CN103312498B - A kind of public key cryptography method of anti-quantum calculation - Google Patents

Abstract

The present invention relates to field of information security technology, is a kind of public key cryptography method of anti-quantum calculation.The present invention sets up the difficult problem under a quantum computation environment, and establishes a kind of Public Key Crypto Scheme on this basis.Because this cryptographic system only comprises the basic operation such as addition and multiplication, have under quantum environment implementation efficiency high, existing cryptographic attack can be resisted, there is quantum computation environment under the advantage such as fail safe.This cryptographic system also can use under electronic computer environment, but calculation cost is larger.Method provided by the invention can be widely used in the information safety system such as network security, ecommerce field.

Description

A kind of public key cryptography method of anti-quantum calculation

Technical field

The present invention relates to field of information security technology, is a kind of public-key cryptographic keys method of anti-quantum calculation.

Background technology

Quantum computer concept takes graceful proposition by Richard the earliest, has attracted the interest of a large amount of scholar.Through development after a while, achieve a lot of achievements.1985, Deutsch proposed designing a model of first quantum computer, gave the definition of quantum turing machine.Within 1994, Shor proposes the Shor quantum algorithm of big integer Factorization.Its complexity is polynomial time.Shor algorithm is also in continuous development in recent years, expands to hiding subgroup problem generally by Quantum fourier transform.Can stipulations no longer safe to the public key cryptography system hiding subgroup problem, such as RSA, EIGamal and ECC.If quantum computer becomes a reality, existing password is all no longer safe.Within 1996, Grover proposes a kind of general quantum search algorithm.The length of crypt algorithm keys is reduced to half by it.But do not form essence to existing password to threaten.

Similar with classical public key cryptography, if in two keys one can disclose, and by public-key cryptography obtain private key be difficulty or impossible, this quantum cryptography is called quantum public key cryptography.Quantum public key algorithm must can resist the attack with quantum calculation capabilities.There are two class algorithms in quantum public key system, there is the quantum public key algorithm of unconditional security and there is the quantum public key algorithm of computationally secure.It is pointed out that computationally secure in quantum cryptography is for quantum calculation complexity.

Due to the concurrency of quantum calculation, make the double linear problems of difficulty for solving in traditional counting can be partially converted into solvable problem by quantum calculation.The article of the people such as D.Deutsch in 1992 points out that the computing capability of quantum turing machine is stronger than the computing capability of classic computer.But the limit of the computing capability of quantum turing machine is still a challenging problem.Can not time O (2 again for the quantum turing machine NP class problem with oracle ^n/2) in solve.

Existing quantum public key cryptography comprises as follows: 1, Quantum Error Correcting Codes.Quantum Error Correcting Codes is independently proposed nineteen ninety-five and 1996 respectively by P.Shor and A.M.Steane.Basic thought and classical error correction code similar.2, based on can not the quantum public key algorithm of cloning theorem.This is a kind of public key algorithm depending on quantum memory.Because quantum memory is difficult to realize technically, this algorithm depends on the realization of quantum computer.But quantum switching technology can be utilized to realize.3, at present quantum calculation is still to the cryptosystem of difficult problem design based on some.For example Japanese scholars proposes a quantum public key algorithm based on the subset sum problem on ring.Based on the NTRU public-key cryptosystem etc. of lattice difficult problem.

At present, the public key cryptography of anti-quantum calculation mainly comprises following several form: the novel cipher 1, adopting the non-difficult math question such as quantum cryptography, DNA password; 2, the password that the mathematical problem being bad to calculate based on quantum calculation builds.Comprise Solving Nonlinear Systems of Equations, difficult problem on lattice, the NPC problems such as knapsack problem, there is no effective quantum algorithm at present.

Summary of the invention

For the technical problem of above-mentioned existence, a kind of public key cryptography method proposing anti-quantum calculation of the present invention.

The technical solution adopted in the present invention is: a kind of public key cryptography method of anti-quantum calculation, is characterized in that, the method for its specific implementation is as follows:

(I) system is set up:

(1) confinement F is provided with _supper n ²dimension matrix A, the valued space of B, M, φ is respectively [0, l], [0, l ₁] [0, l ₂], [0, l ₃], wherein l, l ₁, l ₂, l ₃it is positive integer; Determine l, l ₁, l ₃value and maintain secrecy, determine l simultaneously ₂value and open;

(2) two Big prime p, q, p < q is selected to meet a dominating set pll ₁l ₂+ l ³l ₂+ pl ²l ₂l ₃< ql ₂≤ p; Open Big prime p, q;

(3) at finite field F _stake up an official post and get matrix A, by calculate F _p, according to calculate F _q, matrix A is maintained secrecy; Require matrix F simultaneously _pthe value of each element be not less than if a, x are matrix A respectively, F _qthe element of correspondence position and ax=1 (modq); If a number y is then again looked for make so using y as F _pelement export; Wherein matrix I is all 1's matrix, and mod represents modular arithmetic, and max represents the maximum of set;

(4) at finite field F _stake up an official post and get matrix B, calculate n ²dimension matrix require matrix matrix h is open;

System parameters is (n, p, q, l ₂), PKI is h; Private key is (l, l ₁, l ₃) and A;

Wherein: finite field F _supper n ²dimension matrix A=(a _ij) _{n × n}, B=(b _ij) _{n × n}, wherein s is positive integer.Loop product operation definition is

(II) ciphering process:

For given plaintext M, Stochastic choice n in span ²the random matrix φ of dimension, utilizes PKI h to calculate ciphertext $C=M\&CircleTimes;(h+\mathrm{p\&phi;})\left(\mathrm{mod}q\right);$

(III) decrypting process:

(1) calculate

(2) C is calculated ₂=C ₁(modp);

(3) from n ⁴dimension Matrix C ₂in to choose footmark be (1,1), (1, n+2), (1,2n+4) ..., (1, n ²), (n+2,1), (n+2, n+2), (n+2,2n+4) ..., (n+2, n ²), (n ², 1), (n ², n+2) ..., (n ², n ²) element composition n ²dimension matrix wherein footmark (i, j) represents n ⁴dimension Matrix C ₂in the i-th row and jth row intersect element, 1≤i≤n, 1≤j≤n;

(4) calculate expressly

The present invention, relative to prior art, has the following advantages and good effect:

(1) the present invention is the quantum public key cryptography of computationally secure under a kind of quantum environment.Its fail safe performance is mainly based on the quantum calculation difficult problem of structure.Existing quantum algorithm can be resisted attack.In addition, computing of the present invention only containing basic computing, therefore can realize on electronic computer.Although the calculation cost of electronic computer is larger;

(2) the present invention is a kind of quantum key system efficiently, and its computing is mainly the multiplying in finite field.Due to the concurrency of quantum calculation, make the efficiency of calculating higher.

Embodiment

Below in conjunction with specific embodiment, the present invention is described further.

The technical solution adopted in the present invention is: a kind of public key cryptography method of anti-quantum calculation, and the method for its specific implementation is as follows:

(I) system is set up:

(1) confinement F is provided with _supper n ²dimension matrix A, the valued space of B, M, φ is respectively [0, l], [0, l ₁], [0, l ₂] [0, l ₃], wherein l, l ₁, l ₂, l ₃it is positive integer; Determine l, l ₁, l ₃value and maintain secrecy, determine l simultaneously ₂value and open;

(2) two Big prime p, q, p < q is selected to meet a dominating set pll ₁l ₂+ l ³l ₂+ pl ²l ₂l ₃< ql ₂≤ p; Open Big prime p, q;

(3) at finite field F _stake up an official post and get matrix A, by calculate F _p, according to calculate F _q, matrix A is maintained secrecy; Require matrix F simultaneously _pthe value of each element be not less than if a, x are matrix A respectively, F _qthe element of correspondence position and ax=1 (modq); If a number y is then again looked for make so using y as F _pelement export; Wherein matrix I is all 1's matrix, and mod represents modular arithmetic, and max represents the maximum of set;

(4) at finite field F _stake up an official post and get matrix B, calculate n ²dimension matrix require matrix matrix h is open;

System parameters is (n, p, q, l ₂), PKI is h; Private key is (l, l ₁, l ₃) and A;

Wherein: finite field F _supper n ²dimension matrix A=(a _ij) _{n × n}, B=(b _ij) _{n × n}, wherein s is positive integer.Loop product operation definition is

(II) ciphering process:

For given plaintext M, Stochastic choice n in span ²the random matrix φ of dimension, utilizes PKI h to calculate ciphertext $C=M\&CircleTimes;(h+\mathrm{p\&phi;})\left(\mathrm{mod}q\right);$

(III) decrypting process:

(1) calculate

(2) C is calculated ₂=C ₁(modp);

(3) from n ⁴dimension Matrix C ₂in to choose footmark be (1,1), (1, n+2), (1,2n+4) ..., (1, n ²), (n+2,1), (n+2, n+2), (n+2,2n+4) ..., (n+2, n ²), (n ², 1), (n ², n+2) ..., (n ², n ²) element composition n ²dimension matrix wherein footmark (i, j) represents n ⁴dimension Matrix C ₂in the i-th row and jth row intersect element, 1≤i≤n, 1≤j≤n;

(4) calculate expressly

It is below a specific embodiment of this method.

(I) system is set up:

System parameters is (n, p, q, l ₂), wherein n=2, p=5, q=1857, l ₂=4.PKI is matrix $h=\left(\begin{array}{cc}11& 21\\ 933& 472\end{array}\right)\left(\mathrm{mod}1857\right),$ Private key is parameter (l, l ₁, l ₃) and matrix A.Wherein l=l ₁=l ₃=4, matrix $A=\left(\begin{array}{cc}1& 1\\ 2& 4\end{array}\right).$

If appoint and get matrix $B=\left(\begin{array}{cc}2& 4\\ 1& 3\end{array}\right).$ Calculate $F_q=\left(\begin{array}{cc}1858& 1858\\ 929& 1393\end{array}\right),F_p=\left(\begin{array}{cc}1& 1\\ 3& 4\end{array}\right).$ Wherein F _qspan be [372, ∝).

(II) ciphering process:

Stochastic choice matrix $\mathrm{\&phi;}=\left(\begin{array}{cc}2& 1\\ 1& 3\end{array}\right),$ Given plaintext $M=\left(\begin{array}{cc}2& 1\\ 2& 3\end{array}\right).$ Calculating ciphertext obtains $C=\left(\begin{array}{cccc}42& 52& 21& 26\\ 19& 974& 938& 487\\ 42& 52& 63& 78\\ 19& 974& 957& 1461\end{array}\right)\left(\mathrm{mod}1857\right).$

(III) decrypting process:

The first step: calculate

Second step: calculate $C_2=C_1\left(\mathrm{mod}p\right)=\left(\begin{array}{cccc}2& 2& 1& 1\\ 3& 4& 4& 1\\ 4& 4& 2& 2\\ 1& 4& 3& 2\end{array}\right)\left(\mathrm{mod}5\right);$

3rd step: choosing coordinate is (1,1), (Isosorbide-5-Nitrae), and (4,1), the matrix element of (4,4) obtains matrix

4th step: calculate

The content that this specification is not described in detail belongs to the known prior art of those skilled in the art.

The above embodiment is only that protection scope of the present invention is not limited thereto in order to absolutely prove the preferred embodiment that the present invention lifts.The equivalent alternative or conversion that those skilled in the art do on basis of the present invention, all within protection scope of the present invention.Protection scope of the present invention is as the criterion with claims.

Claims (1)

1. a public key cryptography method for anti-quantum calculation, is characterized in that, the method for its specific implementation is as follows:

(I) system is set up:

(1) confinement F is provided with _supper n ²dimension matrix A, the valued space of B, M, φ is respectively [0, l], [0, l ₁], [0, l ₂], [0, l ₃], wherein l, l ₁, l ₂, l ₃it is positive integer; Determine l, l ₁, l ₃value and maintain secrecy, determine l simultaneously ₂value and open;

(2) two Big prime p, q, p < q is selected to meet a dominating set pll ₁l ₂+ l ³l ₂+ pl ²l ₂l ₃< ql ₂≤ p; Open Big prime p, q;

(3) at finite field F _stake up an official post and get matrix A, by F _p⊙ A=I (modp) calculates F _p, according to A ⊙ F _q=I (modq) calculates F _q, matrix A is maintained secrecy; Require matrix F simultaneously _pthe value of each element be not less than if a, x are matrix A respectively, F _qthe element of correspondence position and ax=1 (modq); If a number y is then again looked for make so using y as F _pelement export; Wherein matrix I is all 1's matrix, and mod represents modular arithmetic, and max represents the maximum of set;

(4) at finite field F _stake up an official post and get matrix B, calculate n ²dimension matrix h=pF _q⊙ B+A (modq), A (⊙) h=pB+A ⊙ A (modq); Require matrix pF _q⊙ B+A (modq) ≠ pF _q⊙ B+A; Matrix h is open;

System parameters be (n, q, l ₂), PKI is h; Private key is (l, l ₁, l ₃) and A;

Wherein: finite field F _supper n ²dimension matrix A=(a _ij) _{n × n}, B=(b _ij) _{n × n}, wherein s is positive integer; Loop product ⊙ operation definition is

A⊙B＝(a _ijb _ij)n×n；

(II) ciphering process:

For given plaintext M, Stochastic choice n in span ²the random matrix φ of dimension, utilizes PKI h to calculate ciphertext $C=M\&CircleTimes;(h+p\mathrm{\&phi;})\left(\mathrm{mod}q\right);$

(III) decrypting process:

(1) calculate

(2) C is calculated ₂=C ₁(modp);

(3) from n ⁴dimension Matrix C ₂in to choose footmark be (1,1), (1, n+2), (1,2n+4) ..., (1, n ²), (n+2,1), (n+2, n+2), (n+2,2n+4) ..., (n+2, n ²), (n ², 1), (n ², n+2) ..., (n ², n ²) element composition n ²dimension Matrix C ₃=A ⊙ A ⊙ A ⊙ M (modp), wherein Matrix C ₃footmark (i, j) represents n ⁴dimension Matrix C ₂in the i-th row and jth row intersect element, 1≤i≤n, 1≤j≤n;

(4) plaintext M=C is calculated ₃⊙ F _p⊙ F _p⊙ F _p(modp).