CN113708925B - Group using method and system for common cryptographic algorithm key - Google Patents

Group using method and system for common cryptographic algorithm key Download PDF

Info

Publication number
CN113708925B
CN113708925B CN202110906854.6A CN202110906854A CN113708925B CN 113708925 B CN113708925 B CN 113708925B CN 202110906854 A CN202110906854 A CN 202110906854A CN 113708925 B CN113708925 B CN 113708925B
Authority
CN
China
Prior art keywords
secret
cryptographic
group
key
share
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110906854.6A
Other languages
Chinese (zh)
Other versions
CN113708925A (en
Inventor
龙毅宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University of Technology WUT
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN202110906854.6A priority Critical patent/CN113708925B/en
Publication of CN113708925A publication Critical patent/CN113708925A/en
Application granted granted Critical
Publication of CN113708925B publication Critical patent/CN113708925B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Group of common cryptographic algorithm keysThe group using method comprises the following steps: decomposing the common cryptographic algorithm key d into d 0 、d 1, and d 1 is a group mesogen with the order of prime number n; if d1 is further decomposed into d1=d11+d12, then there is a corresponding collaborative computing scheme based on secret sharing using the cryptographic operation of d, where one party has d0 and d11, and the other party has d12; sharing d1 secretly between the password server and group members according to the (2, t) threshold; when a member of the group uses the key d for password operations, the password server calculates d11 for recovering d1 based on threshold secret sharing among the members. The password device of the group members calculates d12 for recovering d1 based on threshold secret sharing. Then, the password collaborative calculation program of the group members uses d12, and the password server uses d0 and d11 and using a secret sharing based collaborative computing scheme for cryptographic operations, the results of cryptographic operations using key d are calculated.

Description

Group using method and system for common cryptographic algorithm key
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a group using method and system of a common cryptographic algorithm key.
Background
Group-oriented cryptography enables members of a group to perform cryptographic operations on the group's behalf using keys, such as digital signatures (group signatures), data decryption (group encryption), while providing some anonymity. Group-oriented ciphers include threshold ciphers that use the same key for multiple group members and non-threshold ciphers (e.g., group signatures) that use different keys for one group member. For group-oriented cryptography using (different) keys for individual group members, it is currently common to design new cryptographic algorithms, which bring about a series of problems: for example, there is a need to develop cryptographic components or cryptographic devices that support new cryptographic algorithms; the new cryptographic algorithm has an interoperation problem with the existing cryptographic algorithm; replacing an existing password can present various problems, such as additional expense, modification of the deployed system, and, for example, the newly designed password algorithm may not be acceptable to the user due to the doubt about the security of the newly designed password algorithm; the use of cryptographic algorithms typically requires corresponding national authorities approval, whereas newly designed cryptographic algorithms are difficult to obtain prior to extensive evaluation, acceptance. Currently, various non-group-oriented cryptographic algorithms have been widely used and approved by national authorities, and in practical applications, there is a need for such a common, non-group-oriented cryptographic algorithm to be used by a single group member to perform cryptographic operations on a group representative using a key, but the existing scheme cannot well meet such a need.
Disclosure of Invention
The invention aims to provide a corresponding solution to the problem of the existing group-oriented password in practical application so as to meet the requirement of performing password operation on a group user by using a secret key in the password application adopting a common password algorithm.
For the purpose of the present invention, the solution proposed by the present invention includes a group usage method and system of a common cryptographic algorithm key, and a specific description is given below.
The group using method of the common cryptographic algorithm key is specifically as follows.
The common cryptographic algorithm is a cryptographic algorithm not designed for group members to use keys (i.e., is a non-group-oriented cryptographic algorithm); types of common cryptographic algorithms include symmetric key cryptographic algorithms and asymmetric key cryptographic algorithms (e.g., common ECC algorithms such as SM2, identification cryptographic algorithms such as SM9, etc.);
the method involves the use of a key d or key-dependent secret d of the generic cryptographic algorithm, where d is a member of a group (note: d is typically a non-zero or non-unity member of a group); the secret related to the secret key is secret data (data) capable of recovering the secret key from the non-secret data (data) or performing cryptographic operation instead of the secret key;
decomposing said d into secret shares d 0 、d 1 Wherein d is 1 For elements in a group of order prime n (e.g. decomposing d into d=d 0 d 1 Or d=d 1 d 0 Or d=d 0 +d 1 Where d, d 0 、d 1 The groups can be various groups, such as integer groups, elliptic curve point groups, d 0 、d 1 Not necessarily belonging to the same group, where "+" is the addition of a group element);
if d is again 1 Decomposition into d 1 =d 11 +d 12 The normal cryptographic algorithm is then for using the key d or a key-dependent secretd has a corresponding secret sharing based collaborative computing scheme, where d 0 、d 11 For the secret share of the party to be co-calculated, d 12 For the secret share of the other party of the cooperative calculation (in this case, d=d 0 (d 11 +d 12 ) Or d= (d 11 +d 12 )d 0 Or d=d 0 +d 11 +d 12 );
The method further relates to a cryptographic server and a group of group users, wherein the cryptographic server holds the secret share d 0
Will d 1 Sharing between a cryptographic server and group members in a (2, t) threshold secret sharing scheme (e.g., shamir threshold secret sharing or lagrangian threshold secret sharing, or other threshold secret sharing scheme), wherein the cryptographic server has one secret share, each group member has one secret share, and any two secret shares can recover d 1
The (2, t) threshold secret share of the password server is safely saved by the password server; the (2, t) threshold secret shares of each group member are securely maintained by the group member's cryptographic device; the cryptographic means is a component (software component or a combination of software and hardware) that stores and uses secret shares (and other keys) for cryptographic operations;
when one member of the group needs to use the secret key d or the secret related to the secret key d for cryptographic operation, the cryptographic server calculates the secret sharing scheme for recovering d according to the threshold for the current member (i.e. the member needing to use the secret key d for cryptographic operation) 1 Is a secret share d of (2) 11 Cryptographic devices of group members compute a threshold secret sharing scheme for recovering d 1 Is a secret share d of (2) 12 (d is present at this time) 1 =d 11 +d 12 ) Then the cryptographic co-computation program in the computing device of the group member uses d 12 The cryptographic server uses the secret share d 0 、d 11 And adopting a cooperative computing scheme of the secret sharing-based password operation, and obtaining a result of the password operation by cooperative computing.
For the above-mentioned group usage method of the common cryptographic algorithm key, the cryptographic server discharges the collaborative calculation of the cryptographic operation with the revoked group member through the stored group member revocation information (for example, for Shamir and lagrangian threshold secret sharing schemes, the integer corresponding to the secret share of the revoked group member is used as the identification information for identifying the revoked group member).
For the above-mentioned group usage method of the general cryptographic algorithm key, if the key d or the secret d related to the key is used for digital signature and a signer needs to be identified, then (the signing party, the cryptographic cooperation calculation program in the cryptographic server or the computing device of the group member and the cryptographic device of the group member) the identification information of the group member performing digital signature (for example, for Shamir and lagrangian threshold secret sharing schemes, the integer corresponding to the secret share) is signed as a part of the data to be signed.
For the above-described group usage method of a common cryptographic algorithm key, if d is a key or a secret share of a key-related secret (i.e. d is itself a secret share), and d together with other secret shares of this key-related secret, there is a cooperative computing scheme of cryptographic operations based on secret sharing for the common cryptographic algorithm, then the cooperative computing scheme of cryptographic operations based on d and other secret shares of this key-related secret is referred to as an outer cooperative computing scheme (of cryptographic operations);
if the secret fraction d is further divided into secret fractions d in the manner described above 0 、d 11 、d 12 The outer cooperative computing scheme has a corresponding or equivalent secret share d based on a cryptographic operation using the secret share d 0 、d 11 、d 12 Is referred to as an inner layer cooperative computing scheme), one of which has a secret share d 0 、d 11 The other party has a secret share d 12 Then in the outer layer collaborative computing scheme the group usage method of the generic cryptographic algorithm key is used to apply equally for cryptographic operations using the secret share d (i.e. employingThe group using method of the common cryptographic algorithm key can be used for carrying out cryptographic operation aiming at using the secret share d in the outer cooperative computing scheme, and the result obtained by adopting the group using method of the common cryptographic algorithm key for d can replace the result obtained by directly using the secret share d in the outer cooperative computing scheme for carrying out cryptographic operation); the corresponding secret-based share d 0 、d 11 、d 12 Refers to a secret share d based on which cryptographic operations are designed for using secret share d in an outer layer cryptographic co-computation scheme 0 、d 11 、d 12 Is a collaborative computing scheme of (1); the equivalent secret share d 0 、d 11 、d 12 Refers to a secret share d based on which the result of the computation can replace the result of the cryptographic operation using the secret share d (and ensure that the final result of the cryptographic operation is correct) in the outer-layer cryptographic co-computation scheme 0 、d 11 、d 12 Is provided.
(ideally, the calculation result of the cryptographic operation performed by the party holding the secret share d in the outer layer collaborative calculation scheme using the secret share d does not depend on the cryptographic operation performed by the other party using other secret shares for the key or the secret related to the key, or on the calculation result of the cryptographic operation performed by the other party using other secret shares for the key or the secret related to the key, but does not depend on the cryptographic operation performed by the other party using other secret shares for the key or the secret related to the key, but this is not essential)
The group using system of the common cryptographic algorithm key based on the group using method of the common cryptographic algorithm key described above, the system includes a cryptographic server implementing cryptographic operation cooperative computation, a cryptographic device of a group member, a computing device of a group member, and a client program implementing cryptographic operation cooperative computation in the computing device of a group member; when a group member needs to use a secret d or secret d related to the secret d to carry out the cryptographic operation, the system carries out the cryptographic operation according to the group using method of the common cryptographic algorithm secret.
Based on the technical scheme of the invention, on the basis of the existing common cryptographic algorithm, such as SM2 elliptic curve cryptographic algorithm, SM9 identification cryptographic algorithm and even symmetric key cryptographic algorithm, the group use of the key can be realized without introducing a new cryptographic algorithm, so that various problems caused by introducing the new algorithm are effectively avoided.
Drawings
Fig. 1: the structure of the invention is schematically shown
Detailed Description
The following is a further description of embodiments of the invention, in conjunction with examples. The following examples are merely illustrative of several possible embodiments of the invention, and are not intended to be limiting of the invention.
Example 1,
This example is intended to illustrate the application of the invention in SM2 digital signatures. SM2 is an elliptic curve public key cryptographic algorithm issued by the national cryptographic administration (see the specification of SM2 elliptic curve public key cryptographic algorithm, national cryptographic administration, month 12 of 2010), based on which digital signature, data encryption and key exchange can be achieved.
Let G be the base point in the SM2 elliptic curve point group and the order of G be the prime number n. SM2 private key d A An SM2 digital signature collaborative generation scheme based on secret sharing is designed as follows.
With private key d A The relevant secret is d= (1+d) A ) -1 . Taking d 0 =((d 1 ) -1 d) mod n, where d 1 Is in [1, n-1 ]]An inner randomly selected integer, then (d 0 d 1 ) mod n=d. Where mod n is a modulo-n operator (symbol mod n is used in the SM2 specification), a -1 Such as (d) 1 ) -1 、(1+d A ) -1 Representing the modular n-multiplication inverse, i.e. (a) -1 a) mod n=1, unless otherwise specified, a -1 All representing the modulo n multiplication inverse). If d 1 Re-decomposed into d 1 =(d 11 +d 12 ) mod n, where d 11 、d 12 Is [0, n-1 ]](or [1, n-1)]) An integer within, and d 11 、d 12 One of them is in [0, n-1 ]](or [1, n-1)]) An inner randomly selected integer and assuming that the first party has a secret share d 0 、d 11 The second party has a secret share d 12 There is an SM2 digital signature collaborative generation scheme based on secret sharing as follows:
pre-calculating G d =[(d 1 ) -1 ]G, wherein []Representing a number multiplication or multiple point addition operation. When d is needed to be used A When a message M is digitally signed, the first party and the second party are respectively in [1, n-1 ]]Internally randomly selecting a k 1 、k 2 Integers, respectively calculate Q 1 =[k 1 ]G d ,Q 2 =[k 2 ]G d The method comprises the steps of carrying out a first treatment on the surface of the First or second party calculates q=q 1 +Q 2 Take (x) 1 ,y 1 )=Q,r=(e+x 1 ) mod n, where e is the message hash value calculated from the data of message M, etc. (hash value, see SM2 specification); second party calculates s 2 =(k 2 +rd 12 ) mod n, submitted to the first party; the first party calculates s 1 =(d 0 (s 2 +k 1 +rd 11 ))mod n,s=(s 1 -r) mod n (r, s) is a digital signature for the message M or the like.
For use d in group members A Digitally signing the message may share d with a (2, t) threshold secret, such as Shamir or lagrangian threshold secret 1 Sharing among the password server and group members; when the group member needs to use d A When digitally signing a message, the cryptographic server is directed to the current member (i.e., d needs to be used A A member of the related secret d digitally signed), calculated for recovering d according to a threshold secret sharing scheme 1 D of (2) 11 Cryptographic means for group members, calculated for recovery d by threshold secret sharing scheme 1 D of (2) 12 The method comprises the steps of carrying out a first treatment on the surface of the A program in a computing device of a group member that implements secret sharing based co-generation of SM2 digital signatures then uses the calculated secret share d 12 The cryptographic server uses the secret share d 0 And the calculatedSecret share d 11 The secret sharing-based SM2 digital signature collaborative generation scheme is adopted to finish the use of d, namely the private key d A Digital signature of a message.
EXAMPLE 2,
This embodiment is used to illustrate the application of the present invention in SM2 data decryption.
Key to SM2 data decryption is the use of user private key d B Calculate [ d ] B ]C 1 Wherein C 1 =[k]G, k is the encryption party in [1, n-1 ] when data encryption]An inner randomly selected integer (d B Corresponding to d) of the present invention. Taking d 0 =((d 1 ) -1 d B ) mod n, where d 1 Is in [1, n-1 ]]An inner randomly selected integer, then (d 0 d 1 )mod n=d B . If d 1 Re-decomposed into d 1 =(d 11 +d 12 ) mod n, where d 11 、d 12 Is [0, n-1 ]](or [1, n-1)]) An integer within, and d 11 、d 12 One of them is at [0, n-1 ]](or [1, n-1)]) An inner randomly selected integer and assuming that the first party has a secret share d 0 、d 11 The second party has a secret share d 12 There is a secret sharing based SM2 data decryption co-computation scheme as follows:
when the calculation d is needed to decrypt the data B ]C 1 When the second party calculates Q 2 =[d 12 ]C 1 Submitting to the first party; the first party calculates q= [ d ] 0 ](Q 2 +[d 11 ]C 1 ) Q is [ d ] B ]C 1 . Then, based on the calculation [ d ] B ]C 1 The data decryption can be completed.
For use d in group members B Decrypting the data may be performed with a (2, t) threshold secret share, such as Shamir or lagrangian threshold secret share, d 1 Sharing among the password server and group members; when the coarse member of the group needs to use d B When decrypting data, the cryptographic server is directed to the current member (i.e., d needs to be used B Members performing data decryption) for recovering d according to a threshold secret sharing scheme 1 D of (2) 11 Cryptographic means for group members, calculated for recovery d by threshold secret sharing scheme 1 D of (2) 12 The method comprises the steps of carrying out a first treatment on the surface of the Then a program in the computing device of the group member that implements the secret sharing based SM2 data decryption collaborative calculation uses the calculated secret share d 12 The cryptographic server uses the secret share d 0 The calculated secret fraction d 11 Using d is completed by adopting the SM2 data decryption collaborative computing scheme based on secret sharing B Decryption of the data.
EXAMPLE 3,
This example is intended to illustrate the application of the invention in SM9 digital signatures. SM9 is a double-linear mapping (pairing operation) based identification cryptographic algorithm issued by the national cryptographic administration (see GM/T0044.2-2016 (SM 9 identification cryptographic algorithm, published in the year 2016 and 3), which is now a national standard), and provides cryptographic functions such as digital signature, data encryption, key encapsulation, key exchange and the like.
Let SM9 bilinear mapping (pairing operation) be: e: g 1 ×G 2 →G T In which G is 1 、G 2 Is an addition cyclic group, G T Is a multiplication loop group G 1 、G 2 、G T Is a prime number n (note: in the SM9 specification, G 1 、G 2 、G T In order of (2) is uppercase letter N, and lowercase N is used in the present application). P (P) 1 Is G 1 The generator, P 2 Is G 2 Is included in the generation element.
Let SM9 signature private key be d A An SM2 digital signature collaborative generation scheme (d) based on secret sharing is designed as follows A Corresponding to d) of the present invention.
Calculate d 0 =[(d 1 ) -1 ]d A Wherein d is 1 Is in the range of [1, n-1 ]]An inner randomly selected integer, d 1 d 0 =d A . If d 1 Re-decomposed into d 1 =(d 11 +d 12 ) mod n, where d 11 、d 12 Is [0, n-1 ]](or [1, n-1)]) An integer within, and d 11 、d 12 One of them is in [0, n-1 ]](or [1, n-1)]) An inner randomly selected integer, and assuming that the first party has a secret d 0 、d 11 The second party has a secret d 12 There is an SM9 digital signature collaborative generation scheme based on secret sharing as follows:
pre-calculating g d =g^(d 1 ) -1 Wherein g=e (P 1 ,P pub-s ),P pub-s K is the master public key for digital signatures s For a master private key or master key (P pub-s =[k s ]P 2 ) The ≡represents a exponentiation (exponentiation of the preceding element);
when a message M needs to be digitally signed, the first party and the second party are respectively in [1, n-1 ]]Randomly select one r 1 、r 2 Integers, respectively calculate g 1 =g d ^r 1 ,g 2 =g d ^r 2 The method comprises the steps of carrying out a first treatment on the surface of the The first or second party calculates w=g 1 g 2 Calculate h=h 2 (M||w, n), wherein H 2 For the hash function specified in SM9, m||w represents the combination of strings of M and w, and n is G 1 、G 2 、G T (see SM9 specification); second party calculates s 2 =(r 2 -hd 12 ) mod n, submitted to the first party; the first party calculates s= [ S ] 2 +r 1 -hd 11 ]d 0 Then (h, S) is a digital signature for message M or the like.
For use d in group members A Digitally signing the message may share d with a (2, t) threshold secret, such as Shamir or lagrangian threshold secret 1 Sharing among the password server and group members; when the coarse member of the group needs to use d A When digitally signing a message, the cryptographic server is directed to the current member (i.e., d needs to be used A A member of the related secret d digitally signed), calculated for recovering d according to a threshold secret sharing scheme 1 D of (2) 11 Cryptographic means for group members, calculated for recovery d by threshold secret sharing scheme 1 D of (2) 12 The method comprises the steps of carrying out a first treatment on the surface of the Implementing secret sharing based SM9 numbers in group member's computing devicesThe signature co-generation program uses the calculated secret d 12 The cryptographic server uses the secret share d 0 Calculated d 11 The SM9 digital signature collaborative generation scheme based on secret sharing is adopted to finish the use d A Digital signature of a message.
EXAMPLE 4,
This embodiment is used to illustrate the application of the present invention in SM9 data decryption.
Key to SM9 data decryption is the use of user SM9 private key d B Calculate e (C) 1 ,d B ) Wherein C 1 =[r]Q B R is the value of [1, n-1 ] when data is encrypted]An inner randomly selected integer (d B Corresponding to d) of the invention, Q B =[H 1 (ID B ||hid,N)]P 1 +P pub-e Wherein P is pub-e =[k e ]P 1 Is the primary public key, k, for encryption e Is directed to an encrypted master key or master private key.
Will private key d B Decomposition into d B =d 0 +d 1 Wherein d is 0 、d 1 Is group G 1 Is not discussed here. If d 1 Re-decomposition into d 1 =d 11 +d 12 Wherein d is 11 、d 12 Is group G 1 Is easy to divide and is not discussed here) and assumes that the first party has a secret d 0 、d 11 The second party has a secret d 12 There is a secret sharing based SM2 data decryption co-computation scheme as follows:
when e (C) 1 ,d B ) When the first party calculates w 1 =e(C 1 ,d 0 +d 12 ) The second party calculates w 2 =e(C 1 ,d 12 ) The method comprises the steps of carrying out a first treatment on the surface of the First or second party calculates w=w 1 w 2 W is e (C) 1 ,d B ). Then, based on the calculation, e (C 1 ,d B ) The data decryption can be completed.
For use d in group members B Decrypting the data may be secret in terms of (2, t) thresholdSharing, e.g. Shamir or lagrangian threshold secret sharing, d 1 Shared among the cryptographic servers and group members (how Shamir or lagrangian threshold secret sharing is implemented in elliptic curve point groups of order prime n is not discussed here); when the coarse member of the group needs to use d B When decrypting data, the cryptographic server is directed to the current member (i.e., d needs to be used B Members performing data decryption) for recovering d according to a threshold secret sharing scheme 1 D of (2) 11 Cryptographic means for group members, calculated for recovery d by threshold secret sharing scheme 1 D of (2) 12 The method comprises the steps of carrying out a first treatment on the surface of the Then the program in the computing device of the group member that implements the secret sharing based SM9 data decryption collaborative calculation uses the calculated secret d 12 The cryptographic server uses the secret share d 0 Calculated d 11 Using d is completed by adopting the SM9 data decryption collaborative computing scheme based on secret sharing B Decryption of the data.
EXAMPLE 5,
This embodiment is used to illustrate the application of the invention in SM2 digital signatures when d is itself a secret share of a secret related to a key.
Let d A Is SM2 signature private key, (d+c) mod n= (1+d) A ) -1 D, c is the private key d A Related secret (1+d) A ) -1 Is used for the secret share of (a). Assuming that d is owned by the first party and c is owned by the second party, there is a digital signature collaborative generation scheme based on secret sharing as follows:
pre-calculating G b =[1+d A ]G, G; when the private key d is required to be used A When digitally signing message M, the first party is in [1, n-1 ]]Internally randomly selecting an integer k d Calculate Q d =[k d ]G b The second party is [1, n-1 ]]Internally randomly selecting an integer k c Calculate Q c =[k c ]G b The method comprises the steps of carrying out a first treatment on the surface of the One of the two parties calculates q=q c +Q d ,r=(e+x 1 ) mod n; the first party calculates s d =(k d +rd) mod n, the second party calculates s c =(k c +rc) mod n; last twoOne of the parties calculates s= ((s) d +s c ) R) mod n, (r, s) is a digital signature for the message M.
Implementing the invention for secret share d, d is re-decomposed as described in example 1 (i.e. d 0 =((d 1 ) -1 d)mod n,(d 1 d 0 ) mod n=d), d 1 Shared among the cryptographic servers, group members, and c is owned by a single entity, such as an administrator.
When a message M needs to be digitally signed, the administrator (administrator and cryptographic device, computing device and associated collaborative computing program used) is set to [1, n-1]Internally randomly selecting an integer k c Calculate Q c =[k c ]G b The method comprises the steps of carrying out a first treatment on the surface of the The password server and group members calculate Q as in example 1 1 、Q 2 Calculate Q d =Q 1 +Q 2 The method comprises the steps of carrying out a first treatment on the surface of the Some party or entity possessing c, d calculates q=q c +Q d ,r=(e+x 1 ) mod n; administrator side calculates s c =(k c +rc) mod n, the cryptographic server, group members calculate s as in example 1 1 The method comprises the steps of carrying out a first treatment on the surface of the And s is 1 And s d Is equivalent (k in the calculation result s in the digital signature collaborative generation scheme using d, c d (1+d A ) Corresponding to (k) in the calculation result s of example 1 1 +k 2 )(d 1 ) -1 ) I.e. s 1 Is s d Is based on secret sharing (inner layer collaborative generation scheme), s is used in the digital signature collaborative generation scheme based on secret shares d, c 1 Is substituted for s by the generation process and result of (a) d The result of the generation of (a) is a digital signature for the message M, so that the last party or entity calculates s= ((s) c +s 1 ) R) mod n, (r, s) is a digital signature for the message M.
EXAMPLE 6,
This embodiment is used to illustrate the application of the invention in SM2 data decryption when d is itself a secret share of a key-dependent secret.
Assume that the user's SM2 decryption private keyd B Is decomposed intod B =(d B +d c ) mod n, secret share d c Owned by one entity, d B Sharing (d) among cryptographic servers, group members, in the manner of example 2 B Corresponding to d) of the present invention.
Calculation is required when decrypting data encrypted with SM2 algorithmd B ]C 1 When the password server and group members calculate Q as in example 2 1 =[d 12 ]C 1 ,Q B =[d 0 ](Q 1 +[d 11 ]C 1 ) The method comprises the steps of carrying out a first treatment on the surface of the Possess d c Is calculated by the entity of (1) to obtain Q c =[d c ]C 1 The method comprises the steps of carrying out a first treatment on the surface of the Last party or entity calculates Q B +Q c Namely is [d B ]C 1
EXAMPLE 7,
This embodiment is used to illustrate the application of the invention in SM9 digital signatures when d is itself a secret share of a secret related to a key.
Assume that SM9 signature private key d is provided A Signature of SM9 private keyd B Decomposition into d A =d B +d C Suppose that a first party owns a secret share d B The second party has a secret share d C There is an SM9 digital signature collaborative generation scheme (d) based on secret sharing as follows B 、d C Respectively correspond to d) of the present invention:
pre-calculating g A =g^b,P A =[b]d A B is [1, n-1 ]]A secret integer randomly selected in the inner part; when d is needed to be used A When digitally signing a message M, the first party is in [1, n-1 ]]Randomly selecting an integer r B Calculate w B =g A ^r B The second party is [1, n-1 ]]Randomly selecting an integer r C Calculate w C =g A ^r C The method comprises the steps of carrying out a first treatment on the surface of the One of the two parties calculates w=w B w C ,h=H 2 (m||w, n); the first party calculates S B =[r B ]P A +[-h]d B The first party calculates S C =[r C ]P A +[-h]d C The method comprises the steps of carrying out a first treatment on the surface of the One of the two sidesSquare calculation s=s B +S C Then (h, S) is a digital signature for message M.
Let it be assumed that the secret share d B 、d C All of the groups B, C, respectively. How the S is cooperatively generated by implementing the present invention is as follows B 、S C
To implement the present invention in group B, calculate d B1 =[(d B0 ) -1 ]d B Wherein d is B0 Is in the range of [1, n-1 ]]An inner randomly selected integer, d B0 d B1 =d B . If d B1 Re-decomposed into d B1 =d B11 +d B12 Wherein d is B11 、d B12 Is group G 1 And assuming that the first party has a secret d B0 、d B11 The second party has a secret d B12 (this is the first and second parties in the inner layer collaborative calculation, the same applies hereinafter), then there are the following for S B Is a collaborative generation scheme of:
pre-calculating P B =[(d B0 ) -1 ]P A ,P B Non-security;
when a message M needs to be digitally signed, the first party and the second party are respectively in [1, n-1 ]]Randomly select one r B1 、r B2 Integers, respectively calculate g B1 =g A ^r B1 ,g B2 =g A ^r B2 The method comprises the steps of carrying out a first treatment on the surface of the The first or second party calculates w B =g B1 g B2 The method comprises the steps of carrying out a first treatment on the surface of the Second side calculates S B2 =[r B2 ]P B +[-h]d B12 Submitting to the first party; the first party calculates S B1 =[d B0 ](S B2 +[r B1 ]P B +[-h]d B11 ) Wherein H is defined by h=h 2 (m||w, n), where w=w B w C (w C Calculated from group C in the collaborative calculation), then S at that time B1 To use d in an outer layer collaborative computing scheme B Calculation S B Can be used instead of using the secret share d in the outer layer collaborative computing scheme B Calculated S B
Similarly, d can be used in group C by implementing the present invention C Calculating to obtain S c1 Instead of directly using the secret share d in the outer layer collaborative computing scheme C Calculated S C
EXAMPLE 8,
This embodiment is used to illustrate the application of the invention in SM9 data decryption when d is the secret share of the key-dependent secret.
Assume that SM9 decryption private key is providedd B Two groups B and C.
Decrypting SM9 to private keyd B Is decomposed intod B =d B +d C Will d B Re-splitting in the manner described in example 3, sharing among the cryptographic servers, members of group B, and d C Re-split in the manner described in example 3, shared among the cryptographic servers, members of group C (d B 、d C Respectively, corresponding to d) of the present invention.
When data decryption is performed, e (C 1 ,d B ) When the password server and the members of group B calculate w as in example 4 B =e(C 1 ,d B ) The cryptographic server and members of group C calculate w as in example 4 C =e(C 1 ,d C ) W=w B w C For e (C) 1 ,d B )。
The secret-sharing-based cryptographic operation co-computation schemes for the SM2, SM9 cryptographic algorithms presented in examples 1-8 above are not the only possible co-computation schemes, as are other possible co-computation schemes, and thus the embodiments of the invention presented above for the SM2, SM9 cryptographic algorithms are not the only possible embodiments, as are other possible embodiments. In addition to the SM2, SM9 cryptographic algorithms, the invention may be implemented on the same or similar principles for other public key cryptographic algorithms.
EXAMPLE 9,
The previous embodiments are all embodiments of the method of the present invention implemented in a public key cryptographic application (asymmetric key cryptographic application), as seen in the implementation of the present invention in a symmetric key cryptographic application.
Let G be the base point of the elliptic curve point group of order prime number n (the generator of the elliptic curve point group of order prime number n). It is assumed that data is encrypted and decrypted by a symmetric key cryptographic algorithm (either) and the key for encryption and decryption is composed of HASH ([ k)]G d ) Generation of G in d =[d]G is not secure, and d is a [1, n-1 ]]Secret integer in, k is the encryption party of data in [1, n-1 ]]An inner randomly selected integer, G k =[k]G is deposited with the encrypted data (d is the seed key that generates the symmetric key, which is the secret associated with the key). Now d is used as a group key for decryption of data. In this regard, d may be first decomposed into d= (d) 0 +d 1 ) mod n, where d 0 、d 1 Is [0, n-1 ]](or [1, n-1)]) Integers in d 0 、d 1 One of them is [0, n-1 ]](or [1, n-1)]) An inner randomly selected integer, and d 1 Not equal to 0. If d 1 Re-decomposition into d 1 =(d 11 +d 12 ) mod n, where d 11 、d 12 Is [0, n-1 ]](or [1, n-1)]) An integer in the inner part holds d 0 、d 11 D is held by one party of (2) 12 Can conveniently co-calculate a symmetric key for data decryption: hold d 0 、d 11 Calculates Q by one party 1 =[d 0 +d 11 ]G k Hold d 12 Calculates Q by one party 2 =[d 12 ]G k ,Q 1 +Q 2 Namely [ k ]]G d . Collaborative calculation to get [ k ]]G d Then, one party calculates HASH ([ k)]G d ) The data is decrypted using this as a symmetric key.
For use of d in group members, d may be shared with a (2, t) threshold secret, such as Shamir or lagrangian threshold secret 1 Sharing among the password server and group members; when a coarse member of the group needs to decrypt the data using d (when generating a decrypted symmetric key), the cryptographic server calculates a key for recovering d according to a threshold secret sharing scheme for the current member (i.e. the member needing to use the key d for cryptographic operation) 1 D of (2) 11 Cryptographic means for group members, calculated for recovery d by threshold secret sharing scheme 1 D of (2) 12 The method comprises the steps of carrying out a first treatment on the surface of the Then the program in the computing device of the group member that implements the secret sharing based cryptographic operation collaborative calculation uses the calculated secret d 12 The cryptographic server uses the secret share d 0 Calculated d 11 And generating a symmetric key for decrypting the data based on a secret sharing password operation collaborative computing scheme, thereby completing the data decryption.
The computing device of the group member running the password cooperative computing program can be a Personal Computer (PC), a portable computer, a tablet computer, a mobile phone and other mobile terminals; the cryptographic device storing the secret shares of the group members may be a software component, may be a combination of software and hardware, or may even be pure hardware.
Other specific technical implementations not described are well known to those skilled in the relevant arts and are self-evident.

Claims (5)

1. A group using method of a common cipher algorithm key is characterized in that:
the common cryptographic algorithm is a cryptographic algorithm not designed for group members to use keys; the types of the common cryptographic algorithm comprise a symmetric key cryptographic algorithm and an asymmetric key cryptographic algorithm;
the method involves the use of a key d or a key-dependent secret d of the generic cryptographic algorithm, where d is a member of a group; the secret related to the secret key is a secret number which can recover the secret key from the non-secret number or can replace the secret key to carry out cryptographic operation;
decomposing said d into secret shares d 0 、d 1 Wherein d is 1 Is a primitive in the addition group with order prime number n;
if d is again 1 Decomposition into d 1 =d 11 +d 12 The generic cryptographic algorithm has a corresponding secret sharing based collaborative computing scheme for cryptographic operations using a key d or a key-dependent secret d, where d 0 、d 11 For the secret share of the party to be co-calculated, d 12 Secret shares of the other party that are cooperatively calculated;
the method further relates to a cryptographic server and a group of group users, wherein the cryptographic server holds the secret share d 0
Will d 1 Sharing between a cryptographic server and group members in a (2, t) threshold secret sharing scheme, wherein the cryptographic server has one secret share, each group member has one secret share, and any two secret shares can be recovered d 1
The (2, t) threshold secret share of the password server is safely saved by the password server; the (2, t) threshold secret shares of each group member are securely maintained by the group member's cryptographic device; the cryptographic means is a component that stores and uses secret shares for cryptographic operations;
when one member of the group needs to use the secret key d or the secret related to the secret key d for cryptographic operation, the cryptographic server calculates the secret sharing scheme for recovering d according to the threshold for the current member 1 Is a secret share d of (2) 11 Cryptographic devices of group members compute a threshold secret sharing scheme for recovering d 1 Is a secret share d of (2) 12 Then the cryptographic co-computation program in the computing device of the group member uses d 12 The cryptographic server uses the secret share d 0 、d 11 And adopting a cooperative computing scheme of the secret sharing-based password operation, and obtaining a result of the password operation by cooperative computing.
2. The group usage method of the common cryptographic algorithm key according to claim 1, wherein:
and the password server discharges the cooperative calculation of the password operation with the revoked group members through the stored group member revocation information.
3. The group usage method of the common cryptographic algorithm key according to claim 1, wherein:
if the key d or the key-related secret d is used for digital signing and it is desired to identify the signer, the identification information of the group member performing the digital signing is signed as a part of the data to be signed.
4. The group usage method of the common cryptographic algorithm key according to claim 1, wherein:
if d is a secret share of a key or a secret related to a key, and d and the other secret shares of the key or the secret related to a key together for the common cryptographic algorithm, there is a cooperative computing scheme based on secret-shared cryptographic operations, then the cooperative computing scheme based on d and the cryptographic operations for the key or the other secret shares of the key related to a key is referred to as an outer cooperative computing scheme;
if the secret fraction d is further divided into secret fractions d in the manner described above 0 、d 11 、d 12 The outer cooperative computing scheme has a corresponding or equivalent secret share d based on a cryptographic operation using the secret share d 0 、d 11 、d 12 Wherein one party has a secret share d 0 、d 11 The other party has a secret share d 12 In the outer cooperative computing scheme, the group using method of the common cryptographic algorithm key is used for the cryptographic operation using the secret share d and is also applicable; the corresponding secret-based share d 0 、d 11 、d 12 Refers to a secret share d based on which cryptographic operations are designed for using secret share d in an outer layer cryptographic co-computation scheme 0 、d 11 、d 12 Is a collaborative computing scheme of (1); the equivalent secret share d 0 、d 11 、d 12 Refers to a secret share d based on which the calculation result can replace the result of the cryptographic operation using the secret share d in the outer layer cryptographic co-calculation scheme 0 、d 11 、d 12 Is provided.
5. A group use system of ordinary cryptographic algorithm keys based on the group use method of ordinary cryptographic algorithm keys as recited in any one of claims 1 to 4, characterized in that:
the system comprises a password server for implementing the password operation cooperative computation, a password device of a group member, a computing device of the group member and a client program for implementing the password operation cooperative computation in the computing device of the group member; when a group member needs to use a secret d or secret d related to the secret d to carry out the cryptographic operation, the system carries out the cryptographic operation according to the group using method of the common cryptographic algorithm secret.
CN202110906854.6A 2021-08-09 2021-08-09 Group using method and system for common cryptographic algorithm key Active CN113708925B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110906854.6A CN113708925B (en) 2021-08-09 2021-08-09 Group using method and system for common cryptographic algorithm key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110906854.6A CN113708925B (en) 2021-08-09 2021-08-09 Group using method and system for common cryptographic algorithm key

Publications (2)

Publication Number Publication Date
CN113708925A CN113708925A (en) 2021-11-26
CN113708925B true CN113708925B (en) 2023-12-12

Family

ID=78652090

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110906854.6A Active CN113708925B (en) 2021-08-09 2021-08-09 Group using method and system for common cryptographic algorithm key

Country Status (1)

Country Link
CN (1) CN113708925B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060033424A (en) * 2004-10-15 2006-04-19 학교법인 성균관대학 Method generating session key for group communication in mobile environment
CN103609059A (en) * 2010-09-20 2014-02-26 安全第一公司 Systems and methods for secure data sharing
CN104717232A (en) * 2015-04-09 2015-06-17 武汉理工大学 Cryptosystem facing to group
CN106357401A (en) * 2016-11-11 2017-01-25 武汉理工大学 Private key storage method and private key use method
CN111918285A (en) * 2020-06-17 2020-11-10 南京如般量子科技有限公司 Anti-quantum computing group communication method and system based on ID cryptography

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060033424A (en) * 2004-10-15 2006-04-19 학교법인 성균관대학 Method generating session key for group communication in mobile environment
CN103609059A (en) * 2010-09-20 2014-02-26 安全第一公司 Systems and methods for secure data sharing
CN104717232A (en) * 2015-04-09 2015-06-17 武汉理工大学 Cryptosystem facing to group
CN106357401A (en) * 2016-11-11 2017-01-25 武汉理工大学 Private key storage method and private key use method
CN111918285A (en) * 2020-06-17 2020-11-10 南京如般量子科技有限公司 Anti-quantum computing group communication method and system based on ID cryptography

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于环Z_n上的圆锥曲线的多秘密共享方案;闫鸿滨;计算机仿真;第31卷(第5期);171-174 *

Also Published As

Publication number Publication date
CN113708925A (en) 2021-11-26

Similar Documents

Publication Publication Date Title
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
CN108173639B (en) Two-party cooperative signature method based on SM9 signature algorithm
CN107819585B (en) SM9 digital signature collaborative generation method and system
Kumar et al. Secure storage and access of data in cloud computing
US8429408B2 (en) Masking the output of random number generators in key generation protocols
CN107707358B (en) EC-KCDSA digital signature generation method and system
CN107733648B (en) Identity-based RSA digital signature generation method and system
US7814326B2 (en) Signature schemes using bilinear mappings
US7634085B1 (en) Identity-based-encryption system with partial attribute matching
EP1379024A1 (en) Method and apparatus for generating a cryptographic key
CN1859090B (en) Encipher method and system based identity
US20100098253A1 (en) Broadcast Identity-Based Encryption
CN109873699B (en) Revocable identity public key encryption method
US11212082B2 (en) Ciphertext based quorum cryptosystem
CN107872322A (en) Digital signature collaboration generation method and system based on homomorphic cryptography
CN107086912B (en) Ciphertext conversion method, decryption method and system in heterogeneous storage system
CN112383397B (en) Heterogeneous signcryption communication method based on biological characteristics
CN111030801A (en) Multi-party distributed SM9 key generation and ciphertext decryption method and medium
CN110855425A (en) Lightweight multiparty cooperative SM9 key generation and ciphertext decryption method and medium
US20050220300A1 (en) Public key cryptographic methods and systems
CN114095171A (en) Identity-based wearable proxy re-encryption method
CN107682158B (en) Trusteeship authentication encryption method
CN110798313B (en) Secret dynamic sharing-based collaborative generation method and system for number containing secret
US20050135610A1 (en) Identifier-based signcryption
CA2742530C (en) Masking the output of random number generators in key generation protocols

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant