CN101296075A - Identity authentication system based on elliptic curve - Google Patents
Identity authentication system based on elliptic curve Download PDFInfo
- Publication number
- CN101296075A CN101296075A CNA2007100490000A CN200710049000A CN101296075A CN 101296075 A CN101296075 A CN 101296075A CN A2007100490000 A CNA2007100490000 A CN A2007100490000A CN 200710049000 A CN200710049000 A CN 200710049000A CN 101296075 A CN101296075 A CN 101296075A
- Authority
- CN
- China
- Prior art keywords
- equipment
- elliptic curve
- authentication
- sides
- xyg
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses an identity authentication system based on an elliptic curve. A public key and private key pair, a DH cipher code exchange protocol and hashing functions preset in equipment are used for realizing fast identity authentication, thus preventing the identity authentication by using complicated arithmetic in a public key certificate system, such as a certificate chain and digital signature. The public and private key pair of equipment A are x and xG, and the public and private key pair of equipment B are y and yG; when carrying out the identity authentication, the equipment A and the equipment B exchange x and y (or xG and yG), then both calculate scalar multiplication xyG. The equipment A and the equipment B utilize hashing function H to operate each scalar multiplication result xyF so as to obtain hash value h1 and h1'; if h1=h1', both equipment are legal. The system can be used in software and hardware environments, such as digital content protection interface, e-business, banking system, smart card, and identity authentication, etc.
Description
Technical field
The present invention is a kind of identity authorization system, specifically is based on elliptic curve cipher system and DH IKE, the method that the legitimacy of communicating pair identity is authenticated.
Background technology
In various message transfer systems,, need authenticate participating in identity of entity for the entity that guarantees to participate in information exchange is legal, effectively.For example in military communication, need to confirm the other side's identity, to prevent the leakage of military information information; In internet environments such as ecommerce, need differentiate the other side's identity; In applied environments such as smart card, need the legal validity of access device be authenticated; In the intellectual property field, need by the intellectual property content is encrypted, means such as signature guarantee illegally not stolen.Usually before communicating pair transmitted ciphered data, carry out authentication to equipment all was real, legal and valid with the identity that guarantees communicating pair.If authentication can not be succeedd, then do not carry out transfer of data or can not carry out correct deciphering, to allow protected data information not be subjected to illegal infringement to ciphered data.
Diffie in 1976 and hellman have proposed the thought of public key cryptography, the new era of having started public key cryptography in " cryptographic new direction ".In cryptographic system, generally issue device certificate and device private for each equipment by authoritative institution trusty based on public key system.The PKI that communicating pair utilizes the root certificate extracts information such as the PKI of method, apparatus and ID with the form of certificate chain.With the device private of oneself some public information data are carried out digital signature by a side then, the opposing party utilizes the other side's PKI that this signing messages is verified, so can verify the legitimacy to method, apparatus.The fail safe of public-key cryptosystem all is based on finds the solution certain mathematics difficult problem, and elliptic curve cryptography wherein has many-sided advantage.The difficulty of finding the solution of elliptic curve is exponential, is higher than any in the past cryptographic algorithm; Elliptic curve has the shortest key length under identical security intensity, so just makes its requirement to memory space few; In digital signature and checking, encryption and decryption scheduling algorithm, the amount of calculation of elliptic curve is little, and processing speed is fast, relatively is suitable in the resource constrained environment.
Multiple Verification System and identifying algorithm are arranged at present, roughly be divided into unilateral authentication system (Fig. 1) and two-way authentication system (Fig. 2).Generally the elliptic curve basic point G based on the Verification System of ECC is disclosed, and they all are that certificate of utility chain and digital signature come equipment is authenticated.The unilateral authentication system can only guarantee the legitimacy of certified equipment, and can not guarantee the legitimacy of authenticating device; Have only two-way authentication could guarantee that the authentication both sides are legitimate device, but the two-way authentication more complicated, and consumed time and resource are all many.The present invention proposes a kind of brand-new authentication thinking, avoided the method that authenticates by certificate chain and digital signature.By the selected elliptic curve parameter of third party authority trust authority, and strictness is maintained secrecy to basic point G, produce to share key xyG by exchange x, y (perhaps xG, yG), according to the whether consistent legitimacy of coming judgment device of xyG that communicating pair calculated, as shown in Figure 3.This method has not only realized the legitimacy check of communicating pair equipment, simplified verification process, and the data of exchange only are x, y (perhaps xG, yG), and the prison hearer at all can't solution point xG, yG (perhaps x, y) and the coordinate of basic point G, thereby makes system have higher security intensity.
Summary of the invention
The purpose of this method is to utilize elliptic curve and DH exchange algorithm in the public-key cryptosystem to produce shared key, judges by the consistency of the contrast shared key that communicating pair produced whether the communication two ends all are legal and valid equipment.This method is as follows:
1, at first selected elliptic curve parameter (p, a, b, G, n, h) etc.;
Wherein need disclosed parameter to be:
P is prime field F
pRank, a, b are Elliptic Curve y
2=x
3The coefficient of+ax+b;
The parameter that need hold in close confidence is:
G is a point on the elliptic curve, and n is the rank of a G, and h is a cofactor.
2, be respectively device A and B and select two parameter: x, y, requirement
And calculate the elliptic curve scalar and take advantage of xG and yG.X and xG are distributed to device A, y and yG are distributed to equipment B, and hold xG and yG in close confidence.
3, device A sends x to equipment B, and equipment B sends y to device A.
4, device A calculating scalar takes advantage of yxG to obtain sharing key xyG; Equipment B is calculated scalar and is taken advantage of xyG, obtains sharing key xyG.
5, device A and equipment B are shared cryptographic Hash h1 and the h1 ' of key xyG respectively with the digital digest function calculation, and will calculate cryptographic Hash and send to the other side.
6, communicating pair will receive cryptographic Hash and compare with the own cryptographic Hash of calculating, if h1=h1 ', then the communicating pair authentication successfully; Otherwise, returned for the 3rd step to re-execute authentication.
In the above verification process, x, y can be holded in close confidence, and communicating pair exchange xG and yG.Also can basic point G be implanted equipment, select random number x, y, and calculate scalar and take advantage of xG and yG, carry out both sides' authentication by exchange x, y (perhaps xG, yG) then by equipment oneself with the form of maintaining secrecy.In whole authentication process, if parameter x, y ∈ [1, n-1], the value of xy might be more than or equal to the rank n of basic point G, thus communicating pair calculate share key xyG after, need to detect whether it is infinite point.If xyG is an infinite point, then need to return the value of reselecting x or y.If
Whether then do not need to detect xyG is infinite point.
Third party device can be monitored and steal has only two parameters of x, y (perhaps xG, yG), assailant almost have no idea to calculate with this value of basic point G and xG, yG (perhaps x, y), so this identity authorization system is very safe.
Description of drawings
Fig. 1 is general unilateral authentication process
Fig. 2 is general mutual authentication process
Fig. 3 is an authentication process of the present invention
Embodiment
When concrete operations realized, all parameters of this algorithm were determined by third party trusty authoritative institution.Open a part of parameter, and another part parameter holds in close confidence, and relevant parameters is set in device A and the equipment B goes.For for simplicity, present embodiment has been selected P-192 elliptic curve and some simple parameters on the prime field that NIST recommended for use.
At first by the selected elliptic curve parameter of authoritative trust authority (p, a, b, G, n, h) etc.:
Wherein need disclosed parameter to be:
Elliptic curve equation y
2=x
3-ax-b
P=2
192-2
64-1
a=-3(mod?p)=p-3=2
192-2
64-2
2
b=0x?64210519?E59C80E7?0FA7E9AB?72243049?FEB8DEEC?C146B9B1
The parameter that need hold in close confidence is:
G
x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
G
y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
n=0x?FFFFFFFF?FFFFFFFF?FFFFFFFF?99DEF836?146BC9B1?B4D22831
h=1
Basic point G should be chosen and be holded in close confidence by authoritative trust authority, chooses the basic point parameter G that NIST recommends herein for the sake of simplicity.
Be that device A and equipment B are chosen two ostensible device private x, y by authoritative trust authority then, and
X, y value are x=y=1 in order to calculate simply herein.Calculating scalar takes advantage of xG, yG as follows:
xG
x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
xG
y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
yG
x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
yG
y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
Take advantage of xG and yG as the PKI of equipment scalar, be allocated as follows: public private key pair xG and x distribute to device A, and public private key pair yG and y distribute to equipment B.Wherein, private key x and y hold in close confidence.Mutual authentication process is as follows:
1, device A sends xG to equipment B, and equipment B sends yG to device A.
2, device A calculating scalar takes advantage of xyG to obtain sharing key yxG; Equipment B is calculated scalar and is taken advantage of yxG, obtains sharing key xyG.Result of calculation is as follows:
yxG
x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
yxG
y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
xyG
x=0x?188DA80E?B03090F6?7CBF20EB?43A18800?F4FF0AFD?82FF1012
xyG
y=0x?07192B95?FFC8DA78?631011ED?6B24CDD5?73F977A1?1E794811
3, device A and equipment B are calculated cryptographic Hash h1 and the h1 ' that shares key xyG with digital digest function S HA-1 respectively, and both sides exchange the Hash Value that calculates.
The equipment both sides will receive cryptographic Hash h1 ' and compare with the local cryptographic Hash h1 that calculates, h1=h1 ', and both sides' authentication is passed through, and communicating pair all is a legitimate device.
Claims (8)
1, a kind of identity authorization system based on elliptic curve utilizes elliptic curve cipher system and DH IKE, and communication equipment both sides' legitimacy is carried out authentication.It is characterized in that: hold parameters such as rank n that elliptic curve basic point G, G order and cofactor h in close confidence, the rank p of open large prime field, elliptic curve parameter (a, parameter such as b); Selection integer x, y also calculate scalar and take advantage of xG, yG, and the authentication both sides exchange x, y (perhaps xG, yG) back calculating scalar and take advantage of xyG and yxG; Can both sides' identity legitimacy be authenticated by the consistency that compares xyG and yxG.
2, a kind of identity authorization system based on elliptic curve according to claim 1 is characterized in that: and public private key pair (x, xG) and (y is through precomputation and being preset in the equipment yG).
3, a kind of identity authorization system according to claim 1 based on elliptic curve, it is characterized in that: basic point G is preset in the equipment with the form of safety, on-the-spot random number x or the y of selecting of authentication both sides, and calculate scalar and take advantage of xG or yG.
4, according to claim 2 or 3 described a kind of identity authorization systems, it is characterized in that: integer based on elliptic curve
And the bit wide of x, y can be half of the bit wide of the rank n of basic point G, and scalar takes advantage of the bit wide of xG, yG can be consistent with the bit wide of the rank n of basic point G; It is generic point on the elliptic curve that the scalar that generates is taken advantage of xyG as a result.
5, a kind of identity authorization system according to claim 3 based on elliptic curve, it is characterized in that: the random number x of selection, y ∈ [1, n-1], the bit wide of x, y is consistent with the bit wide of the rank n of basic point G, and scalar takes advantage of the bit wide of xG, yG can be consistent with the bit wide of the rank n of basic point G; Whether need to detect it after the generation scalar is taken advantage of xyG is infinite point.
6, according to claim 4 or 5 described a kind of identity authorization systems based on elliptic curve, it is characterized in that: authentication both sides exchange be the PKI of equipment, x, y are during as the equipment PKI, xG, yG are as device private, perhaps xG, yG are as the equipment PKI, and x, y are as device private.
7, a kind of identity authorization system based on elliptic curve according to claim 6 is characterized in that: both sides are when carrying out information exchange in authentication, and the information that interception facility can listen to only has only x, y (perhaps xG, yG) and h1, h1 '.
8, a kind of identity authorization system according to claim 7 based on elliptic curve, it is characterized in that: can use anti-collision hash function H to take advantage of xyG to carry out Hash operation to the scalar that the authentication both sides generate, whether the xyG that generates by the authentication verification both sides is consistent judges whether the identity that authenticates both sides all is legal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100490000A CN101296075B (en) | 2007-04-29 | 2007-04-29 | Identity authentication system based on elliptic curve |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100490000A CN101296075B (en) | 2007-04-29 | 2007-04-29 | Identity authentication system based on elliptic curve |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101296075A true CN101296075A (en) | 2008-10-29 |
| CN101296075B CN101296075B (en) | 2012-03-21 |
Family
ID=40066111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007100490000A Expired - Fee Related CN101296075B (en) | 2007-04-29 | 2007-04-29 | Identity authentication system based on elliptic curve |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101296075B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
| CN102131198A (en) * | 2011-03-01 | 2011-07-20 | 广州杰赛科技股份有限公司 | Realizing method of elliptic curve cryptography arithmetic device in authentication system |
| CN101702807B (en) * | 2009-11-16 | 2012-07-25 | 东南大学 | Wireless security access authentication method |
| CN103560882A (en) * | 2013-10-29 | 2014-02-05 | 武汉理工大学 | Elliptic curve cryptosystem based on identity |
| CN104639329A (en) * | 2015-02-02 | 2015-05-20 | 浙江大学 | Method for mutual authentication of user identities based on elliptic curve passwords |
| CN104780537A (en) * | 2015-04-09 | 2015-07-15 | 天津大学 | WLAN (wireless local area network) identity verification method |
| CN104915179A (en) * | 2015-04-28 | 2015-09-16 | 南京邮电大学 | Human physiology data privacy protection method |
| CN109412813A (en) * | 2018-09-14 | 2019-03-01 | 北京海泰方圆科技股份有限公司 | The endorsement method of elliptic curve, sign test method and apparatus |
| CN110022210A (en) * | 2019-03-28 | 2019-07-16 | 思力科(深圳)电子科技有限公司 | Signature sign test method, signature end and sign test end based on elliptic curve cipher |
| CN111314072A (en) * | 2020-02-21 | 2020-06-19 | 北京邮电大学 | Extensible identity authentication method and system based on SM2 algorithm |
| CN113190862A (en) * | 2021-05-10 | 2021-07-30 | 成都卫士通信息产业股份有限公司 | SM 2-based certificateless key generation method and device, electronic equipment and medium |
| CN114065171A (en) * | 2021-11-11 | 2022-02-18 | 北京海泰方圆科技股份有限公司 | Identity authentication method, device, system, equipment and medium |
| CN117708899B (en) * | 2024-02-06 | 2024-04-30 | 浙江金网信息产业股份有限公司 | Safe encryption method for data storage of credit rule base in hard disk |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1108041C (en) * | 1999-12-01 | 2003-05-07 | 陈永川 | Digital signature method using elliptic curve encryption algorithm |
| CN100440776C (en) * | 2002-11-29 | 2008-12-03 | 北京华大信安科技有限公司 | Elliptic curve signature and signature verification method and apparatus |
-
2007
- 2007-04-29 CN CN2007100490000A patent/CN101296075B/en not_active Expired - Fee Related
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102036235A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Device and method for identity authentication |
| CN101702807B (en) * | 2009-11-16 | 2012-07-25 | 东南大学 | Wireless security access authentication method |
| CN102131198A (en) * | 2011-03-01 | 2011-07-20 | 广州杰赛科技股份有限公司 | Realizing method of elliptic curve cryptography arithmetic device in authentication system |
| CN102131198B (en) * | 2011-03-01 | 2013-11-06 | 广州杰赛科技股份有限公司 | Realizing method of elliptic curve cryptography arithmetic device in authentication system |
| CN103560882A (en) * | 2013-10-29 | 2014-02-05 | 武汉理工大学 | Elliptic curve cryptosystem based on identity |
| CN103560882B (en) * | 2013-10-29 | 2016-08-17 | 武汉理工大学 | A kind of elliptic curve cipher system based on mark |
| CN104639329B (en) * | 2015-02-02 | 2017-10-03 | 浙江大学 | User identity inter-authentication method based on Elliptic Codes |
| CN104639329A (en) * | 2015-02-02 | 2015-05-20 | 浙江大学 | Method for mutual authentication of user identities based on elliptic curve passwords |
| CN104780537A (en) * | 2015-04-09 | 2015-07-15 | 天津大学 | WLAN (wireless local area network) identity verification method |
| CN104915179B (en) * | 2015-04-28 | 2018-07-17 | 南京邮电大学 | A kind of method of human body physiological data secret protection |
| CN104915179A (en) * | 2015-04-28 | 2015-09-16 | 南京邮电大学 | Human physiology data privacy protection method |
| CN109412813A (en) * | 2018-09-14 | 2019-03-01 | 北京海泰方圆科技股份有限公司 | The endorsement method of elliptic curve, sign test method and apparatus |
| CN109412813B (en) * | 2018-09-14 | 2019-08-09 | 北京海泰方圆科技股份有限公司 | The endorsement method of elliptic curve, sign test method and apparatus |
| CN110022210A (en) * | 2019-03-28 | 2019-07-16 | 思力科(深圳)电子科技有限公司 | Signature sign test method, signature end and sign test end based on elliptic curve cipher |
| CN110022210B (en) * | 2019-03-28 | 2022-03-15 | 思力科(深圳)电子科技有限公司 | Signature verification method based on elliptic curve password, signature end and signature verification end |
| CN111314072A (en) * | 2020-02-21 | 2020-06-19 | 北京邮电大学 | Extensible identity authentication method and system based on SM2 algorithm |
| CN113190862A (en) * | 2021-05-10 | 2021-07-30 | 成都卫士通信息产业股份有限公司 | SM 2-based certificateless key generation method and device, electronic equipment and medium |
| CN114065171A (en) * | 2021-11-11 | 2022-02-18 | 北京海泰方圆科技股份有限公司 | Identity authentication method, device, system, equipment and medium |
| CN114065171B (en) * | 2021-11-11 | 2022-07-08 | 北京海泰方圆科技股份有限公司 | Identity authentication method, device, system, equipment and medium |
| CN117708899B (en) * | 2024-02-06 | 2024-04-30 | 浙江金网信息产业股份有限公司 | Safe encryption method for data storage of credit rule base in hard disk |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101296075B (en) | 2012-03-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101296075B (en) | Identity authentication system based on elliptic curve | |
| US9967239B2 (en) | Method and apparatus for verifiable generation of public keys | |
| EP1675299B1 (en) | Authentication method using bilinear mappings | |
| Lai et al. | Applying semigroup property of enhanced Chebyshev polynomials to anonymous authentication protocol | |
| EP1376976A1 (en) | Methods for authenticating potential members invited to join a group | |
| WO2017004470A1 (en) | Mutual authentication of confidential communication | |
| JP7232816B2 (en) | Authentication system and authentication method for authenticating assets | |
| CN101296072B (en) | Sharing cryptographic key generation method of elliptic curve | |
| JP2003536320A (en) | System, method and software for remote password authentication using multiple servers | |
| US20160182230A1 (en) | Secure token-based signature schemes using look-up tables | |
| Bai et al. | Elliptic curve cryptography based security framework for Internet of Things (IoT) enabled smart card | |
| JP2012521109A (en) | Identification method and shared key generation method | |
| CN109936456B (en) | Anti-quantum computation digital signature method and system based on private key pool | |
| CN109787758B (en) | Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal | |
| CN104301108A (en) | Signcryption method based from identity environment to certificateless environment | |
| Lee et al. | Two factor authentication for cloud computing | |
| CN114692218A (en) | Electronic signature method, equipment and system for individual user | |
| CN110855667B (en) | Block chain encryption method, device and system | |
| JP2009272737A (en) | Secret authentication system | |
| CN102291396B (en) | Anonymous authentication algorithm for remote authentication between credible platforms | |
| Lei et al. | Generating digital signatures on mobile devices | |
| Fanfara et al. | Usage of asymmetric encryption algorithms to enhance the security of sensitive data in secure communication | |
| CN111245611B (en) | Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment | |
| Vangala et al. | Blockchain-Based Robust Data Security Scheme in IoT-Enabled Smart Home. | |
| CN101296077A (en) | Identity authentication system based on bus type topological structure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120321 Termination date: 20160429 |