CN102394750A - Light message abstract extraction method based on new problem - Google Patents

Light message abstract extraction method based on new problem Download PDF

Info

Publication number
CN102394750A
CN102394750A CN2011103312586A CN201110331258A CN102394750A CN 102394750 A CN102394750 A CN 102394750A CN 2011103312586 A CN2011103312586 A CN 2011103312586A CN 201110331258 A CN201110331258 A CN 201110331258A CN 102394750 A CN102394750 A CN 102394750A
Authority
CN
China
Prior art keywords
message
eap
initial value
message digest
abstract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011103312586A
Other languages
Chinese (zh)
Inventor
苏盛辉
吕述望
蔡吉人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN2011103312586A priority Critical patent/CN102394750A/en
Publication of CN102394750A publication Critical patent/CN102394750A/en
Pending legal-status Critical Current

Links

Abstract

The invention discloses a light message abstract extraction method based on a new problem and belongs to the technical fields of passwords and computers. The light message abstract extraction method comprises two parts, namely initial value generation and message abstract extraction, wherein by the initial value generation part, a third-party authority mechanism generates a public non-reciprocal element sequence; by the message abstract extraction part, a digital signer and an identity checking party extract an abstract of a message, namely a digital fingerprint; and the length of the message is not more than 4096 bits; and the length of the abstract is not more than 160 bits, and the method is unidirectional, free of weak collision and desired to be free of strong collision. The method has the characteristics of short abstract, high security, high calculation speed, public technology and the like; and the method can be used for digital signing and identity checking as well as electronic finance, electronic commerce and electronic government affairs.

Description

A kind of lightweight eap-message digest method for distilling based on a new difficult problem
(1) technical field
The eap-message digest method for distilling (is also referred to as one-way hash algorithm or hash algorithm; Be abbreviated as Hash) belong to cryptographic technique and field of computer technology, be one of core technology of digital signature, authentication, electronic banking safety, e-commerce security, electronic political administration and security.
(2) background technology
Classic cryptographic technique, symmetric cryptographic technique and public key cryptography technology three phases have been experienced in the development of cryptographic technique.1976, American scholar Diffie and Hellman proposed the thought of public key cryptography, indicate the arriving of public key cryptography technology.
Public key cryptography technology comprises to be encrypted and digital signature two parts.Digital signature scheme commonly used has RSA, E1Gamal and ECC etc.ECC is that the quick simulation of E1Gamal scheme on elliptic curve realizes.
When a message was carried out digital signature, in order to improve signature speed, people often replaced message with eap-message digest.Eap-message digest should be able to be represented this message (digital finger-print that is equivalent to this message) uniquely, and for any two different message, eap-message digest almost is different.This has proposed very high request to message abstract extraction method.
At present, the eap-message digest method for distilling that generally uses has MD5, SHA-1, SHA-256 etc. (referring to " applied cryptography ", U.S. Bruce Schneier is outstanding, and Wu Shizhong, Zhu Shixiong etc. translates, China Machine Press, 2000 years 01 month, 307-320 page or leaf).These methods all are that the American invents.
Along with people's is more and more faster to more and more deep understanding of methods such as MD5, SHA-1, SHA-256 and computer speed, and their fail safe is more and more challenged.More alarmingly be, along with the appearance of light weight digital signature technology, their use occasion more and more is restricted, even, not can use.For example, when the modulus length of a light weight digital signature scheme was 80 bits, above-mentioned eap-message digest method for distilling was exactly out of use.
(3) summary of the invention
The present invention is used for the generation that eap-message digest is a digital finger-print, is the basis of public key digital signature technology, can be widely used in electronic banking, ecommerce, E-Government, bill anti-counterfeit, certificate false proof and the commodity counterfeit prevention.
The present invention hopes that our country is the core technology that the hash algorithm field can have oneself at the eap-message digest method for distilling, to guarantee information security, economic security and the safety with sovereign right of country, improves the technological means that finance and tax swindle are taken precautions against by China simultaneously.
In this Section has omitted the proof to related properties and conclusion, fills if desired, and we will present immediately.
In this article; Multiplying " x * y " writes a Chinese character in simplified form " xy "; " % " represents modular arithmetic mod; " gcd (x; y) " represents greatest common divisor, the rank of " || x|| " representative element x%M, the assignment of " ← " expression variable; " ≡ " expression both sides equate the modulus complementation;
Figure BSA00000600190800021
expression is chosen arbitrarily, and the value of " ∈ " expression left side variable belongs to certain interval or set, and " x|y " expression x is divided exactly y; The aliquant y of
Figure BSA00000600190800022
expression x; The last integer of x is got in
Figure BSA00000600190800023
representative, and lgx representes that x asks logarithm to 2, and parameter P represents the largest prime that is allowed in the coprime sequence.
3.1 three basic conceptions
3.1.1 the definition of coprime sequence and character
Definition 1: suppose A 1..., A nThe>1st, n different in twos integer, and
Figure BSA00000600190800024
A j(i ≠ j) satisfies gcd (A i, A j)=1 or gcd (A i, A j)=H ≠ 1, and
Figure BSA00000600190800025
J ∈ [1, n] has
Figure BSA00000600190800026
With Claim that then these integers are a coprime sequence, are designated as { A 1..., A n, note by abridging and be { A i.
Character 1: if from { A 1..., A nThe middle individual element of picked at random m ∈ [1, n], construct a sub-sequence or subclass { Ax 1..., Ax m, so, subclass is long-pending
G = Π i = 1 m Ax i = Ax 1 . . . Ax m
Confirmed uniquely, promptly from G to { Ax 1..., Ax mMapping be man-to-man.
Proof slightly.
3.1.2 lever function
Definition 2: extract scheme for the public key system or the informative abstract of prime field
Figure BSA00000600190800029
on (M); Secret parameter l in the transform (i) is called as lever function, if it has following properties:
1. l (.) is an injective function, and its domain of definition is [1, n], codomain Ω be (1, subclass M), n<M here;
2. the mapping between i and the l (i) is confirmed at random, and does not have the mapping from l (.) to PKI of any dominance;
3. when attempting from public information extraction private information, any opponent has to consider all arrangements of element among the Ω;
4. when deciphering or during digital signature (M need value suitable), private information owner only need consider element among the Ω add up with.
Obviously, { l (i) } is big in " disclosing " end amount of calculation, and little in " privately owned " end amount of calculation, it has just in time played the effect of " lever ".
Character 2 (uncertainty of l (.)): order
Figure BSA000006001908000210
C i≡ A iW L (i)(%M) (i=1 ..., n), then
Figure BSA000006001908000211
Figure BSA000006001908000212
With Subsidiary z ≠ x, y have
1. when l (x)+l (y)=l (z), have l ( x ) + | | W | | + l ( y ) + | | W | | ≠ l ( z ) + | | W | | ( % M ‾ ) ;
2. when l (x)+l (y) ≠ l (z), the total existence
C x≡ A ' xW ' l' (x), C y≡ A ' yW ' l' (y) and C z≡ A ' zW ' l' (z) (%M)
Satisfy l ′ ( x ) + l ′ ( y ) = l ′ ( z ) ( % M ‾ ) And A ' z≤P.
Proof slightly.
3.1.3 bit shadow string
If the binary form of message is shown b 1... b n
Definition 3: make b 1... b n≠ 0 is a Bit String, generates by following rule b 1... b nBe known as bit shadow string: if b i=0, then b i=0; If b i≠ 0, then b iEqual b iThe number of front continuous 0 adds 1; If b iBe rightmost 1, then b iEqual b iThe number of front and back continuous 0 adds 1.
For example, if b 1... b 12
Figure BSA00000600190800031
100001011100, then b 1... b 12
Figure BSA00000600190800032
100005021300.
Be understood that
Figure BSA00000600190800033
arranged
Character 3: make { A 1..., A nBe a coprime sequence, b 1... b nBe b 1... b n≠ 0 bit shadow string is then from b 1... b nArrive Mapping be man-to-man.
Proof slightly.
3.1.4 non-model subclass is amassed a difficult problem
If b 1... b nBe a message, { C 1..., C nIt is a non-coprime sequence.
Definition 4: known { C 1..., C nAnd d, from
Figure BSA00000600190800035
Ask original b 1... b nBe called as the long-pending difficult problem of non-model subclass (Anomalous Subset Product Problem, ASPP).
Character 4:ASPP is equivalent to the discrete logarithm difficult problem (DLP) in the same prime field at least on difficulty in computation.
Proof is referring to Asymptotic Granularity Reduction and Its Application one literary composition (Theoretical Computer Science; Vol.412 (39), Sep.2011, pp.5374-5386.Shenghui Su; Shuwang L ü, and Xiubin Fan).
What need further specify is that at present, people do not find the subset index time algorithm of ASPP.
3.2 technical scheme of the present invention
Attention: in this article, sequence { A 1..., A nSometimes write a Chinese character in simplified form { A i, sequence { C 1..., C nSometimes write a Chinese character in simplified form { C i, lever function l (1) ..., and l (n) } write a Chinese character in simplified form { l (i) } sometimes.
The present invention is a kind of eap-message digest method for distilling based on the long-pending difficult problem of non-model subclass, is called for short the JUNA one-way hash algorithm.Eap-message digest is similar to digital finger-print, is used in the digital signature technology.
Because it is the eap-message digest of bit length between 80 to 160 that this method can be not more than 4096 message transformation to bit length, therefore, it is said to be is lightweight.
Several attributes below eap-message digest method for distilling (being one-way hash algorithm) generally needs to satisfy:
1. one-way: given message w and abstract extraction method hash, ask d=hash (w) is easy, but given conversely dAnd hash, ask w=hash -1( d) on calculating, be infeasible;
2. weak collisionless property: given message w, seek another significant message w ', satisfying hash (w ')=hash (w) is infeasible on calculating;
3. strong collisionless property: seek any two different message w and w ', satisfying hash (w ')=hash (w) is infeasible on calculating.
Sometimes, 3. attributes be optional for the user.
According to this method, initial value be can make and chip and eap-message digest extraction chip generated, perhaps develop initial value and generate software and eap-message digest extraction software etc.Therefore, the present invention is that a kind of manufacturing eap-message digest is extracted product mandatory basic principle of institute and technical scheme, rather than physical product itself.
The present technique scheme is made up of two parts such as initial value generation and eap-message digest extractions.
3.2.1 parameter declaration
If n is the bit length of message (also can be the output of another one-way hash algorithm), m is the bit length of eap-message digest, and m<n and n≤4096.
Make Λ=2,3 ..., and P} and Ω from+/-5 ,+/-7 ... ,+/-(2n+3), P >=65537 wherein, symbol+/-mean that '+' or '-' is selected.Set Λ and | Ω | be disclosed, here | and Ω | be the set of element absolute value among the Ω, but Ω is unknown for the public.
CA (Certificate Authority) certificate center is represented third party authoritative institution in the PKIX, and it generates the initial input value of relevant information abstract extraction method, and the intermediate variable value is not externally announced.
3.2.2 initial value generates part
Initial value generates part and supplies the CA certificate center to use, and can be used for producing a non-coprime sequence only with once, and its implementation is:
(1) produces coprime sequence { A at random 1..., A nAnd each A i∈ Λ
(2) seek a prime number M subsidiary
Figure BSA00000600190800041
and satisfied
Figure BSA00000600190800042
is plain, or
Figure BSA00000600190800043
has
Figure BSA00000600190800044
(3) optional δ,
Figure BSA00000600190800045
Make
Figure BSA00000600190800046
With || W||>=2 N-18
(4) picked at random l (1); ..., l (n) ∈ Ω and have l (i) ≠ l (j)
(5) for i=1 ..., n calculates C i← (A iW L (i)) δ%M
At last, obtain non-coprime sequence { C 1..., C nAnd modulus M; Median { A i, { l (i) }, W, δ can abandon, but must not leak.
Definition 5: from C i≡ (A iW L (i)) δ(%M) seek original { A i, { l (i) }, W, δ be called as multivariable array problem (Multivariate Permutation Problem, MPP).
Character 5:MPP is equivalent to the DLP in the same prime field at least on difficulty in computation.
Proof slightly.
3.2.3 eap-message digest is extracted part
Eap-message digest is extracted part and had both been supplied digital signature side to use, and also supplies authentication side to use.
Suppose { C 1..., C nBe initial value, M is a modulus, b 1... b nBe a message of n bit.Then the implementation method of eap-message digest extraction part is:
(1) puts d← 1, k ← 0, i ← 1
(2) if b i=0, order
Figure BSA00000600190800051
b i← 0, otherwise
Do
Figure BSA00000600190800052
k ← 0,
Figure BSA00000600190800053
(3) make i ← i+1
(4) if i≤n goes to (2)
(5) if b n=0, do
Figure BSA00000600190800054
dd(C N-k) k%M
At last; Eap-message digest
Figure BSA00000600190800055
is obtained; Its bit length is m, less than n.
Notice that character 4 has guaranteed dOne-way, dThe structure of itself has guaranteed dWeak collisionless property, 3.2.2 joint help dStrong collisionless property.
3.3 advantage and good effect
3.3.1 it is safe
Character 4 has guaranteed eap-message digest dOne-way, character 5 has guaranteed that privately owned value can not be derived and helps eap-message digest dStrong collisionless property.
Special needs to be pointed out is that (n is sizable M), and therefore, it also is infeasible that attempt utilizes the continued fraction method to attack privately owned value owing to δ ∈.
3.3.2 summary length is shorter
When the bit length of message was not more than 4096, the bit length of eap-message digest was between 80 and 160, and one-way hash algorithm such as MD5, SHA-1, SHA-256 are short relatively.
3.3.3 arithmetic speed is very fast
The initial value of this method only need generate once, and is not real-time, and therefore, initial value generates the time complexity of part and can not consider.
The message extraction operation of this method only need be done the individual modular multiplication of O (n), with n≤4096th, linear correlation, comparatively speaking, still than faster.
3.3.4 technology can disclose
Realization technology of the present invention can disclose fully, and the initial value of extraction algorithm also can openly be provided to the external world fully.As long as privately owned value is not divulged a secret, just can guarantee the strong collisionless property of eap-message digest basically.
3.3.6 it is favourable to national security
The Internet is a kind of open net, and is obvious, and the various information of transmission must be encrypted in the above.
Because internet usage was as means of communication already for important departments such as the Chinese government, national defence, finance, the tax, therefore, information security is related to national sovereignty safety and economic security.
Angle from the password containing; The information security of a great country can not be based upon on the external cryptography scheme basis; Therefore, studying our eap-message digest that is fully autonomous, original innovation extracts scheme, public key cryptography scheme and digital signature scheme and seems imperative, very urgent and be significant.
(4) embodiment
Lightweight eap-message digest method for distilling based on the long-pending difficult problem of non-model subclass comprises two parts, is characterized in that it can produce a disclosed initial value, and from this initial value median of can not deriving, like this, this initial value helps the strong collisionless property of eap-message digest.What is more important, the summary length of this method output is very short, but satisfies demand for security simultaneously again.
Each user can arrive the CA certificate center of appointment and obtain an initial value.The CA certificate center is that the user is registered, manages, and the mechanism that initial value is produced and distributes.It utilizes initial value generation method output to be used for the non-coprime sequence that eap-message digest is extracted.
This eap-message digest method for distilling can realize that it comprises two parts with logic circuit chip or program language: 1. develop initial value according to the 3.2.2 joint and generate chip or software module, used by the CA certificate center; 2. develop eap-message digest according to the 3.2.3 joint and extract chip or software module, use by digital signature user and authentication user.

Claims (1)

1. lightweight eap-message digest method for distilling based on a new difficult problem; Extracting two parts by initial value generation and eap-message digest forms; Initial value generates part and supplies third party authoritative institution to be used for producing a disclosed non-coprime sequence; Eap-message digest is extracted part and is supplied digital signature side and authentication side to be used to extract the summary of a message, and the length of summary is not more than 160 bits, it is characterized in that
Initial value generates part and has adopted the following step:
1) produces coprime sequence { A at random 1.., A nAnd each A i∈ Λ
2) seek subsidiary m of a prime number M and satisfied
Figure FSA00000600190700012
is plain, or
Figure FSA00000600190700013
has
Figure FSA00000600190700014
3) optional δ, Make
Figure FSA00000600190700016
With || W||>=2 N-18
4) picked at random l (1); ..., l (n) ∈ Ω and
Figure FSA00000600190700017
have l (i) ≠ l (j)
5) for i=1 ..., n calculates C i← (A iW L (i)) δ%M
At last, obtain non-coprime sequence { C 1..., C nAnd modulus M, median { A i, { l (i) }, W, δ can abandon, but must not leak;
Eap-message digest is extracted part and has been adopted the following step:
Suppose { C 1..., C nBe initial value, M is a modulus, to a message b of n bit 1... b nDo
(1) puts d← 1, k ← 0, i ← 1
(2) if b i=0, order
Figure FSA00000600190700018
b i← 0, otherwise
Do
Figure FSA00000600190700019
k ← 0,
Figure FSA000006001907000110
(3) make i ← i+1
(4) if i≤n goes to (2)
(5) if b n=0, do
Figure FSA000006001907000111
dd(C N-k) k%M
At last, obtain eap-message digest d, it can be used for digital signature or authentication.
CN2011103312586A 2011-10-27 2011-10-27 Light message abstract extraction method based on new problem Pending CN102394750A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011103312586A CN102394750A (en) 2011-10-27 2011-10-27 Light message abstract extraction method based on new problem

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011103312586A CN102394750A (en) 2011-10-27 2011-10-27 Light message abstract extraction method based on new problem

Publications (1)

Publication Number Publication Date
CN102394750A true CN102394750A (en) 2012-03-28

Family

ID=45861959

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011103312586A Pending CN102394750A (en) 2011-10-27 2011-10-27 Light message abstract extraction method based on new problem

Country Status (1)

Country Link
CN (1) CN102394750A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107465515A (en) * 2017-09-30 2017-12-12 北京兵符科技有限公司 A kind of non-iterative type eap-message digest extracting method of anti-birthday attack

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020041684A1 (en) * 1999-01-29 2002-04-11 Mototsugu Nishioka Public-key encryption and key-sharing methods
CN101267300A (en) * 2008-04-17 2008-09-17 苏盛辉 Multi-variant public key encryption method based on mutual prime number sequent and lever function
CN101369888A (en) * 2008-10-07 2009-02-18 苏盛辉 Digital signature method based on non-homogeneous ultra-increasing sequence
CN101753310A (en) * 2009-12-28 2010-06-23 苏盛辉 Digital signature method based on multivariable array problem and super logarithm problem
CN102064938A (en) * 2010-12-30 2011-05-18 苏盛辉 Public key encrypting method based on multivariable and uncertainty

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020041684A1 (en) * 1999-01-29 2002-04-11 Mototsugu Nishioka Public-key encryption and key-sharing methods
CN101267300A (en) * 2008-04-17 2008-09-17 苏盛辉 Multi-variant public key encryption method based on mutual prime number sequent and lever function
CN101369888A (en) * 2008-10-07 2009-02-18 苏盛辉 Digital signature method based on non-homogeneous ultra-increasing sequence
CN101753310A (en) * 2009-12-28 2010-06-23 苏盛辉 Digital signature method based on multivariable array problem and super logarithm problem
CN102064938A (en) * 2010-12-30 2011-05-18 苏盛辉 Public key encrypting method based on multivariable and uncertainty

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107465515A (en) * 2017-09-30 2017-12-12 北京兵符科技有限公司 A kind of non-iterative type eap-message digest extracting method of anti-birthday attack
CN107465515B (en) * 2017-09-30 2023-10-27 数字兵符(福州)科技有限公司 Non-iterative message digest extraction method for resisting daily attack

Similar Documents

Publication Publication Date Title
CN103259662A (en) Novel procuration signature and verification method based on integer factorization problems
Nguyen-Van et al. Scalable distributed random number generation based on homomorphic encryption
Tian Identity-based proxy re-signatures from lattices
Hart et al. A Practical Cryptanalysis of WalnutDSA^ TM TM
CN101911009B (en) Countermeasure method and devices for asymmetrical cryptography with signature diagram
CN101753310A (en) Digital signature method based on multivariable array problem and super logarithm problem
Liu et al. An efficient double parameter elliptic curve digital signature algorithm for blockchain
Neves et al. Degenerate curve attacks: extending invalid curve attacks to Edwards curves and other models
CN101267300A (en) Multi-variant public key encryption method based on mutual prime number sequent and lever function
CN102307102B (en) A kind of light weight digital signature method based on a super logarithm difficult problem
Stam Speeding up subgroup cryptosystems
CN101072099B (en) Public key encryption method based on nonuniform super-increasing sequence
CN102064938B (en) One is based on multivariate and probabilistic public key encryption method
Wang et al. Provably Secure and Efficient Identity-based Signature Scheme Based on Cubic Residues.
Yan The Overview of Elliptic Curve Cryptography (ECC)
Shao et al. A provably secure signature scheme based on factoring and discrete logarithms
CN102394750A (en) Light message abstract extraction method based on new problem
Dong et al. An efficient certificateless blind signature scheme without bilinear pairing
Fartitchou et al. Public-key cryptography behind blockchain security
CN107483206A (en) A kind of asymmet-ric encryption method of quickly quantum safety
Yang et al. Efficient verifiable unbounded-size database from authenticated matrix commitment
CN102347840B (en) A kind of public key encryption method based on mutual prime sequences and lever function
CN113378238A (en) High-security digital signature method using only transcendental logarithm problem
CN106209376B (en) A kind of multivariable endorsement method for resisting forgery attack
Mittal et al. An efficient procedure for online/offline ID‐based signature using extended chaotic maps and group ring

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20171103

AD01 Patent right deemed abandoned