CN102664732B  The antiquantum computation attack of CPK public key system realize method and system  Google Patents
The antiquantum computation attack of CPK public key system realize method and system Download PDFInfo
 Publication number
 CN102664732B CN102664732B CN201210057883.0A CN201210057883A CN102664732B CN 102664732 B CN102664732 B CN 102664732B CN 201210057883 A CN201210057883 A CN 201210057883A CN 102664732 B CN102664732 B CN 102664732B
 Authority
 CN
 China
 Prior art keywords
 key
 alice
 matrix
 pki
 row
 Prior art date
Links
Abstract
Description
Technical field
The present invention relates to cryptographic technique and field of computer technology, realize method and system particularly to a kind of antiquantum computation attack of CPK public key system。
Background technology
In recent years, due to developing rapidly of quantum information especially quantum calculation research, the safety that contemporary cryptology (is also known as classical cryptoraphy relative to quantum cryptology) receives serious challenge。The appearance of First quantum computer, making over can not exhaustive amount, become now feasible, the existing password being based upon on exhaustive amount basis is created great impact, has research worker to declare: public key system existing after 15 years and digital signature protocol are almost all " death "。CPK is a kind of new public key system, and the research cycle of a New System is very long, generally, is at least 10 years。If a New System only has the life cycle of 10 years or 15 years, this New System just meaning not。
Present CPK obtains the official approval of country, combine in bulletin in five ministries and commissions (Committee of Development and Reform, the Department of Science and Technology, Ministry of Industry and Information, Department of Commerce, Department of Intellectual Property), CPK is also listed in " but front industrialization of new hightechnology major fields guide first developed ", these are all had higher requirement to CPK, below in conjunction with the concrete instance of CPK, the quantum computation attack described below impact on CPK。
First the feature of quantum calculation is analyzed；DWave company provides the calculation step comparison diagram of a table, the calculation procedure of the quantum calculation that Fig. 1 provides and electronic computer for the embodiment of the present invention, as it is shown in figure 1, the calculation procedure of RSA factorisation is compared。Give two curves: curve be a quantum chip or one second completes calculation procedure；Another curve is the calculation procedure that the stateoftheart computer in 500, the whole world expands life cycle 2000 times。
As can be seen from the table, the calculation procedure of quantum calculation is considerably less than different computer, thus calculates speed and be exceedingly fast。Secondly, quantum calculation is little affected by the impact of key length, and the decomposition step of 1024bit is almost suitable with the decomposition step of 2048bit。The accuracy rate of current quantum computer only reaches 78%, is mainly used in the fields such as pattern recognition, but after 15 years, quantum calculation function is used for code breaking, then what cannot realize in the past exhaustive also becomes feasible。The existing public key system being based upon exhaustive difficulty is proposed serious challenge by this。
Impact on password: from the angle of historical development, the development of password is by the impact of several aspects。First it is by along with the impact of process of industrialization。Industrialized development, various components and parts are provided for cryptographic development, different components and parts constitute different password forms, as: the mechanical close epoch, mainly instead of manual action with mechanical action, electronic age mainly instead of artificial memory, microelectronic age with mnemon, mainly instead of artificial computing with computing unit。Although the form of password is quite different, but the ultimate principle of password, it may be said that it is essentially identical。Therefore, still can there is manual cipher in electronic age, in like manner, in the quantum epoch, still can there is electronics or microelectronics password, and cryptographic essence will not be changed。What cryptography was had a direct impact is hand over letter movable and mathematics。Handing over letter activity is cryptographic primary demand, and without handing over, letter is movable, cryptography just necessity not。The demand handing over letter movable is nothing but differentiate and privacy。Discriminating is that a side produces one's proof, and allows the asymmetric activity that each side verifies, privacy is to allow everybody encrypt, only the asymmetric activity of side's DecryptDecryption。This asymmetric activity, only asymmetric system just can be accomplished, and the method for symmetric system or physics is helpless。Asymmetric system only has abstract mathematical method to build。Quantum mechanics is to physics field, and the epochmaking effect in philosophic thinking field is apparent from, but to field of cryptography, is the renewal of components and parts at present。The impact of code breaking is direct by quantum calculation, by engineering that in the past can not be exhaustive, becomes now feasible, and then has influence on the lifespan of existing public key system。
What be therefore badly in need of a kind of CPK public key system that can resist quantum computation attack realizes method and system。
Summary of the invention
In view of this, the technical problem to be solved be a kind of CPK public key system that can resist quantum computation attack realize method and system。
An object of the present invention be propose a kind of CPK public key system that can resist quantum computation attack realize method；The two of the purpose of the present invention be propose a kind of CPK public key system that can resist quantum computation attack realize system。
An object of the present invention is achieved through the following technical solutions:
The antiquantum computation attack of CPK public key system provided by the invention realize method, by not providing or provide incomplete criterion, exhaustive or infinite can not solve an equation thus being formed, generating method with the PKI of quantum computation attack of contending with, specifically including following steps:
S1: KMC generates private key matrix and PKI matrix A=(r_{I, j}, R_{I, j}), B=(q_{I, j}, Q_{I, j})
S2: described PKI matrix is derived from by private key matrix by below equation:
r_{I, j}G=(x_{I, j}, y_{I, j})=R_{I, j}；Q_{I, j}G=(x_{I, j}, y_{I, j})=Q_{I, j}
Wherein, r_{I, j}And q_{I, j}Represent private key matrix, R_{I, j}And Q_{I, j}Representing PKI matrix, r and q is less than the random number of n, i, the ranks number of j representing matrix；
S3: disclosed each entity identification being mapped to PKI matrix A and forms the procedure function of tagged keys, namely only expose input, output factor, its execution process is not exposed to outside function, the Hash including mark converts the displacement transformation etc. with hash value。
Further, charging in chip after described PKI matrix is encrypted, wherein front 8 row of matrix A are charged in EEPROM and are protected。Described secret variable disappears automatically when external device reads and analyzes。
Further, described tagged keys is implemented by following steps:
S31: described tagged keys is by identifying what the YS sequence of the ID conversion output of the Hash under specific key Hkey realized:
Wherein, w_{0}Word length be 6bit, front 3bit instruction displacement sequence number, rear 3bit instruction displacement starting point；
w_{1}..., w_{32}The rowcoordinate of instruction combinatorial matrix A, w_{1}..., w_{32}Word length be k_{1}Bit, the row of combinatorial matrix A is long for h_{1},8 row of combinatorial matrix A, through displacement transformation。Permutation table is the table of 8 × 8；It is classified as displacement sequence number, behavior displacement starting point；
The row coordinate of matrix A is designated generally as t after displacement_{1}..t_{32}.
The identity private key of S32:Alice, is calculated by KMC:
The mark PKI of S33:Alice, is calculated by relying party:
Wherein, R_{I, j}Represent PKI matrix A, r_{I, j}Represent private key matrix A, t_{i}Represent 8 row coordinates after displacement with after the coordinate of natural orders of 24 row, i=1 ..., 32。
Further, in the tagged keys generating function in described step S3, including the Hash conversion to mark, to the displacement of hash value, hash value to the mapping of matrix coordinate, especially by following steps realization:
S34: described combinatorial matrix A is sized to h_{1}× 32, encipherment protection。Front 8 row of described combinatorial matrix A are through displacement transformation；
S35: described combinatorial matrix B is sized to h2 × 8, encipherment protection。8 row of described combinatorial matrix B are through displacement transformation。
Further, also including the method that realizes of the formation of Split Key, described Split Key is implemented by following steps:
The segmentation private key of S41:Alice is calculated by KMC:
S42: corresponding segmentation PKI is calculated by relying party:
Wherein, combinatorial matrix B be sized to (h_{2}, 8), rowcoordinate is by the v in YS sequence_{i}Instruction, v_{0}Word length is 6bit, indicate respectively displacement sequence number word length be 3bit and displacement starting point word length be 3bit, t_{i}The expression 8 row coordinates after displacement, i=1 ..., 8；Represent the variable in PKI matrix B,Represent the variable in private key matrix B；
V in YS sequence_{1}..., v_{8}The rowcoordinate of instruction combinatorial matrix B, word length is k_{2}Bit, the long h of row of combinatorial matrix B_{2},；Combinatorial matrix B can provide (h by structure_{2})^{8}Individual different Split Key, Split Key allows to reuse, and user can be divided into different groups, and every a group can share a Split Key。
Further, the synthesis key of the composition generation Alice of described tagged keys and Split Key synthesis private key alice is charged to the IDcard of Alice:
S51: described synthesis private key csk is calculated by KMC:
csk_{Alice}=(isk_{Alice}+ssk_{Alice}) modn=alice,
The calculating of the synthesis PKI CPK of S52:Alice carries out each relying party:
CPK_{Alice}=IPK_{Alice}+SPK_{Alice}=ALICE。
Further, what also include public network key and private network key realizes method, and a public network can be included a lot of private network, described public network key and private network key and be realized by step in detail below:
S61: the generation of public network key, specifically includes following steps:
The key parameter of public network is defined by public network KMC (public network KMC), has and maintain secrecy in public network, including:
The variable of definition public network matrix A and length
The variable of definition public network matrix B and length
Definition public network Hash key Hkey；
The encryption key Mkey of definition public network matrix A and B
S62: the generation of private network key, specifically includes following steps:
The key parameter of private network is defined by each private network KMC (private network KMC), has and maintain secrecy in private network, including:
1) length of private network matrix A is defined
2) length of private network matrix B is defined
3) the Hash key Hkeyi of respective private network is defined；
S63: if a private network user, it is necessary to during with public network user intercommunication, described public network private key and private network private key would be simultaneously written the ID card of user。Described general private key and area private key are simultaneously written the ID card of user。
Further, also including the method that realizes of digital signature protocol function, described digital signature protocol function implements in the following manner:
By the in the digital signature protocol of ECDSA standard the 2nd article, namely
KG=(x_{1}, y_{1})；
C=x_{1}Modn；
S=k^{1}(h+calice) modn；
It is transformed into:
KG=(x_{1}, y_{1})；
C=(x_{1}+y_{1})^{2}mod2^{m}；
S=k^{1}(h+calice) modn；
Wherein, k is random number, G is the basic point of elliptic curve, (x_{1}, y_{1}) be the coordinate of point, the bit number of c is check code, s to be signed codevector, h the be hash value of data, m check code。
Further, described digital signature protocol and indentification protocol, specifically include following steps:
S71:Alice signature process:
Select the signature function of following Alice:
SIG_{alice}(h)=(s, c)；Wherein, alice is private key, and h is Hash code, and s is signed codevector, and c is check code；
Select a random number k, proceed as follows:
KG=(x_{1}, y_{1})；
C=(x_{1}+y_{1})^{2}mod2^{m}；
S=k^{1}(h+calice) modn；
Wherein, the value of k is 0 < k < n, 2^{m}Selection for check code length；As m < n, equation becomes solving an equation more。
S72:Alice sends: and sign=(s, c)；
S73: proof procedure:
The checking function of Bob is as follows:
VER_{ALICE}(s)=c '；Wherein, ALICE is PKI；
Bob calculates PKI according to the mark of Alice；
CPK_{Alice}=IPK_{Alice}+SPK_{Alice}=ALICE；
According to signed codevector sign=, (s c) calculates Bob；
s^{1}hG+s^{1}CALICE=(x_{1}', y_{1}')；
C '=(x_{1}’+y_{1}’)^{2}mod2^{m}；
If c=c ', signature is recognized。
Further, also including the method that realizes of key delivery protocol function, described key delivery protocol function is accomplished by:
RBOB=β；
RG=(x_{1}, y_{1})；
Key=(x_{1}+y_{1})^{2}mod2^{64or128}；
E_{key}(data)=code；
Wherein, r is less than the random number of n, β be pass to the key of the other side, E is the encryption function under symmetric key, key is the key for data encryption。
Further, described key delivery protocol, realize especially by following steps:
S81: the encryption function selecting Alice is as follows:
ENC_{BOB}(key)=β；
E_{key}(data)=code；
Wherein, ENC is nonasymmetric encryption function, and BOB is the other side's PKI, and r is random number；
The ciphering process of S82:Alice:
Calculate the synthesis PKI of Bob:
CPK_{Bob}=IPK_{Bob}+SPK_{Bob}=BOB；
Alice selects random number r, calculates:
RBOB=β；
RG=(x_{1}, y_{1})；
Key=(x_{1}+y_{1})^{2}mod2^{64(or128)}；
E_{key}(data)=code；
{ code, β } is sent to Bob by S83:Alice；
S84: select Bob DecryptDecryption function as follows:
DEC_{bob}(β)=key；
D_{key}(code)=data；
Wherein, DEC is asymmetric DecryptDecryption function, and bob is the private key of oneself；
The DecryptDecryption process of S85:Bob:
Decryption key is calculated with the synthesis private key bob of oneself；
(bob)^{1}β=rG=(x_{1}, y_{1})；
Key=(x_{1a}+y_{1})^{2}mod2^{64(or128)}；
D_{key}(code)=data。
The two of the purpose of the present invention are achieved through the following technical solutions:
The antiquantum computation attack of CPK public key system provided by the invention realize system, including PKI generation module, Digital Signature module, key transmission module；
Described PKI generation module, for entity identification is mapped as tagged keys, Split Key, is finally complex as synthesis key output, and described PKI generates process all to carry out in chip, deposits in the chips after secret variable used is encrypted,；E in described chip^{2}ROM, for preserving COS, front 8 row of combinatorial matrix A, permutation table, Hash key Hkey etc.；
Described Digital Signature module, is used for realizing digital signature protocol and indentification protocol, and by inputting and output is constituted, its input or output directly do not expose PKI or private key, PKI and private key occur with unsolvable sum form。
The input of described digital signature and authentication module, output factor are as follows:
Alice → signature blocks → (s, c)；
Alice, s → authentication module → c '；
Described key transmission module, is used for realizing key delivery protocol, and by inputting and output is constituted, its input or output directly do not expose PKI or private key, PKI and private key occur with unsolvable sum form。
The encrypting module of described key delivery protocol and the input of DecryptDecryption module, output factor are as follows:
Bob, data → encrypting module → code, β；
β, code → DecryptDecryption module → data；
Wherein, β contains the PKI BOB of Bob, but under the protection of random number。
It is an advantage of the current invention that: the present invention adopts CPK based on the public key system of mark, is generated by key and distribution combines, enormously simplify the complexity of key management。Large numbers of variablees are done system master key by CPK, it is ensured that the safety of system key。CPK is independent of any external support in signature and encryption operation, and then is greatly improved operational efficiency。
Quantum calculation make over cannot be carried out exhaustive become feasible。It is make exhaustive inefficacy that existing public key system tackles the fundamental solution of quantum calculation。The most efficient method making exhaustive inefficacy is not provide criterion。Without distinguishing rule, exhaustive speed is fast also meaningless again。In the equation aG=A of elliptic curve, when PKI A is open, A becomes distinguishing rule, make private key a exhaustive effectively。In order to not make PKI A become distinguishing rule, PKI A must maintain secrecy。Under existing public key system, only just can accomplish the secrecy of PKI based on the public key system of mark。
The further advantage of the present invention, target and feature will be illustrated to a certain extent in the following description, and to a certain extent, will be apparent to those skilled in the art based on to investigating hereafter, or can be instructed from the practice of the present invention。The objects and other advantages of the present invention can be passed through description below, claims, and structure specifically noted in accompanying drawing and realize and obtain。
Accompanying drawing explanation
In order to make the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, the present invention is described in further detail, wherein:
The calculation step comparison diagram of the calculation procedure of the quantum calculation that Fig. 1 provides for the embodiment of the present invention and electronic computer；
In the antiquantum computation attack of CPK public key system that Fig. 2 provides for the embodiment of the present invention, the key of private key generating function (center) generates and uses schematic diagram；
In the antiquantum computation attack of CPK public key system that Fig. 3 provides for the embodiment of the present invention, the key of PKI generating function (individuality) generates and uses schematic diagram。
Detailed description of the invention
Below with reference to accompanying drawing, the preferred embodiments of the present invention are described in detail；Should be appreciated that preferred embodiment is only for illustrating the present invention, rather than in order to limit the scope of the invention。
Owing to CPK has possessed the framework that can do with quantum computation attack, construct that also to have the system of vitality in the quantum epoch be possible。CPK adopts the method making quantum exhaustive computations lose meaning, tackles the exhaustive attack of quantum calculation so that existing public key system still can have vitality。As solved an equation: (a+b) mod13=7, mental arithmetic also can solve, but this equation is infinite solution, solves an equation or solve an equation more etc. that it solves unrelated with arithmetic speed due to infinite, it is possible to make exhaustive inefficacy。Any exhaustive only exist during a criterion just meaningful, if not giving complete criterion, or only gives incomplete criterion, makes exhaustive cause infinite solution or solve more, it is impossible to determines correct answer, exhaustive just loses meaning。Criterion when existing password and the method evaded are described below in conjunction with object lesson。
In existing unsymmetrical key, for ECC, aG=A, wherein a is private key, and A is PKI, and G is the basic point of elliptic curve。Basic point G is known facts, if again open for PKI A, then can exhaustive a, unique solution can be obtained, because A becomes criterion。PKI A is made not become the way only one of which of criterion, it is simply that to make PKI A become secret variable。But the key of existing public key system is distributed, and disclosing of PKI can only be leaned on to realize, such as PKI, as long as PKI A is open, just antiincessantly quantum calculation is exhaustive。But the distribution of the key of some system, it is possible to not disclosing by PKI, such as IBE, CPK etc.。At present, only it is possible to PKI to become secret variable based on the public key system of mark, accomplish to generate PKI to combine with PKI distribution to solve simultaneously, and then underground total key can be accomplished。As: the IBE in IBC, Weil pairing on discrete logarithm, twowire is to the multiple PKI DKP etc. on CPK, the RSA on upper LBP, elliptic curve。In the public key system based on mark, uniquely the disclosed factor of energy is the mark of each entity, and disclosing of identifying, unrelated with quantum computation attack, but the distribution for PKI provides foundation, and also the secrecy for PKI provides probability。
And for example in existing ECDSA signature agreement, signed codevector is with (s, c) represents, wherein s is signed codevector, and c is check and correction code。S and c is open variable, selects a random number k, first calculates c,
KG=(x_{0}, y_{0})(1)
C=x_{0}modn(2)
Then signed codevector is calculated:
S=k^{1}(h+calice)(3)
Wherein h is hash value, and alice is the private key of Alice。
In (2) formula, if x_{0}< n, then c directly exposes x_{0}, by the exhaustive k of (1) formula, obtaining private key alice by (3) formula。
Now change (2) formula into c=x_{0}mod2^{m}。Assume that key length is 192bit, m=40。Exhaustive x in (2) formula_{0}, it may appear that 2^{192}/2^{40}=2^{152}The individual x meeting c_{0}。2^{152}Individual possible x_{0}, produce 2 by (1) formula^{152}Individual possible k, returns to (3) formula, finally obtains 2^{152}Individual possible private key alice。This makes exhaustive to lose meaning。It practice, ECDSA agreement has just changed a modulus, change n into 2^{m}, when 2^{m}During < n, given criterion (such as c) is unsatisfactory for obtaining the requirement of unique solution, thus having no way of determining correct answer。Check and correction code does not need to take 192bit, and when taking 40bit, False Rate is only 1/2^{40}, but signature length is reduced to 32 bytes from 48 bytes, more applicable, and meet the principle that future network is energyconservation。
Be described below in detail how to generate a kind of resist quantum computation attack based on CPK public key system, the PKI of public key secret can be generated system method and digital signature protocol and password allocation management method:
In the antiquantum computation attack of CPK public key system that Fig. 2 provides for the embodiment of the present invention, the key of private key generating function (center) generates and uses schematic diagram, in the antiquantum computation attack of CPK public key system that Fig. 3 provides for the embodiment of the present invention, the key of PKI generating function (individuality) generates and uses schematic diagram, as shown in the figure: the antiquantum computation attack of CPK public key system provided by the invention realize method, by not providing or provide incomplete quantum exhaustive computations criterion, make quantum exhaustive computations become infinite solution or the PKI generation method solved thus being formed more, specifically include following steps:
S1: KMC generates private key matrix and PKI matrix A=(r_{I, j}, R_{I, j}), B=(q_{I, j}, Q_{I, j})；
S2: described PKI matrix is derived from by private key matrix by below equation:
r_{I, j}G=(x_{I, j}, y_{I, j})=R_{I, j}, q_{I, j}G=(x_{I, j}, y_{I, j})=Q_{I, j}
Wherein, r_{I, j}, q_{I, j}Represent private key matrix, R_{I, j}, Q_{I, j}Representing PKI matrix, r, q is less than the random number of n, i, the ranks number of j representing matrix；
S3: disclosed each entity identification being mapped to PKI matrix A and forms the procedure function of tagged keys, namely only expose input, output factor, its execution process is not exposed to outside function, the Hash including mark converts the displacement transformation etc. with hash value。
Charging in chip after described PKI matrix is encrypted, wherein front 8 row of matrix A are charged in EEPROM and are protected。Described secret variable disappears automatically when external device reads and analyzes。
Described tagged keys is implemented by following steps:
S31: described tagged keys is by identifying what the YS sequence of the ID conversion output of the Hash under Hash key Hkey realized:
Wherein, w_{0}Word length be 6bit, front 3bit instruction displacement sequence number, rear 3bit instruction displacement starting point；W_{1}..., w_{32}The rowcoordinate of instruction combinatorial matrix A, w_{1}..., w_{32}Word length be k_{1}Bit, the row of combinatorial matrix A is long for h_{1},8 row of combinatorial matrix A, through displacement transformation, permutation table is the table of 8 × 8；Permutation table be classified as displacement sequence number, behavior displacement starting point；
The row coordinate of combinatorial matrix A is unified after displacement is designated as t_{i}(i=1..32)
The identity private key isk of S32:Alice, is calculated by KMC:
The mark PKI IPK of S33:Alice, is calculated by relying party:
Wherein, R_{I, j}Represent PKI matrix, r_{I, j}Represent private key matrix, w_{i}Represent rowcoordinate, t_{i}Represent row coordinate。
In PKI generating function in described step S3, realize including the Hash conversion of mark and the displacement transformation of hash value, realize especially by following steps:
S34: described combinatorial matrix A is sized to h_{1}× 32, front 8 row of described combinatorial matrix A, through displacement transformation, write E after permutation table is encrypted^{2}ROM protects；
Now illustrate that displacement transformation is as follows:
Permutation table
Permutation table be classified as displacement sequence number, behavior displacement starting point。With sequence number for 3, starting point is 1 is example:
Also including the method that realizes of the formation of Split Key, described Split Key is implemented by following steps:
S35: described combinatorial matrix B is sized to h_{2}× 8, for the generation of Split Key。8 row of described combinatorial matrix B are through displacement transformation。
The segmentation private key ssk of S41:Alice is calculated by KMC:
S42: corresponding segmentation PKI SPK is calculated by relying party:
Wherein, combinatorial matrix B be sized to (h_{2}, 8), rowcoordinate is by the v in YS sequence_{i}Instruction, v_{0}Word length is 3bit instruction displacement sequence number before 6bit, Q, rear 3bit instruction displacement starting point, t_{i}The expression 8 row coordinates after displacement, i=1 ..., 8；Represent PKI matrix B,Represent private key matrix B；
v_{1}..., v_{32}The rowcoordinate of instruction combinatorial matrix B, word length is k_{2}Bit, the long h of row of combinatorial matrix B_{2},
The composition generation Alice of described tagged keys and Split Key synthesizes key and synthesis private key alice charges to the IDcard of Alice:
S51: described synthesis private key csk is calculated by KMC:
csk_{Alice}=(isk_{Alice}+ssk_{Alice}) modn=alice,
The calculating of the synthesis PKI CPK of S52:Alice carries out each relying party:
CPK_{Alice}=IPK_{Alice}+SPK_{Alice}=ALICE。
What also include public network key and private network key realizes method, and a public network can be included a lot of private network, described public network key and private network key and be realized by step in detail below:
S61: the generation of public network key, specifically includes following steps:
The key parameter of public network is defined by public network KMC (public network KMC), has and maintain secrecy in public network, including:
The variable of definition public network matrix A and length
The variable of definition public network matrix B and length
Definition public network Hash key Hkey；
The encryption key Mkey of definition public network matrix A and B
S62: the generation of private network key, specifically includes following steps:
The key parameter of private network is defined by each private network KMC (private network KMC), has and maintain secrecy in private network, including:
1) length of private network matrix A is defined
2) length of private network matrix B is defined
3) the Hash key Hkeyi of respective private network is defined；
S63: if a private network user, it is necessary to during with public network user intercommunication, described public network private key and private network private key would be simultaneously written the ID card of user。Described general private key and area private key are simultaneously written the ID card of user。
Also including the method that realizes of digital signature protocol function, described digital signature protocol function implements in the following manner:
By the in the digital signature protocol of ECDSA standard the 2nd article, namely
KG=(x_{2}, y_{1})；
C=x_{1}Modn；
S=k^{1}(h+calice) modn；
It is transformed into:
KG=(x_{1}, y_{1})；
C=(x_{1}+y_{1})^{2}mod2^{m}；
S=k^{1}(h+calice) modn；
Wherein, k is random number, G is elliptic curve basic point, (x_{1}, y_{1}) be the coordinate of point, c is check code, s to be signed codevector, h the be hash value of data, m be check code bit number。
Described digital signature protocol and indentification protocol, specifically include following steps:
S71:Alice signature process:
Select the signature function of following Alice:
SIG_{alice}(h)=(s, c)；Wherein, alice is private key, and h is Hash code, and s is signed codevector, and c is check code；
Select a random number k, proceed as follows:
KG=(x_{1}, y_{1})；
C=(x_{1}+y_{1})^{2}mod2^{m}；
S=k^{1}(h+calice) modn；
Wherein, the value of k is 0 < k < n, 2^{m}Selection for check code length；As m < n, formed and solve an equation more。
S72:Alice sends: and sign=(s, c)；
S73: proof procedure:
The checking function of Bob is as follows:
VER_{ALICE}(s)=c '；Wherein, ALICE is PKI；
Bob calculates PKI according to the mark of Alice；
CPK_{Alice}=IPK_{Alice}+SPK_{Alice}=ALICE；
According to signed codevector sign=, (s c) calculates Bob；
s^{1}hG+s^{1}CALICE=(x_{1}', y_{1}')；
C '=(x_{1}’+y_{1}’)^{2}mod2^{m}；
If c=c ', signature is recognized。
Also including the method that realizes of key delivery protocol function, described key delivery protocol function is accomplished by:
RBOB=β；
RG=(x_{1}, y_{1})；
Key=(x_{1}+y_{1})^{2}mod2^{64or128}；
E_{key}(data)=code；
Wherein, r is less than the random number of n, β be pass to the key of the other side, E is the encryption function of symmetric key, key is the key to data encryption。
Described cryptographic protocol, realizes especially by following steps:
S81: the encryption function selecting Alice is as follows:
ENC_{BOB}(key)=β；
E_{key}(data)=code；
Wherein, ENC is nonasymmetric encryption function, and BOB is the other side's PKI, and r is random number；
The ciphering process of S82:Alice:
Calculate the synthesis PKI of Bob:
CPK_{Bob}=IPK_{Bob}+SPK_{Bob}=BOB；
Alice selects random number r, calculates:
RBOB=β；
RG=(x_{1}, y_{1})；
Key=(x_{1}+y_{1})^{2}mod2^{64(or128)}；
E_{key}(data)=code；
{ code, β } is sent to Bob by S83:Alice；
S84: select Bob DecryptDecryption function as follows:
DEC_{bob}(β)=key；
D_{key}(code)=data；
Wherein, DEC is asymmetric DecryptDecryption function, and bob is the private key of oneself；
The DecryptDecryption process of S85:Bob:
Decryption key is calculated with the general private key bob of oneself；
(bob)^{1}β=rG=(x_{1}, y_{1})；
Key=(x_{1a}+y_{1})^{2}mod2^{64(or128)}；
D_{key}(code)=data。
The antiquantum computation attack of CPK public key system provided by the invention realize system, including PKI generation module, Digital Signature module, key transmission module；
Described PKI generation module, for entity identification is mapped as tagged keys and Split Key, is finally complex as the output of synthesis honeymoon, and described PKI generates process all to carry out in chip, leaves E in after secret variable used is encrypted^{2}In ROM；Described band E^{2}The chip of ROM is for preserving COS, front 8 row of combinatorial matrix A, permutation table, Hash riddle Hkey etc.；
Described Digital Signature module, is used for realizing digital signature and indentification protocol, by inputting and output is constituted, and input and directly do not expose PKI in output and private key, PKI and private key occur with unsolvable sum form。
The input of described digital signature and authentication module, output factor are as follows:
Alice → signature blocks → (s, c)；
Alice, s → authentication module → c '；
Described key transmission module, is used for realizing key delivery protocol, and by inputting and output is constituted, input and output directly do not expose PKI and private key, PKI and private key occur with unsolvable sum form。
The input of cryptographic protocol and DecryptDecryption agreement in described key transmission module, output factor are as follows:
Bob, data → encrypting module → code, β；
β, code → DecryptDecryption module → data；
Wherein, β contains the PKI BOB of Bob, but under the protection of random number；
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, it is clear that the present invention can be carried out various change and modification without deviating from the spirit and scope of the present invention by those skilled in the art。So, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification。
Claims (10)
 The antiquantum computation attack of 1.CPK public key system realize method, it is characterized in that: by not providing or provide incomplete criterion, exhaustive or infinite can not solve an equation thus being formed, generating method with the PKI of quantum computation attack of contending with, specifically including following steps:S1: KMC generates combinatorial matrix A=(r_{i,j}, R_{i,j}) and B=(q_{i,j},Q_{i,j})；Combinatorial matrix includes PKI matrix and private key matrix；S2: described PKI matrix is derived from by private key matrix by below equation:r_{i,j}G=(x_{i,j},y_{i,j})=R_{i,j}；Q_{i,j}G=(x_{i,j},y_{i,j})=Q_{i,j}Wherein, r_{i,j}、q_{i,j}Represent private key matrix, R_{i,j}、Q_{i,j}Represent PKI matrix, i, the ranks number of j representing matrix；Parameter G is a basic point of elliptic curve, the coordinate x of xaxis_{ij}Represent, the coordinate y of yaxis_{ij}Labelling；S3: disclosed each entity identification is mapped to combinatorial matrix A and forms tagged keys, by the generation procedure function of tagged keys, i.e. only expose input, output, its execution process is not exposed to outside function, and the hash including mark converts the displacement transformation with hash value；Described tagged keys is implemented by following steps:S31: described tagged keys is the YS sequence realization by identifying the ID conversion output of the Hash under specific key Hkey:
$YS={\mathrm{Hash}}_{{\mathrm{Hkey}}_{i}}\left(ID\right)={w}_{0},{w}_{1},{w}_{2},...,{w}_{32};{v}_{0},...,{v}_{7};$ Wherein, w_{0}Word length be 6bit, front 3bit instruction displacement sequence number, rear 3bit instruction displacement starting point；Hkey is the key being exclusively used in and mark ID carrying out Hash conversion；I represents that a public network includes the ith private network of multiple private network；w_{1}..., w_{32}The rowcoordinate of instruction combinatorial matrix A, w_{1}..., w_{32}Word length be k_{1}Bit, the row of combinatorial matrix A is long for h_{1},8 row of combinatorial matrix A are through displacement transformation；Permutation table is the table of 8 × 8；It is classified as displacement sequence number, behavior displacement starting point；The row coordinate of combinatorial matrix A is designated generally as t after displacement_{1}..., t_{32}；Wherein, combinatorial matrix B be sized to (h_{2}, 8), rowcoordinate is by the v in YS sequence_{i}Instruction, v_{0}Word length is 6bit, front 3bit instruction displacement sequence number, rear 3bit instruction displacement starting point；PKI matrix variables and the private key matrix variables of combinatorial matrix B are used respectivelyWithRepresent；V_{0}..., v_{7}The rowcoordinate of instruction combinatorial matrix B, word length is k_{2}Bit, the row of combinatorial matrix B is long for h_{2},Combinatorial matrix B can provide (h_{2})^{8}Individual different Split Key, Split Key allows to reuse, and user is divided into different groups, and every a group shares a Split Key；The identity private key isk of S32:Alice, is calculated by KMC:${\mathrm{isk}}_{Alice}=\underset{i=1}{\overset{32}{\Σ}}{r}_{{w}_{i},{t}_{i}}\mathrm{mod}n;$ Wherein, footmark w_{i}It is r_{i,j}Rowcoordinate, t_{i}It is r_{i,j}The natural sequence number redefined after displacement；N is the rank of elliptic curve；The mark PKI IPK of S33:Alice, is calculated by relying party:${\mathrm{IPK}}_{Alice}=\underset{i=1}{\overset{32}{\Σ}}{R}_{{w}_{i},{t}_{i}};$ Wherein, footmark w_{i}It is R_{i,j}Rowcoordinate, t_{i}It is R_{i,j}The natural sequence number redefined after displacement；In described step S3, the generation of tagged keys is by carrying out under the displacement transformation effect of Hash function and permutation table, and wherein, permutation table DiskTable and Hash key Hkey is secret variable, realizes especially by following steps:S34: described combinatorial matrix A is sized to h_{1}× 32, encipherment protection；The front 8 row write EEPROM of described combinatorial matrix A protect and through displacement transformation；S35: described combinatorial matrix B is sized to h_{2}× 8, encipherment protection；8 row of described combinatorial matrix B are through displacement transformation；H_{2}Represent that the row of combinatorial matrix B is long for h_{2}。  2. the antiquantum computation attack of CPK public key system according to claim 1 realize method; it is characterized in that: leave in chip after described combinatorial matrix A is encrypted; its front 8 row then leave in EEPROM to be protected; the generation process of described mark PKI all carries out in chip, and the variable in EEPROM disappears automatically when external device reads and analyzes。
 3. the antiquantum computation attack of CPK public key system according to claim 1 realize method, it is characterised in that: also including the method that realizes of the formation of Split Key, described Split Key is implemented by following steps:The segmentation private key of S41:Alice is calculated by KMC:
${\mathrm{ssk}}_{Alice}=\underset{i=1}{\overset{8}{\Σ}}{q}_{{\mathrm{\ν}}_{i},{t}_{i}}\mathrm{mod}n;$ S42: corresponding segmentation PKI is calculated by relying party:${\mathrm{SPK}}_{Alice}=\underset{i=1}{\overset{8}{\Σ}}{Q}_{{v}_{i},{t}_{i}};$ Wherein, combinatorial matrix B be sized to (h_{2}, 8), rowcoordinate is by the v in YS sequence_{i}Instruction, v_{0}Word length is 6bit, front 3bit instruction displacement sequence number, rear 3bit instruction displacement starting point；PKI matrix variables and the private key matrix variables of combinatorial matrix B are used respectivelyWithRepresent；V_{0}..., v_{7}The rowcoordinate of instruction combinatorial matrix B, word length is k_{2}Bit, the row of combinatorial matrix B is long for h_{2},Combinatorial matrix B can provide (h_{2})^{8}Individual different Split Key, Split Key allows to reuse, and user is divided into different groups, and every a group shares a Split Key。  4. the antiquantum computation attack of CPK public key system according to claim 3 realize method, it is characterized in that: the composition generation Alice of described tagged keys and Split Key synthesizes key and synthesis private key alice charges to the IDcard of Alice, and synthesis key includes synthesis private key and synthesizes PKI:S51: synthesis private key csk is calculated by KMC:csk_{Alice}=(isk_{Alice}+ssk_{Alice}) modn=alice,The calculating of the synthesis PKI CPK of S52:Alice carries out each relying party:CPK_{Alice}=IPK_{Alice}+SPK_{Alice}=ALICE。
 5. the antiquantum computation attack of CPK public key system according to claim 4 realize method, it is characterized in that: what also include public network key and private network key realizes method, one public network is included a lot of private network, public network key and private network key and is realized by step in detail below:S61: the generation of public network key, specifically includes following steps:The key parameter of public network is defined by public network KMC and public network KMC, has and maintain secrecy in public network, including:Define variable and the length of the first public network matrixDefine variable and the length of the second public network matrixDefinition public network Hash key Hkey；Define the encryption key Mkey of first, second public network matrix；S62: the generation of private network key, specifically includes following steps:The key parameter of private network is defined by each private network KMC and private network KMC, has and maintain secrecy in private network, including:Define the length of the first private network matrixDefine the length of the second private network matrixDefine the Hash key Hkey of first, second private network matrix_{i}；S63: if a private network user, it is necessary to during with public network user intercommunication, described public network key and private network key would be simultaneously written the ID card of user。
 6. the antiquantum computation attack of CPK public key system according to claim 5 realize method, it is characterised in that: also including the method that realizes of digital signature protocol function, described digital signature protocol function implements in the following manner:By the in the digital signature protocol of ECDSA standard the 2nd article, namelyKG=(x_{1},y_{1})；C=x_{1}Modn；S=k^{1}(h+calice) modn；It is transformed into:KG=(x_{1},y_{1})；C=(x_{1}+y_{1})^{2}mod2^{m}；S=k^{1}(h+calice) modn；Wherein, k is random number, and G is the basic point of elliptic curve, (x_{1}, y_{1}) it is the coordinate put, c is check code, and s is signed codevector, and h is the hash value of data, and m is the bit number of check code。
 7. the antiquantum computation attack of CPK public key system according to claim 6 realize method, it is characterised in that: described digital signature protocol and indentification protocol, specifically include following steps:S71:Alice signature process:Select the signature function of following Alice:SIG_{alice}(h)=(s, c)；Wherein, alice is synthesis private key, and h is Hash code, and s is signed codevector, and c is check code；Select a random number k, proceed as follows:KG=(x_{1}, y_{1})；C=(x_{1}+y_{1})^{2}mod2^{m}；S=k^{1}(h+calice) modn；Wherein, the value of k is 0 < k < n, 2^{m}Selection for check code length；As m, < during n, equation becomes solving an equation more；S72:Alice sends: SIG_{alice}(h)=(s, c)；S73: proof procedure:The checking function of Bob is as follows:VER_{ALICE}(s)=c '；Wherein, ALICE is synthesis PKI；Bob calculates synthesis PKI according to the mark of Alice；CPK_{Alice}=IPK_{Alice}+SPK_{Alice}=ALICE；Bob is according to signature function SIG_{alice}(h)=(s, c) calculates:s^{1}hG+s^{1}CALICE=(x_{1}', y_{1}')；C '=(x_{1}’+y_{1}’)^{2}mod2^{m}；If c=c ', signature is recognized。
 8. the antiquantum computation attack of CPK public key system according to claim 7 realize method, it is characterised in that: also including the method that realizes of key delivery protocol function, described key delivery protocol function is accomplished by:RBOB=β；RG=(x_{1}, y_{1})；Key=(x_{1}+y_{1})^{2}mod2^{64}Or key=(x_{1}+y_{1})^{2}mod2^{128}；E_{key}(data)=code；Wherein, r is less than the random number of n, and β is the key passing to the other side, and E is asymmetric encryption function, and key is the key for data encryption, and BOB is the PKI of Bob, and data is the data before encryption, and code is the password after encryption。
 9. the antiquantum computation attack of CPK public key system according to claim 8 realize method, it is characterised in that: described key delivery protocol, especially by following steps realize:S81: the encryption function selecting Alice is as follows:ENC_{BOB}(key)=β；E_{key}(data)=code；Wherein, ENC is nonasymmetric encryption function, and BOB is the other side's PKI, and r is random number；The ciphering process of S82:Alice:Calculate the general public key of Bob:CPK_{Bob}=IPK_{Bob}+SPK_{Bob}=BOB；Alice selects random number r, calculates:RBOB=β；RG=(x_{1}, y_{1})；Key=(x_{1}+y_{1})^{2}mod2^{64}Or key=(x_{1}+y_{1})^{2}mod2^{128}；E_{key}(data)=code；{ code, β } is sent to Bob by S83:Alice；S84: select Bob DecryptDecryption function as follows:DEC_{bob}(β)=key；D_{key}(code)=data；Wherein, DEC is asymmetric DecryptDecryption function, and bob is the synthesis private key of Bob；The DecryptDecryption process of S85:Bob:Decryption key is calculated with the synthesis private key bob of Bob；(bob)^{1}β=rG=(x_{1}, y_{1})；Key=(x_{1}+y_{1})^{2}mod2^{64}Or key=(x_{1}+y_{1})^{2}mod2^{128}；DecryptDecryption function D_{key}(code)=data。
 10.CPK the antiquantum computation attack of public key system realize system, it is characterised in that: include PKI generation module, Digital Signature module and key transmission module；Described PKI generation module, for entity identification is mapped as tagged keys, Split Key, is finally complex as synthesis PKI output, and PKI generates process all to carry out in chip, deposits in the chips after secret variable is encrypted；EEPROM in described chip, for preserving COS, front 8 row of combinatorial matrix A, permutation table, Hash key Hkey, COS are ChipOperatingSystem, are independently developed chip operating systems；Described Digital Signature module, is used for realizing digital signature and protocol verification, by inputting and output is constituted, and input and directly do not expose PKI in output and private key, PKI and private key occur with unsolvable sum form；The input of described digital signature and protocol verification, output factor are as follows:Alice → signature blocks → (s, c)；Alice, s → authentication module → c '；Containing signature function SIG in signature blocks_{alice}H ()=(s, c), s is signed codevector, and c is check code, containing checking function VER in authentication module_{ALICE}(s)=c '；Described key transmission module, is used for realizing key delivery protocol, and by inputting and output is constituted, input and output directly do not expose PKI and private key, PKI and private key occur with unsolvable sum form；The encrypting module of described key delivery protocol and the input of DecryptDecryption module, output factor are as follows:Bob, data → encrypting module → code, β；β, code → DecryptDecryption module → data；Wherein, Alice and Bob is name；β is the key passing to the other side, and data is the data before encryption, and code is the password after encryption, contains the PKI BOB of Bob in β, but under the cryptographic key protection of random definition；Described tagged keys is implemented by following steps:S31: described tagged keys is the YS sequence realization by identifying the ID conversion output of the Hash under Hash key Hkey:YS=Hash_{Hkeyi}(ID)=w_{0}, w_{1}, w_{2}..., w_{32}；V_{0}..., v_{7}；Wherein, w_{0}Word length be 6bit, front 3bit instruction displacement sequence number, rear 3bit instruction displacement starting point；Hkey is the key being exclusively used in and mark ID carrying out Hash conversion；I represents that a public network includes the ith private network of multiple private network；w_{1}..., w_{32}The rowcoordinate of instruction combinatorial matrix A, w_{1}..., w_{32}Word length be k_{1}Bit, the row of combinatorial matrix A is long for h_{1},8 row of combinatorial matrix A are through displacement transformation；Permutation table is the table of 8 × 8；It is classified as displacement sequence number, behavior displacement starting point；KMC generates combinatorial matrix A=(r_{i,j}, R_{i,j}) and B=(q_{i,j},Q_{i,j})；Combinatorial matrix includes PKI matrix and private key matrix；PKI matrix is derived from by private key matrix by below equation:r_{i,j}G=(x_{i,j},y_{i,j})=R_{i,j}；Q_{i,j}G=(x_{i,j},y_{i,j})=Q_{i,j}Wherein, r_{i,j}、q_{i,j}Represent private key matrix, R_{i,j}、Q_{i,j}Represent PKI matrix, i, the ranks number of j representing matrix；Parameter G is a basic point of elliptic curve, the coordinate x of xaxis_{ij}Represent, the coordinate y of yaxis_{ij}Labelling；The row coordinate of combinatorial matrix A is designated generally as t after displacement_{1}..., t_{32}；The identity private key isk of S32:Alice, is calculated by KMC:
${\mathrm{isk}}_{Alice}=\underset{i=1}{\overset{32}{\Σ}}{r}_{{w}_{i},{t}_{i}}\mathrm{mod}n;$ Wherein, footmark w_{i}It is r_{i,j}Rowcoordinate, t_{i}It is r_{i,j}The natural sequence number redefined after displacement；N is the rank of elliptic curve；The mark PKI IPK of S33:Alice, is calculated by relying party:${\mathrm{IPK}}_{Alice}=\underset{i=1}{\overset{32}{\Σ}}{R}_{{w}_{i},{t}_{i}};$ Wherein, footmark w_{i}It is R_{i,j}Rowcoordinate, t_{i}It is R_{i,j}The natural sequence number redefined after displacement；The generation of tagged keys is by carrying out under the displacement transformation effect of Hash function and permutation table, and wherein, permutation table DiskTable and Hash key Hkey is secret variable, realizes especially by following steps:S34: described combinatorial matrix A is sized to h_{1}× 32, encipherment protection；The front 8 row write EEPROM of described combinatorial matrix A protect and through displacement transformation；S35: described combinatorial matrix B is sized to h_{2}× 8, encipherment protection；8 row of described combinatorial matrix B are through displacement transformation；H_{2}Represent that the row of combinatorial matrix B is long for h_{2}；Also including the method that realizes of the formation of Split Key, described Split Key is implemented by following steps:The segmentation private key of S41:Alice is calculated by KMC:${\mathrm{ssk}}_{Alice}=\underset{i=1}{\overset{8}{\Σ}}{q}_{{\mathrm{\ν}}_{i},{t}_{i}}\mathrm{mod}n;$ S42: corresponding segmentation PKI is calculated by relying party:${\mathrm{SPK}}_{Alice}=\underset{i=1}{\overset{8}{\Σ}}{Q}_{{v}_{i},{t}_{i}};$ Wherein, combinatorial matrix B be sized to (h_{2}, 8), rowcoordinate is by the v in YS sequence_{i}Instruction, v_{0}Word length is 6bit, front 3bit instruction displacement sequence number, rear 3bit instruction displacement starting point；PKI matrix variables and the private key matrix variables of combinatorial matrix B are used respectivelyWithRepresent；V_{0}..., v_{7}The rowcoordinate of instruction combinatorial matrix B, word length is k_{2}Bit, the row of combinatorial matrix B is long for h_{2},Combinatorial matrix B can provide (h_{2})^{8}Individual different Split Key, Split Key allows to reuse, and user is divided into different groups, and every a group shares a Split Key；The composition generation Alice of tagged keys and Split Key synthesizes key and synthesis private key alice charges to the IDcard of Alice:S51: synthesis private key csk is calculated by KMC:csk_{Alice}=(isk_{Alice}+ssk_{Alice}) modn=alice,The calculating of the synthesis PKI CPK of S52:Alice carries out each relying party:CPK_{Alice}=IPK_{Alice}+SPK_{Alice}=ALICE。
Priority Applications (1)
Application Number  Priority Date  Filing Date  Title 

CN201210057883.0A CN102664732B (en)  20120307  20120307  The antiquantum computation attack of CPK public key system realize method and system 
Applications Claiming Priority (1)
Application Number  Priority Date  Filing Date  Title 

CN201210057883.0A CN102664732B (en)  20120307  20120307  The antiquantum computation attack of CPK public key system realize method and system 
Publications (2)
Publication Number  Publication Date 

CN102664732A CN102664732A (en)  20120912 
CN102664732B true CN102664732B (en)  20160622 
Family
ID=46774152
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

CN201210057883.0A CN102664732B (en)  20120307  20120307  The antiquantum computation attack of CPK public key system realize method and system 
Country Status (1)
Country  Link 

CN (1)  CN102664732B (en) 
Families Citing this family (14)
Publication number  Priority date  Publication date  Assignee  Title 

CN105024811B (en) *  20150706  20180713  上海大学  A kind of Shor quantum attack methods for public key cryptography ECC 
CN105577373B (en) *  20151215  20181019  四川长虹电器股份有限公司  Identify the generation method of secret key 
US10133603B2 (en)  20170214  20181120  Bank Of America Corporation  Computerized system for realtime resource transfer verification and tracking 
US10454892B2 (en)  20170221  20191022  Bank Of America Corporation  Determining security features for external quantumlevel computing processing 
US10447472B2 (en)  20170221  20191015  Bank Of America Corporation  Block computing for information silo 
US10243976B2 (en)  20170224  20190326  Bank Of America Corporation  Information securities resource propagation for attack prevention 
US10440051B2 (en)  20170303  20191008  Bank Of America Corporation  Enhanced detection of polymorphic malicious content within an entity 
US10284496B2 (en)  20170303  20190507  Bank Of America Corporation  Computerized system for providing resource distribution channels based on predicting future resource distributions 
US10270594B2 (en)  20170306  20190423  Bank Of America Corporation  Enhanced polymorphic quantum enabled firewall 
US10437991B2 (en)  20170306  20191008  Bank Of America Corporation  Distractional variable identification for authentication of resource distribution 
US10412082B2 (en)  20170309  20190910  Bank Of America Corporation  Multivariable composition at channel for multifaceted authentication 
US10440052B2 (en)  20170317  20191008  Bank Of America Corporation  Realtime linear identification of resource distribution breach 
US10476854B2 (en)  20170420  20191112  Bank Of America Corporation  Quantum key distribution logon widget 
CN107689867A (en) *  20170908  20180213  南相浩  A kind of cryptographic key protection method and system under open environment 
Citations (3)
Publication number  Priority date  Publication date  Assignee  Title 

EP1050133B1 (en) *  19980102  20060503  Cryptography Research Inc.  Leakresistant cryptographic method and apparatus 
CN1832403A (en) *  20060424  20060913  北京易恒信认证科技有限公司  CPK credibility authorization system 
CN102104479A (en) *  20091216  20110622  索尼公司  Quantum public key encryption system, key generation method, encryption method, and decryption method 

2012
 20120307 CN CN201210057883.0A patent/CN102664732B/en not_active IP Right Cessation
Patent Citations (3)
Publication number  Priority date  Publication date  Assignee  Title 

EP1050133B1 (en) *  19980102  20060503  Cryptography Research Inc.  Leakresistant cryptographic method and apparatus 
CN1832403A (en) *  20060424  20060913  北京易恒信认证科技有限公司  CPK credibility authorization system 
CN102104479A (en) *  20091216  20110622  索尼公司  Quantum public key encryption system, key generation method, encryption method, and decryption method 
Also Published As
Publication number  Publication date 

CN102664732A (en)  20120912 
Similar Documents
Publication  Publication Date  Title 

Trappe  Introduction to cryptography with coding theory  
Paar et al.  Understanding cryptography: a textbook for students and practitioners  
Lindell et al.  A proof of security of Yao’s protocol for twoparty computation  
US8171289B2 (en)  Method and apparatus to provide authentication and privacy with low complexity devices  
Talbot et al.  Complexity and cryptography: an introduction  
Buchmann  Introduction to cryptography  
US7634091B2 (en)  System and method of hiding cryptographic private keys  
Katz et al.  Handbook of applied cryptography  
CN101420300B (en)  Double factor combined public key generating and authenticating method  
Paul et al.  RC4 stream cipher and its variants  
Huang et al.  Costeffective authentic and anonymous data sharing with forward security  
US6307938B1 (en)  Method, system and apparatus for generating selfvalidating prime numbers  
EP1834438B1 (en)  Cryptography related to keys  
CN101340282A (en)  Generation method of composite public key  
KR19990082665A (en)  Common key communication method  
US9998445B2 (en)  Authentication system  
JP4546231B2 (en)  IDbased signature and encryption system and method  
JP4575251B2 (en)  Digital signature generation apparatus, digital signature verification apparatus, digital signature generation method, digital signature verification method, digital signature generation program, and digital signature verification program  
JP2004523183A (en)  Data, method and apparatus for information and functions conversion camouflage  
US7000110B1 (en)  Oneway function generation method, oneway function value generation device, proving device, authentication method, and authentication device  
US7680270B2 (en)  System for elliptic curve encryption using multiple points on an elliptic curve derived from scalar multiplication  
EP1895739A2 (en)  Encrypting device, decrypting device, information system, encrypting method, decrypting method, and program  
JP2008513811A (en)  Calculation conversion method and system  
JPWO2006077651A1 (en)  Encryption processor with tamper resistance against power analysis attacks  
CN103414569B (en)  A kind of method of the public key cryptography setting up attack resistance 
Legal Events
Date  Code  Title  Description 

PB01  Publication  
C06  Publication  
SE01  Entry into force of request for substantive examination  
C10  Entry into substantive examination  
GR01  Patent grant  
C14  Grant of patent or utility model  
CF01  Termination of patent right due to nonpayment of annual fee 
Granted publication date: 20160622 Termination date: 20180307 

CF01  Termination of patent right due to nonpayment of annual fee 