A kind of key management method based on RSA arithmetic
The present invention relates to the cryptographic technique of information security, especially a kind of method that improves key management fail safe and reliability.
In information security field, the PKI that adopts RSA (a kind of public key algorithm) algorithm is the basic framework of information security running.But all the time, adopt that the computing of RSA signature needs a large amount of big several computings of many precision in the RSA Algorithm, arithmetic speed slow restricted the RSA Algorithm extensive use.(VirtualPrivate Net: Virtual Private Network) system applies occurs based on hard-wired RSA Montgomery Algorithm safety expedite product in a large number in this fast development in several years along with being based upon ecommerce under the public-key cryptography framework security platform and VPN.In these safe expedite product, it is principal mode that hardware PCI (Peripheral Component Interconnect), ISA (a kind of computer communication general line) encrypt integrated circuit board, the assurance of its fail safe generally realizes by following manner: (1) integrated circuit board is just realized hardware-accelerated, realizes key management by the main frame software processes; (2) key is stored in movably on the equipment by computer USB (Universal Serial Bus) mouthful or serial ports; (3) integrated circuit board produces key automatically, and key does not appear at outside the computer card with clear-text way, but by key in the plant maintenance integrated circuit boards such as IC-card.Its reliability generally realizes by following manner: (1) improves the fault-tolerance of software on the integrated circuit board; (2) safe accelerator card backup and cipher key backup realize Hot Spare mechanism.
Aspect fail safe: in above-mentioned three kinds of key management modes, though the third is safe cipher key management scheme, but still also there is certain safety defect: by some any special measures---as dynamic tracking integrated circuit board program, analyze means such as integrated circuit board algorithm, can from integrated circuit board, obtain key information.
Aspect reliability: adopt Hot Spare mechanism, key is placed on two integrated circuit boards simultaneously, increased the difficulty of secret key safety management, make fail safe further reduce.
Purpose of the present invention is intended to overcome above-mentioned the deficiencies in the prior art, proposes the key management method that a kind of fail safe is good, reliability is high.
Realize the technical scheme of above-mentioned purpose: a kind of key management method based on RSA arithmetic is that the distribute keys formula is stored in each safe accelerator card, and its distributed storage method comprises the steps:
(1) the generation random key is right in arbitrary safe accelerator card, and PKI is announced away;
(2) the private key d of cipher key pair is divided into n branch private key d=d at random according to the piece number of safety accelerator card
1+ d
2+ ... + d
n(n 〉=3);
(3) deletion private key d;
(4) by IKE, dividing private key d
i(i=1,2 ..., n) store in the i piece safety accelerator card;
(5) will divide private key d
i(i=1,2 ..., (k, n) (wherein n 〉=2k-1) and algorithm are shared in other n-1 piece safety accelerator card that stores into except that i piece safety accelerator card by IKE n) to share thresholding rule in the cryptographic system according to secret.
When n=3, k=2, described step (5) comprises the steps:
A, will divide private key d
1, d
2, d
3Random division becomes d
1=d
11+ d
12, d
2=d
21+
22, d
3=d
31+ d
32
B, by IKE, branch private key d
21d
31Share and store in the safe accelerator card 1, dividing private key d
11d
32Share and store in the safe accelerator card 2; Dividing private key d
12d
22Share and store in the safe accelerator card 3.
Adopt technique scheme, the significant technological progress of the present invention is: 1) because key is carried out distributed storage, whenever in any safe accelerator card whole key plain can not appear, pass through secret sharing scheme, in many ways manage same key simultaneously, make secret key safety be protected; 2) by character in the computing of mould power signature, when making compute signature, need not directly recover private key expressly, just can calculate the operation result of key; 3) because can be when lacking any safe accelerator card, can recover key information from other safe accelerator card, therefore, polylith safety accelerator card is the security of operation accelerating system simultaneously, the fault of any integrated circuit board can not influence whole encryption system operation, thereby has improved the reliability of system; 4) the distribute keys formula is stored in each piece safety accelerator card, itself just means and realized automatic cipher key backup; 5) from the security of operation accelerator card, recover key information, realized automatic key recovery.
Below by embodiment also in conjunction with the accompanying drawings, the present invention is further detailed explanation:
Fig. 1 is that the present invention adopts the key of three safe accelerator cards to split flow chart.
Embodiment: a kind of key management method based on RSA arithmetic, the distribute keys formula is stored in 3 safe accelerator cards: with reference to Fig. 1, in key management, safe accelerator card 1 is inner produce key to after, PKI can announce away that private key d then randomness is divided into d=d
1+ d
2+ d
3, delete private key d then, obtain branch private key d
1, d
2, d
3After, according to the thresholding rule (2,3) in the shared cryptographic system of secret, wherein a kind of special form is by d again
1=d
11+ d
12, d
2=d
21+
22, d
3=d
31+ d
32, random division is passed through IKE then again, dividing private key d
2, d
11, d
32Deliver in the safe accelerator card 2, dividing private key d
3, d
12, d
22Deliver in the safe accelerator card 3,1 of safe accelerator card keeps d
1, d
21, d
31Information.After cutting apart by such key, any safe accelerator card does not all have the information of whole private key, and any two safe accelerator cards can obtain the information of private key simultaneously.System is S=s when calculating Montgomery Algorithm
dModN according to three safe accelerator card computational burden, selects two idle relatively safe accelerator cards, is assumed to be accelerator card 1 and accelerator card 3, then calculates mould power S1=s respectively
D1+d21ModN and S3=s
D3+d22ModN is according to d=d
1+ d
21+ d
22+ d
3, obtain S=S1.S3modN, thereby need not recover the information of private key d, obtain the Montgomery Algorithm result.
Be without loss of generality, present embodiment is expanded to the key management method based on RSA arithmetic of general situation, comprise the steps:
(1) the generation random key is right in arbitrary safe accelerator card, and PKI is announced away;
(2) the private key d of cipher key pair is divided into n branch private key d=d at random according to the piece number of safety accelerator card
1+ d
2+ ... + d
n(n>=3);
(3) deletion private key d;
(4) according to IKE, dividing private key d
i(i=1,2 ..., n) store in the i piece safety accelerator card;
(5) will divide private key d
i(i=1,2 ..., (k, n) (wherein n 〉=2k-1) and algorithm are shared in other n-1 piece safety accelerator card that stores into except that i piece safety accelerator card by IKE n) to share thresholding rule in the cryptographic system according to secret.
According to the method described above, guarantee from any k piece safety accelerator card, all can to obtain all key informations, thereby guarantee that system all can normally move when lacking any n-k piece safety accelerator card.
In sum, in encryption system, adopt the method for polylith safety accelerator card distributed storage private key of the present invention, make the private key separate storage to each minute private key memory cell, even obtained branch private key information in the k-1 piece safety accelerator card, can not obtain whole private key information, guarantee the fail safe of key; And, when any n-k piece safety accelerator card breaks down, can from other safe accelerator card, recover key information, not influence system runs well, and has guaranteed reliability of system operation.