secret share d-based design designed for cryptographic operation by using the secret share d in the outer-layer cryptographic cooperative computing scheme0、d11、d12The collaborative computing scheme of (1); the equivalent secret-based shares d0、d11、d12The cooperative computing scheme refers to a secret share d-based computing result which can replace the result of the cryptographic operation using the secret share d in the outer-layer cryptographic cooperative computing scheme0、d11、d12The collaborative computing scheme of (1).
5. A group use system of a general cryptographic algorithm key based on the group use method of a general cryptographic algorithm key according to any one of claims 1 to 4, characterized in that:
the system comprises a password server for implementing the cooperative computing of the password operation, a password device of a group member, a computing device of the group member and a client program for implementing the cooperative computing of the password operation in the computing device of the group member; when the group member needs to use a secret key d or secret d related to the secret key to carry out the cryptographic operation, the system carries out the cryptographic operation according to the group using method of the common cryptographic algorithm secret key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110906854.6A CN113708925B (en) | 2021-08-09 | 2021-08-09 | Group using method and system for common cryptographic algorithm key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110906854.6A CN113708925B (en) | 2021-08-09 | 2021-08-09 | Group using method and system for common cryptographic algorithm key |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113708925A true CN113708925A (en) | 2021-11-26 |
CN113708925B CN113708925B (en) | 2023-12-12 |
Family
ID=78652090
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110906854.6A Active CN113708925B (en) | 2021-08-09 | 2021-08-09 | Group using method and system for common cryptographic algorithm key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113708925B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20060033424A (en) * | 2004-10-15 | 2006-04-19 | 학교법인 성균관대학 | Method generating session key for group communication in mobile environment |
CN103609059A (en) * | 2010-09-20 | 2014-02-26 | 安全第一公司 | Systems and methods for secure data sharing |
CN104717232A (en) * | 2015-04-09 | 2015-06-17 | 武汉理工大学 | Cryptosystem facing to group |
CN106357401A (en) * | 2016-11-11 | 2017-01-25 | 武汉理工大学 | Private key storage method and private key use method |
CN111918285A (en) * | 2020-06-17 | 2020-11-10 | 南京如般量子科技有限公司 | Anti-quantum computing group communication method and system based on ID cryptography |
-
2021
- 2021-08-09 CN CN202110906854.6A patent/CN113708925B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20060033424A (en) * | 2004-10-15 | 2006-04-19 | 학교법인 성균관대학 | Method generating session key for group communication in mobile environment |
CN103609059A (en) * | 2010-09-20 | 2014-02-26 | 安全第一公司 | Systems and methods for secure data sharing |
CN104717232A (en) * | 2015-04-09 | 2015-06-17 | 武汉理工大学 | Cryptosystem facing to group |
CN106357401A (en) * | 2016-11-11 | 2017-01-25 | 武汉理工大学 | Private key storage method and private key use method |
CN111918285A (en) * | 2020-06-17 | 2020-11-10 | 南京如般量子科技有限公司 | Anti-quantum computing group communication method and system based on ID cryptography |
Non-Patent Citations (1)
Title |
---|
闫鸿滨: "基于环Z_n上的圆锥曲线的多秘密共享方案", 计算机仿真, vol. 31, no. 5, pages 171 - 174 * |
Also Published As
Publication number | Publication date |
---|---|
CN113708925B (en) | 2023-12-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108173639B (en) | Two-party cooperative signature method based on SM9 signature algorithm | |
CN107707358B (en) | EC-KCDSA digital signature generation method and system | |
Kumar et al. | Secure storage and access of data in cloud computing | |
US7634085B1 (en) | Identity-based-encryption system with partial attribute matching | |
US8429408B2 (en) | Masking the output of random number generators in key generation protocols | |
CN107733648B (en) | Identity-based RSA digital signature generation method and system | |
US7397917B2 (en) | Method and apparatus for generating a cryptographic key | |
CN108111540B (en) | Hierarchical access control system and method supporting data sharing in cloud storage | |
US8589679B2 (en) | Identifier-based signcryption with two trusted authorities | |
CN110545279A (en) | block chain transaction method, device and system with privacy and supervision functions | |
US20040123098A1 (en) | Method and apparatus for use in relation to verifying an association between two parties | |
CN107872322A (en) | Digital signature collaboration generation method and system based on homomorphic cryptography | |
CN107086912B (en) | Ciphertext conversion method, decryption method and system in heterogeneous storage system | |
Yao et al. | A novel revocable and identity-based conditional proxy re-encryption scheme with ciphertext evolution for secure cloud data sharing | |
CN111355582A (en) | Two-party combined signature and decryption method and system based on SM2 algorithm | |
JP2024506026A (en) | Threshold key exchange | |
CN110784300B (en) | Secret key synthesis method based on multiplication homomorphic encryption | |
CN110166235B (en) | SM9 digital signature collaborative generation method and system for enhancing security | |
US20050220300A1 (en) | Public key cryptographic methods and systems | |
CN114095161A (en) | Identity base pierceable encryption method supporting equality test | |
CN114095171A (en) | Identity-based wearable proxy re-encryption method | |
US20050135610A1 (en) | Identifier-based signcryption | |
CN110798313B (en) | Secret dynamic sharing-based collaborative generation method and system for number containing secret | |
CN116318696B (en) | Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties | |
CA2742530C (en) | Masking the output of random number generators in key generation protocols |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |