CN101997683A - Method and device for authenticating zero knowledge proof - Google Patents

Method and device for authenticating zero knowledge proof Download PDF

Info

Publication number
CN101997683A
CN101997683A CN2009101613613A CN200910161361A CN101997683A CN 101997683 A CN101997683 A CN 101997683A CN 2009101613613 A CN2009101613613 A CN 2009101613613A CN 200910161361 A CN200910161361 A CN 200910161361A CN 101997683 A CN101997683 A CN 101997683A
Authority
CN
China
Prior art keywords
user
parameter
authentication
public key
key certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2009101613613A
Other languages
Chinese (zh)
Other versions
CN101997683B (en
Inventor
刘大力
曹春春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Nansida Technology Development Co ltd
Shenzhen city Qianhai Duosi science and Technology Development Co.,Ltd.
Original Assignee
BEIJING DUOSI TECHNOLOGY DEVELOPMENT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING DUOSI TECHNOLOGY DEVELOPMENT Co Ltd filed Critical BEIJING DUOSI TECHNOLOGY DEVELOPMENT Co Ltd
Priority to CN2009101613613A priority Critical patent/CN101997683B/en
Publication of CN101997683A publication Critical patent/CN101997683A/en
Application granted granted Critical
Publication of CN101997683B publication Critical patent/CN101997683B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to a method and device for authenticating zero knowledge proof. The method is based on a public key system, wherein a public key certificate GCi is allotted to a first user through a first authentication organism, and the public key certificate GCi at least comprises user parameters idi and is published. The method comprises the steps of: generating a first random number Ri and a safety entropy parameter CTi, on the basis of the safety entropy parameter CTi, generating a safety entropy mixing number STi by using a recombination cryptologic circuit; on the basis of the first random number Ri, the safety entropy parameter CTi and the safety entropy mixing number STi, generating a first identity authentication parameter of the first user; sending the first identity authentication parameter to a second user by the first user; and figuring out a public key certificate GCi' of the first user from the received first identity authentication parameter by the second user and comparing the figured-out public key GCi' and the published public key certificate GCi to authenticate the first user.

Description

A kind of authentication method of zero-knowledge proof and authenticate device
Technical field
The present invention relates to a kind of authentication method and authenticate device of zero-knowledge proof, relate in particular to a kind of use can the recombinate authentication method and the authenticate device of the zero-knowledge proof that logical circuit realizes.
Background technology
" zero-knowledge proof "-zero-knowledge proof is proposed in early 1980s by people such as Goldwasser.It refers to the certifier and can not provide under the situation of any Useful Information to the verifier, makes the verifier believe that certain judgement is correct.Zero-knowledge proof comes down to a kind of two sides or agreement more in many ways of relating to, i.e. two sides or the required series of steps of taking that accomplishes a task more in many ways.The certifier is to verifier proof and it is believed oneself know or have a certain message, but that proof procedure can not leak to the verifier is any about being proved to be the information of message.In the zero-knowledge proof that people such as Goldwasser propose, must carry out between certifier and the verifier alternately, such zero-knowledge proof is called as " mutual zero-knowledge proof ".
An important application occasion of zero-knowledge proof is the password field.For example, public-key cryptosystem has just adopted the thinking of zero-knowledge proof.Public key system was proposed by W.Diffie and M.Hellman in 1976, and the maximum characteristics of this system are to adopt two keys with the encryption and decryption ability separately: a PKI is as encryption key, and a private key is that the user is proprietary.As decruption key, communicating pair need not prior interchange key just can carry out secure communication.And to go out private key from PKI or ciphertext analysis, on calculating, be impossible.If with the PKI is encryption key, as decruption key, then can realize the information of a plurality of user encryptions with private key for user, can only understand by a user; Otherwise, with the proprietary private key of user as encryption key, and with PKI as decruption key, then can realize information by a user encryption, can understand by a plurality of users.The former can be used for secure communication, and the latter can be used for digital signature.
Public key system is different from traditional symmetric key cipher system, and it requires key to occur in pairs, and one is encryption key (e), and another is decruption key (d), and can not derive another from one of them.Public key encryption algorithm also claims asymmetric key algorithm, with two keys: a public-key cryptography and a private key.The user will ensure the safety of private key; Public-key cryptography then can release.For example, 1977, by Rivest, Shamir, Adleman three people have proposed RSA Algorithm.The theoretical foundation of RSA Algorithm is a kind of special invertible module exponent arithmetic, and its fail safe is based on the difficulty of decomposing large integer n.Suppose that A wants to receive by insecure medium the private message of B.A can produce a PKI and a key with following mode:
Choose at random two big prime number p and q, p is not equal to q, calculates N=pq.
According to Euler's function, be not more than N and with the relatively prime integer number of N for (p-1) (q-1)
Select an integer e and (p-1) (q-1) relatively prime, and e less than (p-1) (q-1)
Calculate d:d * e ≡ 1 (mod (p-1) (q-1)) with following this formula
The record of p and q is destroyed.
E is a PKI, and d is a private key.D is secret, all knows and N is the public.A passes to B with her PKI, and her private key is concealed.Therefore, in RSA Algorithm, PKI be (N, e), key be (N, d).
Also there is other public key algorithm, for example, Diffie-Hellman cipher key interaction agreement, DSA Digital Signature Algorithm etc.The fail safe of Diffie-Hellman cipher key interaction agreement mainly depends on the discrete logarithm problem on the finite field.The fail safe of DSA Digital Signature Algorithm also depends on the discrete logarithm problem on the finite field.
Yet, development along with big integer decomposition and parallel processing technique, the ability that solves the Fundamentals of Mathematics (such as the discrete logarithm on decomposing large integer n, the calculating finite field) of above-mentioned algorithm also constantly strengthens, and therefore the attacking ability of above-mentioned various key algorithms is also constantly strengthened.The various public key systems of current employing must further increase key length, cause its speed fuller, complicated more thus, also produce more expenses (scale that required amount of calculation, memory space, bandwidth, software and hardware are realized etc.) and time delay (encrypting and signature speed).
On the other hand, above-mentioned various public key algorithm can not be supported the authentication system or the encryption system of authorizing in many ways fully.
Summary of the invention
The present invention has proposed a kind of authentication method and authenticate device that has satisfied zero-knowledge proof at the basic entropy of prior art, to overcome the above defective of prior art.
According to one embodiment of present invention, propose to adopt the authentication method and the authenticate device of the logic of can recombinating, wherein utilized the logic of to recombinate further to increase fail safe.
The invention provides a kind of authentication method based on the PKI system, wherein first user is distributed public key certificate GCi by first authorities conducting the examination on the ministry's authorization, described public key certificate GCi comprises customer parameter idi at least, described public key certificate GCi comes forth, and described method comprises step: produce the first random number R i and safe entropy parameter CTi; Based on safety entropy parameter CTi, the utilization cryptologic circuit of can recombinating generates safe entropy mixed number STi; Produce first user's the first authentication parameter based on the first random number R i, described safe entropy parameter CTi, safe entropy mixed number STi; First user sends to second user to the first authentication parameter; Second user goes out first user's public key certificate GCi ' from the first authentication calculation of parameter that receives, and the public key certificate GCi of public key certificate GCi ' that relatively calculates and announcement, to authenticate first user.
In addition, the step that wherein generates the first authentication parameter comprises: based on Ri, CTi, STi, produce Xi, Yi according to following expression:
Xi=g e*Rimod?n
Yi=Si*g STi?Ri?mod?n
Wherein Xi, Yi, CTi be as first user's the first authentication parameter, and wherein e, n, g are the parameters that the public key certificate C of authorities conducting the examination on the ministry's authorization is announced, parameter S i is first user's a private key.
In addition, second user step of calculating first user's public key certificate GCi ' comprises: the safe entropy parameter CTi that extracts first user; The utilization cryptologic circuit of can recombinating calculates first user's safe entropy index CKi from safety entropy parameter CTi; Utilize Xi, Yi, CKi, calculate first user's public key certificate GCi ' according to following expression formula:
Xi CKi/Y i e?mod?n=GCi’,
Wherein e, n are the parameters that the public key certificate C of authorities conducting the examination on the ministry's authorization is announced.
The invention provides a kind of user authentication device based on the PKI system, described user authentication device comprises: memory, and be used for storage and distributed public key certificate GCi by first authorities conducting the examination on the ministry's authorization, described public key certificate GCi comprises customer parameter idi at least; Randomizer is used to produce random number R i; Safe entropy parameter generation device is used to produce safe entropy parameter CTi; The logical circuit of can recombinating generates safe entropy mixed number STi based on safety entropy parameter CTi; The authentication information generating apparatus is used for generating based on described random number R i, safe entropy parameter CTi, safe entropy mixed number STi the first authentication parameter of the first user i; R-T unit is used for the first authentication parameter of the first user i is sent to second user authentication device, and the second authentication parameter that receives the second user j from second user authentication device; The authentication information calculation element is used for calculating the public key certificate GCj ' of the second user j from the second authentication parameter that receives; And comparison means, the public key certificate GCj that the public key certificate GCj ' that is used for relatively calculating and second user announce is to authenticate second user.
According to another embodiment of the present invention, a kind of authentication method and authenticate device of authorizing in many ways supported proposed.By supporting a plurality of authorities conducting the examination on the ministry's authorizations, not only further improved authenticating safety, also satisfied more complicated application demand.
The invention provides a kind of authentication method based on the PKI system, wherein first user is distributed public key certificate GCi by first authorities conducting the examination on the ministry's authorization, first user, second user are also by the second authorities conducting the examination on the ministry's authorization distributing key Km and by the 3rd authorities conducting the examination on the ministry's authorization distributing key Kn, described public key certificate GCi comprises customer parameter idi at least, described public key certificate GCi comes forth, and described method comprises step: first user utilizes the cryptologic circuit of can recombinating to produce first user's the first authentication parameter; First user uses the key K n of the key K m of second authorities conducting the examination on the ministry's authorization and the 3rd authorities conducting the examination on the ministry's authorization to encrypt first user's the first authentication parameter; First user sends to second user to the first authentication parameters C XY after encrypting; Second user uses the key K m of second authorities conducting the examination on the ministry's authorization and the key K n of the 3rd authorities conducting the examination on the ministry's authorization to decipher the first authentication parameters C XY of the encryption that is received, to obtain first user's the first authentication parameter; Second user goes out first user's public key certificate GCi ' from the first authentication calculation of parameter that receives, and the public key certificate GCi of public key certificate GCi ' that relatively calculates and first user announcement, to authenticate first user.
Description of drawings
Fig. 1 shows the flow chart according to the verification process of first embodiment of the invention.
Fig. 2 illustrates the flow chart of implementation procedure of the step S105 of verification process shown in Figure 1.
Fig. 3 illustrates the basic structure block diagram of the recombinated cryptologic circuit 300 of the first embodiment of the present invention.
Fig. 4 illustrates a simple examples of recombinated cryptologic circuit 300 shown in Figure 3.
Fig. 5 illustrates another simple examples of recombinated cryptologic circuit 300 shown in Figure 3.
Fig. 6 illustrates the flow chart of implementation process of step S120 of the verification process of Fig. 1.
Fig. 7 shows the basic structure block diagram according to the recombinated cryptologic circuit 700 of second embodiment of the invention.
Fig. 8 illustrates can the recombinate static controllable node and the dynamic controllable node of S box of logic realization of use.
Fig. 9 illustrates 3 authorities conducting the examination on the ministry's authorization managed together users' schematic diagram
Figure 10 illustrates the flow chart according to the authentication process of third embodiment of the invention.
Figure 11 shows the structured flowchart of the authenticate device be used to realize embodiments of the invention.
Embodiment
First embodiment
First embodiment of the invention has been described the example that has only an authorities conducting the examination on the ministry's authorization leading subscriber.
Authorities conducting the examination on the ministry's authorization adopts national public-key cryptosystem SM2 algorithm (compatible RSA Algorithm Based on Public-Key Cryptographic System).
The public key certificate of authorities conducting the examination on the ministry's authorization for example is:
C=(T,id,e,n,g,G)
The note of each parameter of certificate is:
T: time-varying parameter (enrollment time, effective time)
Id: authorization center office parameter (network address, telephone number, identity, authorities conducting the examination on the ministry's authorization sign)
A: authorities conducting the examination on the ministry's authorization is used the cryptographic algorithm information of DSE arithmetic
K: authorities conducting the examination on the ministry's authorization is used the encryption key of DSE arithmetic
G: authorities conducting the examination on the ministry's authorization management information
S: authorities conducting the examination on the ministry's authorization private key
[e, n, g]: authorities conducting the examination on the ministry's authorization PKI system key
[e, n, g, S]: authorities conducting the examination on the ministry's authorization key certificate
The public key certificate of authorized user i for example is:
GCi (licensing to the authorities conducting the examination on the ministry's authorization public key certificate)=(Ti, idi, ei, nim, Gi)
The parameter note of certificate:
Ti: time-varying parameter (enrollment time, effective time, mandate time)
Idi: customer parameter (network address, telephone number, identity, authorization center sign)
Ei: the public key information that the user uses asymmetric cryptosystem to encrypt
Nim: the public modulus of asymmetric cryptosystem PKI
Gi: authorities conducting the examination on the ministry's authorization anti-counterfeiting information
The private key certificate of authorized user i for example is:
Authorization center authorized user private key certificate: [e, n, g, Si]
The parameter note of certificate:
E, n: authorities conducting the examination on the ministry's authorization PKI
G: authorities conducting the examination on the ministry's authorization key code system primitive element
Si: private key for user
Fig. 1 shows the flow chart according to the verification process of first embodiment of the invention.
At step S100, user i generates the authentication parameter of self.To further specifically describe the generative process of the authentication parameter of user i referring to Fig. 2.
At step S105, user j generates the authentication parameter of self.Come performing step S105 to be similar to flow process shown in Figure 2.
At step S110, user i sends to user j to the authentication parameter of oneself.
At step S115, user j sends to user i to the authentication parameter of oneself.
At step S120, user i authenticated user j.Particularly, user i utilizes the authentication parameter of the user j that is received to come authenticated user j.To further specifically describe the process of user i authenticated user j referring to Fig. 6.
At step S125, user j authenticated user i.Particularly, user j utilizes the authentication parameter of the user i that is received to come authenticated user i.Come performing step S125 to be similar to flow process shown in Figure 6.
At step S130, judge that whether user i, j both sides are by authentication.
Fig. 2 illustrates the flow chart of the implementation procedure of step S105 in the verification process shown in Figure 1, i.e. the flow chart of the authentication information generative process of user i.
At step S200, user i produces a random number R i.
At step S205, generate safe entropy information parameters C Ti.
In the first embodiment of the present invention, safe entropy information parameter is a random number R si.
Random number R i or Rsi can adopt multiple mode to generate, and include but not limited to following mode:
(1) can be respectively on the equipment of oneself value be time (year, month, day, hour, min) information of calculating the zero hour real-time clock (RTC) from device systems;
(2) can be the random number that a randomizer produces;
(3) can be a timestamp t AWith a current r ANumber of combinations, that is:
R(i,j)=[t A||r A]
Timestamp is made up of an optional generation time and expired time, and this delay that will prevent message transmits.Be used to detect Replay Attack now.Present value must be unique in the effective time of message.
(i) current r ABe the function of Xi (or Xj), work as t AMinute indicator at 1~15 minute when regional, the binary string that 5 samplings in the every interval of the binary string of Xi (or Xj) are formed is r A
(ii) work as t AMinute indicator at 15~30 minutes when regional, the binary string that 7 samplings in the every interval of the binary string of Xi (or Xj) are formed is r A
(iii) work as t AMinute indicator at 30~45 minutes when regional, the binary string that 11 samplings in the every interval of the binary string of Xi (or Xj) are formed is r A
(iv) work as t AMinute indicator at 45~60 minutes when regional, the binary string that 13 samplings in the every interval of the binary string of Xi (or Xj) are formed is r A
(4) can be the mixed number that a computation model generates
At step S210, the utilization logical circuit of can recombinating generates safe entropy mixed number STi.
Particularly, according to safety entropy information parameters C Ti and reorganization logical model computationally secure entropy mixed number STi:
STi=CTi(RELOG)
The processing procedure of step S210 will be described in further detail referring to Fig. 3.
At step S215, calculating parameter Xi, Yi.
According to the first embodiment of the present invention, user i calculates Xi and Yi according to following expression.
Xi=g E*RiMod n expression formula (1)
Yi=Si*g STi RiMod n expression formula (2)
The parameter that the public key certificate C that parameter e, n in the above expression formula (1), g are authorities conducting the examination on the ministry's authorization is announced.Parameter S i is the private key of user i.
The CTi that the Xi that step S215 calculates, Yi generate with step S205 is as the authentication parameter of user i.
At step S220, calculate the summary of authentication parameter X i, Yi, CTi.
Step S220 can adopt various existing digest algorithms to extract authentication parameter X i, summary info Xim, the Yim of Yi, CTi, CTim.
For example, can adopt hash function is one a group of fixed length, irreversible and unique Hash Value with data compression.Hash hash algorithm commonly used has MD-5 and SHA-1.User i can specify digest algorithm in advance.For example, can be defined as the part of Ai about the information of the employed digest algorithm of user i.Ai can come forth.
Should be pointed out that in other embodiments above-mentioned steps S220 can be omitted, promptly can disregard and calculate summary info Xim, Yim, CTim.
At the step S105 of Fig. 1, similar with the authenticating identity parameter generative process of user i shown in Figure 2, user j produces the authentication parameter of oneself.
User j produces random number R j, sets up safe entropy information parameters C Tj, and calculates:
STj=CTj(RELOG)
Xj=g e*Rj?mod?n
Yj=Sj*g STj?Rj?mod?n
Produce authentication parameter X j, Yj, the CTj of user j thus, and the summary of authentication parameter X j, Yj, CTj.
The implementation process of the step S210 of Fig. 2 is described below in conjunction with Fig. 3-5.
The application number that the present inventor proposed on January 8th, 2002 is 02100030.1, denomination of invention is for describing the design philosophy and the execution mode of the logic of can recombinating in detail in the Chinese patent application of " a kind of logic reorganizable circuit ".Above-mentioned patent application was disclosed on July 23rd, 2003, and publication number is CN1431588, was granted patent by Patent Office of the People's Republic of China on January 12nd, 2007.Above-mentioned patent is contained in this paper by reference.
The application further arrives the password field to the recombinated logic circuit application that above-mentioned patent proposes.Can the recombinate encrypted circuit of logic of use is the cryptologic of can recombinating, its design philosophy is: some is set in the cryptologic circuit can be by the reusable functional part of different cryptographic algorithms, and the visible controllable node of some command interface is set in the inside of reusable component with among reusing connection network between the parts, by changing the control coding of these controllable node, can change the internal structure of reusing parts or annexation each other, thereby realize different Password Operations, mate different cryptographic algorithms.
Any one cryptographic algorithm all is to be formed according to necessarily being linked in sequence by a series of basic operation.If A is a cryptographic algorithm, then A can be expressed as:
A=(op 1,1+op 1,2+...+op 1,m1)*(op 2,1+op 2,2+...+op 2,m2)*...*(op n,1+op n,2+...+op n,mn)
Expression formula (3)
Wherein, op I, j(j=1,2 ..., m i, i=1,2 ..., n) represent basic Password Operations, "+" expression parallel work-flow relation, " * " expression serial operation relation.
By a large amount of cryptographic algorithms is analyzed and is studied, we find that cryptographic algorithm has a notable attribute: a lot of different cryptographic algorithms have same or analogous basic operation composition, and the frequency that same in other words basic operation composition occurs in algorithms of different is very high.
Because multiple cryptographic algorithm often has a lot of same or analogous basic operation compositions, the pairing hardware resource of these basic operation compositions just can be shared by multiple different cryptographic algorithm institute, so we just can overlap logical circuit with less circuit scale structure one and realize multiple algorithm.Can the recombinate design considerations of cryptologic that Here it is.For example, suppose implementation algorithm A 1The set of needed hardware resource is EA 1={ e 1, e 2, e 3, e 4, e 5, implementation algorithm A 2The set of needed hardware resource is EA 2={ e 1, e 3, e 6, e 7, implementation algorithm A 3The set of needed hardware resource is EA 3={ e 2, e 4, e 6, e 8, E then A1, E A2, E A3Union be E=E A1∪ E A2∪ E A3={ e 1, e 2, e 3, e 4, e 5, e 6, e 7, e 8; Owing to comprised implementation algorithm A among the E 1, A 2, A 3Required whole hardware resources, so E can realize A 1, A 2, A 3The scale of three different algorithms and E is less than E A1, E A2, E A3The scale sum, i.e. S (E)<S (E A1)+S (E A2)+S (E A3), S (E)=[S (E in fact A1)+S (E A2)+S (E A3)]-S (e 1)-S (e 2)-S (e 3)-S (e 4)-S (e 6).This example explanation, if we will realize the hardware resource of multiple different cryptographic algorithms stack up (promptly asking union) constitute a cover cryptologic circuit, then this cryptologic circuit can be realized above-mentioned multiple different cryptographic algorithm, and reuse parts (by the employed parts of plural algorithm) owing to often exist in the required resource of multiple different cryptographic algorithms, so the scale of this cryptologic circuit generally is less than the summation of above-mentioned multiple different cryptographic algorithm resource requirements.
By data enciphering/deciphering principle and a large amount of typical cryptographic algorithms are analyzed, we find that the employed basic operation composition of cryptographic algorithm is confined to mostly that displacement, displacement, S box replace, a few action types such as device, XOR, feedback shift register are taken advantage of/added to mould.Therefore along with the increase of cryptographic algorithm number n, it is reused parts and reuses number of times and also can get more and more, thereby the growth rate according to the scale of the cryptologic of resource stacking method structure can be more and more slower, can not cause the unlimited expansion of scale because of the increase of algorithm number n.We can imagine, when n was enough big, we only need increase seldom that scale (perhaps not using the increase scale) just can realize n+1 algorithm.For example, in we recombinated password instance system RELOG_DIGG at 4 algorithm design such as DES, IDEA, Gifford, Geffe, need not increase any resource and just can realize FEAL algorithm and PES algorithm, only needing increases mould 232 adders, just can realize former Soviet states encryption standard GOST.In addition, when n is enough big, to comprise a lot of various types of code components commonly used (so-called code component is meant the parts of realizing basic Password Operations) in the cryptologic circuit that the resource stack of n algorithm constitutes, therefore, we can utilize the new cryptographic algorithm of these existing code component exploitations, in this sense, the cryptologic circuit of can recombinating has certain autgmentability.
Therefore, the logic of can recombinating provides a new approach for data encryption, the reconstitutable characteristic of its internal circuit structure makes its architecture have flexibility to a certain degree, has solved architecture and the unmatched problem of different application demand that traditional rigid body architecture is brought preferably.The employing logic of can recombinating can realize multiple different cryptographic algorithm fast, neatly.For example, the crypto chip of can recombinating can change algorithm at any time easily, reveals or is broken so can prevent cryptographic algorithm effectively.In addition, the crypto chip of can recombinating can replace the crypto chip of polylith at special algorithm, thereby greatly reduces the exploitation and the producing cost of crypto chip.This shows that the crypto chip of can recombinating not only has great economic worth, and have extremely important safe meaning.
Fig. 3 illustrates the basic structure block diagram of the recombinated cryptologic circuit 300 of the first embodiment of the present invention.
The recombinated cryptologic circuit 300 of Fig. 3 receives input CTi 301, Control Parameter CTRL 303, and has output STi 302.
The cryptologic of can recombinating circuit 300 inside comprise the set that can be constituted by the reusable functional part of different cryptographic algorithms, are expressed as E={e 1, e 2..., e m(m ∈ N).CTRL represents the set that parts constituted that some command interface is visible, controlled, CTRL={ctrl 1, ctrl 2..., ctrl n(n ∈ N).C represents the set that annexation constituted between above-mentioned functions parts or the controllable component, C={R<a, b〉| R<a, b〉be the annexation of a to b, a, b ∈ E ∪ CTRL}.Determined the cryptologic circuit 300 of to recombinate by E, CTRL, C, be designated as RELOG={E, CTRL, C}.E wherein i∈ E (i=1,2 ..., m) be called reorganization element, ctrl i∈ CTRL (i=1,2 ..., n) be called controllable node.
Obviously, the function of the cryptologic of can recombinating circuit 300 will be along with the change of the control signal CTRL303 of controllable node and is changed, if the cryptologic of can recombinating RELOG={E, CTRL, the function that C} can realize is represented with FUNC_RELOG, the set of the control signal of its controllable node correspondence is still represented (for the sake of simplicity with CTRL, later be unlikely to cause under the situation about obscuring, we still are called controllable node with the control signal of controllable node correspondence), then FUNC_RELOG is the function of CTRL, is expressed as
FUNC_RELOG=f (CTRL) expression formula (4)
Under the control of Control Parameter CTRL303, the cryptologic of can recombinating circuit 300 can be reassembled as various logic circuitry (or encrypted circuit), thereby with different logical function (or encryption function) input CTi 301 is become output STi 303.
Fig. 4 illustrates a simple examples of the cryptologic of recombinating shown in Figure 3, wherein can realize different logical functions under the control of CTRL.
In circuit shown in Figure 4, AND2 represents 2 inputs and door, and AND3 represents 3 inputs and door, and OR2 represents 2 inputs or door, and NOT represents not gate, and A, B, C, D are 4 input variables, and F is an output variable.Be provided with 2 controllable node in foregoing circuit, its control signal is designated as CTRL1 and CTRL2 respectively.By CTRL1 is composed with different values with CTRL2, just can change the logic function of foregoing circuit, realize different logical functions.Following table has provided when CTRL1 gets different values with CTRL2, the functional relation that foregoing circuit is realized.
Table 1: the function of the logic realization of recombinating shown in Figure 4
Figure B2009101613613D0000121
According to the definition of the above-mentioned cryptologic of recombinating, this logical circuit of can recombinating can be described as:
RELOG={E, CTRL, C} expression formula (5)
Wherein, E={AND3, NOT, OR2},
CTRL={AND2_1,AND2_2},C={AND3→AND2_1,NOT→AND2_2,AND2_1→OR2,AND2_1→OR2}。
The function that this logical circuit of can recombinating is realized can be expressed as:
RELOG _ FUNC = CTRL 1 · ABC + CTRL 2 · D ‾ Expression formula (6)
Therefore, can apply different logical functions to input according to CTRL.
Fig. 5 illustrates another simple examples of the cryptologic of recombinating shown in Figure 3, wherein can realize having the logical function of different annexations under the control of CTRL.
Fig. 5 (a) has 3 components A, B, C, enter the C parts behind the output process MUX gating of A and B, input as the C parts, wherein MUX is exactly a controllable node, just can realize two kinds of different annexations by control, respectively shown in Fig. 5 (b) and Fig. 5 (c) to this controllable node.
RELOG={E,CTRL,C}
Wherein, E={A, B, C}, CTRL={MUX}, C={A → MUX, B → MUX, MUX → C}.The function that this logical circuit of can recombinating is realized can be expressed as:
RELOG_FUNC=(A*C)+(B*C) expression formula (7)
Wherein, A*C represents that the output of A is connected to the input of C.
Fig. 4-5 only is the simple examples of recombinated cryptologic circuit 300 shown in Figure 3.The cryptologic of can recombinating circuit 300 can be realized much complicated logical circuit, and as the encrypted circuit that optionally uses one of multiple encryption algorithms.The employed basic operation composition of cryptographic algorithm is confined to mostly that displacement, displacement, S box replace, device, XOR, feedback shift register etc. are taken advantage of/added to mould.By in the cryptologic circuit 300 of can recombinating, suitably designing the basic elements of character such as shift unit, permute unit, S box, linear feedback shift register, and the connection network between these parts, can on the single cryptologic circuit 300 of recombinating, realize the combination in any in DES, IDEA, Gifford, Geffe, AES (AES128, AES192, AES256), GOST, CROR, a plurality of cryptographic algorithm such as MD5, SHA1.More contents about the cryptologic of can recombinating can be referring to for example " computer engineering and application " 23 phases in 2007 " restructural cipher processor inside is connected Network Design and analysis ", Qu Yingjie.
Get back to Fig. 2,,, under the control of CTRL parameter 303, can generate safe entropy hybrid parameter STi 302 from safety entropy parameter CTi 301 with different cryptographic algorithm by using recombinated cryptologic circuit 300 shown in Figure 3 at step S210.
Should be pointed out that in the first embodiment of the present invention CTRL parameter is that user i sets, as the part of user-defined information A i.Particularly, user i can self-defined information Ai.Ai is the information of digest algorithm, selection algorithm and CTRL parameter etc. of algorithm, the use of explanation user i employed DSE arithmetic.For example, user i uses Ai to come the employed digest algorithm of determining step S220.Also for example, user i and authorization center use this information A i to determine the algorithm of private key for user information encryption.Also for example, user i also uses Ai to come the employed CTRL parameter of determining step S205.
Get back to Fig. 1, at step S120, user i authenticated user j is to judge whether user j is validated user.Particularly, user i receives authentication parameter X j, Yj, the CTj of user j, and authentication parameter X j, summary Xjm, the Yjm of Yj, CTj, CTjm.User i uses these parameters that receive to come authenticated user j.
Fig. 6 illustrates the implementation process of the step S120 of Fig. 1.
At step S600, user i utilizes summary Xj m, the Yjm, the CTj m that are received to check authentication parameter X j, Yj, CTj.Particularly, by the information A j of reference user j, user i can know the digest algorithm of user j.User i uses same digest algorithm to calculate authentication parameter X j, summary info Xjm ', the Yjm ' of Yj, CTj, CTjm '.If the summary info Xjm ', the Yjm ' that calculate, CTjm ' are consistent with summary info Xjm, the Yjm, the CTjm that receive, illustrate that then Xj, Yj, CTj are not distorted.Proceed to next step S605.
If checked result is inconsistent, illustrate that then Xj, Yj, CTj information are distorted, user j is not by authentication, and the end verification process.
Should be pointed out that in alternative embodiment the step S220 of Fig. 2 can be omitted, thereby above-mentioned steps S600 can be omitted also, promptly can disregard the calculation summary info, directly enters the processing of S605.
At step S605, user i extracts the CTj of user j, and computationally secure entropy index CKj:
CKj=CTj (RELOG) expression formula (8)
The recombinated cryptologic circuit that uses in step 605 is the circuit identical with recombinated cryptologic circuit shown in Figure 3 300.{ CTRL}303 disposes the cryptologic circuit of can recombinating to use Control Parameter shown in Figure 3.{ CTRL}303 can obtain from the Aj that user j announces Control Parameter.
At step S610, calculate user j and authorize public key certificate GCj '.For example, according to the first embodiment of the present invention, adopt following formula to calculate GCj ':
Xj CKj/ Y j eMod n=GCj ' expression formula (9)
At step S615, user i uses step S610 GCj ' that calculates and the public key certificate GCj that user j announces to compare.For example, comprise the idj parameter among the user j certificate GCj, idj comprises the personal information of following user j: network address, telephone number, identity etc.
At step S620, judge whether the information among GCj and the GCj ' is consistent.For example, can judge whether idj among GCj and the GCj ' and the information of idj ' is consistent.If consistent, then the identity of user j has obtained authentication.On the other hand, if information is inconsistent, then user j is not by authentication.
Therefore, even user k fake user j is arranged, because user k does not have the private key Sj of user j, user k can't pass through verification process.
At the step S125 of Fig. 1, user j authenticates user i.The process that user j adopts and process shown in Figure 6 is similar is come authenticated user i.
At the step S130 of Fig. 1, judge that whether user i, j both sides are by authentication.User i, j both sides can carry out subsequent treatment by after the authentication, and the agreement phase that for example enters both sides' key agreement perhaps directly begins transmission information.If either party is not by authentication, then interrupt both parties communication.Control system prompting: disabled user.
The authentication mode that should be pointed out that Fig. 1 is the method that both sides authenticate mutually.Obviously, the present invention also supports the method for folk prescription authentication, i.e. user i authenticated user j, and vice versa.
Second embodiment
The second embodiment of the present invention adopts Fig. 1, Fig. 2, flow chart shown in Figure 6 equally.The difference of second embodiment and first embodiment is step S205 and the step S210 of Fig. 2.
At step S205, the safe entropy information parameters C Ti that user i produces not only comprises random number R si, also comprises user security entropy CSTi, system safety entropy CSKi.Particularly, CTi is shown in following formula:
CTi=CSTi, CSKi, Rsi expression formula (10)
In step S210, adopt above-mentioned safe entropy information parameters C Ti to generate safe entropy hybrid parameter STi.
Fig. 7 shows according to the employed cryptologic circuit 700 of recombinating of the implementation process of the step S210 of second embodiment of the invention.
The cryptologic of can recombinating circuit 700 comprises the user logical circuit Pa that can recombinate of logical circuit Sa and system that can recombinate.
The user logical circuit Sa that can recombinate receives the random number R si of input, according to user security entropy CSTi to can the recombinate configuration of logical circuit Sa of user, output user security entropy mixed number UTi.
The logical circuit Pa that can recombinate of system receives the user security entropy mixed number UTi of input, according to system safety entropy CSKi to can the recombinate configuration of logical circuit Pa of system, output safety entropy mixed number STi.
Safe entropy mixed number STi is used to follow-up authentication calculation of parameter, shown in the step S215 of Fig. 2.
According to another alternative embodiment, safe entropy CST and CSK can be respectively applied for the static coding and the dynamic coding of the logical circuit 700 of can recombinating.
Can the recombinate basic conception of static coding and dynamic coding of logical circuit 700 of at first simple introduction.By a large amount of cryptographic algorithm are analyzed, the inventor finds, have the control of a lot of controllable node to be coded in the algorithm implementation remain unchanged (for example replacing Control Node and S box Control Node), and the control of another part controllable node is coded in and need frequent change (for example read/write register heap Control Node, path Control Node) in the algorithm implementation.According to these characteristics, we are divided into two classes with controllable node, and the controllable node that remains unchanged of will encoding in the algorithm implementation is called static controllable node, will need the frequent controllable node that changes coding to be called dynamic controllable node in the algorithm implementation.For static controllable node, before carrying out, gives algorithm the control that needs coding with special loading instruction, these are coded in the implementation of algorithm and remain unchanged, therefore in the implementation of algorithm, do not need again static controllable node to be controlled, get final product and only need control those dynamic controllable node, saved the space of command word so widely, make every command word can comprise more dynamically control coding, thereby improved the concurrency of operation, accelerated the execution speed of algorithm.
Generally, static controllable node all is the function Control Node, and the path Control Node all is dynamic controllable node.
Fig. 8 is transformed to example with the S box and illustrates that static controllable node and dynamic controllable node combine the situation that control operation is carried out.
In a lot of algorithms, to use the conversion of S box, realize that the conversion of S box then needs to control two class controllable node: Data Source Control Node and transforming function transformation function Control Node.In most of algorithms, the transforming function transformation function of S box is determined, in the implementation of algorithm, will no longer change, but its Data Source but will constantly change in the implementation of algorithm, therefore the transforming function transformation function Control Node with the S box is defined as static controllable node, and its Data Source Control Node is defined as dynamic controllable node, under both combination control, just can realize the conversion of needed S box.
Fig. 8 illustrates the use logic of can recombinating and realizes static controllable node and dynamic controllable node under the situation of S box.
Get back to the step S105 of Fig. 1, identical with the aforesaid operations of user i in the second embodiment of the present invention, user j also sets up safe entropy information parameters C Tj, and uses CTj to calculate the authentication parameter, shown in following expression:
CTj=CSTj, CSKj, Rsj expression formula (11)
STj=CTj (RELOG) expression formula (12)
Xj=g E*RjMod n expression formula (13)
Yj=Sj*g STj RjMod n expression formula (14)
Get back to the step S120 of Fig. 1, at second embodiment, user i authenticated user j.
Come performing step S120 based on flow chart shown in Figure 6 equally.At step S605, extract user j safety entropy information parameters C Tj.Shown in expression formula (11): CTj=CSTj, CSKj, Rsj
At step S610, the CTj of use expression formula (11) calculates the public key certificate GCj ' of user j.
The 3rd embodiment
First embodiment, second embodiment have discussed the example of an authorities conducting the examination on the ministry's authorization.The third embodiment of the present invention is discussed the example of three authorities conducting the examination on the ministry's authorizations.
In the 3rd embodiment, support three authorities conducting the examination on the ministry's authorization managed together, user i, j all need to obtain certificates from three authorities conducting the examination on the ministry's authorizations respectively at this moment, but just communication.
Fig. 9 illustrates 3 authorities conducting the examination on the ministry's authorizations: authorization center, administrative center, the managed together user's of network management center schematic diagram.Three certificate granting system fail safes are to be guaranteed by the safety management of the certificate of authority of authorization center, administrative center and network management center.Three authorities conducting the examination on the ministry's authorizations are the supervisor authority information respectively, each other can be respectively and independent mandate.Upgrade when authorizing, authorization message is irrelevant mutually, and during use, authorization message interacts.
The authorization center authorization message comprises: private key for user, safe entropy.
Administrative center's authorization message: safe entropy key
Network management center's authorization message: auxiliary key
For example, at the 3rd embodiment,
Authorization center authorized user private key certificate: [e, n, g, Si];
Administrative center's authorizing secure entropy private key certificate: [e, n, g, Km];
Auxiliary private key certificate is authorized by network management center: [e, n, g, Kn, STi].
The parameter note of above certificate is as follows:
E, n: authorities conducting the examination on the ministry's authorization PKI
G: authorities conducting the examination on the ministry's authorization key code system primitive element
Si: private key for user
Km: safe entropy key
Kn: auxiliary key
STi: safe entropy mixed number
Wherein Km is second office (administrative center) certificate, and Kn is the 3rd office (network management center) certificate.
Figure 10 illustrates the flow chart according to the authentication process of third embodiment of the invention.
At step S1000, user i generates the authentication information Xi of oneself, Yi, CTi.The enforcement of step S1000 can be identical with the implementation process of the step S100 of Fig. 1.
At step S1005, the Kn that user i uses Km that second authorities conducting the examination on the ministry's authorization (administrative center) provides and the 3rd authorities conducting the examination on the ministry's authorization (network management center) to provide comes crypto identity authentication information Xi, Yi, CTi.
Particularly,,, after algorithm Am execution encryption, form message and send as key by Km*Kn.Algorithm Am can be a symmetric encipherment algorithm, and the information A i of user i comprises the information of indication algorithm Am.If both sides Km*Kn is inconsistent, then can't solve correct authentication information, can not be by authentication.For example, adopt following formula:
C XY=[A m] Km*Kn(X i, Y i, CT i) expression formula (15)
Y wherein i=S i* g STi RiMod n has wherein used safe entropy mixed number STi, obtains STi based on CTi by the logical circuit of can recombinating.
Can adopt first embodiment, wherein CTi is random number R si, and uses recombinated logical circuit shown in Figure 3 300 to obtain STi.Perhaps, can adopt second embodiment, wherein CTi's constitutes CTi=(CST i, CSK i, R Si), and adopt recombinated logical circuit shown in Figure 7 700 to obtain STi.
At step S1010, user i is using Km and Kn to encrypt X i, Y i, CT iResulting C XYSend to user j.
At step S1015, user j receives the authentication information C of the above-mentioned encryption of user i XYAfterwards, use Km*Kn deciphering Cxy, can obtain X i, Y i, CTi.
At step S1020, user j uses the recombinated logical construction of the same executive system agreement of CTi, can obtain same STi, calculates X again i STi/ Y i eMod n=GCi.GCi is the mandate public key certificate information of user i.The enforcement of step S1020 can be identical with the implementation process of the step S125 of Fig. 1.
In the 3rd embodiment, the process of user i authenticated user j and process shown in Figure 10 are similar.
Although should be pointed out that the 3rd embodiment is example with 3 authorities conducting the examination on the ministry's authorizations, the invention is not restricted to this.The present invention can be applied to and single authorize system, two mandate system and more than the mandate system of 3 authorities conducting the examination on the ministry's authorizations.A plurality of authorities conducting the examination on the ministry's authorizations are the supervisor authority information respectively, each other can be respectively and independent mandate.Upgrade when authorizing, authorization message is irrelevant mutually, and during use, authorization message interacts.In many ways authorize system to make the secret information of safety communication, can reduce the complexity of secret information management and the fail safe of management respectively by a plurality of system managements.
Although with first, second, third embodiment is that example is introduced inventive concept of the present invention respectively, those skilled in the art can make up the part or all of of above-mentioned first to the 3rd embodiment fully.
Figure 11 shows the structured flowchart of the authenticating device be used to realize above first to the 3rd embodiment.
The authenticating device 1100 of Figure 11 comprises: randomizer 1101, safe entropy parameter generator 1102, the cryptologic of can recombinating circuit 1103, authentication parameter generating apparatus 1104, receiving/transmitting device 1105, authentication parameter calculation apparatus 1106, comparator 1107, memory 1108.
Randomizer 1101 is used to produce random number R i.Randomizer can adopt variety of way to realize, for example utilizes noise to produce, and perhaps utilizes timestamp t AWith current r AProduce, shown in the step S205 of Fig. 2.
Safe entropy parameter generation device 1102 is used to produce safe entropy parameter CTi.
When realizing the first embodiment of the present invention, CTi is a random number R si, and therefore safe entropy parameter generation device 1102 can be implemented as a randomizer.
When realizing the second embodiment of the present invention, CTi comprises random number R si, user security entropy CSTi, system safety entropy CSKi.
The cryptologic of can recombinating circuit 1103 can be under the control of Control Parameter CTRL, based on the CTi of input, output safety entropy mixed number STi.
According to the first embodiment of the present invention, the cryptologic of can recombinating circuit 1103 selects one of a plurality of cryptographic algorithm to encrypt the Rsi of input under the control of Control Parameter CTRL, then output safety entropy mixed number STi.
According to a second embodiment of the present invention, the cryptologic circuit 1103 of can recombinating comprises user's logical circuit and system logical circuit of can recombinating of can recombinating.User security entropy CSTi and system safety entropy CSKi are respectively applied for the configuration user of logical circuit 1103 logical circuit and the system logical circuit of can recombinating of can recombinating of can recombinating.
According to alternative embodiment of the present invention, user security entropy CSTi and system safety entropy CSKi are respectively applied for configuration can the recombinate static coding and the dynamic coding of logical circuit 1103.
Authentication parameter generating apparatus 1104 generates the first authentication parameter of the first user i based on described random number R i, safe entropy parameter CTi, safe entropy mixed number STi.
For example, the step S215 of employing Fig. 2 generates the authentication parameter of user i.Shown in expression formula (1), (2):
Xi=g e*Ri?mod?n
Yi=Si*g STi?Ri?mod?n
The CTi that Xi, Yi generate with safety entropy parameter generation device 1102 is as the authentication parameter of user i.
R-T unit 1105 is used for the first authentication parameter of the first user i is sent to second user authentication device, and the second authentication parameter that receives the second user j from second user authentication device.In addition, R-T unit 1105 can also receive out of Memory from authorities conducting the examination on the ministry's authorization, for example the public key certificate GCj of second user announcement.Should be pointed out that R-T unit 1105 can obtain any available information, and be not limited to the above data that list.
Authentication information calculation element 1106 is used for calculating the public key certificate GCj ' of the second user j from the second authentication parameter that receives.The authentication information calculation element can adopt step S600 shown in Figure 6, S615, S610 to calculate the authentication information GCj ' of user j.Shown in expression formula (9),
Xj CKj/Y j e?mod?n=GCj’
Comparison means 1107 is used for the public key certificate GCj that the public key certificate GCj ' that comparison authentication information calculation element 1106 calculates and second user announce, whether consistent, to authenticate second user if checking both.
Memory 1108 is used to store the public key certificate GCi that is distributed for user i by first authorities conducting the examination on the ministry's authorization, and described public key certificate GCi comprises the customer parameter idi of user i at least.Should be pointed out that memory 1108 can store any available information, and be not limited to the above data that list.For example, memory 1108 can be stored any data that authorities conducting the examination on the ministry's authorization sends, and can also store any data that receive from other user authentication device.
Should be pointed out that above method and apparatus of the present invention not only can be applied to user's authentication, can also be applied to cipher key change, key agreement, public keys calculating between the user etc.
The application number that the present inventor proposed on January 8th, 2002 is 02100030.1, denomination of invention is for describing the design philosophy and the execution mode of the logic of can recombinating in detail in the Chinese patent application of " a kind of logic reorganizable circuit ".Above-mentioned patent application was disclosed on July 23rd, 2003, and publication number is CN1431588, was granted patent by Patent Office of the People's Republic of China on January 12nd, 2007.Above-mentioned patent is contained in this paper by reference.
Should be pointed out that and to realize method and system of the present invention in many ways.For example, can realize method and apparatus of the present invention by any combination of software, hardware, firmware or software, hardware, firmware.The said sequence that is used for the step of described method only is in order to describe, and the step of method of the present invention is not limited to above specifically described order, unless otherwise specify.In addition, in certain embodiments, can be the program that is recorded in the recording medium also with the invention process, these programs comprise the machine readable instructions that is used to realize the method according to this invention.Thereby the present invention also covers the recording medium that storage is used to carry out the program of the method according to this invention.
Though specific embodiments more of the present invention are had been described in detail by example, it should be appreciated by those skilled in the art that above example only is in order to describe, rather than in order to limit the scope of the invention.It should be appreciated by those skilled in the art, can under situation about not departing from the scope of the present invention with spirit, above embodiment be made amendment.Scope of the present invention is limited by claims.

Claims (13)

1. authentication method based on the PKI system, wherein first user is distributed public key certificate GCi by first authorities conducting the examination on the ministry's authorization, and described public key certificate GCi comprises customer parameter idi at least, and described public key certificate GCi comes forth, and described method comprises step:
Produce the first random number R i and safe entropy parameter CTi,
Based on safety entropy parameter CTi, the utilization cryptologic circuit of can recombinating generates safe entropy mixed number STi;
Produce first user's the first authentication parameter based on the first random number R i, described safe entropy parameter CTi, safe entropy mixed number STi;
First user sends to second user to the first authentication parameter;
Second user goes out first user's public key certificate GCi ' from the first authentication calculation of parameter that receives, and the public key certificate GCi of public key certificate GCi ' that relatively calculates and announcement, to authenticate first user.
2. according to the process of claim 1 wherein that the step that generates the first authentication parameter comprises:
Based on Ri, CTi, STi, produce Xi, Yi according to following expression:
Xi=g e*Ri?mod?n
Yi=Si*g STi?Ri?mod?n
Wherein Xi, Yi, CTi be as first user's the first authentication parameter, and wherein e, n, g are the parameters that the public key certificate C of authorities conducting the examination on the ministry's authorization is announced, parameter S i is first user's a private key.
3. according to the method for claim 2, wherein second user step of calculating first user's public key certificate GCi ' comprises:
Extract first user's safe entropy parameter CTi;
The utilization cryptologic circuit of can recombinating calculates first user's safe entropy index CKi from safety entropy parameter CTi;
Utilize Xi, Yi, CKi, calculate first user's public key certificate GCi ' according to following expression formula:
Xi CKi/Y i emod?n=GCi’,
Wherein e, n are the parameters that the public key certificate C of authorities conducting the examination on the ministry's authorization is announced.
4. can recombinate the cryptologic circuit under the control of Control Parameter CTRL according to the process of claim 1 wherein,, come computationally secure entropy mixed number STi based on safety entropy parameter CTi optionally with an algorithm in a plurality of cryptographic algorithm.
5. according to the process of claim 1 wherein that safe entropy parameter CTi is a random number R si.
6. according to the process of claim 1 wherein that safe entropy parameter CTi comprises random number R si, user security entropy CSTi, system safety entropy CSKi.
7. according to the method for claim 6, the wherein said cryptologic circuit of recombinating comprises user's cryptologic circuit and system cryptologic circuit of can recombinating of can recombinating, described user security entropy CSTi is used for the configure user cryptologic circuit of can recombinating, and described system safety entropy CSKi is used for the configuration-system cryptologic circuit of can recombinating.
According to the process of claim 1 wherein first user's customer parameter idi comprise in network address, telephone number, identity, authorization center sign of first user etc. one of at least.
9. authentication method based on the PKI system, wherein first user is distributed public key certificate GCi by first authorities conducting the examination on the ministry's authorization, first user, second user are also by the second authorities conducting the examination on the ministry's authorization distributing key Km and by the 3rd authorities conducting the examination on the ministry's authorization distributing key Kn, described public key certificate GCi comprises customer parameter idi at least, described public key certificate GCi comes forth, and described method comprises step:
First user utilizes the cryptologic circuit of can recombinating to produce first user's the first authentication parameter;
First user uses the key K n of the key K m of second authorities conducting the examination on the ministry's authorization and the 3rd authorities conducting the examination on the ministry's authorization to encrypt first user's the first authentication parameter;
First user is the first authentication parameters C after encrypting XYSend to second user;
Second user uses the first authentication parameters C of the encryption that the key K n deciphering of the key K m of second authorities conducting the examination on the ministry's authorization and the 3rd authorities conducting the examination on the ministry's authorization received XY, to obtain first user's the first authentication parameter;
Second user goes out first user's public key certificate GCi ' from the first authentication calculation of parameter that receives, and the public key certificate GCi of public key certificate GCi ' that relatively calculates and first user announcement, to authenticate first user.
10. according to the method for claim 9, the step that wherein generates the first authentication parameter comprises:
First user produces the first random number R i and safe entropy parameter CTi,
Based on described safe entropy parameter CTi, the utilization cryptologic circuit of can recombinating generates safe entropy mixed number STi;
Based on Ri, CTi, STi, produce Xi, Yi according to following expression:
Xi=g e*Ri?mod?n
Yi=Si*g STiRimod?n
Wherein Xi, Yi, CTi be as first user's the first authentication parameter, and wherein e, n, g are the parameters that the public key certificate C of authorities conducting the examination on the ministry's authorization is announced, parameter S i is first user's a private key.
11. according to the method for claim 10, the step of wherein using the key K n of the key K m of second authorities conducting the examination on the ministry's authorization and the 3rd authorities conducting the examination on the ministry's authorization to encrypt first user's the first authentication parameter comprises:
Use Km and Kn to encrypt the first authentication parameter X i, Yi, CTi according to following formula,
C XY=[A m] Km*Kn(X i, Y i, CT i), wherein Am is the cryptographic algorithm of first user's appointment.
12. according to the method for claim 10, wherein can recombinate the cryptologic circuit under the control of Control Parameter CTRL,, come computationally secure entropy mixed number STi based on safety entropy parameter CTi optionally with an algorithm in a plurality of cryptographic algorithm.
13. the user authentication device based on the PKI system, described user authentication device comprises:
Memory is used for storage and is distributed public key certificate GCi by first authorities conducting the examination on the ministry's authorization, and described public key certificate GCi comprises customer parameter idi at least,
Randomizer is used to produce random number R i,
Safe entropy parameter generation device is used to produce safe entropy parameter CTi;
The logical circuit of can recombinating generates safe entropy mixed number STi based on safety entropy parameter CTi;
The authentication information generating apparatus is used for generating based on described random number R i, safe entropy parameter CTi, safe entropy mixed number STi the first authentication parameter of the first user i;
R-T unit is used for the first authentication parameter of the first user i is sent to second user authentication device, and the second authentication parameter that receives the second user j from second user authentication device;
The authentication information calculation element is used for calculating the public key certificate GCj ' of the second user j from the second authentication parameter that receives; And
Comparison means, the public key certificate GCj that the public key certificate GCj ' that is used for relatively calculating and second user announce is to authenticate second user.
CN2009101613613A 2009-08-10 2009-08-10 Method and device for authenticating zero knowledge proof Active CN101997683B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009101613613A CN101997683B (en) 2009-08-10 2009-08-10 Method and device for authenticating zero knowledge proof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009101613613A CN101997683B (en) 2009-08-10 2009-08-10 Method and device for authenticating zero knowledge proof

Publications (2)

Publication Number Publication Date
CN101997683A true CN101997683A (en) 2011-03-30
CN101997683B CN101997683B (en) 2012-07-04

Family

ID=43787331

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009101613613A Active CN101997683B (en) 2009-08-10 2009-08-10 Method and device for authenticating zero knowledge proof

Country Status (1)

Country Link
CN (1) CN101997683B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102231666A (en) * 2011-06-29 2011-11-02 电子科技大学 Zero knowledge identity authentication method based on strong primes
CN102685749A (en) * 2012-05-30 2012-09-19 杭州师范大学 Wireless safety authentication method orienting to mobile terminal
CN105024823A (en) * 2015-07-27 2015-11-04 中国船舶重工集团公司第七0九研究所 Zero-knowledge proof-based method and system for protecting user identity privacy
CN106789069A (en) * 2016-12-20 2017-05-31 中国电子科技集团公司第三十研究所 A kind of zero-knowledge status authentication method
CN108292402A (en) * 2016-02-23 2018-07-17 恩链控股有限公司 The determination of the public secret of secure exchange for information and level certainty key
CN108933670A (en) * 2018-10-18 2018-12-04 北京云测信息技术有限公司 A kind of digital signature method, device, mobile device and storage medium
CN109766705A (en) * 2018-12-10 2019-05-17 杭州隐知科技有限公司 A kind of data verification method based on circuit, device and electronic equipment
CN109936458A (en) * 2019-03-18 2019-06-25 上海扈民区块链科技有限公司 A kind of lattice digital signature method based on multiple evidence error correction
CN110311782A (en) * 2019-04-29 2019-10-08 山东工商学院 Zero-knowledge proof method, system and the storage medium of personal information

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050120213A1 (en) * 2003-12-01 2005-06-02 Cisco Technology, Inc. System and method for provisioning and authenticating via a network
CN1905447B (en) * 2006-07-31 2010-04-21 上海交通大学 Authentication encryption method and E-mail system

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102231666A (en) * 2011-06-29 2011-11-02 电子科技大学 Zero knowledge identity authentication method based on strong primes
CN102685749A (en) * 2012-05-30 2012-09-19 杭州师范大学 Wireless safety authentication method orienting to mobile terminal
CN102685749B (en) * 2012-05-30 2014-09-03 杭州师范大学 Wireless safety authentication method orienting to mobile terminal
CN105024823A (en) * 2015-07-27 2015-11-04 中国船舶重工集团公司第七0九研究所 Zero-knowledge proof-based method and system for protecting user identity privacy
CN105024823B (en) * 2015-07-27 2018-03-23 中国船舶重工集团公司第七0九研究所 User identity method for secret protection and system based on zero-knowledge proof
CN108292402A (en) * 2016-02-23 2018-07-17 恩链控股有限公司 The determination of the public secret of secure exchange for information and level certainty key
CN108292402B (en) * 2016-02-23 2022-10-04 恩链控股有限公司 Determination of a common secret and hierarchical deterministic keys for the secure exchange of information
CN106789069B (en) * 2016-12-20 2019-12-13 中国电子科技集团公司第三十研究所 zero-knowledge identity authentication method
CN106789069A (en) * 2016-12-20 2017-05-31 中国电子科技集团公司第三十研究所 A kind of zero-knowledge status authentication method
CN108933670B (en) * 2018-10-18 2021-02-26 北京云测信息技术有限公司 Digital signature method and device, mobile device and storage medium
CN108933670A (en) * 2018-10-18 2018-12-04 北京云测信息技术有限公司 A kind of digital signature method, device, mobile device and storage medium
CN109766705A (en) * 2018-12-10 2019-05-17 杭州隐知科技有限公司 A kind of data verification method based on circuit, device and electronic equipment
CN109766705B (en) * 2018-12-10 2021-03-19 北京链化未来科技有限公司 Circuit-based data verification method and device and electronic equipment
CN109936458A (en) * 2019-03-18 2019-06-25 上海扈民区块链科技有限公司 A kind of lattice digital signature method based on multiple evidence error correction
CN109936458B (en) * 2019-03-18 2022-04-26 上海扈民区块链科技有限公司 Lattice-based digital signature method based on multiple evidence error correction
CN110311782A (en) * 2019-04-29 2019-10-08 山东工商学院 Zero-knowledge proof method, system and the storage medium of personal information

Also Published As

Publication number Publication date
CN101997683B (en) 2012-07-04

Similar Documents

Publication Publication Date Title
CN101997683B (en) Method and device for authenticating zero knowledge proof
Barker Guideline for using cryptographic standards in the federal government: Cryptographic mechanisms
Wang et al. An improved key agreement protocol based on chaos
US4633036A (en) Method and apparatus for use in public-key data encryption system
Yu et al. LH-ABSC: A lightweight hybrid attribute-based signcryption scheme for cloud-fog-assisted IoT
CN108418686A (en) A kind of how distributed SM9 decryption methods and medium and key generation method
CN103490901A (en) Secret key generating and releasing method based on combined secrete key system
CN109951276B (en) Embedded equipment remote identity authentication method based on TPM
CN104135473A (en) A method for realizing identity-based broadcast encryption by ciphertext-policy attribute-based encryption
Xu et al. Accountable ring signatures: A smart card approach
CN115021903A (en) Electronic medical record sharing method and system based on block chain
CN101997684B (en) Authorization authentication method, device and system
Lee et al. Public key encryption with equality test from generic assumptions in the random oracle model
CN100388663C (en) Method and device for detecting a key pair and for generating rsa keys
CN101997680B (en) Security chip directly supporting certificate management
Shen et al. Group public key encryption supporting equality test without bilinear pairings
CN101582170B (en) Remote sensing image encryption method based on elliptic curve cryptosystem
Luring et al. Analysis of security features in DLMS/COSEM: Vulnerabilities and countermeasures
CN104320249A (en) Anti-elastic-leakage encryption method and system based on identification
CN106559224A (en) It is a kind of that encryption system and method are persistently leaked based on the anti-of certificate
Fuchsbauer et al. Proofs on encrypted values in bilinear groups and an application to anonymity of signatures
CN110798313A (en) Secret dynamic sharing-based collaborative generation method and system for number containing secret
Senthil Kumari et al. Key derivation policy for data security and data integrity in cloud computing
Barker Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
Zhan et al. Improved proxy re-encryption with delegatable verifiability

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: NANSI SCIENCE AND TECHNOLOGY DEVELOPMENT CO LTD, B

Free format text: FORMER OWNER: BEIJING WISDOM TECHNOLOGY DEVELOPMENT CO., LTD.

Effective date: 20141009

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100080 HAIDIAN, BEIJING TO: 100091 HAIDIAN, BEIJING

TR01 Transfer of patent right

Effective date of registration: 20141009

Address after: 100091, Beijing Haidian District red mountain Yamaguchi 3 maintenance group new building 189, a layer

Patentee after: BEIJING NANSIDA TECHNOLOGY DEVELOPMENT CO.,LTD.

Address before: 100080, Beijing, Zhongguancun Haidian District South Avenue, building 56, B801

Patentee before: BEIJING DUOSI TECHNOLOGY DEVELOPMENT Co.,Ltd.

ASS Succession or assignment of patent right

Owner name: SHENZHEN DUOSI TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: NANSI SCIENCE AND TECHNOLOGY DEVELOPMENT CO LTD, BEIJING

Effective date: 20150730

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150730

Address after: 906, room 518000, building B, Furong Road, No. 2001, guest house, South Lake Street, Shenzhen, Guangdong, Luohu District, Shenzhen

Patentee after: Shenzhen Duosi science and Technology Co.,Ltd.

Address before: 100091, Beijing Haidian District red mountain Yamaguchi 3 maintenance group new building 189, a layer

Patentee before: BEIJING NANSIDA TECHNOLOGY DEVELOPMENT CO.,LTD.

DD01 Delivery of document by public notice

Addressee: Shenzhen Duosi science and Technology Co.,Ltd.

Document name: Notification of Passing Examination on Formalities

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20151211

Address after: 518000 Guangdong city of Shenzhen province Qianhai Shenzhen Hong Kong cooperation zone before Bay Road No. 1 building 201 room A (located in Shenzhen Qianhai business secretary Co. Ltd.)

Patentee after: Shenzhen city Qianhai Duosi science and Technology Development Co.,Ltd.

Address before: 100091, Beijing Haidian District red mountain Yamaguchi 3 maintenance group new building 189, a layer

Patentee before: BEIJING NANSIDA TECHNOLOGY DEVELOPMENT CO.,LTD.

Effective date of registration: 20151211

Address after: 100091, Beijing Haidian District red mountain Yamaguchi 3 maintenance group new building 189, a layer

Patentee after: BEIJING NANSIDA TECHNOLOGY DEVELOPMENT CO.,LTD.

Address before: 906, room 518000, building B, Furong Road, No. 2001, guest house, South Lake Street, Shenzhen, Guangdong, Luohu District, Shenzhen

Patentee before: Shenzhen Duosi science and Technology Co.,Ltd.

DD01 Delivery of document by public notice
DD01 Delivery of document by public notice

Addressee: Shenzhen city Qianhai Duosi science and Technology Development Co.,Ltd.

Document name: Notification to Pay the Fees

DD01 Delivery of document by public notice
DD01 Delivery of document by public notice

Addressee: Shenzhen city Qianhai Duosi science and Technology Development Co.,Ltd.

Document name: Notification of Termination of Patent Right

DD01 Delivery of document by public notice

Addressee: Shenzhen city Qianhai Duosi science and Technology Development Co.,Ltd.

Document name: Notification of Decision on Request for Restoration of Right

DD01 Delivery of document by public notice
PP01 Preservation of patent right
PP01 Preservation of patent right

Effective date of registration: 20190111

Granted publication date: 20120704

DD01 Delivery of document by public notice

Addressee: Shenzhen city Qianhai Duosi science and Technology Development Co.,Ltd.

Document name: Notice of preservation procedure

DD01 Delivery of document by public notice
PD01 Discharge of preservation of patent

Date of cancellation: 20220111

Granted publication date: 20120704

PD01 Discharge of preservation of patent
PP01 Preservation of patent right

Effective date of registration: 20231205

Granted publication date: 20120704

PP01 Preservation of patent right
DD01 Delivery of document by public notice

Addressee: Shenzhen city Qianhai Duosi science and Technology Development Co.,Ltd. Person in charge of patents

Document name: Notice of commencement of preservation procedure

DD01 Delivery of document by public notice
DD01 Delivery of document by public notice

Addressee: Shenzhen city Qianhai Duosi science and Technology Development Co.,Ltd. Person in charge of patents

Document name: Notice of Termination of Procedure

DD01 Delivery of document by public notice