CN109412810A - A kind of key generation method based on mark - Google Patents

A kind of key generation method based on mark Download PDF

Info

Publication number
CN109412810A
CN109412810A CN201910005633.4A CN201910005633A CN109412810A CN 109412810 A CN109412810 A CN 109412810A CN 201910005633 A CN201910005633 A CN 201910005633A CN 109412810 A CN109412810 A CN 109412810A
Authority
CN
China
Prior art keywords
key
seed
mark
alice
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910005633.4A
Other languages
Chinese (zh)
Other versions
CN109412810B (en
Inventor
李维刚
牛毅
魏振华
卢学强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201910005633.4A priority Critical patent/CN109412810B/en
Publication of CN109412810A publication Critical patent/CN109412810A/en
Application granted granted Critical
Publication of CN109412810B publication Critical patent/CN109412810B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Storage Device Security (AREA)
  • Editing Of Facsimile Originals (AREA)

Abstract

The invention discloses a kind of key generation methods based on mark, the present invention can construct no certificates identified public-key cryptosystem, not only realize mark i.e. public key, also solve the existing collusion risk of Conbined public or double key mark system, and the performance that key is generated with applied is improved, the close SM2 algorithm standard rules of international standard algorithm protocol and state can be compatible with.

Description

A kind of key generation method based on mark
Technical field
The present invention relates to field of information security technology, specially a kind of key generation method based on mark.
Background technique
With the fast development of information technology, information security caused extensively pay attention to and concern, especially financial field, E-Government field, large and medium-sized enterprises and institutions have been set up the public key cryptography infrastructure based on third party's certificate agency (PKI), and to information security it is made that major contribution.However, the Internet of Things intelligence of magnanimity is eventually with the rise of Internet of Things in recent years End, sensor etc. access internet, and traditional PKI system is due to the Internet resources that construction O&M cost is high, needs and calculates money Source is more, using the factors such as center dependence are needed, is difficult to carry in the application of the Internet of Things.Shamir is proposed and is based within 1984 The public-key cryptosystem (IBC) of mark realizes mark i.e. public key, greatly simplifies distribution and the management problems of public key, adopt Become the developing direction of public key cryptography with mark public key system.
Currently, mark Public Key Infrastructure have SM9, CPK, CFL and CLA etc. several, and SM9 based on cryptography basis with it is other Several differences, mainly Bilinear map, computation complexity is high, and performance is several in apparent disadvantage compared to other, and can not It supports SM2 algorithm, can not also be compatible with the PKI system based on SM2.Other several mark public key algorithms are substantially the base in CPK Grow up on plinth, can support SM2 algorithm completely.Although CPK is classical one of mark public key algorithm, but it exists The risk of collusion;The random factor that CFL and CLA is introduced on the basis of the algorithm idea of CPK solves the problems, such as collusion, but CFL It needs to sign to solve substitution attack risk to random factor, the algorithm complexity of CLA obviously increases.Current these types mark Public key system cannot all solve security risk and performance issue simultaneously, in the application of the Internet of Things also by biggish restriction.
Summary of the invention
The purpose of the present invention is to provide a kind of key generation methods based on mark, to solve to mention in above-mentioned background technique Out the problem of.
To achieve the above object, the invention provides the following technical scheme: a kind of key generation method based on mark, including The generation of key seed and the generation of tagged keys, wherein the generation method of the key seed the following steps are included:
A, elliptic curve parameter is selected, the mark of key seed is set;
B, 2 are generated in cipher cardnA random number rij, and internal session key encrypted random number is used, 2nA random number Form private key seed sks;
C, when generating private key seed, while R is calculatedij=rij.G, while by RijIt is output to outside cipher card, these 2nIt is a The point of elliptic curve forms public key seed PKS.
Preferably, the generation of the tagged keys includes the generation of private key and the generation of public key;Wherein, the generation packet of private key Include following steps:
A, Alice generates random key to (r in safety chip1, R1), wherein R1=r1G exports R1
B, by R1It is sent to cipher key center with the mark (Alice) of Alice, cipher key center generates random key to (r2, R2), wherein R2=r2G;
C, cipher key center calculates R=R1+R2
D, cipher key center calculates the digital digest h=Hash (Alice | R) of mark Alice and random public key R;
E, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1
F, n private key seed element sk is then respectively obtained from private key seed according to sequence of mapping0,sk1,sk2,…, skn-1
G, the identity private key isk of center calculation seed fractionseed=sk0+sk1+sk2+…+skn-1
H, single order compound marking private key isk '=isk is calculatedseed+r2
I, isk ' and R is transmitted to the safety chip of Alice by center by security protocol channel;
J, private key the isk=isk '+r of Alice is calculated in chip1
K, private key isk is encrypted with chip interior session key and is stored.
Preferably, the generation step of the public key is as follows:
A, it calculates h=Hash (Alice | R);
B, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1
C, n private key seed element PK is then respectively obtained from public key seed according to sequence of mapping0,PK1,PK2,…, PKn-1
D, mark public key PK is calculatedseed=PK0+PK1+PK2+…+PKn-1
E, the public key PK=R+PK of Alice is calculatedseed
Compared with prior art, the beneficial effects of the present invention are: the present invention can construct no certificates identified public key cryptography body System not only realizes mark i.e. public key, also solves the existing collusion risk of Conbined public or double key mark system, and improve key The performance with application is generated, the close SM2 algorithm standard rules of international standard algorithm protocol and state can be compatible with.
Specific embodiment
The following is a clear and complete description of the technical scheme in the embodiments of the invention, it is clear that described embodiment Only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, the common skill in this field Art personnel every other embodiment obtained without making creative work belongs to the model that the present invention protects It encloses.
The invention provides the following technical scheme: a kind of key generation method based on mark, the generation including key seed With the generation of tagged keys, wherein the generation method of the key seed the following steps are included:
A, elliptic curve parameter is selected, the mark of key seed is set;
B, 2 are generated in cipher cardnA random number rij, and internal session key encrypted random number is used, 2nA random number Form private key seed sks;
C, when generating private key seed, while R is calculatedij=rij.G, while by RijIt is output to outside cipher card, these 2nIt is a The point of elliptic curve forms public key seed PKS.
In the present invention, the generation of tagged keys includes the generation of private key and the generation of public key;Wherein, the generation of private key includes Following steps:
A, Alice generates random key to (r in safety chip1, R1), wherein R1=r1G exports R1
B, by R1It is sent to cipher key center with the mark (Alice) of Alice, cipher key center generates random key to (r2, R2), wherein R2=r2G;
C, cipher key center calculates R=R1+R2
D, cipher key center calculates the digital digest h=Hash (Alice | R) of mark Alice and random public key R;
E, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1
F, n private key seed element sk is then respectively obtained from private key seed according to sequence of mapping0,sk1,sk2,…, skn-1
G, the identity private key isk of center calculation seed fractionseed=sk0+sk1+sk2+…+skn-1
H, single order compound marking private key isk '=isk is calculatedseed+r2
I, isk ' and R is transmitted to the safety chip of Alice by center by security protocol channel;
J, private key the isk=isk '+r of Alice is calculated in chip1
K, private key isk is encrypted with chip interior session key and is stored.
In the present invention, the generation step of public key is as follows:
A, it calculates h=Hash (Alice | R);
B, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1
C, n private key seed element PK is then respectively obtained from public key seed according to sequence of mapping0,PK1,PK2,…, PKn-1
D, mark public key PK is calculatedseed=PK0+PK1+PK2+…+PKn-1
E, the public key PK=R+PK of Alice is calculatedseed
The present invention is the thinking in the random public key replacing-proof attack for using for reference CLA, and take into account the high performance scheme of CPK On the basis of the new mark public key algorithm system that grows up, adequately merged the advantage of two kinds of algorithms, eliminated two kinds of calculations The disadvantage of method.So generation method of the invention has compared to the advantage of other methods: (1) introducing random factor, solve altogether Scheme problem;(2) random shared key factor solves the problems, such as the substitution attack of random public key with reference to identity map algorithm;(3) public key Calculating remain the advantage of CPK, only efficient point add operation;(4) include random factor in each key, reduce square The scale of battle array, makes performance further get a promotion;(5) memory space needed for system is smaller, is suitable in embedded system Limited memory space.
In conclusion the present invention can construct no certificates identified public-key cryptosystem, mark i.e. public key is not only realized, also It solves the existing collusion risk of Conbined public or double key mark system, and improves the performance of key generation and application, can be compatible with The close SM2 algorithm standard rules of international standard algorithm protocol and state.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding And modification, the scope of the present invention is defined by the appended.

Claims (3)

1. a kind of key generation method based on mark, it is characterised in that: the life of generation and tagged keys including key seed At, wherein the key seed generation method the following steps are included:
A, elliptic curve parameter is selected, the mark of key seed is set;
B, 2 are generated in cipher cardnA random number rij, and internal session key encrypted random number is used, 2nA random number composition is private Key seed sks;
C, when generating private key seed, while R is calculatedij=rij.G, while by RijIt is output to outside cipher card, these 2nIt is a oval bent The point of line forms public key seed PKS.
2. a kind of key generation method based on mark according to claim 1, it is characterised in that: the tagged keys Generate includes the generation of private key and the generation of public key;Wherein, private key generation the following steps are included:
A, Alice generates random key to (r in safety chip1, R1), wherein R1=r1G exports R1
B, by R1It is sent to cipher key center with the mark (Alice) of Alice, cipher key center generates random key to (r2, R2), Middle R2=r2G;
C, cipher key center calculates R=R1+R2
D, cipher key center calculates the digital digest h=Hash (Alice | R) of mark Alice and random public key R;
E, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1
F, n private key seed element sk is then respectively obtained from private key seed according to sequence of mapping0,sk1,sk2,…,skn-1
G, the identity private key isk of center calculation seed fractionseed=sk0+sk1+sk2+…+skn-1
H, single order compound marking private key isk '=isk is calculatedseed+r2
I, isk ' and R is transmitted to the safety chip of Alice by center by security protocol channel;
J, private key the isk=isk '+r of Alice is calculated in chip1
K, private key isk is encrypted with chip interior session key and is stored.
3. a kind of key generation method based on mark according to claim 2, it is characterised in that: the generation of the public key Steps are as follows:
A, it calculates h=Hash (Alice | R);
B, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1
C, n private key seed element PK is then respectively obtained from public key seed according to sequence of mapping0,PK1,PK2,…,PKn-1
D, mark public key PK is calculatedseed=PK0+PK1+PK2+…+PKn-1
E, the public key PK=R+PK of Alice is calculatedseed
CN201910005633.4A 2019-01-03 2019-01-03 Key generation method based on identification Active CN109412810B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910005633.4A CN109412810B (en) 2019-01-03 2019-01-03 Key generation method based on identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910005633.4A CN109412810B (en) 2019-01-03 2019-01-03 Key generation method based on identification

Publications (2)

Publication Number Publication Date
CN109412810A true CN109412810A (en) 2019-03-01
CN109412810B CN109412810B (en) 2022-06-24

Family

ID=65462006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910005633.4A Active CN109412810B (en) 2019-01-03 2019-01-03 Key generation method based on identification

Country Status (1)

Country Link
CN (1) CN109412810B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995716A (en) * 2019-12-06 2020-04-10 国网浙江省电力有限公司电力科学研究院 Data transmission encryption and decryption method and system for transformer substation inspection robot
CN111580956A (en) * 2020-04-13 2020-08-25 北京三未信安科技发展有限公司 Cipher card and its key space configuration method and key use method
CN111767566A (en) * 2020-06-18 2020-10-13 安徽旅贲科技有限公司 Partial substitution integration method and system of CFL authentication system in Fabric system
CN111767158A (en) * 2020-06-18 2020-10-13 安徽旅贲科技有限公司 Complete replacement integration method and system of CFL authentication system in Fabric system
CN111970699A (en) * 2020-08-11 2020-11-20 牛毅 Terminal WIFI login authentication method and system based on IPK
CN112422285A (en) * 2020-11-20 2021-02-26 牛毅 Plug and play control method and system for realizing PLC data safety transmission

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420300A (en) * 2008-05-28 2009-04-29 北京易恒信认证科技有限公司 Double factor combined public key generating and authenticating method
CN101488853A (en) * 2009-01-15 2009-07-22 赵建国 Cross-certification method based on seed key management
CN102170356A (en) * 2011-05-10 2011-08-31 北京联合智华微电子科技有限公司 Authentication system realizing method supporting exclusive control of digital signature key
CN104901804A (en) * 2014-08-28 2015-09-09 赵捷 User autonomy-based identity authentication implementation method
CN110266474A (en) * 2019-05-15 2019-09-20 亚信科技(成都)有限公司 Key sending method, apparatus and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420300A (en) * 2008-05-28 2009-04-29 北京易恒信认证科技有限公司 Double factor combined public key generating and authenticating method
CN101488853A (en) * 2009-01-15 2009-07-22 赵建国 Cross-certification method based on seed key management
CN102170356A (en) * 2011-05-10 2011-08-31 北京联合智华微电子科技有限公司 Authentication system realizing method supporting exclusive control of digital signature key
CN104901804A (en) * 2014-08-28 2015-09-09 赵捷 User autonomy-based identity authentication implementation method
CN110266474A (en) * 2019-05-15 2019-09-20 亚信科技(成都)有限公司 Key sending method, apparatus and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
南湘浩等: "组合公钥(CPK)体制标准(Ver2.1)", 《金融电子化》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995716A (en) * 2019-12-06 2020-04-10 国网浙江省电力有限公司电力科学研究院 Data transmission encryption and decryption method and system for transformer substation inspection robot
CN111580956A (en) * 2020-04-13 2020-08-25 北京三未信安科技发展有限公司 Cipher card and its key space configuration method and key use method
CN111767566A (en) * 2020-06-18 2020-10-13 安徽旅贲科技有限公司 Partial substitution integration method and system of CFL authentication system in Fabric system
CN111767158A (en) * 2020-06-18 2020-10-13 安徽旅贲科技有限公司 Complete replacement integration method and system of CFL authentication system in Fabric system
CN111767566B (en) * 2020-06-18 2023-07-18 安徽旅贲科技有限公司 Partial replacement integration method and system of CFL authentication system in Fabric system
CN111767158B (en) * 2020-06-18 2023-11-21 安徽旅贲科技有限公司 Complete replacement integration method and system of CFL authentication system in Fabric system
CN111970699A (en) * 2020-08-11 2020-11-20 牛毅 Terminal WIFI login authentication method and system based on IPK
CN111970699B (en) * 2020-08-11 2023-09-05 牛毅 Terminal WIFI login authentication method and system based on IPK
CN112422285A (en) * 2020-11-20 2021-02-26 牛毅 Plug and play control method and system for realizing PLC data safety transmission
CN112422285B (en) * 2020-11-20 2024-01-30 牛毅 Plug-and-play control method and system for realizing PLC data safety transmission

Also Published As

Publication number Publication date
CN109412810B (en) 2022-06-24

Similar Documents

Publication Publication Date Title
CN109412810A (en) A kind of key generation method based on mark
Li et al. Secure attribute-based data sharing for resource-limited users in cloud computing
CN108989053B (en) Method for realizing certificateless public key cryptosystem based on elliptic curve
Xu et al. Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation
CN104539423B (en) A kind of implementation method without CertPubKey cipher system of no Bilinear map computing
US10673625B1 (en) Efficient identity-based and certificateless cryptosystems
WO2021022246A1 (en) Systems and methods for generating signatures
CN102025491A (en) Generation method of bimatrix combined public key
Oliveira et al. Secure-TWS: Authenticating node to multi-user communication in shared sensor networks
Zhang et al. An efficient certificateless generalized signcryption scheme
CN113114454B (en) Efficient privacy outsourcing k-means clustering method
CN113162751B (en) Encryption method and system with homomorphism and readable storage medium
Yu et al. Forward-secure identity-based public-key encryption without random oracles
CN111740988A (en) Cloud storage data encryption method, system and storage medium
CN111769937A (en) Two-party authentication key agreement protocol oriented to advanced measurement system of smart grid
CN117150523A (en) Distributed power negotiation privacy protection method and device and electronic equipment
Yundong et al. Multi-authority attribute-based encryption access control scheme with hidden policy and constant length ciphertext for cloud storage
Wang et al. Preserving scheme for user’s confidential information in smart grid based on digital watermark and asymmetric encryption
CN110138559A (en) The method and system of quantum-key distribution are carried out to the terminal in platform area
Xie et al. Revocable identity-based fully homomorphic signature scheme with signing key exposure resistance
Chen et al. Adaptively secure efficient broadcast encryption with constant-size secret key and ciphertext
Lai et al. Provably secure online/offline identity-based signature scheme based on SM9
CN110247761B (en) Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner
Li et al. A forward-secure certificate-based signature scheme
CN111800269B (en) Anti-leakage broadcast key packaging method based on certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant