Background technology
Along with the development of the communication technology, it is more and more important that communication security becomes.Present two kinds of popular data encryption systems: symmetric key cryptography and asymmetric-key encryption method.Symmetric cryptography method such as DES, AES commonly used.The unsymmetrical key method is called again the public-key cryptography method, unsymmetrical key method such as RSA commonly used, ECC etc.
In the secret key encryption communication system of using symmetric key encryption algorithm to communicate, communicating pair need to be arranged a key, it is relatively fixing, and symmetric key encryption algorithm is disclosed, be easy under attack, and the time grown this fixed key and guessed by the attacker easily and cause whole system collapse.
If communicating pair uses interim random key, the method for one-time pad key has increased the difficulty of attacking undoubtedly, may survey by guess hardly the way of key and attack cipher key system.Even certain temporary key of once communicating by letter is guessed, can not have influence on the fail safe of the communication of other node or communication next time yet.But, be that the both sides of communication also still need interchange key in the interim key situation at random at key, to keep both sides' key agreement.Therefore, the risk that in the process of interchange key, still exists key to be intercepted.This just needs a kind of safe cipher key exchange mechanism.
The method that proposes first openly to transmit key in communication is the Diffie-Hellman that is proposed by Dai Fei and Hellman, and referred to as DH cipher key change system, it is not cryptographic algorithm, but can be in network open transmission security key.The purpose of this Internet Key Exchange is so that two user security ground exchange keys for use in later message encryption.
The validity of DH Diffie-Hellman depends on the difficulty of calculating discrete logarithm.In brief, can be such as the discrete logarithm of giving a definition: at first define the primitive root of a prime number p, for its each time power produces all integer roots from 1 to P-1, that is to say, if a is a primitive root of prime number p, numerical value amod p so, a
2Mod p ..., a
P-1Mod p (here, mod is modulo operation symbol) is different integer, and has formed all integers from 1 to p-1 with certain arrangement mode.
A primitive root a for an integer b and prime number p can find unique index i, so that:
B=a
iMod p is 0≤i≤(p-1) wherein
Index i is called discrete logarithm or the index of the mould p take a as radix of b.This value is designated as ind
A, p(b).
Based on this, can define the DH Diffie-Hellman.This arthmetic statement is as follows:
(a) two disclosed parameters of the overall situation are arranged, a prime number q and an integer a, a are the primitive roots of q.
(b) suppose that user A and B wish to exchange a key, user A selects the random number XA as a private cipher key<q, and calculates public-key cryptography YA=a
XAMod q.User A maintains secrecy to the value of XA and deposits and YA can openly be obtained by user B.Similarly, user B selects a privately owned random number XB<q, and calculates public-key cryptography YB=a
XBMod q.User B maintains secrecy to the value of XB and deposits and YB can openly be obtained by user A.
(c) calculating formula of user A generation shared secret key is K=(YB)
XAMod q.Equally, the calculating formula of user B generation shared secret key is K=(YA)
XBMod q.These two are calculated the identical result of generation:
K=(YB)
XA?mod?q
=(a
XB?mod?q)
XA?mod?q
=(a
XB)
XAMod q (obtaining according to the modulo operation rule)
=a
XB?XA?mod?q
=(a
XA)
XBmod?q
=(a
XA?mod?q)
XB?mod?q
=(YA)
XB?mod?q
Therefore, be equivalent to both sides and exchanged an identical privacy key.
(d) because XA and XB maintain secrecy, the utilizable parameter of attacker only has q, a, YA and YB.Thereby the attacker is forced to get discrete logarithm and determines key.For example, obtain the privacy key of user B, the attacker must calculate first XB=ind
A, q(YB), and then the same method that adopts of user B calculate its secret key K.
The fail safe of DH Diffie-Hellman depends on such fact: although calculating is relatively easy take a prime number as the index of mould, it is very difficult to calculate discrete logarithm.For large prime number, it almost is impossible calculating discrete logarithm.
Although DH cipher key change system is safer at present, its operand is very large.In the DH algorithm, in order to realize the cipher key change of 30 bits, 9223372036854775807 (64 bit) the power mould that may need to calculate 2147483647 (32 bits) is except 1073741824 (30 bits), and such calculating generally can only realize at large-scale computer and minicomputer.And if the attacker will crack this key of 30 method of exhaustion Brute Force, can finish in a few minutes with current ordinary PC.If key length is brought up to 64, its amount of calculation will be sizable.Although the optimization method of a lot of DH methods is arranged now, so that can realize the DH exchange at PC, operand also is very considerable.
For key exchange method much other methods (the cipher key change system that arranges such as finding the solution difficulty based on Linear Indeterminate Equation) are arranged also, although operand can be than the operand of DH little several orders of magnitude, but equally all be based on the setting of mathematics np problem, its common feature all is that the mathematical operation amount is large especially, and it is very difficult to separate this mathematical problem.But the mathematics np problem is not without the problem of separating, and along with deepening continuously of technological progress and research, may find a more effective mathematical method to separate this np problem, and these methods will lose efficacy when the time comes.
Therefore, need key exchange method and the system that a kind of operand is less and be difficult for cracking.
Summary of the invention
The object of the present invention is to provide a kind of key exchange method for be encrypted the communication system of communication at the use key, this key exchange method only needs less operand can realize the exchange of encryption key, and is difficult for being cracked.
An aspect of of the present present invention provides a kind of key exchange method for the secret key encryption communication system, and it is characterized in that comprising: the first communication node generates the first random number, and first random number that will generate sends to the second communication node; The second communication node generates the second random number, and second random number that will generate sends to the first communication node; The first communication node carries out predetermined operation to the first random number and the second random number, to generate seed random number, and the first communication node uses in advance cryptographic algorithm and the primary key with the second communication node determination that seed random number is encrypted, to generate encryption key; The second communication node carries out predetermined operation to the first random number and the second random number, to generate seed random number, and the use of second communication node is encrypted seed random number with cryptographic algorithm and the primary key that the first communication node is determined in advance, to generate encryption key.
Preferably, the step that the second random number that generates is sent to the first communication node can comprise: the second communication node sends to the first communication node with the equipment mark code of the second random number and second communication node, wherein, the first communication node uses the equipment mark code of second communication node that primary key is disperseed computing, and use the primary key after the process dispersion computing that seed random number is encrypted, to generate encryption key.
Preferably, the second communication node can use the equipment mark code of second communication node that primary key is disperseed computing, and uses the primary key after the process dispersion computing that seed random number is encrypted, to generate encryption key.
Preferably, described predetermined operation can be splicing processing, addition, subtract each other, one of multiplies each other.
Preferably, described cryptographic algorithm can be DES Cipher, one of triple DES 3DES, Advanced Encryption Standard AES.
Preferably, the first communication node also can will be used for the numbering of mark encryption algorithm and/or send to the second communication node for the numbering that identifies primary key, wherein, the first communication node and second communication node are selected the cryptographic algorithm and/or the primary key that use when seed random number is encrypted from predetermined multiple encryption algorithms and/or a plurality of primary key based on the numbering that is used for the mark encryption algorithm and/or the numbering that is used for the sign primary key.
Preferably, the first communication node also can send to the second communication node with the first numbering that is used for one of mark encryption algorithm and primary key, wherein, the first communication node and second communication node are selected one of the cryptographic algorithm used when seed random number is encrypted and primary key based on the first numbering from the first communication node and the predetermined multiple encryption algorithms of second communication node and a plurality of primary key, the second communication node also will send to the second communication node for another the second numbering of mark encryption algorithm and primary key, wherein, the first communication node and second communication node are selected the cryptographic algorithm used when seed random number is encrypted and in the primary key another based on the second numbering from the first communication node and the predetermined multiple encryption algorithms of second communication node and a plurality of primary key.
Preferably, primary key can comprise many original sub-keys, and the first communication node and second communication node use described many original sub-keys that seed random number is encrypted one by one.
Preferably, cryptographic algorithm and primary key can be being stored in the first communication node and the second communication node from the accessed form in outside.
Preferably, cryptographic algorithm and primary key can be stored in the first safety means and the second safety means, and the first safety means only can be by the access of the first communication node, and the second safety means only can be by the second communication node visit.
In addition, can send the first random number and the second random number with plaintext or encrypted test mode.
According to key exchange scheme of the present invention, communication node can expressly send random number.Because cryptographic algorithm and key that random number is encrypted are not sent out, even random number is intercepted and captured like this, also can't obtain exactly the encryption key for communication in transmission course.Simultaneously, after communication node exchanges random number mutually, do not need as existing DH key exchange scheme, to calculate in a large number, but only need to after receiving the other side's random number, both sides be encrypted random number with primary key, this needs amount of calculation seldom comparatively speaking, thereby has accelerated cipher key change speed.
Will be in ensuing description part set forth the present invention other aspect and/or advantage, some will be clearly by describing, and perhaps can learn through enforcement of the present invention.
Embodiment
Now, describe more fully with reference to the accompanying drawings different example embodiment, wherein, some exemplary embodiments are shown in the drawings.
Embodiment 1
Fig. 1 illustrates the flow chart according to the key exchange method that is used for the secret key encryption system of exemplary embodiment of the present invention.
In the secret key encryption communication system shown in Fig. 1, there are communication node A and communication node B as communicating pair.Communication node A and communication node B can be various communication equipments.
In step 101, communication node A generates random number R
A, and with the random number R that generates
ASend to communication node B.
In step 102, communication node B generates random number R
B, and with the random number R that generates
BSend to communication node A.
In step 103, communication node A is based on random number R
AAnd random number R
BGenerate the key K that is used for secret key encryption communication
A
Specifically, communication node A is to random number R
AAnd random number R
BThe computing of being scheduled to is to obtain seed random number R
CFor example, this predetermined computing can be splicing, addition, subtract each other, multiplies each other etc.When splicing, if random number R
ALength be n byte, random number R
BLength be m byte, then the length of spliced seed random number is n+m byte.
For example, random number R
ALength be 8 bytes, random number R
BLength be 8 bytes, the length of spliced seed random number is 16 bytes.
Subsequently, communication node A uses in advance the cryptographic algorithm of consulting with communication node B and primary key K to seed random number R
CBe encrypted, to obtain the key K for secret key encryption communication
A
In step 104, communication node B is based on random number R
AAnd random number R
BGenerate the key K that is used for secret key encryption communication
A
Specifically, communication node B is to random number R
AAnd random number R
BThe computing of being scheduled to is to obtain seed random number R
CSubsequently, communication node B uses in advance with communication node A and consults the cryptographic algorithm determined and primary key K to seed random number R
CBe encrypted, to obtain the key K for secret key encryption communication
A
Like this, communication node A and B have obtained key K
AThereby, realized the exchange of key.
Subsequently, can use key K
ACommunicate the data communication between node A and the B.
In step 105, communication node A uses the key K that generates in step 103
AThe content that will be sent to communication node B is encrypted, and the content after will encrypting sends to communication node B.
In step 106, communication node B receives the content of described encryption from communication node A, and uses the key K that generates in step 104
AContent to described encryption is decrypted.
Embodiment 2
Fig. 2 illustrates the flow chart according to the key exchange method that is used for the secret key encryption communication system of another exemplary embodiment of the present invention.
Can be the communication environment of server one client or the communication environment of base station one terminal in the secret key encryption communication system shown in Fig. 2.Suppose server or base station as communication node A, client or terminal are as communication node B.
Each client in the communication system or terminal have a unique numbering (for example, the integer of 8 bytes), and it is called as equipment mark code (ID).
Primary key K is stored among communication node A and the B.In communication node B, use the device id of communication node B that primary key K is disperseed computing, dispersion results K1 is stored among the communication node B.
In step 201, communication node A generates random number R
A, and with the random number R that generates
ASend to communication node B.
In step 202, communication node B generates random number R
B, and with the random number R that generates
BSend to communication node A with the device id of oneself.
In step 203, communication node A uses the device id that receives from communication node B that primary key K is disperseed to obtain dispersion results K1, and uses with the predetermined cryptographic algorithm of communication node B and dispersion results K1 random number R
AAnd random number R
BSplicing R as a result
CBe encrypted, thereby obtain final encryption key K
A
In step 204, communication node B uses with the predetermined cryptographic algorithm of communication node A and dispersion results K1 random number R
AAnd random number R
BPredetermined operation R as a result
CBe encrypted, thereby obtain final encryption key K
A
In step 205, communication node A uses the encryption key K that generates in step 203
AThe content that will be sent to communication node B is encrypted, and the content after will encrypting sends to communication node B.
In step 206, communication node B receives the content of described encryption from communication node A, and uses the encryption key K that generates in step 204
AContent to described encryption is decrypted.
In embodiment 2, communication node A uses the device id that receives from communication node B that primary key K is disperseed to obtain dispersion results K1, and uses with the predetermined cryptographic algorithm of communication node B and dispersion results K1 random number R
AAnd random number R
BSplicing R as a result
CBe encrypted.Like this, owing to carried out above-mentioned dispersion and cryptographic operation in embodiment 2, compare with embodiment 1, the technical scheme of embodiment 2 has further strengthened cipher round results, has improved and has cracked difficulty.
In another embodiment, communication node A and the predetermined cryptographic algorithm of communication node B also can be DES (data encryption standard) algorithm or 3DES (triple DES) algorithm, use DES algorithm or 3DES algorithm to seed random number R
CThe encryption of carrying out can be expressed as:
K
A=DesEncrypt(R
C,K),
Wherein, DesEncrypt () is DES algorithm or 3DES algorithm.
In order further to strengthen fail safe, preferably use the 3DES algorithm.
The DES algorithm is the standard of balanced cryptographic algorithm, is used for encrypting the information of non-secret, and it is very difficult will cracking at that time the DES algorithm.But even to this day, along with the development of technology, a variety of more effective DES crack methods have been arranged, so that the DES algorithm has not been very safe.Because the key length that DES uses only has 56, even the way that uses force and crack can crack very soon in today that networking technology is so flourishing.But use the 3DES algorithm of 16 byte keys but effectively not crack now way.Therefore, in the situation of using 3DES, can have higher fail safe.
In addition, in another embodiment, but AES (Advanced Encryption Standard) algorithm that also safety in utilization is higher than 3DES algorithm.
In according to another embodiment of the present invention, communication node can be expressly to send random number R
AAnd random number R
BBecause to random number R
CThe cryptographic algorithm and the key that are encrypted are not sent out, even random number is intercepted and captured in transmission course like this, can't obtain exactly the encryption key for communication yet.Should be appreciated that, to random number R
AAnd/or random number R
BIt also is feasible sending after encrypting again.
Simultaneously, after communication node A and B exchange random number mutually, do not need to calculate in a large number as the DH key exchange scheme, but only need to be encrypted random number with primary key K after both sides receive the other side's random number, this needs amount of calculation seldom comparatively speaking.For example, using in the situation of 3DES, the amount of calculation that consumes in key exchange process is than the little a plurality of orders of magnitude of DH key exchange scheme, and can obtain faster speed.
In another embodiment, primary key K can comprise many original sub-keys.In the case, in step 103 and 104, use one by one described many original sub-keys to seed random number R
CBe encrypted, the encrypted result of every original sub-key is as the cryptographic object of next original sub-key.
In another embodiment, communication node B and communication node A can pre-determine multiple encryption algorithms and/or a plurality of primary key K.At this moment, communication node A with the numbering of cryptographic algorithm and/or primary key together with random number R
ASend to communication node B, thereby determined cryptographic algorithm and/or the primary key of use by communication node A.Like this, communication node A and communication node B can number according to this cryptographic algorithm and/or primary key of choice for use.Should be appreciated that, also can be determined by communication node B cryptographic algorithm and/or the primary key of use.
In addition, in the situation that pre-determines multiple encryption algorithms and a plurality of primary key K, communication node A with the numbering of one of cryptographic algorithm and primary key together with random number R
ASend to communication node B, communication node B with another the numbering in cryptographic algorithm and the primary key together with random number R
BSend to communication node A, thereby communication node A and B come cryptographic algorithm and the primary key of choice for use according to above-mentioned numbering.In other words, determine respectively cryptographic algorithm or primary key by communication node A and B.
Like this, by multiple encryption algorithms and a plurality of primary key are set, can further strengthen the fail safe of communication.
In the present invention, cryptographic algorithm and primary key are stored in the communication node, can't access cryptographic algorithm and primary key from the outside of communication node.
For example, cryptographic algorithm and primary key can with the form of configuration file load or direct compilation in the signal procedure of communication node operation.
In addition, also cryptographic algorithm and primary key can be kept in the independent safety means.These safety means can be arranged in each communication node, and perhaps being configured to be independent of communication node also only can be by corresponding with it communication node access.In addition, computation key K
AProcessing also can be carried out by this safety means, communication node only needs random number R
AOr R
B(and numbering of cryptographic algorithm and/or primary key) is input to this safety means, by these safety means (according to numbering definite cryptographic algorithm of using and/or primary key also) computation key K
A, and export to communication node.
Although specifically shown with reference to its exemplary embodiment and described the present invention, but it should be appreciated by those skilled in the art, in the situation that does not break away from the spirit and scope of the present invention that claim limits, above execution mode only is used for technical scheme of the present invention is described and nonrestrictive, those skilled in the art can make according to the present invention various corresponding changes or choose the combination of above embodiment or select other is not the cryptographic algorithm of commonly using, or key length can change.These change the protection range that all should be considered to belong to the appended claim of the present invention.