CN109818749A - The point-to-point method for message transmission of anti-quantum calculation and system based on pool of symmetric keys - Google Patents
The point-to-point method for message transmission of anti-quantum calculation and system based on pool of symmetric keys Download PDFInfo
- Publication number
- CN109818749A CN109818749A CN201910026716.1A CN201910026716A CN109818749A CN 109818749 A CN109818749 A CN 109818749A CN 201910026716 A CN201910026716 A CN 201910026716A CN 109818749 A CN109818749 A CN 109818749A
- Authority
- CN
- China
- Prior art keywords
- key
- message
- random number
- point
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to the point-to-point method for message transmission of anti-quantum calculation and system based on pool of symmetric keys, participant is configured with key card, is stored with group's pool of symmetric keys in key card;The point-to-point method for message transmission of anti-quantum calculation is included in sender: communicating with recipient and carries out key agreement, obtains shared key;Using the first generating random number Message Encryption key and message authentication key, operation being carried out to sent message using message authentication key and generates the first authentication code, the first ciphertext is obtained to message and the first certification code encryption using Message Encryption key;Key-encrypting key and key authentication key are generated using the second random number combination shared key, operation is carried out using the first random number of key authentication key pair and generates the second authentication code, and the second ciphertext is obtained to the first random number and the second certification code encryption using key-encrypting key;First ciphertext, the second ciphertext and the second random number are sent to recipient.
Description
Technical field
The present invention relates to Privacy Protection field of communication technology, more particularly to it is a kind of based on pool of symmetric keys realize to information into
The safe communication system of row encryption and decryption and message authentication.
Background technique
With the outburst of 21 century information revolution and the continuous development of science and technology, how to guarantee the safety between user terminal
Communication is the hot spot of current research.Realize that, to information securities such as data encryption, transmission and privacies, either daily progress business is living
All there are urgent demand in dynamic enterprise-like corporation or government bodies, bank etc. to this, especially in current globalised economy
In generation, guarantees the unconditional security of information, is one of the focus of current public attention.Earliest period proposes the communication information between user terminal
Transmitting, be nearly all cleartext information, be very easy to be ravesdropping, safety is lower;Later people are further by based on mathematics
The classical Encryption Algorithm of complexity problem encrypts information.
The key technology of the current guarantee network information security is exactly cryptographic technique, and in field of cryptography of today, it is main
Will there are two types of cryptographic system, first is that symmetric key cryptosystem, i.e. encryption key and decruption key use it is same.The other is
Public key cryptosystem, i.e. encryption key and decruption key difference, one of them can be disclosed.
The safety of symmetric key cryptosystem relies on following two factor.First, Encryption Algorithm must be it is sufficiently strong,
Being based only on ciphertext itself and removing solution confidential information is impossible in practice;Second, the safety of encryption method is from key
Secret, rather than the secret of algorithm.The problem of symmetric encryption system maximum be key distribution and management it is extremely complex,
It is of a high price.Symmetric encipherment algorithm, which has another disadvantage that, is not easily accomplished digital signature.So in current mobile e-business
Encryption Algorithm realization in field depends primarily on RSA arithmetic.
The encryption key pair (public key) and decryption key (private key) that Public Key Cryptographic Systems uses are different.Due to encryption
Key be it is disclosed, the distribution of key and management are just very simple, and Public Key Cryptographic Systems can also be easily carried out number
Signature.
With the progress of breaking techniques and the progress of computer, the speed of decryption is improved, and the safety of password is
It reduces, still theoretically is able to realize and Encryption Algorithm is cracked, therefore the security related of encryption information can not be obtained
It is complete to ensure.Such as in January, 2010, the researcher of Israel have successfully cracked 128 communication encryption algorithms of 3G network;
In June, 2012 Kyushu University, Fujitsu Research Institute and Japanimation Communication Studies mechanism successfully cracked encryption of new generation
Algorithm-" pairing encryption ", this secret key length cracked is 923bit, has created new world record.
Simultaneously with the development of quantum computer, classical asymmetric-key encryption algorithm will become more dangerous.Nothing
By being encryption and decryption or Diffie-Hellman, private key, therefore existing warp can be calculated in quantum computer by public key
Allusion quotation asymmetric arithmetic will become cannot withstand a single blow in the quantum epoch.
Currently in encryption and decryption communication protocol, in addition to important Encryption Algorithm, the DH of initial key negotiation has been also related to
Algorithm.DH cipher key agreement algorithm belongs to asymmetric arithmetic, therefore entire encryption and decryption agreement will be also cracked in the quantum epoch
Risk.
Summary of the invention
The present invention provides a kind of safety the higher point-to-point message transmission side of anti-quantum calculation based on pool of symmetric keys
Method and system, a possibility that stealing key by Malware or malicious operation, substantially reduce, and will not be obtained by quantum computer
And it cracks.
The present invention is based on the point-to-point method for message transmission of anti-quantum calculation of pool of symmetric keys, participant is configured with key
Block, is stored with group's pool of symmetric keys in key card;The point-to-point method for message transmission of anti-quantum calculation is included in sender:
It is communicated with recipient and carries out key agreement, obtain shared key;
Using the first generating random number Message Encryption key and message authentication key, using message authentication key to be sent
Message carry out operation and generate the first authentication code, using Message Encryption key, to message and the first certification code encryption, to obtain first close
Text;
Key-encrypting key and key authentication key are generated using the second random number combination shared key, utilizes key authentication
The first random number of key pair carries out operation and generates the second authentication code, is authenticated using key-encrypting key to the first random number and second
Code encryption obtains the second ciphertext;
First ciphertext, the second ciphertext and the second random number are sent to recipient.
Optionally, the point-to-point method for message transmission of anti-quantum calculation further includes in recipient:
Receive the first ciphertext, the second ciphertext and the second random number from sender;
Key-encrypting key and key authentication key are generated using the second random number combination shared key, is encrypted using key
Key and the second ciphertext of key authentication key pair are decrypted and authenticate;
Utilize the first generating random number Message Encryption key and message authentication key decrypted from the second ciphertext, benefit
The first ciphertext is decrypted and is authenticated with Message Encryption key and message authentication key.
Optionally, when generating key-encrypting key and key authentication key using the second random number combination shared key, tool
Body includes:
The second random number, which is acted on, using key indicator algorithm obtains key seed pointer;
Corresponding random number sequence is taken out as close from group's pool of symmetric keys of key card according to key seed pointer
Key seed;
Intermediate key is obtained using key schedule computation key seed;
It carries out shared key and intermediate key that key-encrypting key and key authentication key is calculated as parameter.
Optionally, sender is communicated with recipient using coded communication when carrying out key agreement, the biography that coded communication uses
Defeated key is to be generated by negotiation random number in conjunction with group's pool of symmetric keys, and disclose the negotiation random number to other side.
Optionally, when sender communicates progress key agreement with recipient, include: in sender
It generates first and negotiates random number, which is acted on by key indicator algorithm and obtains key seed
Pointer takes out corresponding random number sequence as key kind according in group's pool of symmetric keys of the key seed pointer key card
Son obtains the first transmission key using key schedule computation key seed;
It is sent out using the encryption of the first transmission key for generating the relevant information of shared key and negotiating random number together with first
Give recipient.
Optionally, when sender communicates progress key agreement with recipient, include: in recipient
The relevant information for generating shared key is obtained using the first negotiation random nnrber decryption received, then accordingly
Calculate shared key;
It generates second and negotiates random number, which is acted on by key indicator algorithm and obtains key seed
Pointer takes out corresponding random number sequence as key kind according in group's pool of symmetric keys of the key seed pointer key card
Son obtains the second transmission key using key schedule computation key seed;
It is sent out using the encryption of the second transmission key for generating the relevant information of shared key and negotiating random number together with second
Give sender.
Optionally, when sender communicates progress key agreement with recipient, in sender further include:
The relevant information for generating shared key is obtained using the second negotiation random nnrber decryption received, then accordingly
Calculate shared key.
The present invention also provides a kind of point-to-point message delivery system of anti-quantum calculation based on pool of symmetric keys, participant are matched
It is equipped with key card, group's pool of symmetric keys is stored in key card;The point-to-point message delivery system of anti-quantum calculation includes
Configuration is in sender:
Negotiation module carries out key agreement for communicating with recipient, obtains shared key;
First encrypting module, for utilizing the first generating random number Message Encryption key and message authentication key, using disappearing
It ceases authentication key and carries out operation the first authentication code of generation to sent message, message and first are recognized using Message Encryption key
Card code encryption obtains the first ciphertext;
Second encrypting module, for generating key-encrypting key and key authentication using the second random number combination shared key
Key carries out operation using the first random number of key authentication key pair and generates the second authentication code, using key-encrypting key to the
One random number and the second certification code encryption obtain the second ciphertext;
Sending module, for the first ciphertext, the second ciphertext and the second random number to be sent to recipient.
The point-to-point message delivery system of anti-quantum calculation further includes configuring in recipient:
Receiving module, for receiving the first ciphertext, the second ciphertext and the second random number from sender;
First authentication module, for generating key-encrypting key and key authentication using the second random number combination shared key
Key is decrypted and authenticates using key-encrypting key and the second ciphertext of key authentication key pair;
Second authentication module, for utilizing the first generating random number Message Encryption key decrypted from the second ciphertext
And message authentication key, the first ciphertext is decrypted and is authenticated using Message Encryption key and message authentication key.
The present invention also provides a kind of point-to-point message delivery system of anti-quantum calculation based on pool of symmetric keys, participant are matched
It is equipped with key card, group's pool of symmetric keys is stored in key card;
Participant further includes memory and processor, is stored with computer program in memory, which executes calculating
The anti-quantum calculation point-to-point method for message transmission of the present invention based on pool of symmetric keys is realized when machine program.
In the present invention, the quantum key card used is independent hardware isolated equipment.Since public key and relevant parameter are
It is transmitted in a network in the form of ciphertext, a possibility that encryption key of every message is different, therefore shared key is cracked
It is extremely low.Parameter involved in the generation of key association key is obtained from group's pool of symmetric keys, the member other than group
The parameter can not be obtained;Message association key be encrypted transmission, so key involved in message encryption and decryption be difficult to by
It cracks.Therefore message content a possibility that the cracking that be stolen is lower.Authentication code is increased simultaneously, ensure that the standard of message and key
True property.
Detailed description of the invention
Fig. 1 is the schematic diagram of message packet format of the present invention;
Fig. 2 is step 1~3 key agreements flow chart in the present invention;
Fig. 3 is the flow chart that step 4 message encryption is packaged in the present invention;
Fig. 4 is the flow chart of step 5 message decrypted authentication in the present invention;
Fig. 5 is the schematic diagram of pool of symmetric keys association key generating process.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
In order to better describe and illustrate embodiments herein, one or more attached drawing can refer to, but attached for describing
The additional detail or example of figure are not construed as to present invention creation, current described embodiment or preferred side
The limitation of the range of any one in formula.
It should be understood that there is no stringent sequences to limit for the execution of each step unless expressly stating otherwise herein,
These steps can execute in other order.Moreover, at least part step may include multiple sub-steps or multiple ranks
Section, these sub-steps or stage are not necessarily to execute completion in synchronization, but can execute at different times, this
The execution sequence in a little step perhaps stage be also not necessarily successively carry out but can be with other steps or other steps
Sub-step or at least part in stage execute in turn or alternately.
The present invention realizes that scene is to possess any two of same group pool of symmetric keys to point in weevil, second realization group
To a message encryption transmission.Pool of symmetric keys in the present invention is made of the true random number of big data quantity, data volume be 1GB with
On, it is stored in quantum key card.Preferably, true random number is quantum random number.Quantum key card not only can store largely
Data, also have processing information ability.In the present invention, to all there is corresponding demand in the local system of weevil and object second
Algorithm.
The description of quantum key card is visible, and application No. is the patents of " 201610843210.6 ".When for mobile terminal, amount
Sub-key card is preferably quantum key SD card;When for fixed terminal, quantum key card is preferably quantum key USBkey or master
Machine quantum key board.
With application No. is compared with the patent of " 201610843210.6 ", quantum key card to issue mechanism different.This
The quantum key card side of issuing of patent be the supervisor side of quantum key card, the generally administrative department of group, such as certain enterprise or
The administrative department of public institution;The member that the quantum key card side of being awarded is managed by the supervisor side of quantum key card, generally
The employees at different levels of certain enterprise or public institution.Supervisor side's application that user terminal arrives quantum key card first is opened an account.When user terminal into
After row registration is granted, quantum key card will be obtained (there is unique quantum key card ID).Quantum key card stores visitor
Information is registered at family, is also built-in with identity authentication protocol, include at least key schedule and verification function or other with
The relevant algorithm of authentication.User side key in quantum key card is all downloaded from down the same quantum network service station, and right
For the supervisor side of the same quantum key card, the pool of keys stored in each quantum key card for issuing is completely the same
's.Preferably, the pool of keys size stored in quantum key card can be 1G, 2G, 4G, 8G, 16G, 32G, 64G, 128G,
256G, 512G, 1024G, 2048G, 4096G etc..Its capacity depends on requirement of the supervisor side to safety, the bigger safety of capacity
It is higher.
Quantum key card is developed from smart card techniques, is combined with quantum physics technology and (it is random to be carried quantum
In the case where number generator), cryptological technique, the authentication of hardware security isolation technology and encryption and decryption product.Quantum key
The embedded chip and operating system of card can provide the functions such as secure storage and the cryptographic algorithm of key.Since it is with independent
Data-handling capacity and good safety, quantum key card become the safety barrier of private key and pool of keys.Each quantum is close
Key card has the protection of hardware PIN code, and PIN code and hardware constitute two necessary factors that user uses quantum key card.That is institute
It calls " double factor authentication ", user only has while obtaining the quantum key card and user's PIN code that save relevant authentication information, just may be used
With login system.Even if the PIN code of user is leaked, as long as the quantum key card that user holds is not stolen, legitimate user's
Identity would not be counterfeit;If the quantum key card of user is lost, the person of picking up can not also imitate due to not knowing user's PIN code
Emit the identity of legitimate user.
The present invention is based on the point-to-point method for message transmission of anti-quantum calculation of pool of symmetric keys, participant is configured with key
Block, is stored with group's pool of symmetric keys in key card;The point-to-point method for message transmission of anti-quantum calculation is included in sender:
It is communicated with recipient and carries out key agreement, obtain shared key;
Using the first generating random number Message Encryption key and message authentication key, using message authentication key to be sent
Message carry out operation and generate the first authentication code, using Message Encryption key, to message and the first certification code encryption, to obtain first close
Text;
Key-encrypting key and key authentication key are generated using the second random number combination shared key, utilizes key authentication
The first random number of key pair carries out operation and generates the second authentication code, is authenticated using key-encrypting key to the first random number and second
Code encryption obtains the second ciphertext;
First ciphertext, the second ciphertext and the second random number are sent to recipient.
In recipient:
Receive the first ciphertext, the second ciphertext and the second random number from sender;
Key-encrypting key and key authentication key are generated using the second random number combination shared key, is encrypted using key
Key and the second ciphertext of key authentication key pair are decrypted and authenticate;
Utilize the first generating random number Message Encryption key and message authentication key decrypted from the second ciphertext, benefit
The first ciphertext is decrypted and is authenticated with Message Encryption key and message authentication key.
When both sides generate key-encrypting key and key authentication key each with the second random number combination shared key, tool
Body includes:
The second random number, which is acted on, using key indicator algorithm obtains key seed pointer;
Corresponding random number sequence is taken out as close from group's pool of symmetric keys of key card according to key seed pointer
Key seed;
Intermediate key is obtained using key schedule computation key seed;
It carries out shared key and intermediate key that key-encrypting key and key authentication key is calculated as parameter.
Sender is communicated with recipient using coded communication when carrying out key agreement, and the transmission key that coded communication uses is
It is generated by negotiation random number in conjunction with group's pool of symmetric keys, and discloses the negotiation random number to other side.
Specifically, sender is communicated with recipient when carrying out key agreement, include: in sender
It generates first and negotiates random number, which is acted on by key indicator algorithm and obtains key seed
Pointer takes out corresponding random number sequence as key kind according in group's pool of symmetric keys of the key seed pointer key card
Son obtains the first transmission key using key schedule computation key seed;
It is sent out using the encryption of the first transmission key for generating the relevant information of shared key and negotiating random number together with first
Give recipient.
Include: in recipient
The relevant information for generating shared key is obtained using the first negotiation random nnrber decryption received, then accordingly
Calculate shared key;
It generates second and negotiates random number, which is acted on by key indicator algorithm and obtains key seed
Pointer takes out corresponding random number sequence as key kind according in group's pool of symmetric keys of the key seed pointer key card
Son obtains the second transmission key using key schedule computation key seed;
It is sent out using the encryption of the second transmission key for generating the relevant information of shared key and negotiating random number together with second
Give sender.
In sender further include:
The relevant information for generating shared key is obtained using the second negotiation random nnrber decryption received, then accordingly
Calculate shared key.
In conjunction with attached drawing, in one embodiment, it is point-to-point to provide a kind of anti-quantum calculation based on pool of symmetric keys
Method for message transmission, wherein to weevil, that is, sender, object second, that is, recipient.
It specifically includes:
Step 1: public key being generated to weevil and relevant parameter is sent to object second
Parameter needed for 1.1 pairs of weevils define calculates Party A's public key: defining a Big prime p to weevil and a several g, g are
The primitive root of mould p.Private key of one truly random big integer i as Party A is generated to weevil, Party A's public key Ki=g is obtained by calculation
^i mod p。
1.2 pairs of weevils generate random number, generate key: generating a true random number r1 to weevil and (be equivalent to the first negotiation
Random number, below can also abbreviation r1, other abbreviation modes are similarly), key seed pointer is obtained by key indicator algorithm fkp
kp1.Object nail root takes out corresponding random number sequence R1 according to kp1 as key kind from group's pool of symmetric keys of local system
Son.Random number sequence R1 is calculated using key schedule fk to weevil and obtains key k1 (being equivalent to the first transmission key).
1.3 pairs of weevil encrypted public keys and relevant parameter, and it is sent to object second: key k1 calculated to weevil
The data splitting of { g, p, Ki } is encrypted to obtain ciphertext MKi.Wherein the data splitting of { g, p, Ki } can be considered for generating
The relevant information of shared key.
Object second is sent to as negotiation message by the combination of { r1, MKi } to weevil.
Step 2: object second decryption parsing message simultaneously generates public key, and privacy key is calculated, the public key of encryption is sent
To weevil
2.1 object second receive message and parse: object second receives the negotiation message from the key exchange to weevil
{ r1, MKi } ' simultaneously splits out r1 ' and MKi by rule '.
2.2 object second are calculated key and decrypt ciphertext: object second passes through corresponding key using obtained r1 ' is split
Pointer algorithm fkp obtains key seed pointer kp1 '.Object second is according to pointer kp1 ' from group's symmetric key of local system
Corresponding random number sequence R1 ' is taken out in pond as key seed.Object second calculates random number sequence using key schedule fk
Column R1 ' obtains key k1 '.Object second calculates decryption to ciphertext MKi ' using key k1 ' and obtains data { g, p, Ki } '.Split number
According to { g, p, Ki } ' obtain Big prime p ', number g ' and public key Ki '.
2.3 object second calculate public key: object second generates private key of the truly random big integer j as Party B, passes through calculating
Obtain Party B public key Kj=g ' ^j mod p '.
Shared key is calculated in 2.4 object second: shared key Kij=Ki ' ^j mod p ' is calculated in object second.
2.5 object second generate random number, and generate key: object second generates true random number r2 and (it is random to be equivalent to the second negotiation
Number), key seed pointer kp2 is obtained by key indicator algorithm fkp.Object second is symmetrical according to the group of kp2 from local system
Corresponding random number sequence R2 is taken out in pool of keys as key seed.Object second calculates random number using key schedule fk
Sequence R2 obtains key k2 (being equivalent to the second transmission key).
2.6 object second encrypt Party B's public key, and are sent to object first: the calculated key k2 of object second to Kj into
Row encryption obtains key MKj.
Wherein public key Kj can be considered the relevant information for generating shared key.
The combination of { r2, MKj } is sent to as Party B's negotiation message to weevil by object second.
Step 3: parsing message being decrypted to weevil and calculates arranging key
3.1 pairs of weevils receive message and parse: the negotiation message of the key exchange from object second is received to weevil
{ r2, MKj } ' simultaneously splits out r2 ' and MKj by rule '.
3.2 pairs of weevils are calculated key and decrypt ciphertext: being passed through to weevil using obtained random number sequence r2 ' is split
Corresponding key indicator algorithm fkp obtains key seed pointer kp2 '.Object nail root is according to pointer kp2 ' from the group of local system
Corresponding random number sequence R2 ' is taken out in group pool of symmetric keys as key seed.Weevil is counted using key schedule fk
It calculates random number sequence R2 ' and obtains key k2 '.Decryption is calculated to ciphertext MKj ' using key k2 ' to weevil and obtains public key Kj '.
Shared key is calculated in 3.3 pairs of weevils: shared key Kij '=Kj ' ^i mod p is calculated to weevil.It is right
The shared key Kij that the shared key Kij ' and object second that weevil obtains are obtained is equal to g^ (i*j) mod p, is mutually symmetrical
Key.The shared key, can be used as key seed, be preserved for calculating encryption key for a long time, referred to herein as Kij is for a long time
Key.
Step 4: message is encrypted to weevil
4.1 pairs of weevils generate message association key: object generates a true random number Kp (being equivalent to the first random number).It is right
By assignment algorithm Message Encryption key Kpe and message authentication key Kpa is calculated in true random number Kp by weevil.
4.2 pairs of weevils offset breath and carry out message authentication: assuming that message is in plain text m.To weevil using hmac algorithm to message
Authentication key Kpa and message plaintext m carries out the message authentication code MAC (being equivalent to the first authentication code) that message m is calculated.This hair
Bright middle use hmac algorithm is not limited only to the algorithm as message authentication algorithm.
4.3 pairs of weevils encrypt message: splicing message m and its message authentication code MAC to obtain m by specific mode to weevil
|MAC.To weevil using Message Encryption key Kpe to m | MAC progress symmetric encipherment algorithm obtains ciphertext Ep and (it is close to be equivalent to first
Text).
4.4 pairs of weevils generate key association key: a true random number r3 (being equivalent to the second random number) is generated to weevil,
Key seed pointer kp3 is obtained by key indicator algorithm fkp.Object nail root is according to pointer kp3 from the group pair of local system
Claim to take out corresponding random number sequence R3 as key seed in pool of keys.Weevil is calculated at random using key schedule fk
Number Sequence R3 obtains key k3 (being equivalent to intermediate key).
Shared key Kij ' is obtained to weevil, the generation that shared key Kij ' and k3 carries out new key as parameter is obtained
Key Kr=h (Kij ', k3), wherein h is hash algorithm.Key encryption is calculated by key Kr by assignment algorithm to weevil
Key Kre and key authentication key Kra.
4.5 pairs of weevils carry out message authentication to key: being carried out using key authentication key Kra to random number Kp to weevil
Hmac algorithm obtains message authentication code MACp (being equivalent to the second authentication code).
4.6 pairs of weevil encryption keys: weevil is spliced random number Kp and its message authentication code MACp by specific mode
Obtain Kp | MACp.To weevil using key-encrypting key Kre to Kp | MACp carries out symmetric encipherment algorithm and obtains ciphertext Er (quite
In the second ciphertext).
Message is transmitted object second by 4.7 pairs of weevils: to weevil by message ciphertext Ep, key ciphertext Er and random number
R3 is packaged as specified message package, and message packet format is as shown in Figure 1.Object second is sent to by message package to weevil.
Step 5: object second decryption message simultaneously authenticates message
5.1 object second receive and parse through message package: object second is received from the message package to weevil, by the message package solution
Analysis obtains random number r3 ', key ciphertext Er ' and message ciphertext Ep '.
5.2 object second generate key association key: object second obtains random number r3 ' by key indicator algorithm fkp close
Key seed pointer kp3 '.Object second is taken out from group's pool of symmetric keys of local system corresponding random according to pointer kp3 '
Number Sequence R3 ' is used as key seed.Object second calculates random number sequence R3 ' using key schedule fk and obtains key k3 '.It is right
As second obtain shared key Kij ', by shared key Kij ' and k3 ' as parameter progress new key generation obtain key Kr '=
h(Kij',k3').By assignment algorithm key-encrypting key Kre ' and key authentication key is calculated in key Kr ' by object second
Kra’。
5.3 object second decruption key ciphertexts simultaneously authenticate: object second using key-encrypting key Kre ' to key ciphertext Kr ' into
The corresponding symmetry algorithm of row decrypts to obtain (Kp | MACp) '.The fractionation of object second (Kp | MACp) ' obtain Kp ' and MACp '.Object second
Hmac algorithm is carried out to Kp ' using key authentication key Kra ', authentication code MACp " is calculated.By two authentication code MACp ',
MACp " is compared, if two identical, illustrates that the variation the case where such as does not occur error code, distorts in key Kp '.Conversely, this disappears
Breath cancels.
5.4 object second generate message association key: by assignment algorithm message encryption is calculated in key Kp ' by object second
Key Kpe ' and message authentication key Kpa '.
5.5 object second decryption message simultaneously authenticates: object second is referred to using Message Encryption key Kpe ' message cipher text Ep '
Fixed symmetry algorithm decrypts to obtain (m | MAC) '.The fractionation of object second (m | MAC) ' obtain m ' and MAC '.Object second is recognized using message
Card key Kpa ' carries out hmac algorithm to m ' and authentication code MAC " is calculated.Two authentication code MAC ', MAC " are compared, such as
Fruit two identical, then the variation the case where such as does not occur error code, distorts in description messages m '.Conversely, the message is cancelled.
According to above-described embodiment, first and second can carry out key replacement according to security strategy.Replacement for Kp, first and second
One Kp of a replacement data packet can be considered, it can also be with one Kp of multiple replacement data packets.For long-time key Kij, first
With second it is contemplated that timing is replaced, substitute mode is to execute step 1~3.
In one embodiment, a kind of point-to-point message biography of the anti-quantum calculation based on multiple unsymmetrical key ponds is provided
Transmission method system, participant are configured with key card, are stored with group's pool of symmetric keys in key card;The anti-quantum calculation point pair
Point message delivery system includes configuring in sender:
Negotiation module carries out key agreement for communicating with recipient, obtains shared key;
First encrypting module, for utilizing the first generating random number Message Encryption key and message authentication key, using disappearing
It ceases authentication key and carries out operation the first authentication code of generation to sent message, message and first are recognized using Message Encryption key
Card code encryption obtains the first ciphertext;
Second encrypting module, for generating key-encrypting key and key authentication using the second random number combination shared key
Key carries out operation using the first random number of key authentication key pair and generates the second authentication code, using key-encrypting key to the
One random number and the second certification code encryption obtain the second ciphertext;
Sending module, for the first ciphertext, the second ciphertext and the second random number to be sent to recipient.
The point-to-point message delivery system of anti-quantum calculation further includes configuring in recipient:
Receiving module, for receiving the first ciphertext, the second ciphertext and the second random number from sender;
First authentication module, for generating key-encrypting key and key authentication using the second random number combination shared key
Key is decrypted and authenticates using key-encrypting key and the second ciphertext of key authentication key pair;
Second authentication module, for utilizing the first generating random number Message Encryption key decrypted from the second ciphertext
And message authentication key, the first ciphertext is decrypted and is authenticated using Message Encryption key and message authentication key.
Specific restriction about the point-to-point method for message transmission system of anti-quantum calculation may refer to above for anti-amount
Son calculates the restriction of point-to-point method for message transmission method, and details are not described herein.Above-mentioned modules can be fully or partially through
Software, hardware and combinations thereof are realized.Above-mentioned each module can be embedded in the form of hardware or independently of the place in computer equipment
It manages in device, can also be stored in a software form in the memory in computer equipment, in order to which processor calls execution or more
The corresponding operation of modules.
In one embodiment, a kind of computer equipment, i.e., a kind of anti-amount based on multiple unsymmetrical key ponds are provided
Son calculates point-to-point method for message transmission system, which can be terminal, and internal structure may include passing through to be
Processor, memory, network interface, display screen and the input unit of bus of uniting connection.Wherein, the processor of the computer equipment
For providing calculating and control ability.The memory of the computer equipment includes non-volatile memory medium, built-in storage.This is non-
Volatile storage medium is stored with operating system and computer program.The built-in storage is the operation in non-volatile memory medium
The operation of system and computer program provides environment.The network interface of the computer equipment is used to pass through network with external terminal
Connection communication.To realize the above-mentioned point-to-point method for message transmission side of anti-quantum calculation when the computer program is executed by processor
Method.The display screen of the computer equipment can be liquid crystal display or electric ink display screen, the input of the computer equipment
Device can be the touch layer covered on display screen, be also possible to the key being arranged on computer equipment shell, trace ball or touching
Plate is controlled, can also be external keyboard, Trackpad or mouse etc..
Wherein in an embodiment, a kind of point-to-point message delivery system of anti-quantum calculation based on pool of symmetric keys is provided,
Participant is configured with key card, is stored with group's pool of symmetric keys in key card;
Participant further includes memory and processor, is stored with computer program in memory, which executes calculating
The anti-quantum calculation point-to-point method for message transmission based on pool of symmetric keys is realized when machine program.
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
The limitation to invention scope therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art,
Under the premise of not departing from present inventive concept, various modifications and improvements can be made, and these are all within the scope of protection of the present invention.
Therefore, protection scope of the present invention should be determined by the appended claims.
Claims (10)
1. the point-to-point method for message transmission of anti-quantum calculation based on pool of symmetric keys, which is characterized in that participant is configured with close
Key card is stored with group's pool of symmetric keys in key card;The point-to-point method for message transmission of anti-quantum calculation is included in transmission
Side:
It is communicated with recipient and carries out key agreement, obtain shared key;
Using the first generating random number Message Encryption key and message authentication key, using message authentication key to sent disappearing
Breath carries out operation and generates the first authentication code, obtains the first ciphertext to message and the first certification code encryption using Message Encryption key;
Key-encrypting key and key authentication key are generated using the second random number combination shared key, utilizes key authentication key
Operation is carried out to the first random number and generates the second authentication code, the first random number and the second authentication code are added using key-encrypting key
It is close to obtain the second ciphertext;
First ciphertext, the second ciphertext and the second random number are sent to recipient.
2. the point-to-point method for message transmission of anti-quantum calculation based on pool of symmetric keys, feature exist as described in claim 1
In the anti-point-to-point method for message transmission of quantum calculation further includes in recipient:
Receive the first ciphertext, the second ciphertext and the second random number from sender;
Key-encrypting key and key authentication key are generated using the second random number combination shared key, utilizes key-encrypting key
It is decrypted and authenticates with the second ciphertext of key authentication key pair;
Using the first generating random number Message Encryption key and message authentication key decrypted from the second ciphertext, using disappearing
Encryption for information key and message authentication key are decrypted and authenticate to the first ciphertext.
3. the point-to-point method for message transmission of anti-quantum calculation based on pool of symmetric keys as claimed in claim 1 or 2, feature
It is, when generating key-encrypting key and key authentication key using the second random number combination shared key, specifically includes:
The second random number, which is acted on, using key indicator algorithm obtains key seed pointer;
Corresponding random number sequence is taken out as key kind from group's pool of symmetric keys of key card according to key seed pointer
Son;
Intermediate key is obtained using key schedule computation key seed;
It carries out shared key and intermediate key that key-encrypting key and key authentication key is calculated as parameter.
4. the point-to-point method for message transmission of anti-quantum calculation based on pool of symmetric keys, feature exist as described in claim 1
In sender is communicated with recipient using coded communication when carrying out key agreement, and the transmission key that coded communication uses is by assisting
Quotient's random number is generated in conjunction with group's pool of symmetric keys, and discloses the negotiation random number to other side.
5. the point-to-point method for message transmission of anti-quantum calculation based on pool of symmetric keys, feature exist as described in claim 1
In, sender communicated with recipient carry out key agreement when, include: in sender
It generates first and negotiates random number, which is acted on by key indicator algorithm and obtains key seed and refers to
Needle takes out corresponding random number sequence as key kind according in group's pool of symmetric keys of the key seed pointer key card
Son obtains the first transmission key using key schedule computation key seed;
Using the encryption of the first transmission key for generating the relevant information of shared key and being sent to together with the first negotiation random number
Recipient.
6. the point-to-point method for message transmission of anti-quantum calculation based on pool of symmetric keys, feature exist as claimed in claim 5
In, sender communicated with recipient carry out key agreement when, include: in recipient
The relevant information for generating shared key, then corresponding calculating are obtained using the first negotiation random nnrber decryption received
Shared key out;
It generates second and negotiates random number, which is acted on by key indicator algorithm and obtains key seed and refers to
Needle takes out corresponding random number sequence as key kind according in group's pool of symmetric keys of the key seed pointer key card
Son obtains the second transmission key using key schedule computation key seed;
Using the encryption of the second transmission key for generating the relevant information of shared key and being sent to together with the second negotiation random number
Sender.
7. the point-to-point method for message transmission of anti-quantum calculation based on pool of symmetric keys, feature exist as claimed in claim 6
In when sender communicates progress key agreement with recipient, in sender further include:
The relevant information for generating shared key, then corresponding calculating are obtained using the second negotiation random nnrber decryption received
Shared key out.
8. the point-to-point message delivery system of anti-quantum calculation based on pool of symmetric keys, which is characterized in that participant is configured with close
Key card is stored with group's pool of symmetric keys in key card;The point-to-point message delivery system of anti-quantum calculation includes that configuration exists
Sender's:
Negotiation module carries out key agreement for communicating with recipient, obtains shared key;
First encrypting module is recognized for utilizing the first generating random number Message Encryption key and message authentication key using message
It demonstrate,proves key and carries out operation the first authentication code of generation to sent message, using Message Encryption key to message and the first authentication code
Encryption obtains the first ciphertext;
Second encrypting module, for close using the second random number combination shared key generation key-encrypting key and key authentication
Key carries out operation using the first random number of key authentication key pair and generates the second authentication code, using key-encrypting key to first
Random number and the second certification code encryption obtain the second ciphertext;
Sending module, for the first ciphertext, the second ciphertext and the second random number to be sent to recipient.
9. the point-to-point message delivery system of anti-quantum calculation based on pool of symmetric keys, feature exist as claimed in claim 8
In the anti-point-to-point message delivery system of quantum calculation further includes configuring in recipient:
Receiving module, for receiving the first ciphertext, the second ciphertext and the second random number from sender;
First authentication module, for close using the second random number combination shared key generation key-encrypting key and key authentication
Key is decrypted and authenticates using key-encrypting key and the second ciphertext of key authentication key pair;
Second authentication module, for utilizing the first generating random number Message Encryption key decrypted from the second ciphertext and disappearing
Authentication key is ceased, the first ciphertext is decrypted and is authenticated using Message Encryption key and message authentication key.
10. the point-to-point message delivery system of anti-quantum calculation based on pool of symmetric keys, which is characterized in that participant is configured with close
Key card is stored with group's pool of symmetric keys in key card;
Participant further includes memory and processor, is stored with computer program in memory, which executes computer journey
Claim 1~7 described in any item anti-quantum calculation point-to-point method for message transmission based on pool of symmetric keys are realized when sequence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910026716.1A CN109818749B (en) | 2019-01-11 | 2019-01-11 | Quantum computation resistant point-to-point message transmission method and system based on symmetric key pool |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910026716.1A CN109818749B (en) | 2019-01-11 | 2019-01-11 | Quantum computation resistant point-to-point message transmission method and system based on symmetric key pool |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109818749A true CN109818749A (en) | 2019-05-28 |
| CN109818749B CN109818749B (en) | 2021-11-16 |
Family
ID=66603380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910026716.1A Active CN109818749B (en) | 2019-01-11 | 2019-01-11 | Quantum computation resistant point-to-point message transmission method and system based on symmetric key pool |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109818749B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110493272A (en) * | 2019-09-25 | 2019-11-22 | 北京风信科技有限公司 | Use the communication means and communication system of multiple key |
| CN110601845A (en) * | 2019-08-28 | 2019-12-20 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on symmetric key pool and ECC |
| CN110650119A (en) * | 2019-08-20 | 2020-01-03 | 阿里巴巴集团控股有限公司 | Data transmission method and device and electronic equipment |
| CN111901100A (en) * | 2020-06-17 | 2020-11-06 | 南京如般量子科技有限公司 | Data link quantum computation resistant communication method and system based on symmetric key pool |
| CN113468582A (en) * | 2021-07-26 | 2021-10-01 | 永旗(北京)科技有限公司 | Anti-quantum computing encryption communication method |
| CN114124388A (en) * | 2022-01-27 | 2022-03-01 | 济南量子技术研究院 | Gossip protocol synchronization method based on quantum key |
| CN114760047A (en) * | 2020-12-28 | 2022-07-15 | 科大国盾量子技术股份有限公司 | Quantum key management method, device and system |
| CN115051814A (en) * | 2022-08-15 | 2022-09-13 | 南方电网数字电网研究院有限公司 | Wind power plant safety communication authentication method and system |
| CN116318739A (en) * | 2023-05-23 | 2023-06-23 | 北京中超伟业信息安全技术股份有限公司 | Electronic data exchange method and system |
| CN117436043A (en) * | 2023-12-20 | 2024-01-23 | 鼎铉商用密码测评技术(深圳)有限公司 | Method and device for verifying source of file to be executed and readable storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100550725C (en) * | 2005-06-17 | 2009-10-14 | 中兴通讯股份有限公司 | The method of a kind of user and application server negotiating about cipher key shared |
| CN101895881A (en) * | 2009-05-18 | 2010-11-24 | 中国移动通信集团公司 | Method for realizing GBA secret key and pluggable equipment of terminal |
| US9166793B2 (en) * | 2011-12-05 | 2015-10-20 | University Of Washington | Efficient authentication for mobile and pervasive computing |
| CN107508672A (en) * | 2017-09-07 | 2017-12-22 | 浙江神州量子网络科技有限公司 | A kind of cipher key synchronization method and key synchronization device based on pool of symmetric keys, key synchronization system |
| CN108234501A (en) * | 2018-01-11 | 2018-06-29 | 北京国电通网络技术有限公司 | A kind of virtual plant safety communicating method based on quantum key fusion |
| CN108718237A (en) * | 2018-03-20 | 2018-10-30 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on pool of symmetric keys |
-
2019
- 2019-01-11 CN CN201910026716.1A patent/CN109818749B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100550725C (en) * | 2005-06-17 | 2009-10-14 | 中兴通讯股份有限公司 | The method of a kind of user and application server negotiating about cipher key shared |
| CN101895881A (en) * | 2009-05-18 | 2010-11-24 | 中国移动通信集团公司 | Method for realizing GBA secret key and pluggable equipment of terminal |
| US9166793B2 (en) * | 2011-12-05 | 2015-10-20 | University Of Washington | Efficient authentication for mobile and pervasive computing |
| CN107508672A (en) * | 2017-09-07 | 2017-12-22 | 浙江神州量子网络科技有限公司 | A kind of cipher key synchronization method and key synchronization device based on pool of symmetric keys, key synchronization system |
| CN108234501A (en) * | 2018-01-11 | 2018-06-29 | 北京国电通网络技术有限公司 | A kind of virtual plant safety communicating method based on quantum key fusion |
| CN108718237A (en) * | 2018-03-20 | 2018-10-30 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on pool of symmetric keys |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110650119A (en) * | 2019-08-20 | 2020-01-03 | 阿里巴巴集团控股有限公司 | Data transmission method and device and electronic equipment |
| CN110601845B (en) * | 2019-08-28 | 2022-11-15 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on symmetric key pool and ECC |
| CN110601845A (en) * | 2019-08-28 | 2019-12-20 | 如般量子科技有限公司 | Anti-quantum computation RFID authentication method and system based on symmetric key pool and ECC |
| CN110493272A (en) * | 2019-09-25 | 2019-11-22 | 北京风信科技有限公司 | Use the communication means and communication system of multiple key |
| CN111901100A (en) * | 2020-06-17 | 2020-11-06 | 南京如般量子科技有限公司 | Data link quantum computation resistant communication method and system based on symmetric key pool |
| CN114760047A (en) * | 2020-12-28 | 2022-07-15 | 科大国盾量子技术股份有限公司 | Quantum key management method, device and system |
| CN113468582A (en) * | 2021-07-26 | 2021-10-01 | 永旗(北京)科技有限公司 | Anti-quantum computing encryption communication method |
| CN114124388A (en) * | 2022-01-27 | 2022-03-01 | 济南量子技术研究院 | Gossip protocol synchronization method based on quantum key |
| CN114124388B (en) * | 2022-01-27 | 2022-05-10 | 济南量子技术研究院 | Gossip protocol synchronization method based on quantum key |
| CN115051814A (en) * | 2022-08-15 | 2022-09-13 | 南方电网数字电网研究院有限公司 | Wind power plant safety communication authentication method and system |
| CN116318739A (en) * | 2023-05-23 | 2023-06-23 | 北京中超伟业信息安全技术股份有限公司 | Electronic data exchange method and system |
| CN116318739B (en) * | 2023-05-23 | 2023-08-15 | 北京中超伟业信息安全技术股份有限公司 | Electronic data exchange method and system |
| CN117436043A (en) * | 2023-12-20 | 2024-01-23 | 鼎铉商用密码测评技术(深圳)有限公司 | Method and device for verifying source of file to be executed and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109818749B (en) | 2021-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109818749A (en) | The point-to-point method for message transmission of anti-quantum calculation and system based on pool of symmetric keys | |
| Lv et al. | Analysis of using blockchain to protect the privacy of drone big data | |
| CN109951274A (en) | The point-to-point method for message transmission of anti-quantum calculation and system based on private key pond | |
| CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
| CN106127079B (en) | A kind of data sharing method and device | |
| CN109951453A (en) | A kind of safe encryption method based on block chain | |
| CN107070948A (en) | Signature and verification method based on hybrid encryption algorithm in cloud storage | |
| CN109728906A (en) | Anti- quantum calculation asymmet-ric encryption method and system based on unsymmetrical key pond | |
| CN104935553B (en) | Unified identity authentication platform and authentication method | |
| CN104393996B (en) | A kind of label decryption method and system based on no certificate | |
| CN109756329A (en) | Anti- quantum calculation shared key machinery of consultation and system based on private key pond | |
| CN109450623A (en) | Anti- quantum calculation cryptographic key negotiation method based on unsymmetrical key pond | |
| CN103986583A (en) | Dynamic encryption method and encryption communication system thereof | |
| CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
| CN104639322B (en) | The method of the Identity-based encryption containing attribute with certificate | |
| CN101640590A (en) | Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof | |
| CN109921905B (en) | Anti-quantum computation key negotiation method and system based on private key pool | |
| CN110113150A (en) | The encryption method and system of deniable authentication based on no certificate environment | |
| CN109936456A (en) | Anti- quantum calculation digital signature method and system based on private key pond | |
| CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
| CN109787758A (en) | Anti- quantum calculation MQV cryptographic key negotiation method and system based on private key pond and Elgamal | |
| CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
| CN110535626A (en) | The quantum communications service station secret communication method and system of identity-based | |
| CN109495497A (en) | Based on the management of credit worthiness dynamic and domestic cryptographic algorithm privacy information encrypted transmission method | |
| CN109495244A (en) | Anti- quantum calculation cryptographic key negotiation method based on pool of symmetric keys |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |