CN108173643A - An Efficient Key Consensus Transmission Method - Google Patents

An Efficient Key Consensus Transmission Method Download PDF

Info

Publication number
CN108173643A
CN108173643A CN201611018455.1A CN201611018455A CN108173643A CN 108173643 A CN108173643 A CN 108173643A CN 201611018455 A CN201611018455 A CN 201611018455A CN 108173643 A CN108173643 A CN 108173643A
Authority
CN
China
Prior art keywords
dimensional vectors
dimensional
calculates
vector
secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611018455.1A
Other languages
Chinese (zh)
Other versions
CN108173643B (en
Inventor
赵运磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Honggehou Quantum Technology Co ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201611018455.1A priority Critical patent/CN108173643B/en
Publication of CN108173643A publication Critical patent/CN108173643A/en
Application granted granted Critical
Publication of CN108173643B publication Critical patent/CN108173643B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)

Abstract

The present invention provides a kind of efficient key common recognition transmission method, including:SenderSecret information k is determined in advance1∈ { 0,1 }.There are one four dimensional vectors of secret inputRecipientThere are one four dimensional vectors of secret inputWhereinWithThe value distance of respective dimensions is close;Encode and toTransmit a four dimension coding information ByWithDecoding obtains k2=k1

Description

一种高效的密钥共识传输方法An Efficient Key Consensus Transmission Method

技术领域technical field

本发明涉及密码和编码技术领域,具体地说,涉及一种高效的密钥共识传输方法。The invention relates to the technical field of encryption and encoding, in particular to an efficient key consensus transmission method.

背景技术Background technique

伴随量子计算机的快速发展,发展抗量子攻击的密码和编码算法变得愈来愈迫切。格基,特别是基于LWE和RLWE问题的,新型密码系统是后量子密码的主流技术。基于LWE和RLWE的密码系统(特别是公钥加密、密钥协商等) 的核心模块是如何从距离较近但却不相等的值中达成秘密共识和传送。已有的秘密共识和传送方案存在效率差、出错率高、实用性差等缺点,发展新型的秘密共识和传送方法具有在重大的产业和应用价值,是引领和占据国际信息安全产业制高点的核心技术。With the rapid development of quantum computers, it is becoming more and more urgent to develop ciphers and encoding algorithms that are resistant to quantum attacks. Lattice, especially based on LWE and RLWE problems, the new cryptographic system is the mainstream technology of post-quantum cryptography. The core module of LWE- and RLWE-based cryptosystems (especially public-key encryption, key agreement, etc.) is how to achieve secret consensus and transfer from values that are close but not equal. The existing secret consensus and transmission schemes have shortcomings such as poor efficiency, high error rate, and poor practicability. The development of new secret consensus and transmission methods has great industrial and application value, and is the core technology that leads and occupies the commanding heights of the international information security industry .

给定两个四维列向量定义 即对向量的每一维进行四舍五入,其中是四舍五入运算符,定义向量的一阶范数定义为四阶方阵。集合Zq可以用两种方法表示: 其中是向下取整运算符。对于任意的整数x∈Z,定义|x|q=min{x mod q,q-x mod q};对于任意的四维列向量 定义 Given two 4D column vectors and definition i.e. vector Each dimension of is rounded, where is the rounding operator that defines the first-order norm of the vector definition is a square matrix of order four. The set Z q can be represented in two ways: or in is the floor operator. For any integer x∈Z, define |x| q = min{x mod q, qx mod q}; for any four-dimensional column vector definition

发明内容Contents of the invention

为解决上述问题,本发明提供了一种高效的密钥共识传输方法,发明方法达到了密钥共识传输方法所能达到的效率的上界,是国际上首个达到效率上界的秘密共识和传输方法。为了降低出差率,我们用四维信息来达成一位的秘密共识和传输;发明方法可以用来构建目前为止基于RLWE的最为高效的公钥加密系统。所述方法包括:In order to solve the above problems, the present invention provides an efficient key consensus transmission method. The inventive method reaches the upper bound of the efficiency that the key consensus transmission method can achieve, and is the first secret consensus and transfer method. In order to reduce the travel rate, we use four-dimensional information to achieve a secret consensus and transmission; the invented method can be used to build the most efficient public key encryption system based on RLWE so far. The methods include:

系统参数:params=(q,m,g,d),其中q、m、g、d为正整数,满足: m≥2,q≥g>2,0≤d<q(1-1/g)-2;通常而言,q为素数;令 为四维列向量;系统参数可以由系统内的用户协商决定,或由使用发明方法的过程来确定,或由可信第三方给定。System parameters: params=(q, m, g, d), where q, m, g, d are positive integers, satisfying: m≥2, q≥g>2, 0≤d<q(1-1/g )-2; generally speaking, q is a prime number; let and is a four-dimensional column vector; system parameters can be determined through negotiation among users in the system, or determined by the process of using the invented method, or given by a trusted third party.

给定两个四维列向量定义 即对向量的每一维进行四舍五入,其中是四舍五入运算符,定义向量的一阶范数定义 为四阶方阵;对于任意的整数x∈Z,定义|x|q=min{x mod q,q-x mod q};对于任意的四维列向量其中 是向下取整运算符,定义 Given two 4D column vectors and definition i.e. vector Each dimension of is rounded, where is the rounding operator that defines the first-order norm of the vector definition make is a fourth-order square matrix; for any integer x∈Z, define |x| q = min{x mod q, qx mod q}; for any four-dimensional column vector in or is the floor operator, defined by

系统中的两个用户(可以为设备、程序等),运行发明方法的初始者记为运行方法的响应者记为有一个秘密输入四维列向量 和秘密信息k1∈{0,1};有一个秘密输入四维列向量 满足发明方法将使得达成相同的密钥共识k1=k2∈{0,1},其中k2将由计算得到。为此,传送一个四维向量信息具体而言:Two users (can be equipment, program etc.) in the system, the initiator who runs the inventive method is denoted as The responder of the run method is denoted as There is a secret input 4D column vector and secret information k 1 ∈ {0, 1}; There is a secret input 4D column vector Satisfy The invented method will allow and Reach the same key consensus k 1 = k 2 ∈ {0, 1}, where k 2 will be determined by calculated. to this end, Towards Send a 4D vector message in particular:

发送者编码方法:按如下步骤计算得到并将传送给 Sender encoding method: Calculated according to the following steps and will sent to

步骤一:计算 step one: calculate

步骤二:计算并检查:如果则令b=0,否则令b=1;记 Step two: Calculate and check: if Then let b=0, otherwise let b=1; record

步骤三:计算 Step three: calculate

步骤四:传送给 Step four: Will sent to

接收者解码方法:收到之后,按如下步骤计算得到k2Receiver Decoding Method: Received after, Calculate k 2 as follows:

步骤一:计算 Step 1: Calculate

步骤二:计算 Step 2: Calculate

步骤三:计算并检查:如果t<1,则令k2=0,否则令k2=1。 Step 3: Calculate and check: if t<1, set k 2 =0, otherwise set k 2 =1.

为了描述的简便期间,发明方法仅描述了如何从距离比较近的四维向量共识并传输一位的秘密信息。在发明方法的实际应用中,交互的各方可以有更高维度的输入;比如:交互的每一方输入中的向量是1024维度的,这时可以将1024维度的向量分成255组,每一组视作一个四维向量,然后并行运行发明方法256次,从而可以共识和传输256位的信息。发明方法也可以扩展在输入是二维向量或八维向量的情况工作。For simplicity of description, the inventive method only describes how to consensus and transmit one bit of secret information from a relatively close four-dimensional vector. In the practical application of the inventive method, all parties to the interaction can have higher-dimensional inputs; for example, if the vectors in the input of each party to the interaction are 1024-dimensional, then the 1024-dimensional vectors can be divided into 255 groups, and each group Treat it as a four-dimensional vector, and then run the inventive method 256 times in parallel, so that 256 bits of information can be consensus and transmitted. The inventive method can also be extended to work when the input is a two-dimensional vector or an eight-dimensional vector.

注意发明方法中的k1可以由发送方在运行发明方法之前就可以确定,从而具有优良的在线和并行运算能力,这是发明方法的一个重要性质。发明方法在用于密钥协商时,k1是从{0,1}中随机选取;当发明方法在用于加密时,k1可以服从 {0,1}上的任何分布。当应用于基于LWE或RLWE的密码系统构造时,运行发明方法的交互各方需交换LWE或RLWE数据,并由这些数据分别导出向量当应用于RLWE密码系统时,q一般为素数;而应用于LWE密码系统时, q既可以为素数也可以为合数。Note that k 1 in the inventive method can be determined by the sender before running the inventive method, thus having excellent online and parallel computing capabilities, which is an important property of the inventive method. When the inventive method is used for key agreement, k 1 is randomly selected from {0, 1}; when the inventive method is used for encryption, k 1 can obey any distribution on {0, 1}. When applied to the construction of a cryptographic system based on LWE or RLWE, the interactive parties running the inventive method need to exchange LWE or RLWE data, and derive vectors from these data and When applied to the RLWE cryptosystem, q is generally a prime number; while applied to the LWE cryptosystem, q can be either a prime number or a composite number.

Claims (1)

1. a kind of efficient key common recognition transmission method, which is characterized in that the method includes:
Systematic parameter:Params=(q, m, g, d), wherein q, m, g, d are positive integer, are met:M >=2, q >=g, 0≤d < q (1- 1/g)-2;
It enablesWithFor four dimensional vectors;Give two four dimensional vectorsWithDefinition I.e. To vectorRound up per one-dimensional, wherein " " is the operator that rounds up, the single order norm of definition vectorDefinition It enablesFor quadravalence square formation;For arbitrary integer x ∈ Z, define | x |q=min { x mod q, q-x mod q};For arbitrary four dimensional vectorWhereinOr It is downward rounding operation symbol, defines
Two users (can be equipment, program etc.) in system, the initiator for running inventive method is denoted asOperation method Respondent is denoted asThere are one four dimensional vectors of secret input With secret information k1∈ { 0,1 };There are one four dimensional vectors of secret input Meet Inventive method will causeWithReach identical key common recognition k1=k2∈ { 0,1 };For this purpose,ToTransmit four dimensional vectors Information
Sender's coding method:Specifically,It obtains as followsIt and willIt sends to
It calculatesIfThen B=0 is enabled, otherwise enables b=1;NoteIt calculates It willIt sends to
Recipient's coding/decoding method:It receivesLater,It calculatesIt calculates If t < 1, Then enable k2=0, otherwise enable k2=1.
CN201611018455.1A 2016-11-18 2016-11-18 An Efficient Key Consensus Transmission Method Active CN108173643B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611018455.1A CN108173643B (en) 2016-11-18 2016-11-18 An Efficient Key Consensus Transmission Method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611018455.1A CN108173643B (en) 2016-11-18 2016-11-18 An Efficient Key Consensus Transmission Method

Publications (2)

Publication Number Publication Date
CN108173643A true CN108173643A (en) 2018-06-15
CN108173643B CN108173643B (en) 2021-04-13

Family

ID=62525951

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611018455.1A Active CN108173643B (en) 2016-11-18 2016-11-18 An Efficient Key Consensus Transmission Method

Country Status (1)

Country Link
CN (1) CN108173643B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108989031A (en) * 2018-07-27 2018-12-11 上海扈民区块链科技有限公司 A kind of more bit error correction coding-decoding methods
CN109861821A (en) * 2019-02-26 2019-06-07 清华大学 An error coordination method for LWE public key cryptography

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150399A (en) * 2007-10-12 2008-03-26 四川长虹电器股份有限公司 Generation method for share secret key
CN101187856A (en) * 2007-12-12 2008-05-28 四川长虹电器股份有限公司 Random number generation method
CN103368725A (en) * 2012-04-06 2013-10-23 中国科学院软件研究所 Construction method of G0-type S-box and circuit of G0-type S-box

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150399A (en) * 2007-10-12 2008-03-26 四川长虹电器股份有限公司 Generation method for share secret key
CN101187856A (en) * 2007-12-12 2008-05-28 四川长虹电器股份有限公司 Random number generation method
CN103368725A (en) * 2012-04-06 2013-10-23 中国科学院软件研究所 Construction method of G0-type S-box and circuit of G0-type S-box

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108989031A (en) * 2018-07-27 2018-12-11 上海扈民区块链科技有限公司 A kind of more bit error correction coding-decoding methods
CN108989031B (en) * 2018-07-27 2022-07-01 上海扈民区块链科技有限公司 A multi-bit error correction coding and decoding method
CN109861821A (en) * 2019-02-26 2019-06-07 清华大学 An error coordination method for LWE public key cryptography
CN109861821B (en) * 2019-02-26 2020-10-30 清华大学 Error coordination method for LWE public key password

Also Published As

Publication number Publication date
CN108173643B (en) 2021-04-13

Similar Documents

Publication Publication Date Title
CN109657489B (en) Privacy protection set intersection two-party secure calculation method and system
CN108388808B (en) Image Encryption Method Based on Hill Encryption and Dynamic DNA Coding
CN105337737B (en) Public key encryption communication means and device
CN108650097B (en) Efficient digital signature aggregation method
JPWO2008087734A1 (en) Ciphertext generation apparatus, cryptographic communication system, and group parameter generation apparatus
CN1889433A (en) Mutual identifying key consultation method and system based on hidden common key certificate
CN101267277A (en) Anti-eavesdropping and anti-pollution network coding method
JP2019528028A (en) Method and system for advanced data-centric encryption system using geometric algebra
CN107566121B (en) Efficient secret consensus method
CN109450635A (en) A kind of sender based on fault-tolerant problem concerning study can deny encryption method
JP4869824B2 (en) Receiver device, sender device, cryptographic communication system, and program
CN114978533A (en) Verifiable security aggregation method based on weighted layered asynchronous federated learning
CN108173643B (en) An Efficient Key Consensus Transmission Method
CN109040041B (en) Data layer encryption device and related electronic device, storage medium
CN106453253A (en) Efficient identity-based concealed signcryption method
CN115037439A (en) Multi-party privacy set intersection method and system suitable for small set
CN110932856B (en) Verifiable quantum key negotiation method
CN109344627A (en) A Novel Shannon Perfect Secrecy Method
CN109861821B (en) Error coordination method for LWE public key password
CN112468284A (en) A method of safety outsourcing based on SHE
CN104486074B (en) For the elliptic curve cryptography method and decryption method of embedded device
CN106534144A (en) Network covert channel construction method based on Web application directory tree
CN113330712A (en) Encryption system and method using permutation group-based encryption technology
Barman et al. An efficient hybrid elliptic curve cryptography system with DNA encoding
CN110932863A (en) A Code-Based Generalized Signcryption Method

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20190412

Address after: Room 5345, Lane 786, Xinzhong Road, Xinhe Town, Chongming District, Shanghai

Applicant after: SHANGHAI HUMIN BLOCKCHAIN TECHNOLOGY Co.,Ltd.

Address before: 200433 Fudan University, 220 Handan Road, Yangpu District, Fudan University

Applicant before: Zhao Yunlei

CB02 Change of applicant information
CB02 Change of applicant information

Address after: Room 345, No. 5, 786 Lane, Xinzhong Road, Xinhe Town, Chongming District, Shanghai

Applicant after: SHANGHAI HUMIN BLOCKCHAIN TECHNOLOGY Co.,Ltd.

Address before: Room 5345, Lane 786, Xinzhong Road, Xinhe Town, Chongming District, Shanghai

Applicant before: SHANGHAI HUMIN BLOCKCHAIN TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220823

Address after: Room 717, School of Computer Science, Fudan University (Jiangwan Campus), No. 2005, Songhu Road, Yangpu District, Shanghai, 200438

Patentee after: Zhao Yunlei

Address before: Room 345, No.5, Lane 786, Xinzhong Road, Xinhe Town, Chongming District, Shanghai 202156

Patentee before: SHANGHAI HUMIN BLOCKCHAIN TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240117

Address after: 200433 No. 220, Handan Road, Shanghai, Yangpu District

Patentee after: FUDAN University

Address before: Room 717, School of Computer Science, Fudan University (Jiangwan Campus), No. 2005, Songhu Road, Yangpu District, Shanghai, 200438

Patentee before: Zhao Yunlei

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20241226

Address after: 201,601 1st floor, Building 2, No. 18, Fangsi Road, Sijing Town, Songjiang District, Shanghai

Patentee after: Shanghai Honggehou Quantum Technology Co.,Ltd.

Country or region after: China

Address before: 200433 No. 220, Handan Road, Shanghai, Yangpu District

Patentee before: FUDAN University

Country or region before: China