CN102394750A - Light message abstract extraction method based on new problem - Google Patents
Light message abstract extraction method based on new problem Download PDFInfo
- Publication number
- CN102394750A CN102394750A CN2011103312586A CN201110331258A CN102394750A CN 102394750 A CN102394750 A CN 102394750A CN 2011103312586 A CN2011103312586 A CN 2011103312586A CN 201110331258 A CN201110331258 A CN 201110331258A CN 102394750 A CN102394750 A CN 102394750A
- Authority
- CN
- China
- Prior art keywords
- message
- eap
- initial value
- message digest
- abstract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a light message abstract extraction method based on a new problem and belongs to the technical fields of passwords and computers. The light message abstract extraction method comprises two parts, namely initial value generation and message abstract extraction, wherein by the initial value generation part, a third-party authority mechanism generates a public non-reciprocal element sequence; by the message abstract extraction part, a digital signer and an identity checking party extract an abstract of a message, namely a digital fingerprint; and the length of the message is not more than 4096 bits; and the length of the abstract is not more than 160 bits, and the method is unidirectional, free of weak collision and desired to be free of strong collision. The method has the characteristics of short abstract, high security, high calculation speed, public technology and the like; and the method can be used for digital signing and identity checking as well as electronic finance, electronic commerce and electronic government affairs.
Description
(1) technical field
The eap-message digest method for distilling (is also referred to as one-way hash algorithm or hash algorithm; Be abbreviated as Hash) belong to cryptographic technique and field of computer technology, be one of core technology of digital signature, authentication, electronic banking safety, e-commerce security, electronic political administration and security.
(2) background technology
Classic cryptographic technique, symmetric cryptographic technique and public key cryptography technology three phases have been experienced in the development of cryptographic technique.1976, American scholar Diffie and Hellman proposed the thought of public key cryptography, indicate the arriving of public key cryptography technology.
Public key cryptography technology comprises to be encrypted and digital signature two parts.Digital signature scheme commonly used has RSA, E1Gamal and ECC etc.ECC is that the quick simulation of E1Gamal scheme on elliptic curve realizes.
When a message was carried out digital signature, in order to improve signature speed, people often replaced message with eap-message digest.Eap-message digest should be able to be represented this message (digital finger-print that is equivalent to this message) uniquely, and for any two different message, eap-message digest almost is different.This has proposed very high request to message abstract extraction method.
At present, the eap-message digest method for distilling that generally uses has MD5, SHA-1, SHA-256 etc. (referring to " applied cryptography ", U.S. Bruce Schneier is outstanding, and Wu Shizhong, Zhu Shixiong etc. translates, China Machine Press, 2000 years 01 month, 307-320 page or leaf).These methods all are that the American invents.
Along with people's is more and more faster to more and more deep understanding of methods such as MD5, SHA-1, SHA-256 and computer speed, and their fail safe is more and more challenged.More alarmingly be, along with the appearance of light weight digital signature technology, their use occasion more and more is restricted, even, not can use.For example, when the modulus length of a light weight digital signature scheme was 80 bits, above-mentioned eap-message digest method for distilling was exactly out of use.
(3) summary of the invention
The present invention is used for the generation that eap-message digest is a digital finger-print, is the basis of public key digital signature technology, can be widely used in electronic banking, ecommerce, E-Government, bill anti-counterfeit, certificate false proof and the commodity counterfeit prevention.
The present invention hopes that our country is the core technology that the hash algorithm field can have oneself at the eap-message digest method for distilling, to guarantee information security, economic security and the safety with sovereign right of country, improves the technological means that finance and tax swindle are taken precautions against by China simultaneously.
In this Section has omitted the proof to related properties and conclusion, fills if desired, and we will present immediately.
In this article; Multiplying " x * y " writes a Chinese character in simplified form " xy "; " % " represents modular arithmetic mod; " gcd (x; y) " represents greatest common divisor, the rank of " || x|| " representative element x%M, the assignment of " ← " expression variable; " ≡ " expression both sides equate the modulus complementation;
expression is chosen arbitrarily, and the value of " ∈ " expression left side variable belongs to certain interval or set, and " x|y " expression x is divided exactly y; The aliquant y of
expression x; The last integer of x is got in
representative, and lgx representes that x asks logarithm to 2, and parameter P represents the largest prime that is allowed in the coprime sequence.
3.1 three basic conceptions
3.1.1 the definition of coprime sequence and character
Definition 1: suppose A
1..., A
nThe>1st, n different in twos integer, and
A
j(i ≠ j) satisfies gcd (A
i, A
j)=1 or gcd (A
i, A
j)=H ≠ 1, and
J ∈ [1, n] has
With
Claim that then these integers are a coprime sequence, are designated as { A
1..., A
n, note by abridging and be { A
i.
Character 1: if from { A
1..., A
nThe middle individual element of picked at random m ∈ [1, n], construct a sub-sequence or subclass { Ax
1..., Ax
m, so, subclass is long-pending
Confirmed uniquely, promptly from G to { Ax
1..., Ax
mMapping be man-to-man.
Proof slightly.
3.1.2 lever function
Definition 2: extract scheme for the public key system or the informative abstract of prime field
on (M); Secret parameter l in the transform (i) is called as lever function, if it has following properties:
1. l (.) is an injective function, and its domain of definition is [1, n], codomain Ω be (1, subclass M), n<M here;
2. the mapping between i and the l (i) is confirmed at random, and does not have the mapping from l (.) to PKI of any dominance;
3. when attempting from public information extraction private information, any opponent has to consider all arrangements of element among the Ω;
4. when deciphering or during digital signature (M need value suitable), private information owner only need consider element among the Ω add up with.
Obviously, { l (i) } is big in " disclosing " end amount of calculation, and little in " privately owned " end amount of calculation, it has just in time played the effect of " lever ".
Character 2 (uncertainty of l (.)): order
C
i≡ A
iW
L (i)(%M) (i=1 ..., n), then
With
Subsidiary z ≠ x, y have
1. when l (x)+l (y)=l (z), have
2. when l (x)+l (y) ≠ l (z), the total existence
C
x≡ A '
xW '
l' (x), C
y≡ A '
yW '
l' (y) and C
z≡ A '
zW '
l' (z) (%M)
Satisfy
And A '
z≤P.
Proof slightly.
3.1.3 bit shadow string
If the binary form of message is shown b
1... b
n
Definition 3: make b
1... b
n≠ 0 is a Bit String, generates by following rule
b 1...
b nBe known as bit shadow string: if b
i=0, then
b i=0; If b
i≠ 0, then
b iEqual b
iThe number of front continuous 0 adds 1; If b
iBe rightmost 1, then
b iEqual b
iThe number of front and back continuous 0 adds 1.
Character 3: make { A
1..., A
nBe a coprime sequence,
b 1...
b nBe b
1... b
n≠ 0 bit shadow string is then from b
1... b
nArrive
Mapping be man-to-man.
Proof slightly.
3.1.4 non-model subclass is amassed a difficult problem
If b
1... b
nBe a message, { C
1..., C
nIt is a non-coprime sequence.
Definition 4: known { C
1..., C
nAnd
d, from
Ask original b
1... b
nBe called as the long-pending difficult problem of non-model subclass (Anomalous Subset Product Problem, ASPP).
Character 4:ASPP is equivalent to the discrete logarithm difficult problem (DLP) in the same prime field at least on difficulty in computation.
Proof is referring to Asymptotic Granularity Reduction and Its Application one literary composition (Theoretical Computer Science; Vol.412 (39), Sep.2011, pp.5374-5386.Shenghui Su; Shuwang L ü, and Xiubin Fan).
What need further specify is that at present, people do not find the subset index time algorithm of ASPP.
3.2 technical scheme of the present invention
Attention: in this article, sequence { A
1..., A
nSometimes write a Chinese character in simplified form { A
i, sequence { C
1..., C
nSometimes write a Chinese character in simplified form { C
i, lever function l (1) ..., and l (n) } write a Chinese character in simplified form { l (i) } sometimes.
The present invention is a kind of eap-message digest method for distilling based on the long-pending difficult problem of non-model subclass, is called for short the JUNA one-way hash algorithm.Eap-message digest is similar to digital finger-print, is used in the digital signature technology.
Because it is the eap-message digest of bit length between 80 to 160 that this method can be not more than 4096 message transformation to bit length, therefore, it is said to be is lightweight.
Several attributes below eap-message digest method for distilling (being one-way hash algorithm) generally needs to satisfy:
1. one-way: given message w and abstract extraction method hash, ask
d=hash (w) is easy, but given conversely
dAnd hash, ask w=hash
-1(
d) on calculating, be infeasible;
2. weak collisionless property: given message w, seek another significant message w ', satisfying hash (w ')=hash (w) is infeasible on calculating;
3. strong collisionless property: seek any two different message w and w ', satisfying hash (w ')=hash (w) is infeasible on calculating.
Sometimes, 3. attributes be optional for the user.
According to this method, initial value be can make and chip and eap-message digest extraction chip generated, perhaps develop initial value and generate software and eap-message digest extraction software etc.Therefore, the present invention is that a kind of manufacturing eap-message digest is extracted product mandatory basic principle of institute and technical scheme, rather than physical product itself.
The present technique scheme is made up of two parts such as initial value generation and eap-message digest extractions.
3.2.1 parameter declaration
If n is the bit length of message (also can be the output of another one-way hash algorithm), m is the bit length of eap-message digest, and m<n and n≤4096.
Make Λ=2,3 ..., and P} and Ω from+/-5 ,+/-7 ... ,+/-(2n+3), P >=65537 wherein, symbol+/-mean that '+' or '-' is selected.Set Λ and | Ω | be disclosed, here | and Ω | be the set of element absolute value among the Ω, but Ω is unknown for the public.
CA (Certificate Authority) certificate center is represented third party authoritative institution in the PKIX, and it generates the initial input value of relevant information abstract extraction method, and the intermediate variable value is not externally announced.
3.2.2 initial value generates part
Initial value generates part and supplies the CA certificate center to use, and can be used for producing a non-coprime sequence only with once, and its implementation is:
(1) produces coprime sequence { A at random
1..., A
nAnd each A
i∈ Λ
(4) picked at random l (1); ..., l (n) ∈ Ω and
have l (i) ≠ l (j)
(5) for i=1 ..., n calculates C
i← (A
iW
L (i))
δ%M
At last, obtain non-coprime sequence { C
1..., C
nAnd modulus M; Median { A
i, { l (i) }, W, δ can abandon, but must not leak.
Definition 5: from C
i≡ (A
iW
L (i))
δ(%M) seek original { A
i, { l (i) }, W, δ be called as multivariable array problem (Multivariate Permutation Problem, MPP).
Character 5:MPP is equivalent to the DLP in the same prime field at least on difficulty in computation.
Proof slightly.
3.2.3 eap-message digest is extracted part
Eap-message digest is extracted part and had both been supplied digital signature side to use, and also supplies authentication side to use.
Suppose { C
1..., C
nBe initial value, M is a modulus, b
1... b
nBe a message of n bit.Then the implementation method of eap-message digest extraction part is:
(1) puts
d← 1, k ← 0, i ← 1
(3) make i ← i+1
(4) if i≤n goes to (2)
Notice that character 4 has guaranteed
dOne-way,
dThe structure of itself has guaranteed
dWeak collisionless property, 3.2.2 joint help
dStrong collisionless property.
3.3 advantage and good effect
3.3.1 it is safe
Character 4 has guaranteed eap-message digest
dOne-way, character 5 has guaranteed that privately owned value can not be derived and helps eap-message digest
dStrong collisionless property.
Special needs to be pointed out is that (n is sizable M), and therefore, it also is infeasible that attempt utilizes the continued fraction method to attack privately owned value owing to δ ∈.
3.3.2 summary length is shorter
When the bit length of message was not more than 4096, the bit length of eap-message digest was between 80 and 160, and one-way hash algorithm such as MD5, SHA-1, SHA-256 are short relatively.
3.3.3 arithmetic speed is very fast
The initial value of this method only need generate once, and is not real-time, and therefore, initial value generates the time complexity of part and can not consider.
The message extraction operation of this method only need be done the individual modular multiplication of O (n), with n≤4096th, linear correlation, comparatively speaking, still than faster.
3.3.4 technology can disclose
Realization technology of the present invention can disclose fully, and the initial value of extraction algorithm also can openly be provided to the external world fully.As long as privately owned value is not divulged a secret, just can guarantee the strong collisionless property of eap-message digest basically.
3.3.6 it is favourable to national security
The Internet is a kind of open net, and is obvious, and the various information of transmission must be encrypted in the above.
Because internet usage was as means of communication already for important departments such as the Chinese government, national defence, finance, the tax, therefore, information security is related to national sovereignty safety and economic security.
Angle from the password containing; The information security of a great country can not be based upon on the external cryptography scheme basis; Therefore, studying our eap-message digest that is fully autonomous, original innovation extracts scheme, public key cryptography scheme and digital signature scheme and seems imperative, very urgent and be significant.
(4) embodiment
Lightweight eap-message digest method for distilling based on the long-pending difficult problem of non-model subclass comprises two parts, is characterized in that it can produce a disclosed initial value, and from this initial value median of can not deriving, like this, this initial value helps the strong collisionless property of eap-message digest.What is more important, the summary length of this method output is very short, but satisfies demand for security simultaneously again.
Each user can arrive the CA certificate center of appointment and obtain an initial value.The CA certificate center is that the user is registered, manages, and the mechanism that initial value is produced and distributes.It utilizes initial value generation method output to be used for the non-coprime sequence that eap-message digest is extracted.
This eap-message digest method for distilling can realize that it comprises two parts with logic circuit chip or program language: 1. develop initial value according to the 3.2.2 joint and generate chip or software module, used by the CA certificate center; 2. develop eap-message digest according to the 3.2.3 joint and extract chip or software module, use by digital signature user and authentication user.
Claims (1)
1. lightweight eap-message digest method for distilling based on a new difficult problem; Extracting two parts by initial value generation and eap-message digest forms; Initial value generates part and supplies third party authoritative institution to be used for producing a disclosed non-coprime sequence; Eap-message digest is extracted part and is supplied digital signature side and authentication side to be used to extract the summary of a message, and the length of summary is not more than 160 bits, it is characterized in that
Initial value generates part and has adopted the following step:
1) produces coprime sequence { A at random
1.., A
nAnd each A
i∈ Λ
2) seek subsidiary
m of a prime number M and satisfied
5) for i=1 ..., n calculates C
i← (A
iW
L (i))
δ%M
At last, obtain non-coprime sequence { C
1..., C
nAnd modulus M, median { A
i, { l (i) }, W, δ can abandon, but must not leak;
Eap-message digest is extracted part and has been adopted the following step:
Suppose { C
1..., C
nBe initial value, M is a modulus, to a message b of n bit
1... b
nDo
(1) puts
d← 1, k ← 0, i ← 1
(3) make i ← i+1
(4) if i≤n goes to (2)
At last, obtain eap-message digest
d, it can be used for digital signature or authentication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011103312586A CN102394750A (en) | 2011-10-27 | 2011-10-27 | Light message abstract extraction method based on new problem |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011103312586A CN102394750A (en) | 2011-10-27 | 2011-10-27 | Light message abstract extraction method based on new problem |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102394750A true CN102394750A (en) | 2012-03-28 |
Family
ID=45861959
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011103312586A Pending CN102394750A (en) | 2011-10-27 | 2011-10-27 | Light message abstract extraction method based on new problem |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102394750A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107465515A (en) * | 2017-09-30 | 2017-12-12 | 北京兵符科技有限公司 | A kind of non-iterative type eap-message digest extracting method of anti-birthday attack |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020041684A1 (en) * | 1999-01-29 | 2002-04-11 | Mototsugu Nishioka | Public-key encryption and key-sharing methods |
CN101267300A (en) * | 2008-04-17 | 2008-09-17 | 苏盛辉 | Multi-variant public key encryption method based on mutual prime number sequent and lever function |
CN101369888A (en) * | 2008-10-07 | 2009-02-18 | 苏盛辉 | Digital signature method based on non-homogeneous ultra-increasing sequence |
CN101753310A (en) * | 2009-12-28 | 2010-06-23 | 苏盛辉 | Digital signature method based on multivariable array problem and super logarithm problem |
CN102064938A (en) * | 2010-12-30 | 2011-05-18 | 苏盛辉 | Public key encrypting method based on multivariable and uncertainty |
-
2011
- 2011-10-27 CN CN2011103312586A patent/CN102394750A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020041684A1 (en) * | 1999-01-29 | 2002-04-11 | Mototsugu Nishioka | Public-key encryption and key-sharing methods |
CN101267300A (en) * | 2008-04-17 | 2008-09-17 | 苏盛辉 | Multi-variant public key encryption method based on mutual prime number sequent and lever function |
CN101369888A (en) * | 2008-10-07 | 2009-02-18 | 苏盛辉 | Digital signature method based on non-homogeneous ultra-increasing sequence |
CN101753310A (en) * | 2009-12-28 | 2010-06-23 | 苏盛辉 | Digital signature method based on multivariable array problem and super logarithm problem |
CN102064938A (en) * | 2010-12-30 | 2011-05-18 | 苏盛辉 | Public key encrypting method based on multivariable and uncertainty |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107465515A (en) * | 2017-09-30 | 2017-12-12 | 北京兵符科技有限公司 | A kind of non-iterative type eap-message digest extracting method of anti-birthday attack |
CN107465515B (en) * | 2017-09-30 | 2023-10-27 | 数字兵符(福州)科技有限公司 | Non-iterative message digest extraction method for resisting daily attack |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103259662A (en) | Novel procuration signature and verification method based on integer factorization problems | |
Nguyen-Van et al. | Scalable distributed random number generation based on homomorphic encryption | |
Tian | Identity-based proxy re-signatures from lattices | |
Hart et al. | A Practical Cryptanalysis of WalnutDSA^ TM TM | |
CN101911009B (en) | Countermeasure method and devices for asymmetrical cryptography with signature diagram | |
CN101753310A (en) | Digital signature method based on multivariable array problem and super logarithm problem | |
Liu et al. | An efficient double parameter elliptic curve digital signature algorithm for blockchain | |
Neves et al. | Degenerate curve attacks: extending invalid curve attacks to Edwards curves and other models | |
CN101267300A (en) | Multi-variant public key encryption method based on mutual prime number sequent and lever function | |
CN102307102B (en) | A kind of light weight digital signature method based on a super logarithm difficult problem | |
Stam | Speeding up subgroup cryptosystems | |
CN101072099B (en) | Public key encryption method based on nonuniform super-increasing sequence | |
CN102064938B (en) | One is based on multivariate and probabilistic public key encryption method | |
Wang et al. | Provably Secure and Efficient Identity-based Signature Scheme Based on Cubic Residues. | |
Yan | The Overview of Elliptic Curve Cryptography (ECC) | |
Shao et al. | A provably secure signature scheme based on factoring and discrete logarithms | |
CN102394750A (en) | Light message abstract extraction method based on new problem | |
Dong et al. | An efficient certificateless blind signature scheme without bilinear pairing | |
Fartitchou et al. | Public-key cryptography behind blockchain security | |
CN107483206A (en) | A kind of asymmet-ric encryption method of quickly quantum safety | |
Yang et al. | Efficient verifiable unbounded-size database from authenticated matrix commitment | |
CN102347840B (en) | A kind of public key encryption method based on mutual prime sequences and lever function | |
CN113378238A (en) | High-security digital signature method using only transcendental logarithm problem | |
CN106209376B (en) | A kind of multivariable endorsement method for resisting forgery attack | |
Mittal et al. | An efficient procedure for online/offline ID‐based signature using extended chaotic maps and group ring |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20171103 |
|
AD01 | Patent right deemed abandoned |