CN105227308B - A kind of encryption and decryption method and electronic equipment - Google Patents

A kind of encryption and decryption method and electronic equipment Download PDF

Info

Publication number
CN105227308B
CN105227308B CN201410265372.7A CN201410265372A CN105227308B CN 105227308 B CN105227308 B CN 105227308B CN 201410265372 A CN201410265372 A CN 201410265372A CN 105227308 B CN105227308 B CN 105227308B
Authority
CN
China
Prior art keywords
function
ciphertext
trapdoor
matrix
unique defect
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410265372.7A
Other languages
Chinese (zh)
Other versions
CN105227308A (en
Inventor
陈和风
马文平
雷浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201410265372.7A priority Critical patent/CN105227308B/en
Publication of CN105227308A publication Critical patent/CN105227308A/en
Application granted granted Critical
Publication of CN105227308B publication Critical patent/CN105227308B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Design And Manufacture Of Integrated Circuits (AREA)
  • Storage Device Security (AREA)
  • Semiconductor Integrated Circuits (AREA)

Abstract

The embodiment of the present invention provides a kind of encryption and decryption method and electronic equipment.This method comprises: obtaining public key, plaintext and the first preset length Bit String, the public key by the first electronic equipment includes unique defect trapdoor function;First electronic equipment obtains the key pair of once signed scheme, and the key pair includes authentication secret and signature key corresponding with the authentication secret;First electronic equipment obtains intermediate ciphertext group according to unique defect trapdoor function, the first preset length Bit String, the plaintext and the authentication secret;First electronic equipment signs to the intermediate ciphertext group according to the signature key, obtains intermediate ciphertext group signature;The authentication secret, the intermediate ciphertext group and the intermediate ciphertext group signature are combined into final ciphertext by first electronic equipment, and export the final ciphertext;To realize anti-chosen ciphertext attacks.

Description

Encryption and decryption method and electronic equipment
Technical Field
The embodiment of the invention relates to an information security technology, in particular to an encryption method, a decryption method and electronic equipment.
Background
The chosen ciphertext attack refers to an attack model in which the content that an attacker needs to master includes: encryption algorithm, intercepted partial cipher text, cipher text message selected by the user and corresponding decrypted plain text. The attack of selecting the cipher text requires that the attacker can access the decryption language machine, thereby obtaining the decryption result of the cipher text constructed by the attacker. The attacker can randomly collect a certain number of ciphertexts in advance, the ciphertexts are encrypted by a target encryption algorithm, the target encryption algorithm is an object attacked by the attacker, the ciphertexts are decrypted by a decryption language machine to obtain decrypted plaintexts, and therefore the private key or the decomposition modulus of the encryptor can be calculated, and the attacker can recover all the plaintexts by using the information.
The encryption scheme in the prior art is constructed based on a pseudorandom function, and a result is subjected to XOR with a plaintext to encrypt by applying the pseudorandom function to a random value, so that a ciphertext is obtained. The existing encryption scheme is not secure against chosen ciphertext attacks, and therefore, an encryption scheme for resisting chosen ciphertext attacks needs to be provided urgently.
Disclosure of Invention
The embodiment of the invention provides an encryption method, a decryption method and electronic equipment, which are used for resisting selective ciphertext attack.
In a first aspect, an embodiment of the present invention provides an encryption method, including:
the method comprises the steps that a first electronic device obtains a public key, a plaintext and a first preset length bit string, wherein the public key comprises a unique defect trapdoor function;
the first electronic equipment acquires a key pair of a one-time signature scheme, wherein the key pair comprises a verification key and a signature key corresponding to the verification key;
the first electronic device obtains an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key;
the first electronic equipment signs the intermediate ciphertext group according to the signature key to obtain an intermediate ciphertext group signature;
and the first electronic equipment combines the verification key, the intermediate ciphertext group and the intermediate ciphertext group signature into a final ciphertext and outputs the final ciphertext.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the unique defect trapdoor function includes a first unique defect trapdoor function and a second unique defect trapdoor function;
the first electronic device obtains an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key, and the method includes:
the first electronic device takes a preset constant, the function index of the first unique defect trapdoor function and the first preset length bit string as the input of a function valuation algorithm in the first unique defect trapdoor function, and calculates to obtain a first intermediate ciphertext;
the first electronic device takes the function index of the second unique defect trapdoor function, the verification key and the first preset length bit string as the input of a function valuation algorithm in the second unique defect trapdoor function, and a second intermediate ciphertext is obtained through calculation;
the first electronic equipment carries out XOR operation on the plain text and the hash function value of the bit string with the first preset length to obtain a third intermediate ciphertext;
the first electronic device combines the first intermediate ciphertext, the second intermediate ciphertext, and the third intermediate ciphertext into the intermediate ciphertext group.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, before the first electronic device takes a preset constant, a function index of the first unique defect trapdoor function, and the first preset length bit string as inputs of a function evaluation algorithm in the first unique defect trapdoor function, and calculates a first intermediate ciphertext, the method further includes:
the first electronic device selects a first branch from a given set of branches;
the first electronic equipment obtains a first plaintext matrix according to the first branch;
the first electronic equipment selects N elements from a finite field to form a key vector according to chi-square distribution, and the key vector is used as a trapdoor of the first unique defect trapdoor function; wherein N is the number of rows of the first plaintext matrix;
the first electronic equipment selects random numbers for each row of the first plaintext matrix from the finite field according to chi-square distribution, and the selected random numbers form a random vector;
the first electronic equipment selects error vectors for each column of the first plaintext matrix from the finite field according to chi-square distribution, and the selected error vectors form an error matrix;
and the first electronic equipment obtains a first ciphertext matrix according to the random vector, the error matrix, the first plaintext matrix and the trapdoor of the first unique defect trapdoor function, and uses the first ciphertext matrix as a function index of the first unique defect trapdoor function.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the obtaining, by the first electronic device, a first ciphertext matrix according to the random vector, the error matrix, the first plaintext matrix, and the trapdoor of the first unique defect trapdoor function includes:
obtaining the first ciphertext matrix C according to the following first formula1
Wherein the first formula is:
wherein,M1for the purpose of the first plaintext matrix,as the random vector, E1For the purpose of the error matrix,is the trapdoor, t is a system parameter, C'1Is part of the first ciphertext matrix.
With reference to any one of the first to third possible implementation manners of the first aspect, in a fourth possible implementation manner of the first aspect, before the calculating, by the first electronic device, a second intermediate ciphertext, the method further includes:
the first electronic device selects a second branch from a given set of branches;
the first electronic equipment obtains a second plaintext matrix according to the second branch;
the first electronic equipment selects N elements from a finite field to form a key vector according to chi-square distribution, and the key vector is used as a trapdoor of the second unique defect trapdoor function; wherein N is the number of rows of the second plaintext matrix;
the first electronic equipment selects random numbers for each row of the second plaintext matrix from the finite field according to chi-square distribution, and the selected random numbers form a random vector;
the first electronic equipment selects error vectors for each column of the second plaintext matrix from the finite field according to chi-square distribution, and the selected error vectors form an error matrix;
and the first electronic equipment obtains a second ciphertext matrix according to the random vector, the error matrix, the second plaintext matrix and the trapdoor of the second unique defect trapdoor function, and the second ciphertext matrix is used as a function index of the second unique defect trapdoor function.
With reference to the fourth possible implementation manner of the first aspect, in a fifth possible implementation manner of the first aspect, the obtaining, by the first electronic device, a second ciphertext matrix according to the random vector, the error matrix, the second plaintext matrix, and the second unique defect trapdoor function trapdoor includes:
obtaining the second ciphertext matrix C according to the following second formula2
Wherein the second formula is:
wherein,M2for the purpose of the second plaintext matrix,as the random vector, E2For the purpose of the error matrix,is the trapdoor, t is the system parameter, C'2Is part of the second ciphertext matrix.
In a second aspect, an embodiment of the present invention provides a decryption method, including:
the second electronic equipment acquires a private key and a final ciphertext, wherein the private key comprises an index of a first unique defect trapdoor function, a trapdoor and an index of a second unique trapdoor function, and the final ciphertext comprises a first intermediate ciphertext, a second intermediate ciphertext, a third intermediate ciphertext and a verification key;
the second electronic equipment takes the final ciphertext as the input of a verification algorithm of a one-time signature scheme to verify whether the final ciphertext accords with a preset rule or not;
when the final ciphertext accords with a preset rule, the second electronic device takes the trapdoor of the first unique defect trapdoor function, a preset constant and the first intermediate ciphertext as the input of an inverse function valuation algorithm in the first unique defect trapdoor function, and calculates to obtain a second preset length bit string;
the second electronic device takes the index of the first unique defect trapdoor function, the preset constant and the second preset length bit string as the input of a function evaluation algorithm in the first unique defect trapdoor function, and verifies whether the first intermediate ciphertext is obtained or not;
the second electronic device takes the index of the second unique defect trapdoor function, the verification key and the second preset length bit string as the input of a function valuation algorithm in the second unique defect trapdoor function, and verifies whether the second intermediate ciphertext is obtained or not;
if the first intermediate ciphertext and the second intermediate ciphertext are obtained through verification, outputting a plaintext; wherein the plaintext is an exclusive or result of hash function values of the third intermediate ciphertext and the second bit string of the predetermined length.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
the device comprises an acquisition module, a comparison module and a comparison module, wherein the acquisition module is used for acquiring a public key, a plaintext and a first preset length bit string, and the public key comprises a unique defect trapdoor function; acquiring a key pair of a one-time signature scheme, wherein the key pair comprises a verification key and a signature key corresponding to the verification key; obtaining an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key; signing the intermediate ciphertext group according to the signature key to obtain an intermediate ciphertext group signature;
and the output module is used for combining the verification key, the intermediate ciphertext group and the intermediate ciphertext group signature into a final ciphertext and outputting the final ciphertext.
With reference to the third aspect, in a first possible implementation manner of the third aspect, the unique defect trapdoor function includes a first unique defect trapdoor function and a second unique defect trapdoor function;
the acquisition module is specifically configured to:
taking a preset constant, the function index of the first unique defect trapdoor function and the first preset length bit string as the input of a function evaluation algorithm in the first unique defect trapdoor function, and calculating to obtain a first intermediate ciphertext; taking the function index of the second unique defect trapdoor function, the verification key and the first preset length bit string as the input of a function evaluation algorithm in the second unique defect trapdoor function, and calculating to obtain a second intermediate ciphertext; carrying out XOR operation on the plain text and the hash function value of the bit string with the first preset length to obtain a third intermediate ciphertext; combining the first intermediate ciphertext, the second intermediate ciphertext, and the third intermediate ciphertext into the intermediate set of ciphertexts.
With reference to the first possible implementation manner of the third aspect, in a second possible implementation manner of the third aspect, the obtaining module is further configured to:
selecting a first branch from a given set of branches;
obtaining a first plaintext matrix according to the first branch;
selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the first unique defect trapdoor function; wherein N is the number of rows of the first plaintext matrix;
selecting random numbers for each row of the first plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers;
selecting error vectors for each column of the first plaintext matrix from the finite field according to a chi-square distribution, and forming an error matrix by the selected error vectors;
and obtaining a first ciphertext matrix according to the random vector, the error matrix, the first plaintext matrix and the trapdoor of the first unique defect trapdoor function, and using the first ciphertext matrix as a function index of the first unique defect trapdoor function.
With reference to the second possible implementation manner of the third aspect, in a third possible implementation manner of the third aspect, the obtaining module is specifically configured to:
obtaining the first ciphertext matrix C according to the following first formula1
Wherein the first formula is:
wherein,M1for the purpose of the first plaintext matrix,as the random vector, E1For the purpose of the error matrix,is the trapdoor, t is a system parameter, C'1Is part of the first ciphertext matrix.
With reference to any one of the first to third possible implementation manners of the third aspect, in a fourth possible implementation manner of the third aspect, the obtaining module is further configured to:
selecting a second branch from the given set of branches;
obtaining a second plaintext matrix according to the second branch;
selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the second unique defect trapdoor function; wherein N is the number of rows of the second plaintext matrix;
selecting random numbers for each row of the second plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers;
selecting error vectors for each column of the second plaintext matrix from the finite field according to chi-square distribution, and forming an error matrix by the selected error vectors;
and obtaining a second ciphertext matrix according to the random vector, the error matrix, the second plaintext matrix and the trapdoor of the second unique defect trapdoor function, and taking the second ciphertext matrix as a function index of the second unique defect trapdoor function.
With reference to the fourth possible implementation manner of the third aspect, in a fifth possible implementation manner of the third aspect, the obtaining module is specifically configured to:
obtaining the second ciphertext matrix C according to the following second formula2
Wherein the second formula is:
wherein,M2for the purpose of the second plaintext matrix,as the random vector, E2For the purpose of the error matrix,is the trapdoor, t is the system parameter, C'2Is part of the second ciphertext matrix.
In a fourth aspect, an embodiment of the present invention provides an electronic device, including:
the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring a private key and a final ciphertext, the private key comprises an index of a first unique defect trapdoor function, an index of a trapdoor function and an index of a second unique trapdoor function, and the final ciphertext comprises a first intermediate ciphertext, a second intermediate ciphertext, a third intermediate ciphertext and a verification key;
the verification module is used for inputting the final ciphertext as a verification algorithm of a one-time signature scheme and verifying whether the final ciphertext accords with a preset rule;
the calculation module is used for taking the trapdoor of the first unique defect trapdoor function, a preset constant and the first intermediate ciphertext as the input of an inverse function valuation algorithm in the first unique defect trapdoor function when the final ciphertext accords with a preset rule, and calculating to obtain a second preset length bit string;
the verification module is further configured to use the index of the first unique defect trapdoor function, the preset constant, and the second preset length bit string as inputs of a function evaluation algorithm in the first unique defect trapdoor function to verify whether the first intermediate ciphertext is obtained; taking the index of the second unique defect trapdoor function, the verification key and the second preset length bit string as the input of a function evaluation algorithm in the second unique defect trapdoor function, and verifying whether the second intermediate ciphertext is obtained or not;
the output module is used for outputting a plaintext if the first intermediate ciphertext and the second intermediate ciphertext are obtained through verification by the verification module; wherein the plaintext is an exclusive or result of hash function values of the third intermediate ciphertext and the second bit string of the predetermined length.
According to the encryption and decryption method and the electronic equipment provided by the embodiment of the invention, a public key, a plaintext and a first preset length bit string are obtained through first electronic equipment, wherein the public key comprises a unique defect trapdoor function; the first electronic equipment acquires a key pair of a one-time signature scheme, wherein the key pair comprises a verification key and a signature key corresponding to the verification key; the first electronic device obtains an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key; the first electronic equipment signs the intermediate ciphertext group according to the signature key to obtain an intermediate ciphertext group signature, so that an encryption scheme for resisting adaptive selection ciphertext attack is constructed in a black box manner, even if an attacker can collect a certain number of ciphertexts in advance, the ciphertexts are decrypted through an attacked encryption algorithm, the decrypted plaintext is obtained through an unknown key, and finally, the decryption result of the ciphertext constructed by the attacker cannot be obtained, so that the selective ciphertext attack is resisted; further, the first electronic device combines the verification key, the intermediate ciphertext group and the intermediate ciphertext group signature into a final ciphertext, so that only the private key corresponding to the final ciphertext is obtained and can be decrypted according to a preset mode, and the risk of being cracked is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a flow chart of a first embodiment of an encryption method according to the present invention;
FIG. 2 is a flowchart of a method for obtaining an intermediate ciphertext group in an encryption method of the present invention;
FIG. 3 is a flowchart of a first embodiment of the decryption method of the present invention;
FIG. 4 is a schematic structural diagram of an electronic device according to a first embodiment of the invention;
FIG. 5 is a schematic structural diagram of a second electronic device according to an embodiment of the invention;
FIG. 6 is a schematic structural diagram of a third embodiment of an electronic device according to the present invention;
fig. 7 is a schematic structural diagram of a fourth electronic device according to the embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of a first embodiment of an encryption method according to the present invention. As shown in fig. 1, the method provided by this embodiment may include:
step 101, a first electronic device obtains a public key, a plaintext and a first preset length bit string, wherein the public key comprises a unique defect trapdoor function.
Step 102, the first electronic device obtains a key pair of a one-time signature scheme, where the key pair includes a verification key and a signature key corresponding to the verification key.
Wherein, the verification key space of the one-time signature scheme is {0,1}v
And 103, the first electronic device obtains an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key.
And step 104, the first electronic device signs the intermediate ciphertext group according to the signature key to obtain an intermediate ciphertext group signature.
And 105, combining the verification key, the intermediate ciphertext group and the intermediate ciphertext group signature into a final ciphertext by the first electronic device, and outputting the final ciphertext.
Wherein the verification key, the intermediate ciphertext group, and the intermediate ciphertext group signature may be combined in order into a final ciphertext.
From the above, a public key, a plaintext and a first preset length bit string are obtained through first electronic equipment, wherein the public key comprises a unique defect trapdoor function; the first electronic equipment acquires a key pair of a one-time signature scheme, wherein the key pair comprises a verification key and a signature key corresponding to the verification key; the first electronic device obtains an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key; the first electronic equipment signs the intermediate ciphertext group according to the signature key to obtain an intermediate ciphertext group signature, so that an encryption scheme for resisting adaptive selection ciphertext attack is constructed in a black box manner, even if an attacker can collect a certain number of ciphertexts in advance, the ciphertexts are decrypted through an attacked encryption algorithm, the decrypted plaintext is obtained through an unknown key, and finally, the decryption result of the ciphertext constructed by the attacker cannot be obtained, so that the selective ciphertext attack is resisted; further, the first electronic device combines the verification key, the intermediate ciphertext group and the intermediate ciphertext group signature into a final ciphertext, so that only the private key corresponding to the final ciphertext is obtained and can be decrypted according to a preset mode, and the risk of being cracked is reduced.
It should be noted that, in the step 103, the unique defect trapdoor function may specifically include a first unique defect trapdoor function and a second unique defect trapdoor function; the intermediate ciphertext group may include a first intermediate ciphertext, a second intermediate ciphertext, and a third intermediate ciphertext. As shown in fig. 2, correspondingly, the obtaining, by the first electronic device, an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext, and the verification key may specifically include:
step 201, the first electronic device takes a preset constant, the function index of the first unique defect trapdoor function, and the first preset length bit string as input of a function evaluation algorithm in the first unique defect trapdoor function, and calculates to obtain a first intermediate ciphertext.
In this step, the first intermediate ciphertextWherein G isabo1In the first unique defect trapdoor functionFunction estimation algorithm of (1), C1For the purpose of indexing the function in question,and 0 is the preset constant, and is the first preset length bit string.
Specifically, the first electronic device may select a third branch from a given set of branches; taking the function index of the third branch and the first unique defect trapdoor function as input to obtain a function evaluation algorithm in the first unique defect trapdoor functionWherein,wherein, C1For the purpose of indexing the function in question,for the first pre-set length bit string,is composed ofTransposed matrix of b1In order to be said third branch, the first branch,is h corresponding to the third branch1×h1The order-diagonal matrix is then used,is h1All zero vector of order, h1The number of rows of the first plaintext matrix,an output of a function estimation algorithm for said first unique defect trapdoor function. Wherein the given branch of the first unique defect trapdoor functionThe set is {0,1 }.
It should be noted that, before step 201, the first electronic device needs to obtain a function index of the first unique defect trapdoor function, specifically:
the first electronic device selects a first branch from a given set of branches; obtaining a first plaintext matrix according to the first branch; selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the first unique defect trapdoor function; wherein N is the number of rows of the first plaintext matrix; selecting random numbers for each row of the first plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers; selecting error vectors for each column of the first plaintext matrix from the finite field according to a chi-square distribution, and forming an error matrix by the selected error vectors; and obtaining a first ciphertext matrix according to the random vector, the error matrix, the first plaintext matrix and the trapdoor of the first unique defect trapdoor function, and using the first ciphertext matrix as a function index of the first unique defect trapdoor function. Wherein the first branch of the first unique defect trapdoor function is b* 1=1。
Further, the first electronic device may obtain the first ciphertext matrix C according to a first formula as follows1(ii) a Wherein the first formula is:wherein,M1for the purpose of the first plaintext matrix,as the random vector, E1For the purpose of the error matrix,is the trapdoor, t is a system parameter, C'1Is part of the first ciphertext matrix.
Step 202, the first electronic device uses the function index of the second unique defect trapdoor function, the verification key, and the first preset length bit string as input of a function evaluation algorithm in the second unique defect trapdoor function, and calculates to obtain a second intermediate ciphertext.
In this step, the second intermediate ciphertextWherein G isabo2An algorithm for estimating a function in said second unique defect trapdoor function, C2For the purpose of indexing the function in question,and vk is the verification key, wherein vk is the first preset length bit string.
Specifically, the first electronic device may select a fourth branch from a given branch set; taking the function indexes of the fourth branch and the second unique defect trapdoor function as input to obtain a function evaluation algorithm in the second unique defect trapdoor functionWherein,wherein, C2For the purpose of indexing the function in question,for the first pre-set length bit string,is composed ofIs transposed matrix of,b2In order to be able to implement the fourth branch,is h corresponding to the fourth branch2×h2The order-diagonal matrix is then used,is h2All zero vector of order, h2The number of rows of the second plaintext matrix,an output of a function estimation algorithm for said second unique defect trapdoor function. Wherein the given set of branches of the second unique defect trapdoor function is {0,1}v
It should be noted that, before step 202, the first electronic device needs to obtain a function index of the second unique defect trapdoor function, specifically:
the first electronic device selects a second branch from a given set of branches; obtaining a second plaintext matrix according to the second branch; selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the second unique defect trapdoor function; wherein N is the number of rows of the second plaintext matrix; selecting random numbers for each row of the second plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers; selecting error vectors for each column of the second plaintext matrix from the finite field according to chi-square distribution, and forming an error matrix by the selected error vectors; obtaining a second ciphertext matrix according to the random vector, the error matrix, the second plaintext matrix and the trapdoor of the second unique defect trapdoor function, and taking the second ciphertext matrix as a function index of the second unique defect trapdoor function; wherein the second branch of the second unique defect trapdoor function is b* 2=0v
Go toStep by step, the first electronic device may obtain the second ciphertext matrix C according to the following second formula2(ii) a Wherein the second formula is:wherein,M2for the purpose of the second plaintext matrix,as the random vector, E2For the purpose of the error matrix,is the trapdoor, t is the system parameter, C'2Is part of the second ciphertext matrix.
Step 203, the first electronic device performs an exclusive or operation on the plaintext and the hash function value of the bit string with the first preset length to obtain a third intermediate ciphertext.
The third intermediate ciphertextWherein m is the plain text, and m is the plain text,a hash function value for said first predetermined length bit string.
Step 204, the first electronic device combines the first intermediate ciphertext, the second intermediate ciphertext, and the third intermediate ciphertext into the intermediate ciphertext group.
In the technical solution of this embodiment, the first electronic device may use a preset constant, a function index of the first unique defect trapdoor function, and the first preset length bit string as inputs, and obtain the first intermediate ciphertext through a function estimation algorithm in the first unique defect trapdoor function; taking the function index of the second unique defect trapdoor function, the verification key and the first preset length bit string as input, and calculating to obtain the second intermediate ciphertext through a function evaluation algorithm in the second unique defect trapdoor function; performing exclusive-or operation on the plain text and the hash function value of the bit string with the first preset length to obtain a third intermediate ciphertext; finally, combining the first intermediate ciphertext, the second intermediate ciphertext and the third intermediate ciphertext into the intermediate ciphertext group; and the first electronic equipment obtains the intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string and the verification key.
Fig. 3 is a flowchart of a decryption method according to a first embodiment of the present invention. As shown in fig. 3, the method provided in this embodiment may specifically include:
step 301, the second electronic device obtains a private key and a final ciphertext, where the private key includes an index of a first unique defect trapdoor function, an index of a trapdoor function, and an index of a second unique trapdoor function, and the final ciphertext includes a first intermediate ciphertext, a second intermediate ciphertext, a third intermediate ciphertext, and a verification key.
And step 302, the second electronic device uses the final ciphertext as an input of a verification algorithm of a one-time signature scheme to verify whether the final ciphertext meets a preset rule.
And step 303, when the final ciphertext conforms to a preset rule, the second electronic device uses the trapdoor of the first unique defect trapdoor function, a preset constant and the first intermediate ciphertext as input of an inverse function evaluation algorithm in the first unique defect trapdoor function, and calculates to obtain a second preset length bit string.
Wherein the second bit string with preset length is the first only defect trapdoor functionAn inverse function in number estimation algorithm, in particular, the second electronic device may divide the third branch by the first branchThe branch outside the branch, the function index of the first unique defect trapdoor function and the trapdoor are used as input to obtainTo the first onlyInverse function estimation algorithm in defect trapdoor functionWherein,wherein b is a branch of the third branch other than the first branch, C* 1Trap as a function of said first unique defect trapGate, t is the system parameter, mod is the modulo operation, b* 1Is the first branch, is the first unique defect trapdoor boxTransposing the output of a function valuation algorithm of numbers to be decrypted
And step 304, the second electronic device uses the index of the first unique defect trapdoor function, the preset constant and the second preset length bit string as input of a function evaluation algorithm in the first unique defect trapdoor function, and verifies whether the first intermediate ciphertext is obtained.
Step 305, the second electronic device uses the index of the second unique defect trapdoor function, the verification key, and the second preset length bit string as input of a function evaluation algorithm in the second unique defect trapdoor function, and verifies whether the second intermediate ciphertext is obtained.
Step 306, if the first intermediate ciphertext and the second intermediate ciphertext are obtained through verification, outputting a plaintext; wherein the plaintext is an exclusive or result of hash function values of the third intermediate ciphertext and the second bit string of the predetermined length.
I.e. outputWherein m is the plain text, and m is the plain text,a hash function value for said second predetermined length bit string, c3Is the third intermediate secretText.
According to the technical scheme, the encrypted ciphertext can be decrypted, and the ciphertext is encrypted by an encryption method resistant to selective ciphertext attack.
Fig. 4 is a schematic structural diagram of an electronic device according to a first embodiment of the invention. As shown in fig. 4, the electronic device 10 provided in this embodiment may specifically include: an acquisition module 11 and an output module 12.
The obtaining module 11 is configured to obtain a public key, a plaintext, and a first preset length bit string, where the public key includes a unique defect trapdoor function; acquiring a key pair of a one-time signature scheme, wherein the key pair comprises a verification key and a signature key corresponding to the verification key; obtaining an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key; signing the intermediate ciphertext group according to the signature key to obtain an intermediate ciphertext group signature;
the output module 12 is configured to combine the verification key, the intermediate ciphertext group, and the intermediate ciphertext group signature into a final ciphertext, and output the final ciphertext.
Specifically, the unique defect trapdoor function includes a first unique defect trapdoor function and a second unique defect trapdoor function; correspondingly, the obtaining module 11 may specifically be configured to:
taking a preset constant, the function index of the first unique defect trapdoor function and the first preset length bit string as the input of a function evaluation algorithm in the first unique defect trapdoor function, and calculating to obtain a first intermediate ciphertext; taking the function index of the second unique defect trapdoor function, the verification key and the first preset length bit string as the input of a function evaluation algorithm in the second unique defect trapdoor function, and calculating to obtain a second intermediate ciphertext; carrying out XOR operation on the plain text and the hash function value of the bit string with the first preset length to obtain a third intermediate ciphertext; combining the first intermediate ciphertext, the second intermediate ciphertext, and the third intermediate ciphertext into the intermediate set of ciphertexts.
Further, the obtaining module 11 may be further configured to: selecting a first branch from a given set of branches; obtaining a first plaintext matrix according to the first branch; selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the first unique defect trapdoor function; wherein N is the number of rows of the first plaintext matrix; selecting random numbers for each row of the first plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers; selecting error vectors for each column of the first plaintext matrix from the finite field according to a chi-square distribution, and forming an error matrix by the selected error vectors; and obtaining a first ciphertext matrix according to the random vector, the error matrix, the first plaintext matrix and the trapdoor of the first unique defect trapdoor function, and using the first ciphertext matrix as a function index of the first unique defect trapdoor function.
Specifically, the first ciphertext matrix C may be obtained according to the following first formula1(ii) a Wherein the first formulaComprises the following steps:wherein,M1is the first plaintext matrix, isThe random vector, E1Is the error matrix, is the trapdoor, t is a system parameter, C'1As said first ciphertext matrixAnd (b) a portion.
The obtaining module 11 may further be configured to: selecting a second branch from the given set of branches; obtaining a second plaintext matrix according to the second branch; selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the second unique defect trapdoor function; wherein N is the number of rows of the second plaintext matrix; selecting random numbers for each row of the second plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers; selecting error vectors for each column of the second plaintext matrix from the finite field according to chi-square distribution, and forming an error matrix by the selected error vectors; and obtaining a second ciphertext matrix according to the random vector, the error matrix, the second plaintext matrix and the trapdoor of the second unique defect trapdoor function, and taking the second ciphertext matrix as a function index of the second unique defect trapdoor function.
Specifically, the second ciphertext matrix C may be obtained according to the following second formula2(ii) a Wherein the second formulaComprises the following steps:wherein,M2for the purpose of the second plaintext matrix,as the random vector, E2Is the error matrix, is the trapdoor, t is the system parameter, C'2Is the second passwordA portion of a text matrix.
The electronic device of this embodiment may be configured to implement the technical solutions of the above method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 5 is a schematic structural diagram of a second electronic device according to an embodiment of the invention. As shown in fig. 5, the electronic device 20 provided in this embodiment may specifically include: an acquisition module 21, a verification module 22, a calculation module 23 and an output module 24.
The obtaining module 21 may be configured to obtain a private key and a final ciphertext, where the private key includes an index of a first unique defect trapdoor function, a trapdoor, and an index of a second unique trapdoor function, and the final ciphertext includes a first intermediate ciphertext, a second intermediate ciphertext, a third intermediate ciphertext, and a verification key;
the verification module 22 may be configured to use the final ciphertext as an input of a verification algorithm of a one-time signature scheme, and verify whether the final ciphertext meets a preset rule;
the calculating module 23 may be configured to, when the final ciphertext meets a preset rule, use the trapdoor of the first unique defective trapdoor function, a preset constant, and the first intermediate ciphertext as input of an inverse function evaluation algorithm in the first unique defective trapdoor function, and calculate to obtain a second preset-length bit string;
the verification module 22 may be further configured to use the index of the first unique defect trapdoor function, the preset constant, and the second preset length bit string as inputs of a function evaluation algorithm in the first unique defect trapdoor function, and verify whether the first intermediate ciphertext is obtained; taking the index of the second unique defect trapdoor function, the verification key and the second preset length bit string as the input of a function evaluation algorithm in the second unique defect trapdoor function, and verifying whether the second intermediate ciphertext is obtained or not;
the output module 24 may be configured to output a plaintext if the verification module 22 verifies that the first intermediate ciphertext and the second intermediate ciphertext are obtained; wherein the plaintext is an exclusive or result of hash function values of the third intermediate ciphertext and the second bit string of the predetermined length.
The electronic device provided in this embodiment may be used to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.
Fig. 6 is a schematic structural diagram of a third electronic device according to the embodiment of the invention. As shown in fig. 6, the electronic device 30 provided in this embodiment specifically includes: a bus 31, and a processor 32, a memory 33, and an interface 34 connected to the bus 31;
wherein the memory 33 is used for storing instructions; the processor 32 executes the instruction to obtain a public key, a plaintext, and a first preset length bit string, where the public key includes a unique defect trapdoor function; acquiring a key pair of a one-time signature scheme, wherein the key pair comprises a verification key and a signature key corresponding to the verification key; obtaining an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key; signing the intermediate ciphertext group according to the signature key to obtain an intermediate ciphertext group signature; combining the verification key, the intermediate ciphertext group, and the intermediate ciphertext group signature into a final ciphertext; the interface 34 is used to output the final ciphertext.
In this embodiment, the unique defect trapdoor function includes a first unique defect trapdoor function and a second unique defect trapdoor function; optionally, the processor 32 executes the instruction to use a preset constant, a function index of the first unique defect trapdoor function, and the first preset length bit string as inputs of a function evaluation algorithm in the first unique defect trapdoor function, and calculate to obtain a first intermediate ciphertext; taking the function index of the second unique defect trapdoor function, the verification key and the first preset length bit string as the input of a function evaluation algorithm in the second unique defect trapdoor function, and calculating to obtain a second intermediate ciphertext; carrying out XOR operation on the plain text and the hash function value of the bit string with the first preset length to obtain a third intermediate ciphertext; combining the first intermediate ciphertext, the second intermediate ciphertext, and the third intermediate ciphertext into the intermediate set of ciphertexts.
In this embodiment, optionally, the processor 32 executes the instructions to further:
the private key and the final ciphertext are used as the input of a verification algorithm of the one-time signature scheme for verification; if the verification is successful, the trapdoor of the first unique defect trapdoor function, the preset constant and the first intermediate ciphertext are used as input, and a second preset length bit string is obtained through calculation through an inverse function valuation algorithm in the first unique defect trapdoor function; taking the index of the first unique defect trapdoor function, the preset constant and the second preset length bit string as input, and verifying whether the first intermediate ciphertext is obtained or not through a function evaluation algorithm in the first unique defect trapdoor function; taking the index of the second unique defect trapdoor function, the verification key and the second preset length bit string as input, and verifying whether the second intermediate ciphertext is obtained or not through a function evaluation algorithm in the second unique defect trapdoor function;
if the first intermediate ciphertext and the second intermediate ciphertext are obtained through verification, the interface 34 outputs a plaintext; wherein the plaintext is an exclusive or result of hash function values of the third intermediate ciphertext and the second bit string of the predetermined length.
In this embodiment, optionally, the processor 32 executes the instructions to further: selecting a first branch from a given set of branches; obtaining a first plaintext matrix according to the first branch; selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the first unique defect trapdoor function; wherein N is the number of rows of the first plaintext matrix; selecting random numbers for each row of the first plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers; selecting error vectors for each column of the first plaintext matrix from the finite field according to a chi-square distribution, and forming an error matrix by the selected error vectors; and obtaining a first ciphertext matrix according to the random vector, the error matrix, the first plaintext matrix and the trapdoor of the first unique defect trapdoor function, and using the first ciphertext matrix as a function index of the first unique defect trapdoor function.
Optionally, the processor 32 executes the instruction to obtain the first ciphertext matrix C according to the following first formula1(ii) a Wherein the first formula is:wherein,M1for the purpose of the first plaintext matrix,as the random vector, E1For the purpose of the error matrix,is the trapdoor, t is a system parameter, C'1Is part of the first ciphertext matrix.
In this embodiment, optionally, the processor 32 executes the instructions to further: selecting a second branch from the given set of branches; obtaining a second plaintext matrix according to the second branch; selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the second unique defect trapdoor function; wherein N is the number of rows of the second plaintext matrix; selecting random numbers for each row of the second plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers; selecting error vectors for each column of the second plaintext matrix from the finite field according to chi-square distribution, and forming an error matrix by the selected error vectors; and obtaining a second ciphertext matrix according to the random vector, the error matrix, the second plaintext matrix and the trapdoor of the second unique defect trapdoor function, and taking the second ciphertext matrix as a function index of the second unique defect trapdoor function.
Optionally, the processor 32 executes the instruction to obtain the second ciphertext matrix C according to the following second formula2(ii) a Wherein the second formula is:wherein,M2for the purpose of the second plaintext matrix,as the random vector, E2For the purpose of the error matrix,is the trapdoor, t is the system parameter, C'2Is part of the second ciphertext matrix.
The electronic device provided in this embodiment may be used to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.
Fig. 7 is a schematic structural diagram of a fourth electronic device according to the embodiment of the invention. As shown in fig. 7, the electronic device 40 provided in this embodiment may specifically include: a bus 41, and a processor 42, a memory 43, and an interface 44 connected to the bus 41;
wherein the memory 43 is used for storing instructions; the processor 42 executes the instruction to obtain a private key and a final ciphertext, where the private key includes an index of a first unique defective trapdoor function, a trapdoor, and an index of a second unique trapdoor function, and the final ciphertext includes a first intermediate ciphertext, a second intermediate ciphertext, a third intermediate ciphertext, and a verification key; taking the final ciphertext as the input of a verification algorithm of a one-time signature scheme, and verifying whether the final ciphertext accords with a preset rule; when the final ciphertext accords with a preset rule, taking the trapdoor of the first unique defect trapdoor function, a preset constant and the first intermediate ciphertext as the input of an inverse function valuation algorithm in the first unique defect trapdoor function, and calculating to obtain a second preset length bit string; taking the index of the first unique defect trapdoor function, the preset constant and the second preset length bit string as the input of a function evaluation algorithm in the first unique defect trapdoor function, and verifying whether the first intermediate ciphertext is obtained or not; and taking the index of the second unique defect trapdoor function, the verification key and the second preset length bit string as the input of a function evaluation algorithm in the second unique defect trapdoor function, and verifying whether the second intermediate ciphertext is obtained or not.
If the processor 42 verifies the first intermediate ciphertext and the second intermediate ciphertext, the interface 44 is configured to output a plaintext; wherein the plaintext is an exclusive or result of hash function values of the third intermediate ciphertext and the second bit string of the predetermined length.
The electronic device provided in this embodiment may be used to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, which are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (14)

1. An encryption method, comprising:
the method comprises the steps that a first electronic device obtains a public key, a plaintext and a first preset length bit string, wherein the public key comprises a unique defect trapdoor function;
the first electronic equipment acquires a key pair of a one-time signature scheme, wherein the key pair comprises a verification key and a signature key corresponding to the verification key;
the first electronic device obtains an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key;
the first electronic equipment signs the intermediate ciphertext group according to the signature key to obtain an intermediate ciphertext group signature;
and the first electronic equipment combines the verification key, the intermediate ciphertext group and the intermediate ciphertext group signature into a final ciphertext and outputs the final ciphertext.
2. The method of claim 1, wherein the unique defect trapdoor function comprises a first unique defect trapdoor function and a second unique defect trapdoor function;
the first electronic device obtains an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key, and the method includes:
the first electronic device takes a preset constant, the function index of the first unique defect trapdoor function and the first preset length bit string as the input of a function valuation algorithm in the first unique defect trapdoor function, and calculates to obtain a first intermediate ciphertext;
the first electronic device takes the function index of the second unique defect trapdoor function, the verification key and the first preset length bit string as the input of a function valuation algorithm in the second unique defect trapdoor function, and a second intermediate ciphertext is obtained through calculation;
the first electronic equipment carries out XOR operation on the plain text and the hash function value of the bit string with the first preset length to obtain a third intermediate ciphertext;
the first electronic device combines the first intermediate ciphertext, the second intermediate ciphertext, and the third intermediate ciphertext into the intermediate ciphertext group.
3. The method of claim 2, wherein before the first electronic device takes a predetermined constant, the function index of the first unique defect trapdoor function, and the first predetermined length bit string as inputs of a function evaluation algorithm in the first unique defect trapdoor function, calculating a first intermediate ciphertext, the method further comprises:
the first electronic device selects a first branch from a given set of branches;
the first electronic equipment obtains a first plaintext matrix according to the first branch;
the first electronic equipment selects N elements from a finite field to form a key vector according to chi-square distribution, and the key vector is used as a trapdoor of the first unique defect trapdoor function; wherein N is the number of rows of the first plaintext matrix;
the first electronic equipment selects random numbers for each row of the first plaintext matrix from the finite field according to chi-square distribution, and the selected random numbers form a random vector;
the first electronic equipment selects error vectors for each column of the first plaintext matrix from the finite field according to chi-square distribution, and the selected error vectors form an error matrix;
and the first electronic equipment obtains a first ciphertext matrix according to the random vector, the error matrix, the first plaintext matrix and the trapdoor of the first unique defect trapdoor function, and uses the first ciphertext matrix as a function index of the first unique defect trapdoor function.
4. The method of claim 3, wherein the first electronic device deriving a first ciphertext matrix from the random vector, the error matrix, the first plaintext matrix, and the trapdoors of the first unique defective trapdoor function comprises:
obtaining the first ciphertext matrix C according to the following first formula1
Wherein the first formula is:
wherein,M1for the purpose of the first plaintext matrix,as the random vector, E1For the purpose of the error matrix,is the trapdoor, t is a system parameter, C'1As part of the first ciphertext matrix,is an encryption algorithm.
5. The method of any one of claims 2 to 4, wherein the first electronic device uses the function index of the second unique defect trapdoor function, the verification key, and the first predetermined length bit string as inputs of a function evaluation algorithm in the second unique defect trapdoor function, and before calculating the second intermediate ciphertext, the method further comprises:
the first electronic device selects a second branch from a given set of branches;
the first electronic equipment obtains a second plaintext matrix according to the second branch;
the first electronic equipment selects N elements from a finite field to form a key vector according to chi-square distribution, and the key vector is used as a trapdoor of the second unique defect trapdoor function; wherein N is the number of rows of the second plaintext matrix;
the first electronic equipment selects random numbers for each row of the second plaintext matrix from the finite field according to chi-square distribution, and the selected random numbers form a random vector;
the first electronic equipment selects error vectors for each column of the second plaintext matrix from the finite field according to chi-square distribution, and the selected error vectors form an error matrix;
and the first electronic equipment obtains a second ciphertext matrix according to the random vector, the error matrix, the second plaintext matrix and the trapdoor of the second unique defect trapdoor function, and the second ciphertext matrix is used as a function index of the second unique defect trapdoor function.
6. The method of claim 5, wherein the first electronic device deriving a second ciphertext matrix from the random vector, the error matrix, the second plaintext matrix, and the second unique defect trapdoor function trapdoor comprises:
obtaining the second ciphertext matrix C according to the following second formula2
Wherein the second formula is:
wherein,M2for the purpose of the second plaintext matrix,as the random vector, E2For the purpose of the error matrix,is the trapdoor, t is the system parameter, C'2As part of the second ciphertext matrix,is an encryption algorithm.
7. A decryption method, comprising:
the second electronic equipment acquires a private key and a final ciphertext, wherein the private key comprises an index of a first unique defect trapdoor function, a trapdoor and an index of a second unique defect trapdoor function, and the final ciphertext comprises a first intermediate ciphertext, a second intermediate ciphertext, a third intermediate ciphertext and a verification key;
the second electronic equipment takes the final ciphertext as the input of a verification algorithm of a one-time signature scheme to verify whether the final ciphertext accords with a preset rule or not;
when the final ciphertext accords with a preset rule, the second electronic device takes the trapdoor of the first unique defect trapdoor function, a preset constant and the first intermediate ciphertext as the input of an inverse function valuation algorithm in the first unique defect trapdoor function, and calculates to obtain a second preset length bit string;
the second electronic device takes the index of the first unique defect trapdoor function, the preset constant and the second preset length bit string as the input of a function evaluation algorithm in the first unique defect trapdoor function, and verifies whether the first intermediate ciphertext is obtained or not;
the second electronic device takes the index of the second unique defect trapdoor function, the verification key and the second preset length bit string as the input of a function valuation algorithm in the second unique defect trapdoor function, and verifies whether the second intermediate ciphertext is obtained or not;
if the first intermediate ciphertext and the second intermediate ciphertext are obtained through verification, outputting a plaintext; wherein the plaintext is an exclusive or result of hash function values of the third intermediate ciphertext and the second bit string of the predetermined length.
8. An electronic device, comprising:
the device comprises an acquisition module, a comparison module and a comparison module, wherein the acquisition module is used for acquiring a public key, a plaintext and a first preset length bit string, and the public key comprises a unique defect trapdoor function; acquiring a key pair of a one-time signature scheme, wherein the key pair comprises a verification key and a signature key corresponding to the verification key; obtaining an intermediate ciphertext group according to the unique defect trapdoor function, the first preset length bit string, the plaintext and the verification key; signing the intermediate ciphertext group according to the signature key to obtain an intermediate ciphertext group signature;
and the output module is used for combining the verification key, the intermediate ciphertext group and the intermediate ciphertext group signature into a final ciphertext and outputting the final ciphertext.
9. The electronic device of claim 8, wherein the unique defect trapdoor function comprises a first unique defect trapdoor function and a second unique defect trapdoor function;
the acquisition module is specifically configured to:
taking a preset constant, the function index of the first unique defect trapdoor function and the first preset length bit string as the input of a function evaluation algorithm in the first unique defect trapdoor function, and calculating to obtain a first intermediate ciphertext; taking the function index of the second unique defect trapdoor function, the verification key and the first preset length bit string as the input of a function evaluation algorithm in the second unique defect trapdoor function, and calculating to obtain a second intermediate ciphertext; carrying out XOR operation on the plain text and the hash function value of the bit string with the first preset length to obtain a third intermediate ciphertext; combining the first intermediate ciphertext, the second intermediate ciphertext, and the third intermediate ciphertext into the intermediate set of ciphertexts.
10. The electronic device of claim 9, wherein the acquisition module is further configured to:
selecting a first branch from a given set of branches;
obtaining a first plaintext matrix according to the first branch;
selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the first unique defect trapdoor function; wherein N is the number of rows of the first plaintext matrix;
selecting random numbers for each row of the first plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers;
selecting error vectors for each column of the first plaintext matrix from the finite field according to a chi-square distribution, and forming an error matrix by the selected error vectors;
and obtaining a first ciphertext matrix according to the random vector, the error matrix, the first plaintext matrix and the trapdoor of the first unique defect trapdoor function, and using the first ciphertext matrix as a function index of the first unique defect trapdoor function.
11. The electronic device of claim 10, wherein the obtaining module is specifically configured to:
obtaining the first ciphertext matrix C according to the following first formula1
Wherein the first formula is:
wherein,M1for the purpose of the first plaintext matrix,as the random vector, E1For the purpose of the error matrix,is the trapdoor, t is a system parameter, C'1As part of the first ciphertext matrix,is an encryption algorithm.
12. The electronic device of any of claims 9-11, wherein the obtaining module is further configured to:
selecting a second branch from the given set of branches;
obtaining a second plaintext matrix according to the second branch;
selecting N elements from a finite field to form a key vector according to chi-square distribution, and taking the key vector as a trapdoor of the second unique defect trapdoor function; wherein N is the number of rows of the second plaintext matrix;
selecting random numbers for each row of the second plaintext matrix from the finite field according to chi-square distribution, and forming random vectors by the selected random numbers;
selecting error vectors for each column of the second plaintext matrix from the finite field according to chi-square distribution, and forming an error matrix by the selected error vectors;
and obtaining a second ciphertext matrix according to the random vector, the error matrix, the second plaintext matrix and the trapdoor of the second unique defect trapdoor function, and taking the second ciphertext matrix as a function index of the second unique defect trapdoor function.
13. The electronic device of claim 12, wherein the obtaining module is specifically configured to:
obtaining the second ciphertext matrix C according to the following second formula2
Wherein the second formula is:
wherein,M2for the purpose of the second plaintext matrix,as the random vector, E2For the purpose of the error matrix,is the trap doorAnd t is the system parameter, C'2As part of the second ciphertext matrix,is an encryption algorithm.
14. An electronic device, comprising:
the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring a private key and a final ciphertext, the private key comprises an index of a first unique defect trapdoor function, an index of a trapdoor function and an index of a second unique defect trapdoor function, and the final ciphertext comprises a first intermediate ciphertext, a second intermediate ciphertext, a third intermediate ciphertext and a verification key;
the verification module is used for inputting the final ciphertext as a verification algorithm of a one-time signature scheme and verifying whether the final ciphertext accords with a preset rule;
the calculation module is used for taking the trapdoor of the first unique defect trapdoor function, a preset constant and the first intermediate ciphertext as the input of an inverse function valuation algorithm in the first unique defect trapdoor function when the final ciphertext accords with a preset rule, and calculating to obtain a second preset length bit string;
the verification module is further configured to use the index of the first unique defect trapdoor function, the preset constant, and the second preset length bit string as inputs of a function evaluation algorithm in the first unique defect trapdoor function to verify whether the first intermediate ciphertext is obtained; taking the index of the second unique defect trapdoor function, the verification key and the second preset length bit string as the input of a function evaluation algorithm in the second unique defect trapdoor function, and verifying whether the second intermediate ciphertext is obtained or not;
the output module is used for outputting a plaintext if the first intermediate ciphertext and the second intermediate ciphertext are obtained through verification by the verification module; wherein the plaintext is an exclusive or result of hash function values of the third intermediate ciphertext and the second bit string of the predetermined length.
CN201410265372.7A 2014-06-13 2014-06-13 A kind of encryption and decryption method and electronic equipment Active CN105227308B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410265372.7A CN105227308B (en) 2014-06-13 2014-06-13 A kind of encryption and decryption method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410265372.7A CN105227308B (en) 2014-06-13 2014-06-13 A kind of encryption and decryption method and electronic equipment

Publications (2)

Publication Number Publication Date
CN105227308A CN105227308A (en) 2016-01-06
CN105227308B true CN105227308B (en) 2019-01-08

Family

ID=54996028

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410265372.7A Active CN105227308B (en) 2014-06-13 2014-06-13 A kind of encryption and decryption method and electronic equipment

Country Status (1)

Country Link
CN (1) CN105227308B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101924067B1 (en) * 2016-10-28 2019-02-22 삼성에스디에스 주식회사 Apparatus and method for encryption
CN109150512A (en) * 2018-08-22 2019-01-04 网宿科技股份有限公司 A kind of data encryption, decryption method, system and data encryption, decryption device
CN109450852B (en) * 2018-10-09 2020-09-29 中国科学院信息工程研究所 Network communication encryption and decryption method and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325594A (en) * 2007-06-13 2008-12-17 三星电子株式会社 Method, apparatus and system for managing A/V profiles
CN101867477A (en) * 2010-07-06 2010-10-20 南京航空航天大学 Sensor network session key establishing method
CN102684872A (en) * 2011-06-10 2012-09-19 中国人民解放军国防科学技术大学 Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption
US20120300930A1 (en) * 2011-05-25 2012-11-29 Charanjit Jutla Single-Round Password-Based Key Exchange Protocols

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325594A (en) * 2007-06-13 2008-12-17 三星电子株式会社 Method, apparatus and system for managing A/V profiles
CN101867477A (en) * 2010-07-06 2010-10-20 南京航空航天大学 Sensor network session key establishing method
US20120300930A1 (en) * 2011-05-25 2012-11-29 Charanjit Jutla Single-Round Password-Based Key Exchange Protocols
CN102684872A (en) * 2011-06-10 2012-09-19 中国人民解放军国防科学技术大学 Safety communication method for ultrahigh frequency radio-frequency identification air interface based on symmetrical encryption

Also Published As

Publication number Publication date
CN105227308A (en) 2016-01-06

Similar Documents

Publication Publication Date Title
EP3552338B1 (en) Method of rsa signature or decryption protected using a homomorphic encryption
CN106357401B (en) A kind of storage of private key and application method
Mirzaei et al. A new image encryption method: parallel sub-image encryption with hyper chaos
CN103414690B (en) One can openly be verified the high in the clouds data property held method of calibration
CN104994110B (en) A kind of method audited for designated-verifier to cloud storage data
TW202006615A (en) Model-based prediction method and device
CN113940028B (en) Method and device for realizing white box password
CN103780379B (en) Cipher encrypting method and system and cryptographic check method and system
JP6575532B2 (en) Encryption device, decryption device, encryption processing system, encryption method, decryption method, encryption program, and decryption program
CN105337736A (en) Fully-homomorphic message authentication method, device and system
CN106789044A (en) Cloud storage ciphertext data public key can search for encryption method on lattice under master pattern
CN111314050A (en) Encryption and decryption method and device
Balogh et al. Modeling of data security in cloud computing
CN105227308B (en) A kind of encryption and decryption method and electronic equipment
CN105763322B (en) A kind of encryption key isolation digital signature method and system obscured
Yevseiev et al. The development of the method of multifactor authentication based on hybrid cryptocode constructions on defective codes
CN109660490A (en) Data processing method, device, system and storage medium
CN114329421B (en) Anonymous authentication method, device, system, medium and equipment
Bhardwaj et al. HS1-RIV: Improved Efficiency for Authenticated Encryption
CN115473649A (en) Method, device, equipment and storage medium for attacking elliptic curve signature algorithm
CN111339549A (en) Block chain key escrow method and device
Neela et al. A Hybrid Cryptography Technique with Blockchain for Data Integrity and Confidentiality in Cloud Computing
KR101677138B1 (en) Method of on-line/off-line electronic signature system for security of off-line token
CN115065470B (en) Data transmission method and device
CN113360927B (en) Two-stage privacy protection method for data sharing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210429

Address after: Unit 3401, unit a, building 6, Shenye Zhongcheng, No. 8089, Hongli West Road, Donghai community, Xiangmihu street, Futian District, Shenzhen, Guangdong 518040

Patentee after: Honor Device Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.