Summary of the invention
The embodiment of the invention provides a kind of zero Knowledge Authentication method and system, to reduce the amount of calculation in the zero Knowledge Authentication process, improves authentication efficient.
The embodiment of the invention provides a kind of zero Knowledge Authentication method, comprising:
The checking entity receives the ID authentication request that the proof entity sends, and said ID authentication request comprises the proof entity identification of encrypting with the proof entity private key at least;
Said checking entity provides a random number to said proof entity, and receives first validation value that said proof entity returns, and said first validation value is that calculating gets said proof entity with the proof entity public key according to said random number;
Said checking entity obtains the proof entity identification from said ID authentication request, and calculates said proof identity of entity authentication value based on said proof entity identification, and calculates second validation value based on said authentication value and said random number;
Said checking entity judges whether said first validation value equals said second validation value, if confirm that then the authentication of said proof identity of entity passes through.
The embodiment of the invention also provides a kind of zero Knowledge Authentication system, comprises proof entity and checking entity, wherein:
Said proof entity comprises:
The ID authentication request sending module is used for sending ID authentication request to said checking entity,
Said ID authentication request comprises the proof entity identification of encrypting with the proof entity private key;
The random number acquisition module is used for the random number that the Receipt Validation entity provides;
The first validation value computing module is used for calculating the according to said random number and proof entity public key
One validation value, and said first validation value sent to said checking entity;
Said checking entity comprises:
The ID authentication request receiver module is used to receive the ID authentication request that the proof entity sends;
The first validation value acquisition module is used for to said proof entity a random number being provided, and receives first validation value that said proof entity returns;
The second validation value computing module is used for obtaining the proof entity identification from said ID authentication request, and calculates said proof identity of entity authentication value according to said proof entity identification, and calculates second validation value according to said authentication value and said random number;
The validation value judge module is used to judge whether said first validation value equals said second validation value, if confirm that then the authentication of said proof identity of entity passes through.
The zero Knowledge Authentication scheme that the embodiment of the invention provides has less operand, can save system resource, improves authentication efficient.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer; To combine the accompanying drawing in the embodiment of the invention below; Technical scheme in the embodiment of the invention is carried out clear, intactly description; Obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
Embodiment one
The flow chart of the zero Knowledge Authentication method that Fig. 1 provides for the embodiment of the invention one, this method is for proving that entity is to verifying that entity proves the process of own identity, comprises the steps:
Step 110, checking entity receive the ID authentication request that the proof entity sends, and this ID authentication request comprises the proof entity identification of encrypting with the proof entity private key;
Step 120, checking entity provide a random number to the proof entity, and receive first validation value that the proof entity returns, and first validation value gets for the proof entity calculates with the proof entity public key based on random number;
Step 130, checking entity obtain the proof entity identification from ID authentication request, and calculate proof identity of entity authentication value based on the proof entity identification, and calculate second validation value based on authentication value and random number;
Step 140, checking entity judge whether first validation value equals second validation value, if the authentication of then affirmation proof identity of entity is passed through, if not, the authentication of then affirmation proof identity of entity is not passed through.
The technical scheme of present embodiment has less operand, can save system resource, improves authentication efficient.The employed formula of each step can have various ways, describes in detail through embodiment below.
Embodiment two
The flow chart of the zero Knowledge Authentication method that Fig. 2 provides for the embodiment of the invention two, this method is for proving that entity is to verifying that entity proves the process of own identity, comprises the steps:
Step 210, proof entity adopt proof entity private key S
ZTo proof entity identification ID
ZHash result H (ID with the proof entity identification
Z) encrypt, and encrypted result is carried at sends to the checking entity in the ID authentication request;
Wherein, hash result H (ID
Z) adopt preset one-way hash function H (x) to calculate and get, prove entity identification ID
ZInput value as preset one-way hash function H (x).Proof entity private key S
ZWith proof entity public key P
ZBeing that the proof entity is local stores, and can obtain through number of ways, is for example issued by authoritative institution.When certain user conduct proof first entity, can obtain proof entity private key S from authoritative institution
ZWith proof entity public key P
Z, and be stored in this locality, obtain follow-up when other checking entities carry out authentication, can directly inquiry of this user from this locality.
Step 220, checking entity produce a random number r, calculate random value c and send to the proof entity according to following formula (1), and random number r offers the proof entity through being carried among the random value c:
c=r·M (1)
Wherein, M is authoritative institution's disclosed elliptic curve function basic point, is all users' given value, prove entity with the checking entity can know as the user in the network.
Step 230, proof entity are according to random value c and proof entity public key P
Z, calculate the first validation value d according to following formula (2)
ZAnd send to the checking entity:
d
Z=c·P
Z (2)
Step 240, checking entity calculate proof identity of entity authentication value R according to following formula (3)
Z:
R
Z=P
Z+H(ID
Z)·M+(P
ZX+H(ID
Z)mod?n)·Psa (3)
Wherein, P
Z=(P
ZX, P
ZY), P
ZXCan be according to proof entity public key P
ZUnique definite, prove entity public key P
ZBe that the proof entity is disclosed, can send to the checking entity by the proof entity; Psa is authoritative institution's PKI, can openly give all users by authoritative institution, and each user can be as proof entity and checking entity when proving identity each other; N is for setting natural number, and the user that n is preferably proof entity and checking entity belongs to the user node quantitative value in the network.
Step 250, checking entity calculate the second validation value d according to following formula (4)
Y:
d
Y=r·R
Z (4)
Step 260, checking entity are judged the first validation value d
ZWhether equal the second validation value d
YIf,, the authentication of then affirmation proof identity of entity is passed through, and if not, the authentication of then affirmation proof identity of entity is not passed through.
Adopt technique scheme effectively to reduce amount of calculation, for example, than existing Shnorr identity verification scheme, the modular arithmetic for once of the scheme of present embodiment has reduced the number of times of modular arithmetic, has reduced the on-line operation amount in the zero Knowledge Authentication process.Can effectively reduce the system-computed expense, improve authentication efficient.Adopt technique scheme, if mutual information is not altered or is lost between proof entity and the checking entity, the first validation value d then
ZShould equal the second validation value d
Y, at first authentication, and avoid illegal modifications and the information dropout in the proof procedure.
Embodiment three
The zero Knowledge Authentication method that the embodiment of the invention three provides is the basis with embodiment two, on the basis of above-mentioned zero Knowledge Authentication, produces user's shared key.After the checking entity is through the authentication of proof identity of entity, also comprise: the checking entity is according to proof identity of entity authentication value R
Z, random value c and checking entity private key S
YProduce and share key K, this shared key K is used for mutual data between encrypted authentication entity and the proof entity.
Concrete, the checking entity can be according to proof identity of entity authentication value R
Z, random value c and checking entity private key S
YProduce shared key K according to following formula (5):
K=H(r·R
Z+S
Y·c) (5)
In practical application, the method that two users carry out authentication each other is identical, and the conduct checking entity that two users replace carries out authentication each other with the proof entity.When the second user B as proof entity and the first user A during as the checking entity, the first user A obtains the first authentication value R with respect to the second user B
AAnd produce the second random value c
BOffer the second user B.The first user A verifies the proof identity of entity authentication value R that produces in the second user B identity process
ZBe the first authentication value R
A, the random value c of generation is the second random value c
BSimilarly, when the first user A as proof entity and the second user B during as the checking entity, the second user B obtains the second authentication value R with respect to the first user A
BAnd produce the first random value c
AOffer the first user A.The second user B verifies the proof identity of entity authentication value R that produces in the first user A identity process
ZBe the second authentication value R
B, the random value c of generation is the first random value c
A
Then after the first user A and the second user B carry out authentication each other, also comprise:
The first user A is according to the first authentication value R
A, the first random value c
AWith the first private key for user S
AProduce and share key K, and the second user B is according to the second authentication value R
B, the second random value c
BWith the second private key for user S
BProduce and share key K, shared key K is used to encrypt mutual data between the first user A and the second user B.
The technical scheme of present embodiment provides a kind of new shared key generation method; Be applicable to any occasion that need encrypt communicating data between the user, the key form relates to: the shared key of communicating by letter between the PKI of authoritative institution, the private key of authoritative institution, user's PKI, user's private key and the user.Each user can produce shared key used when communicating data is encrypted between the user voluntarily, need not unify distribution by authoritative institution, also need not pass through Network Transmission, has reduced in the shared key distribution process by the possibility of leaking and attacking.The generation of sharing key simultaneously depends on one-way hash function, has further improved the fail safe of system, when maximum guarantees key safety, effectively reduces system loading.The selectable mode of one-way hash function is a lot, for example is MD5 (Message Digest Algorithm, Message Digest Algorithm 5) and SHA (Secure Hash Algorithm is called for short SHA).The one-way hash function algorithm is disclosed, but can not reversely obtain initial data, so guaranteed the fail safe of key.
The first user A is according to the first authentication value R
A, the first random value c
AWith the first private key for user S
AProduce and share key K, and the second user B is according to the second authentication value R
B, the second random value c
BWith the second private key for user S
BMode that produce to share key K specifically can for:
The first user A is according to the first authentication value R
A, the first random value c
AWith the first private key for user S
AProduce shared key K according to following formula (6):
K=H(r
A·R
A+S
A·c
A) (6)
The second user B is according to the second authentication value R
B, the second random value c
BWith the second private key for user S
BProduce shared key K according to following formula (7):
K=H(r
B·R
B+S
B·c
B) (7)
Two shared key K that the user produced are identical, can be used to encrypt data mutual between two users.
Embodiment of the invention technical scheme can be applied in the network, and this network comprises a plurality of user terminals.Authoritative institution is similar to the mechanism of certificate Distribution Center, and authoritative institution can be the special server that is provided with, and is responsible for legal user terminal is produced PKI, private key.The typical application scene of the embodiment of the invention for example is a mobile communications network, when needs carry out encryption communication, can adopt the technical scheme of the embodiment of the invention, and for example, the base station in the mobile communications network can be used as authoritative institution.Other all relate to KDC scene all be suitable for the technical scheme of the embodiment of the invention.
Embodiment four
Obtain the flow chart of private key and public-key method in the zero Knowledge Authentication method that Fig. 3 provides for the embodiment of the invention four; Present embodiment is the basis with the previous embodiment; Specifically provide a kind of user to obtain the mode of self private key and PKI;, before checking entity proof identity, also comprise the steps: at the proof entity
Step 310, proof entity are with self proof entity identification ID
ZAs the input of preset one-way hash function H (x) to calculate hash result H (ID
Z), and with hash result H (ID
Z) send to authoritative institution.
Wherein, prove entity identification ID
ZDistribute to the unique identification of proof entity for authoritative institution.In this step 310, prove that entity can also further produce a random number, with proof entity identification ID
ZTogether calculate hash result H (ID as the input of preset one-way hash function H (x)
Z), with further raising fail safe.
Step 320, authoritative institution are according to hash result H (ID
Z) generation proof entity public key P
ZWith PKI evidence W
Z, and send to the proof entity;
In this step, authoritative institution can calculate according to following formula (8) and obtain proof entity public key P
Z:
M=P
Z+H(ID
Z)·M+(P
ZX+H(ID
Z)mod?n)·Psa (8)
P wherein
ZXCan pass through P
Z=(P
AX, P
ZY) unique definite.
In this step, authoritative institution is specially the (ID according to hash result H
Z) produce PKI evidence W according to following formula (9)
Z:
W
Z=k+Ssa·(P
ZX+H(ID
Z)mod?n) (9)
Wherein, k ∈ [2, n-2]; Ssa is authoritative institution's private key.
Step 330, proof entity are according to proof entity public key P
ZWith PKI evidence W
ZProduce proof entity private key S
Z
In this step, prove that entity can be according to proof entity public key P
ZWith PKI evidence W
ZProduce proof entity private key S according to following formula (10)
Z:
[0085]?S
Z=W
Z+H(ID
Z)mod?n (10)
[0086]In the step 320 of present embodiment, receive hash result H (ID in authoritative institution
Z) afterwards, authoritative institution can also be further according to proof entity identification ID
ZThe proof entity is carried out authentication.Concrete identification authentication mode can will prove the proof entity identification ID of entity for authoritative institution
ZThe unique identification of just authoritative institution being distributed to each user carries out Hash operation; The hash function that is adopted is a pre-stored in the authoritative institution, then hash result is mated in this locality, has promptly passed through authentication if can match consistent result.
The proof entity of present embodiment technical scheme can be all users; This scheme has further solved the insecurity of key distribution; Produce self used private key voluntarily by the user, need not authoritative institution issue, avoided issuing the leakage possibility in the private key process.And the generation of private key depends on an one-way hash function difficult problem, improved the difficulty that key cracks, and helps guaranteeing fail safe.When the user need carry out key updating, be renewable oneself PKI and private key as long as produce a random number again and repeat above-mentioned steps.
In the present embodiment; The basic point M of the employed elliptic curve of authoritative institution and the PKI Psa of authoritative institution are disclosed; In step 330, prove that entity can be the proof entity public key P of its generation according to elliptic curve basic point M and the PKI Psa of authoritative institution checking authoritative institution at first
Z
Embodiment five
The structural representation of the zero Knowledge Authentication system that Fig. 4 provides for the embodiment of the invention five; Comprise proof entity 410 and checking entity 420 in this system; Proof entity 410 can be the user in the network with checking entity 420, and each user verifies entity 420 and proof entity 410 each other when carrying out authentication.
This proof entity 410 comprises: ID authentication request sending module 411, random number acquisition module 412 and the first validation value computing module 413.Wherein, ID authentication request sending module 411 is used for sending ID authentication request to checking entity 420, and this ID authentication request comprises the proof entity identification of encrypting with the proof entity private key; Random number acquisition module 412 is used for the random number that Receipt Validation entity 420 provides; The first validation value computing module 413 is used for calculating first validation value according to random number and proof entity public key, and first validation value is sent to checking entity 420.
This checking entity 420 comprises: ID authentication request receiver module 421, the first validation value acquisition module 422, the second validation value computing module 423 and validation value judge module 424.Wherein, ID authentication request receiver module 421 is used to receive the ID authentication request that proof entity 410 sends; The first validation value acquisition module 422 is used for to proof entity 410 random number being provided, and receives first validation value that proof entity 410 returns; The second validation value computing module 423 is used for obtaining the proof entity identification from ID authentication request, and calculates the authentication value that proves entity 410 according to the proof entity identification, and calculates second validation value according to authentication value and random number; Validation value judge module 424 is used to judge whether first validation value equals second validation value, if confirm that then the authentication of proof entity 410 is passed through.
Adopt technique scheme, amount of calculation that can be less realizes zero Knowledge Authentication between the user, has improved authentication efficient.
Embodiment six
The structural representation of the zero Knowledge Authentication system that Fig. 5 provides for the embodiment of the invention six, in the present embodiment, this checking entity 420 can further include: share key production module 425.Share key production module 425 and be used for producing shared key according to authentication value, random value and the checking entity private key of proof entity 410, shared key is used for mutual data between encrypted authentication entity 420 and the proof entity 410.
Adopt technique scheme, obtain and prove the shared key between the entity with can be used as the checking entity per family, and the shared key that two users are calculated separately is identical, can be used for the encryption and decryption of interaction data.The technical scheme of present embodiment has realized that the user produces shared key voluntarily, need not authoritative institution distribution or through Network Transmission, the fail safe that therefore can improve key.
On the basis of present embodiment, prove that entity 410 can also comprise: sign reporting module 414, PKI receiver module 415 and private key generation module 416.Wherein, sign reporting module 414 is used for the proof entity identification of self is sent to authoritative institution 430, wherein, proves that entity identification is the unique identification that authoritative institution 430 distributes to proof entity 410; PKI receiver module 415 is used to receive proof entity public key and the PKI evidence that authoritative institution 430 returns; Private key generation module 416 is used for producing the proof entity private key according to proof entity public key and PKI evidence; Also comprise authoritative institution 430 in this system, be used for producing proof entity public key and PKI evidence, and send to proof entity 410 according to the proof entity identification that proof entity 410 reports.
Present embodiment produces user's PKI by authoritative institution, and produces oneself private key voluntarily by the user, need not authoritative institution's distribution or through Network Transmission, so the fail safe that can improve key.
The embodiment of the invention provided, and zero Knowledge Authentication system can carry out the zero Knowledge Authentication method that the embodiment of the invention provides, and possesses corresponding functional modules.This technical scheme has less operand, can save system resource, improves authentication efficient; The generation of key depends on an one-way hash function difficult problem, the fail safe that therefore can improve key; Private key for user and shared key produce by the user voluntarily, need not authoritative institution distribution or through Network Transmission, the fail safe that therefore can improve key.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.