CN104168113A - Certificate-based encryption method and system for n layers of CA structures - Google Patents

Abstract

The invention discloses a certificate-based encryption method and system for n layers of CA structures. A layered thought is introduced into a certificate-based cryptosystem. The method comprises the steps of generating system parameters, generating a public key and a main key of the low-layer CA, generating a public key and a private key of a user, generating a certificate of the low-layer CA and a certificate of the user, encrypting messages and recovering the messages. The invention further provides the certificate-based encryption system for the layered CA structures. The system comprises a system parameter generation module, a low-layer CA parameter generation module, a user key generation module, a certificate generation module, an encryption module and a decryption module. According to the technical scheme, the tasks of certification of the system user, certificate issuance, certificate evocation and the like are completed by means of a layered CA tree, so that the burden of calculation and communication of each CA is reduced, and the efficiency and the ability to resist and deny service attacks of the system are improved.

Description

A kind of method and system of encrypting based on certificate of n layer CA structure

Technical field

The present invention relates to the data encryption technology field in information security, particularly a kind of method and system of encrypting based on certificate of n layer CA structure.

Background technology

Adopting in the Modern Communication System of cryptographic technique protection, cryptographic algorithm is normally disclosed, and the protection to key is depended in its fail safe, and therefore key management seems and is even more important.In public-key cryptosystem, user's PKI can openly be propagated, and this has brought profound influence to the secure communication on open network, encryption key distribution, digital signature and certification.Therefore,, since being proposed by Diffie and Hellman from 1976, public-key cryptosystem is just widely used.PKIX PKI is the Main Means of current deployment common key cryptosystem, is also basis and the core of current computer Network Security Construction, and it provides reliable Security Assurance Mechanism for informatizations such as ecommerce, E-Government and Mobile businesses.But traditional PKI technology exists such as being difficult to solve the realistic problems such as third party's inquiry, certificate management complexity.

That Gentry can go up a kind of new model who supports public key cryptography application who proposes the European cryptography of 2003 based on cryptographic certificate system.This system between conventional public-key cryptographic system with based on identification cipher system between, some intrinsic shortcoming and defect in these two kinds of public-key cryptosystems are effectively overcome, what can greatly reduce public key certificate in conventional P KI system administers and maintains required calculating, communication and storage cost, for building safety, PKI system provides effective method efficiently.Similar with conventional public-key cryptographic system, also adopt digital certificate to come the identity of user bound and the corresponding relation of its PKI based on cryptographic certificate system.But provide a kind of efficient hidden certificate mechanism based on cryptographic certificate system, user certificate only sends to holder of certificate, and combine with its private key generation final decruption key or signature key.Compared with the prior art, the third party that advantage based on cryptographic certificate system has been not only to eliminate certificate status in conventional P KI system inquires about problem and has simplified complicated certificate management process, and has overcome key distribution and key escrow based on intrinsic in identification cipher system.

But, existing based on cryptographic certificate method in, only by single certificate authorization center CA complete certification to system user, certificate generation, distribute and the task such as cancel, therefore there are following some shortcomings:

(1) be difficult to meet the demand that large scale network is applied.Because existing method has adopted centralized working method, only have single CA complete certification to user, certificate generation, distribute and the task such as cancel, therefore the calculating of CA and communication cost are larger.Especially, in the time that the quantity of system user is very large, the operating efficiency of single CA is lower, easily becomes the bottleneck of whole system.

(2) ability of opposing Denial of Service attack is low.Under open network environment, CA inevitably can suffer the attack of malice, once therefore unique CA suffers Denial of Service attack and cannot normally work, whole system is by paralyzed state and cannot continuous firing.

Summary of the invention

Technical problem to be solved by this invention is for the existing deficiency based on existing in certificate encryption method, and the thought of layering is incorporated into based in cryptographic certificate system, and a kind of encryption method and system of the certificate based on n layer CA structure is provided.

The present invention is for solving the problems of the technologies described above by the following technical solutions:

A method of encrypting based on certificate for n layer CA structure, described n is more than or equal to 2 integer, comprises following steps:

Steps A), root CA generates its master key and the open parameter set of system according to security parameter;

Step B), for the every one deck CA beyond root CA, according to its identity information and the open parameter set of described system, generate its master key and PKI;

Step C), user according to the open parameter set of described system with and identity information, generate its private key and PKI;

Step D), root CA, according to identity information and the PKI of its master key, the open parameter set of system and the 1st layer of CA, generates the certificate of the 1st layer of CA;

From the 1st layer of CA to n-2 layer CA, every one deck CA, successively according to identity information and the PKI of its master key and certificate, the open parameter set of system and lower one deck CA, generates the certificate of lower one deck CA;

N-1 layer CA, according to its master key and certificate, the open parameter set of system and user's identity information and PKI, generates user's certificate;

Step e), sender is according to the open parameter set of described system, plaintext to be encrypted, recipient's the identity information of all upper strata CA and PKI and recipient's identity information and PKI, generating ciphertext;

Step F), recipient, according to the open parameter set of described system, ciphertext to be deciphered and recipient's private key and certificate, recovers expressly.

As a kind of n layer of the present invention CA structure based on certificate encrypt the further prioritization scheme of method, described steps A) detailed process as follows:

Steps A .1), root CA is according to the security parameter k ∈ Z setting ⁺, select the large prime number q of a k bit, and generate a q rank addition cyclic group G ₁, a q factorial method cyclic group G ₂and be defined in crowd G ₁with group G ₂on bilinearity to e:G ₁× G ₁→ G ₂;

Wherein, Z ⁺be Positive Integer Set, bilinearity is to e:G ₁× G ₁→ G ₂crowd G ₁with the cartesian product G of self ₁× G ₁to group G ₂mapping;

Steps A .2), from addition cyclic group G ₁generator P of middle selection is also gathering in random select an integer s ₀, calculate P _pub=s ₀p;

Wherein, set $Z_q^{*}=\{\mathrm{1,2},...,q-1\};$

Steps A .3), define four hash function H ₁: { 0,1} ^*× G ₁→ G ₁, H ₂: G ₂→ { 0,1} ^l, h ₄: { 0,1} ^l→ { 0,1} ^l;

Wherein, H ₁cartesian product { 0,1} ^*× G ₁to G ₁cryptographic Hash function, H ₂g ₂to { 0,1} ⁿcryptographic Hash function, H ₃{ 0,1} ^*arrive cryptographic Hash function, H ₄cartesian product { 0,1} ^lto { 0,1} ^lcryptographic Hash function, nonnegative integer l represents bit length expressly, { 0,1} ^*represent the set of the uncertain binary string of length, { 0,1} ^lrepresent that length is the set of the binary string of l bit, { 0,1} ^*× G ₁represent { 0,1} ^*with group G ₁cartesian product;

Steps A .4), the master key msk of generation root CA _root=s ₀with the open parameter set params={G of system ₁, G ₂, e, q, l, P, P _pub, H ₁, H ₂, H ₃, H ₄.

As a kind of n layer of the present invention CA structure based on certificate encrypt the further prioritization scheme of method, described step B) detailed process as follows:

The identity of i layer is ID _ilow layer CA, first set in random select an integer s _ias the master key of oneself, then calculate and obtain the PKI of oneself wherein, i is the CA layer digging up the roots outside CA, 1≤i < n.

As a kind of n layer of the present invention CA structure based on certificate encrypt the further prioritization scheme of method, described step C) detailed process as follows:

The identity of n layer is ID _nuser first set in the random private key of an integer x as oneself of selecting, ${\mathrm{sk}}_{{\mathrm{ID}}_n}=x;$ Then calculate and obtain the PKI of oneself ${\mathrm{pk}}_{{\mathrm{ID}}_n}=\mathrm{xP}.$

As a kind of n layer of the present invention CA structure based on certificate encrypt the further prioritization scheme of method, described step D) detailed process as follows:

Root CA is according to its master key msk _root, Parameter H in the open parameter set of system ₁, and the identity information ID of the 1st layer of CA ₁and PKI generate the certificate of the 1st layer of CA ${\mathrm{cert}}_{{\mathrm{ID}}_1}={\mathrm{msk}}_{\mathrm{root}}{H}_1({\mathrm{ID}}_1,{\mathrm{pk}}_{{\mathrm{ID}}_1});$

In the time of 1≤a≤n-2, a layer CA is according to its master key and certificate parameter H in the open parameter set of system ₁, and the identity information ID of lower one deck CA _a+1and PKI generate the certificate of lower one deck CA ${\mathrm{cert}}_{{\mathrm{ID}}_{a+1}}={\mathrm{msk}}_{{\mathrm{ID}}_a}{H}_1({\mathrm{ID}}_{a+1},{\mathrm{pk}}_{{\mathrm{ID}}_{a+1}})+{\mathrm{cert}}_{{\mathrm{ID}}_a};$

N-1 layer CA is according to its master key and certificate parameter H in the open parameter set of system ₁, and user's identity information ID _nand PKI generate user's certificate ${\mathrm{cert}}_{{\mathrm{ID}}_n}={\mathrm{msk}}_{{\mathrm{ID}}_{n-1}}{H}_1({\mathrm{ID}}_n,{\mathrm{pk}}_{{\mathrm{ID}}_n})+{\mathrm{cert}}_{{\mathrm{ID}}_{n-1}}.$

As a kind of n layer of the present invention CA structure based on certificate encrypt the further prioritization scheme of method, described step e) detailed process as follows:

Step e .1), sender determines to be ID to the identity of n layer _n, PKI is user send plaintext M;

Step e .2), at set { 0,1} ^lin random select the Bit String δ that a length is l and calculate r=H ₃(δ, M, ID _n, pk _n);

Step e .3), calculate respectively U=rP, $V=\mathrm{\&delta;}\&CirclePlus;H_2\left({(e(Q_n,{\mathrm{pk}}_{{\mathrm{ID}}_n})\&CenterDot;{\mathrm{\&Pi;}}_{i=1}^{n-1}e(H_1({\mathrm{ID}}_i,{\mathrm{pk}}_{{\mathrm{ID}}_i}),{\mathrm{pk}}_{{\mathrm{ID}}_{i-1}}))}^r\right)$ With $W=M\&CirclePlus;H_4\left(\mathrm{\&delta;}\right),$ Wherein, ID _iwith represent respectively identity and the PKI of recipient's the upper strata CA that is positioned at i layer,

Step e .4), by C=< U, V, W > sends to recipient as the ciphertext of plaintext M.

As a kind of n layer of the present invention CA structure based on certificate encrypt the further prioritization scheme of method, described step F) detailed process as follows:

Step F .1), n layer identity is ID _n, private key is and certificate is recipient receive ciphertext C=< U, V, W >;

Step F .2), calculate ${\mathrm{\&delta;}}^{\&prime;}=V\&CirclePlus;H_2\left(e({\mathrm{sk}}_{{\mathrm{ID}}_n}{H}_1({\mathrm{ID}}_n,{\mathrm{pk}}_{{\mathrm{ID}}_n})+{\mathrm{cert}}_{{\mathrm{ID}}_n},U)\right),$ And then calculate and obtain expressly $M^{\&prime;}=W\&CirclePlus;H_4\left({\mathrm{\&delta;}}^{\&prime;}\right);$

Step F .3) calculate and judge whether U=r ' P sets up: if set up, plaintext M ' effectively; Otherwise ciphertext is invalid, Decryption failures.

The system of encrypting based on certificate that the invention also discloses a kind of n layer CA structure, comprising:

System parameters generation module, for generating master key and the open parameter set of system of root CA according to the security parameter of input;

Low layer ca parameter generation module, for generating master key and the PKI of low layer CA;

User key generation module, for according to the open parameter set of the system of system parameters generation module generation and user's identity information, generates user's private key and PKI;

Certificates constructing module, for generating the low layer CA that digs up the roots beyond CA and user's certificate;

Encrypting module, be used for the PKI of the low layer CA generating according to the open parameter set of system parameters generation module generation, low layer ca parameter generation module, plaintext, recipient's identity information and the recipient's that user key generation module generates PKI to be encrypted, generate the original ciphertext of plaintext;

Deciphering module, reverts to the ciphertext receiving expressly for the open parameter set generating according to system parameters generation module, the ciphertext that encrypting module generates, recipient's private key and the recipient's that certificates constructing module generates the certificate that user key generation module generates.

The further prioritization scheme of system of encrypting based on certificate as n layer CA structure, described deciphering module specifically comprises decrypt ciphertext unit and ciphertext validation verification unit; Wherein:

Described decrypt ciphertext unit is decrypted ciphertext for deciphering person, recovers expressly;

Described ciphertext validation verification unit is verified the validity of ciphertext for deciphering person, and then is judged that whether the plaintext of decrypt ciphertext unit output is effective.

The present invention adopts above technical scheme compared with prior art, has following technique effect:

The inventive method with encryption combines based on certificate, has adopted the CA architecture of stratification by the thought of layering.In the CA tree of stratification, low layer CA from it layer CA place obtains own certificate, uses the master key of generation voluntarily to sign and issue the certificate of the CA of its lower floor simultaneously or complete it to administer that user in user domain authenticates, signing and issuing and cancelling of the task of certificate.The inventive method has not only been inherited the advantage based on identification cipher system based on cryptographic certificate system and stratification, and effectively overcome the existing problem based on existing in certificate encryption method, be a kind of novel encryption method that is very suitable for extensive use in open network environment.Main cause is as follows:

1. system user is divided into multiple user domain, in each user domain, signing and issuing and cancelling of the task of user's certification, certificate is completed by the terminal CA towards this user domain, therefore effectively alleviate calculating and the communications burden of terminal CA, and improved the operating efficiency of system;

2. each terminal CA is only responsible for the certification of the user in its place user domain, the tasks such as signing and issuing and cancel of certificate, and therefore certain terminal CA is because of fault or cannot normally work by Denial of Service attack can not to affect the operation of other terminal CA;

3. the CA architecture of stratification is convenient to CA and is added dynamically, is conducive to the system expansion in future.

Brief description of the drawings

Fig. 1 is the flow chart based on certificate encryption method of stratification CA structure of the present invention;

Fig. 2 is the operational flowchart of carrying out according to the cryptographic system of the inventive method;

Fig. 3 is the schematic diagram based on certificate encryption system of stratification CA structure of the present invention.

Embodiment

Below in conjunction with accompanying drawing, technical scheme of the present invention is described in further detail:

Stratification CA structure of the present invention can be based on bilinearity to realizing based on certificate encryption method, first briefly introduce basic definition that bilinearity is right and its satisfied character below.

If G ₁the addition cyclic group that rank are q, G ₂be a multiplication loop group that rank are q, and P is crowd G ₁generator, wherein q is a large prime number.Suppose G ₁and G ₂discrete logarithm problem on these two groups is all difficult problem.If be defined in crowd G ₁with group G ₂a upper mapping e:G ₁× G ₁→ G ₂meet three character below, claim this to be mapped as effective bilinearity pair.Bilinearity is to e:G ₁× G ₁→ G ₂crowd G ₁with the cartesian product G of self ₁× G ₁to group G ₂mapping, bilinearity is to e:G ₁× G ₁→ G ₂refer to function z=e (P ₁, P ₂), wherein P ₁, P ₂∈ G ₁for independent variable, z ∈ G ₂for dependent variable.

Corresponding three character that meet of bilinearity are:

(1) bilinearity: for P arbitrarily ₁, P ₂∈ G ₁with there is e (aP ₁, bP ₂)=e (P ₁, P ₂) ^ab.

(2) non-degeneracy: wherein crowd G ₂identical element.

(3) computability: for P arbitrarily ₁, P ₂∈ G ₁, exist effective algorithm to calculate e (P ₁, P ₂).

Wherein, large prime number q is not less than 160 bits of binary representation for discrete logarithm problem, and for large Integer Decomposition problem, is not less than 1024 bits of binary representation.The concept of cyclic group is: establish G for group, if exist an element P ∈ G to make G={kP|k ∈ Z}, claim that G is addition cyclic group, claim that P is the generator of crowd G; If exist an element g ∈ G to make G={g ^k| k ∈ Z}, claim that G is multiplication loop group, claim that g is the generator of crowd G.If G is that the rank of addition (multiplication) cyclic group and generator P (g) are n, n makes the idempotent of generator P (g) in the minimum positive integer of the identical element of group G, claims that G is n rank additions (multiplication) cyclic groups.In simple terms, addition cyclic group refers to that the generator of this cyclic group can be with all elements in add operation generated group, and multiplication loop group refers to that the generator of this cyclic group can be with all elements in the method generated group of power.In addition, wherein Z _qrefer to the residue class of integer mould prime number q, i.e. Z _q=1,2 ..., q-1}.

The description right according to above bilinearity, below in conjunction with being further described based on certificate encryption method of accompanying drawing and the routine a kind of stratification CA structure that the present invention is proposed of realization, but not as a limitation of the invention.

The entity of the method for the invention design is as follows:

(1) root CA: be responsible for the master key of the open parameter set of generation system and root CA, the CA of its subordinate is verified to the also trusted third party of grant a certificate;

(2) low layer CA: non-CA, responsible master key and the PKI that generates low layer CA, verifies the also trusted third party of grant a certificate to the user in the CA of its lower floor or its compass of competency;

(3) sender: the original sending entity of message;

(4) recipient: the receiving entity of ciphertext.

Reference picture 1 and accompanying drawing 2, the step of the method for the invention specifically describes as follows:

Steps A), root CA generates its master key and the open parameter set of system according to security parameter;

Concrete steps are as follows:

Step 101), root CA is according to the security parameter k ∈ Z setting ⁺, select the large prime number q of a k bit, and generate a q rank addition cyclic group G ₁, a q factorial method cyclic group G ₂and be defined in crowd G ₁with group G ₂on bilinearity to e:G ₁× G ₁→ G ₂; Wherein, Z ⁺be Positive Integer Set, bilinearity is to e:G ₁× G ₁→ G ₂crowd G ₁with the cartesian product G of self ₁× G ₁to group G ₂mapping;

Step 102), from addition cyclic group G ₁generator P of middle selection is also gathering in random select an integer s ₀, calculate P _pub=s ₀p, wherein: set

Step 103), define four hash function H ₁: { 0,1} ^*× G ₁→ G ₁, H ₂: G ₂→ { 0,1} ^l, h ₄: { 0,1} ^l→ { 0,1} ^l; Wherein, H ₁cartesian product { 0,1} ^*× G ₁to G ₁cryptographic Hash function, H ₂g ₂to { 0,1} ⁿcryptographic Hash function, H ₃{ 0,1} ^*arrive cryptographic Hash function, H ₄cartesian product { 0,1} ^lto { 0,1} ^lcryptographic Hash function, nonnegative integer l represents bit length expressly, { 0,1} ^*represent the set of the uncertain binary string of length, { 0,1} ^lrepresent that length is the set of the binary string of l bit, { 0,1} ^*× G ₁represent { 0,1} ^*with group G ₁cartesian product;

Step 104), the master key msk of generation root CA _root=s ₀with the open parameter set params={G of system ₁, G ₂, e, q, l, P, P _pub, H ₁, H ₂, H ₃, H ₄.

Step B), for the every one deck CA beyond root CA, according to its identity information and the open parameter set of described system, generate its master key and PKI;

Concrete steps are as follows:

Step 105), the identity of i layer is ID _ilow layer CA, first set in random select an integer s _ias the master key of oneself, ${\mathrm{msk}}_{{\mathrm{ID}}_i}=s_i;$

Step 106), calculate and obtain oneself PKI

Step C), user according to the open parameter set of described system with and identity information, generate its private key and PKI;

Concrete steps are as follows:

Step 107), the identity of n layer is ID _nuser first set in the random private key of an integer x as oneself of selecting, ${\mathrm{sk}}_{{\mathrm{ID}}_n}=x.$

Step 108), calculate and obtain oneself PKI

Step D), root CA, according to identity information and the PKI of its master key, the open parameter set of system and the 1st layer of CA, generates the certificate of the 1st layer of CA;

From the 1st layer of CA to n-2 layer CA, every one deck CA, successively according to identity information and the PKI of its master key and certificate, the open parameter set of system and lower one deck CA, generates the certificate of lower one deck CA;

N-1 layer CA, according to its master key and certificate, the open parameter set of system and user's identity information and PKI, generates user's certificate;

Concrete steps are as follows:

Step 109), root CA is according to its master key msk _root, Parameter H in the open parameter set of system ₁, and the identity information ID of the 1st layer of CA ₁and PKI generate the certificate of the 1st layer of CA ${\mathrm{cert}}_{{\mathrm{ID}}_1}={\mathrm{msk}}_{\mathrm{root}}{H}_1({\mathrm{ID}}_1,{\mathrm{pk}}_{{\mathrm{ID}}_1});$

Step 110), a (1≤a≤n-2) layer CA is according to its master key and certificate parameter H in the open parameter set of system ₁, and the identity information ID of lower one deck CA _a+1and PKI generate the certificate of lower one deck CA ${\mathrm{cert}}_{{\mathrm{ID}}_{a+1}}={\mathrm{msk}}_{{\mathrm{ID}}_a}{H}_1({\mathrm{ID}}_{a+1},{\mathrm{pk}}_{{\mathrm{ID}}_{a+1}})+{\mathrm{cert}}_{{\mathrm{ID}}_a};$

Step 111), n-1 layer CA is according to its master key and certificate parameter H in the open parameter set of system ₁, and user's identity information ID _nand PKI generate user's certificate ${\mathrm{cert}}_{{\mathrm{ID}}_n}={\mathrm{msk}}_{{\mathrm{ID}}_{n-1}}{H}_1({\mathrm{ID}}_n,{\mathrm{pk}}_{{\mathrm{ID}}_n})+{\mathrm{cert}}_{{\mathrm{ID}}_{n-1}}.$

Step e), sender is according to the open parameter set of described system, plaintext to be encrypted, recipient's the identity information of all upper strata CA and PKI and recipient's identity information and PKI, generating ciphertext;

Concrete steps are as follows:

Step 112), sender determines to be ID to the identity of n layer _n, PKI is user send plaintext M;

Step 113), at set { 0,1} ^lin random select the Bit String δ that a length is l and calculate r=H ₃(δ, M, ID _n, pk _n);

Step 114), calculate respectively U=rP, $V=\mathrm{\&delta;}\&CirclePlus;H_2\left({(e(Q_n,{\mathrm{pk}}_{{\mathrm{ID}}_n})\&CenterDot;{\mathrm{\&Pi;}}_{i=1}^{n-1}e(H_1({\mathrm{ID}}_i,{\mathrm{pk}}_{{\mathrm{ID}}_i}),{\mathrm{pk}}_{{\mathrm{ID}}_{i-1}}))}^r\right)$ With $W=M\&CirclePlus;H_4\left(\mathrm{\&delta;}\right),$ Wherein, ID _iwith represent respectively identity and the PKI of recipient's the upper strata CA that is positioned at i layer,

Step 115), by C=< U, V, W > sends to recipient as the ciphertext of plaintext M.

Step F), recipient, according to the open parameter set of described system, ciphertext to be deciphered and recipient's private key and certificate, recovers expressly;

Concrete steps are as follows:

Step 116), n layer identity is ID _n, private key is and certificate is recipient receive ciphertext C=< U, V, W >;

Step 117), calculate ${\mathrm{\&delta;}}^{\&prime;}=V\&CirclePlus;H_2\left(e({\mathrm{sk}}_{{\mathrm{ID}}_n}{H}_1({\mathrm{ID}}_n,{\mathrm{pk}}_{{\mathrm{ID}}_n})+{\mathrm{cert}}_{{\mathrm{ID}}_n},U)\right),$ And then calculate and obtain expressly $M^{\&prime;}=W\&CirclePlus;H_4\left({\mathrm{\&delta;}}^{\&prime;}\right);$

Step 118) calculate and judge whether U=r ' P sets up: if set up, plaintext M ' effectively; Otherwise ciphertext is invalid, Decryption failures.

Referring to accompanying drawing 3, the present invention also provide a kind of stratification CA structure based on certificate encryption system, described system comprises: system parameters generation module, low layer ca parameter generation module, user key generation module, certificates constructing module, encrypting module, deciphering module;

Described system parameters generation module is for generating master key and the open parameter set of system of root CA according to the security parameter of input.

Described low layer ca parameter generation module is for generating master key and the PKI of low layer CA.

Described user key generation module, for according to the open parameter set of the system of system parameters generation module generation and user's identity information, generates user's PKI and private key.

Described certificates constructing module is for generating the low layer CA that digs up the roots beyond CA and user's certificate.

Described encrypting module is used for the PKI of the low layer CA generating according to the open parameter set of system parameters generation module generation, low layer ca parameter generation module, plaintext, recipient's identity information and the recipient's that user key generation module generates PKI to be encrypted, generates the original ciphertext of plaintext.

Described deciphering module reverts to the ciphertext receiving expressly for the open parameter set generating according to system parameters generation module, the ciphertext that encrypting module generates, recipient's private key and the recipient's that certificates constructing module generates the certificate that user key generation module generates.

Described deciphering module specifically comprises decrypt ciphertext unit and ciphertext validation verification unit.

Described decrypt ciphertext unit is decrypted ciphertext for deciphering person, recovers expressly.

Described ciphertext validation verification unit is verified the validity of ciphertext for deciphering person, and then is judged that whether the plaintext of decrypt ciphertext unit output is effective.

More than just the preferred embodiment of the present invention is described.Concerning those skilled in the art, can associate easily other advantage and distortion according to above execution mode.Therefore, the present invention is not limited to above-mentioned execution mode, and it carries out detailed, exemplary explanation as just example to a kind of form of the present invention.Not deviating from the scope of aim of the present invention, common variation and replacement that those of ordinary skill in the art carry out within the scope of the scheme of the technology of the present invention, within all should being included in protection scope of the present invention.

Claims (9)

1. a method of encrypting based on certificate for n layer CA structure, described n is more than or equal to 2 integer, it is characterized in that, comprises following steps:

Steps A), root CA generates its master key and the open parameter set of system according to security parameter;

Step B), for the every one deck CA beyond root CA, according to its identity information and the open parameter set of described system, generate its master key and PKI;

Step C), user according to the open parameter set of described system with and identity information, generate its private key and PKI;

Step D), root CA, according to identity information and the PKI of its master key, the open parameter set of system and the 1st layer of CA, generates the certificate of the 1st layer of CA;

From the 1st layer of CA to n-2 layer CA, every one deck CA, successively according to identity information and the PKI of its master key and certificate, the open parameter set of system and lower one deck CA, generates the certificate of lower one deck CA;

N-1 layer CA, according to its master key and certificate, the open parameter set of system and user's identity information and PKI, generates user's certificate;

Step e), sender is according to the open parameter set of described system, plaintext to be encrypted, recipient's the identity information of all upper strata CA and PKI and recipient's identity information and PKI, generating ciphertext;

Step F), recipient, according to the open parameter set of described system, ciphertext to be deciphered and recipient's private key and certificate, recovers expressly.

N layer CA structure according to claim 1 based on certificate encrypt method, it is characterized in that described steps A) detailed process as follows:

Steps A .1), root CA is according to the security parameter k ∈ Z setting ⁺, select the large prime number q of a k bit, and generate a q rank addition cyclic group G ₁, a q factorial method cyclic group G ₂and be defined in crowd G ₁with group G ₂on bilinearity to e:G ₁× G ₁→ G ₂;

Wherein, Z ⁺be Positive Integer Set, bilinearity is to e:G ₁× G ₁→ G ₂crowd G ₁with the cartesian product G of self ₁× G ₁to group G ₂mapping;

Steps A .2), from addition cyclic group G ₁generator P of middle selection is also gathering in random select an integer s ₀, calculate P _pub=s ₀p;

Wherein, set $Z_q^{*}=\{\mathrm{1,2},...,q-1\};$

Steps A .3), define four hash function H ₁: { 0,1} ^*× G ₁→ G ₁, H ₂: G ₂→ { 0,1} ^l, h ₄: { 0,1} ^l→ { 0,1} ^l;

Wherein, H ₁cartesian product { 0,1} ^*× G ₁to G ₁cryptographic Hash function, H ₂g ₂to { 0,1} ⁿcryptographic Hash function, H ₃{ 0,1} ^*arrive cryptographic Hash function, H ₄cartesian product { 0,1} ^lto { 0,1} ^lcryptographic Hash function, nonnegative integer l represents bit length expressly, { 0,1} ^*represent the set of the uncertain binary string of length, { 0,1} ^lrepresent that length is the set of the binary string of l bit, { 0,1} ^*× G ₁represent { 0,1} ^*with group G ₁cartesian product;

Steps A .4), the master key msk of generation root CA _root=s ₀with the open parameter set params={G of system ₁, G ₂, e, q, l, P, P _pub, H ₁, H ₂, H ₃, H ₄.

N layer CA structure according to claim 2 based on certificate encrypt method, it is characterized in that described step B) detailed process as follows:

The identity of i layer is ID _ilow layer CA, first set in random select an integer s _ias the master key of oneself, then calculate and obtain the PKI of oneself wherein, i is the CA layer digging up the roots outside CA, 1≤i < n.

N layer CA structure according to claim 3 based on certificate encrypt method, it is characterized in that described step C) detailed process as follows:

The identity of n layer is ID _nuser first set in the random private key of an integer x as oneself of selecting, then calculate and obtain the PKI of oneself

N layer CA structure according to claim 4 based on certificate encrypt method, it is characterized in that described step D) detailed process as follows:

Root CA is according to its master key msk _root, Parameter H in the open parameter set of system ₁, and the identity information ID of the 1st layer of CA ₁and PKI generate the certificate of the 1st layer of CA ${\mathrm{cert}}_{{\mathrm{ID}}_1}={\mathrm{msk}}_{\mathrm{root}}{H}_1({\mathrm{ID}}_1,{\mathrm{pk}}_{{\mathrm{ID}}_1});$

In the time of 1≤a≤n-2, a layer CA is according to its master key and certificate parameter H in the open parameter set of system ₁, and the identity information ID of lower one deck CA _a+1and PKI generate the certificate of lower one deck CA ${\mathrm{cert}}_{{\mathrm{ID}}_{a+1}}={\mathrm{msk}}_{{\mathrm{ID}}_a}{H}_1({\mathrm{ID}}_{a+1},{\mathrm{pk}}_{{\mathrm{ID}}_{a+1}})+{\mathrm{cert}}_{{\mathrm{ID}}_a};$

N-1 layer CA is according to its master key and certificate parameter H in the open parameter set of system ₁, and user's identity information ID _nand PKI generate user's certificate ${\mathrm{cert}}_{{\mathrm{ID}}_n}={\mathrm{msk}}_{{\mathrm{ID}}_{n-1}}{H}_1({\mathrm{ID}}_n,{\mathrm{pk}}_{{\mathrm{ID}}_n})+{\mathrm{cert}}_{{\mathrm{ID}}_{n-1}}.$

N layer CA structure according to claim 5 based on certificate encrypt method, it is characterized in that described step e) detailed process as follows:

Step e .1), sender determines to be ID to the identity of n layer _n, PKI is user send plaintext M;

Step e .2), at set { 0,1} ^lin random select the Bit String δ that a length is l and calculate r=H ₃(δ, M, ID _n, pk _n);

Step e .3), calculate respectively U=rP, $V=\mathrm{\&delta;}\&CirclePlus;H_2\left({(e(Q_n,{\mathrm{pk}}_{{\mathrm{ID}}_n})\&CenterDot;{\mathrm{\&Pi;}}_{i=1}^{n-1}e(H_1({\mathrm{ID}}_i,{\mathrm{pk}}_{{\mathrm{ID}}_i}),{\mathrm{pk}}_{{\mathrm{ID}}_{i-1}}))}^r\right)$ With $W=M\&CirclePlus;H_4\left(\mathrm{\&delta;}\right),$ Wherein, ID _iwith represent respectively identity and the PKI of recipient's the upper strata CA that is positioned at i layer,

Step e .4), by C=< U, V, W > sends to recipient as the ciphertext of plaintext M.

N layer CA structure according to claim 6 based on certificate encrypt method, it is characterized in that described step F) detailed process as follows:

Step F .1), n layer identity is ID _n, private key is and certificate is recipient receive ciphertext C=< U, V, W >;

Step F .2), calculate ${\mathrm{\&delta;}}^{\&prime;}=V\&CirclePlus;H_2\left(e({\mathrm{sk}}_{{\mathrm{ID}}_n}{H}_1({\mathrm{ID}}_n,{\mathrm{pk}}_{{\mathrm{ID}}_n})+{\mathrm{cert}}_{{\mathrm{ID}}_n},U)\right),$ And then calculate and obtain expressly $M^{\&prime;}=W\&CirclePlus;H_4\left({\mathrm{\&delta;}}^{\&prime;}\right);$

Step F .3) calculate and judge whether U=r ' P sets up: if set up, plaintext M ' effectively; Otherwise ciphertext is invalid, Decryption failures.

8. a system of encrypting based on certificate for n layer CA structure, is characterized in that, comprising:

System parameters generation module, for generating master key and the open parameter set of system of root CA according to the security parameter of input;

Low layer ca parameter generation module, for generating master key and the PKI of low layer CA;

User key generation module, for according to the open parameter set of the system of system parameters generation module generation and user's identity information, generates user's private key and PKI;

Certificates constructing module, for generating the low layer CA that digs up the roots beyond CA and user's certificate;

Encrypting module, be used for the PKI of the low layer CA generating according to the open parameter set of system parameters generation module generation, low layer ca parameter generation module, plaintext, recipient's identity information and the recipient's that user key generation module generates PKI to be encrypted, generate the original ciphertext of plaintext;

Deciphering module, reverts to the ciphertext receiving expressly for the open parameter set generating according to system parameters generation module, the ciphertext that encrypting module generates, recipient's private key and the recipient's that certificates constructing module generates the certificate that user key generation module generates.

9. the system that n layer CA structure according to claim 8 is encrypted based on certificate, is characterized in that, described deciphering module specifically comprises decrypt ciphertext unit and ciphertext validation verification unit; Wherein:

Described decrypt ciphertext unit is decrypted ciphertext for deciphering person, recovers expressly;

Described ciphertext validation verification unit is verified the validity of ciphertext for deciphering person, and then is judged that whether the plaintext of decrypt ciphertext unit output is effective.