CN110213056B

CN110213056B - Anti-quantum computing energy-saving communication method and system and computer equipment

Info

Publication number: CN110213056B
Application number: CN201910400864.5A
Authority: CN
Inventors: 富尧; 钟一民; 余秋炜; 杨羽成
Original assignee: Ruban Quantum Technology Co Ltd
Current assignee: Ruban Quantum Technology Co Ltd
Priority date: 2019-05-15
Filing date: 2019-05-15
Publication date: 2023-03-24
Anticipated expiration: 2039-05-15
Also published as: CN110213056A

Abstract

The application discloses an anti-quantum computation energy-saving communication method and system based on online and offline signatures and computer equipment, wherein the system comprises a first terminal, a second terminal, an application server and a communication network; the application server is configured with an application server key fob in which a public key pool and a private key pool are stored; the second terminal is provided with a second terminal key card, and a public key pool and a private key pool are stored in the second terminal key card; the first terminal is provided with a first terminal key fob, a temporary public key pool, a temporary private key pool, a public key pool, a private key pool and a symmetric key pool are stored in the first terminal key fob, and a key table is stored in the symmetric key pool; the first terminal with low power consumption does not use a public key and a private key to carry out public-private key algorithm calculation, only table look-up is needed to obtain a shared key which is in encrypted communication with the application server, and in addition, the signature process adopts an online and offline signature method assisted by a temporary key pool, and the signature can be obtained only through look-up and a small amount of calculation.

Description

Anti-quantum computing energy-saving communication method and system and computer equipment

Technical Field

The application belongs to the technical field of intelligent application terminals, and particularly relates to an anti-quantum computing energy-saving communication method and system based on online and offline signatures, and a computer device.

Background

With the continuous development of informatization technology and social economy, the living standard of people is continuously improved, the pace of life is gradually accelerated, and people gradually appear various scenes needing close-range identity authentication in daily life, such as entrance guard card swiping, traffic card swiping, attendance checking and the like. With the increasing number of intelligent devices, people have raised higher requirements on the intelligent operation and the safety of data transmission. Generally, asymmetric key encryption is used to ensure the security of data, and different keys are used to complete encryption and decryption operations in asymmetric key encryption, one is published publicly, i.e., a public key, and the other is kept secret by a user, i.e., a private key. The information sender uses the public key to decrypt, and the information receiver uses the private key to decrypt; or the sender of the information is decrypted with the private key and the receiver of the information is decrypted with the public key. In general, a digital signature technology is required to be used in an identity authentication method, since an application client is often a low-performance device, the computing power and the storage space are limited, and the capacity of a battery cannot enable the device to be continuously used, a complex operation cannot be performed, and a proper digital signature algorithm must be selected.

An online-offline signature scheme is a good choice. The online and offline signature divides the signature process into two stages, wherein the first stage is an offline stage and the second stage is an online stage. The complex and large amount of operation is carried out in an off-line stage, namely when the equipment is idle, and only a small amount of calculation is needed in an on-line stage, so that the response speed of the system signature is improved. Before the signed message arrives, we call this signature phase of computation offline signature computation, and signature computation after the message arrives online signature computation.

As most people know, quantum computers have great potential in password cracking. The asymmetric (public key) encryption algorithms, such as the RSA encryption algorithm, which are mainstream today, are mostly based on two mathematical challenges, namely factorization of large integers or computation of discrete logarithms over a finite field. Their difficulty in breaking is also dependent on the efficiency with which these problems are solved. On a traditional computer, the two mathematical problems are required to be solved, and the time is taken to be exponential (namely, the cracking time increases in exponential order along with the increase of the length of the public key), which is not acceptable in practical application. The xiuer algorithm tailored for quantum computers can perform integer factorization or discrete logarithm calculation within polynomial time (i.e. the cracking time increases at the speed of k power along with the increase of the length of a public key, wherein k is a constant irrelevant to the length of the public key), thereby providing possibility for the cracking of RSA and discrete logarithm encryption algorithms.

The problems existing in the prior art are as follows:

(1) In the prior art, an application server has no reliable protection measures. The application server is a central network element of the application system, has Internet surfing capability and is likely to be infected with viruses Trojan horse so as to steal information; or the attack causes paralysis, thereby causing paralysis of the entire application system solution.

(2) In the prior art, an application client key is stored in an application client memory, and can be stolen by malicious software or malicious operations when exposed to the threat of a virus trojan of an application client.

(3) Because the quantum computer can quickly obtain the corresponding private key through the public key, the existing application system communication method established on the basis of the public and private keys is easy to crack by the quantum computer.

(4) If the public key and private key algorithm calculation is carried out on the low-power-consumption application client, the low-power-consumption application client cannot bear the calculation amount, the calculation is slow, and the electric quantity is easily and quickly consumed if the low-power-consumption application client is powered by a battery.

(5) If the symmetric key pool is stored in the key fob, the application server as a communication center needs to store a plurality of large-capacity symmetric key pools, which greatly consumes the storage space of the application server.

Disclosure of Invention

In view of the above, it is necessary to provide a quantum computation resistant energy-saving communication method and system based on online and offline signatures, and a computer device.

The application provides an anti-quantum computation energy-saving communication method based on online and offline signatures, which is implemented at a first terminal and comprises the following steps:

generating a first terminal random number, and sending the first terminal random number to a second terminal, wherein the first terminal random number is used for the second terminal to generate a session code and provide the session code to an application server;

obtaining a session code, a bill and an application server random number from a second terminal, looking up a key table in a key fob according to the first terminal random number in the application server random number session code to obtain a key Km, decrypting the bill by using the key Km to obtain a session key, and performing message authentication by using the session key; the bill is obtained by the second terminal by analyzing the message Msc after the first signature is verified; the first signature is generated by an application server, the bill is a ciphertext containing a session key, the bill is obtained by the application server according to the session code, and the message Msc is generated by the application server according to the bill;

and after the message passes the authentication, generating a second signature and a third signature by using the first terminal random number, and sending the second signature and the third signature to the second terminal, wherein the third signature is used for generating a fourth signature after the second terminal passes the authentication, and the second signature and the fourth signature are used for the application server to verify so as to complete the key agreement between the first terminal and the second terminal.

The application provides an anti-quantum computation energy-saving communication method based on online and offline signatures, which is implemented at a second terminal and comprises the following steps:

obtaining a first terminal random number from a first terminal;

generating a session code by using the first terminal random number and providing the session code to an application server;

acquiring a message Msc and a first signature from an application server, verifying the first signature, and analyzing the message Msc to obtain a bill after the verification is passed; the first signature is generated by an application server, the bill is obtained by the application server according to the session code, the bill is a ciphertext containing a session key, and the message Msc is generated by the application server according to the bill;

sending a session code, a bill and an application server random number to a first terminal, wherein the session code is used for the first terminal to obtain a first terminal random number, the first terminal random number and the application server random number are used for the first terminal to look up a key table in a key fob to obtain a key Km, the key Km is used for the first terminal to decrypt the bill to obtain a session key, and the session key is used for the first terminal to perform message authentication;

acquiring a second signature and a third signature from the first terminal, and generating a fourth signature after the third signature passes verification; the second signature and the third signature are generated by the first terminal according to the random number of the first terminal;

and sending a second signature and the fourth signature to an application server, wherein the second signature and the fourth signature are used for the application server to verify so as to complete key agreement between the first terminal and the second terminal.

The application provides an anti-quantum computation energy-saving communication method based on online and offline signatures, which is implemented in an application server and comprises the following steps:

obtaining a session code from a second terminal, wherein the session code is generated by the second terminal according to a first terminal random number, and the first terminal random number is generated by a first terminal;

generating a bill according to the session code, obtaining a message Msc from the bill, simultaneously generating a first signature, and sending the first signature and the message Msc to a second terminal; the bill is a ciphertext containing a session key, the first signature is used for the second terminal to verify, the message Msc is used for the second terminal to analyze and obtain the bill after verifying the first signature, the session code is used for the first terminal to obtain a first terminal random number, the first terminal random number is used for the first terminal to look up a key table in a key fob to obtain a key Km, the key Km is used for the first terminal to decrypt the bill to obtain the session key, and the session key is used for the first terminal to perform message authentication;

acquiring a second signature and the fourth signature from the second terminal to complete key agreement between the first terminal and the second terminal; the second signature is generated by the first terminal according to the first terminal random number, the fourth signature is generated by the second terminal after the third signature is verified by the second terminal, and the third signature is generated by the first terminal according to the first terminal random number.

The application provides an anti-quantum computation energy-saving communication method based on online and offline signatures, which comprises the following steps:

a first terminal generates a first terminal random number and sends the first terminal random number to a second terminal;

the second terminal acquires and utilizes the first terminal random number to generate a session code and provides the session code to an application server;

the application server acquires and generates a bill according to the session code, the bill obtains a message Msc, a first signature and an application server random number are generated at the same time, the first signature, the application server random number and the message Msc are sent to a second terminal, and the bill is a ciphertext containing a session key;

the second terminal acquires a message Msc, an application server random number and a first signature from the application server, verifies the first signature, analyzes the message Msc after the verification is passed to obtain a bill, and sends a session code, the application server random number and the bill to the first terminal;

the first terminal obtains a session code, an application server random number and a bill from the second terminal, a key Km is obtained by looking up a key table in a key fob according to the application server random number and the first terminal random number in the session code, the bill is decrypted by using the key Km to obtain a session key, message authentication is carried out by using the session key, and after the message authentication is passed, a second signature and a third signature are generated by using the first terminal random number and sent to the second terminal;

the second terminal acquires a second signature and a third signature from the first terminal, generates a fourth signature after the third signature is verified, and sends the second signature and the fourth signature to the application server;

and the application server finishes key negotiation between the first terminal and the second terminal according to the second signature and the fourth signature from the second terminal.

Further, the application server is configured with an application server key fob in which a public key pool and a private key pool are stored; the second terminal is configured with a second terminal key fob, and a public key pool and a private key pool are stored in the second terminal key fob; the first terminal is configured with a first terminal key fob, a temporary public key pool, a temporary private key pool, a public key pool, a private key pool and a symmetric key pool are stored in the first terminal key fob, and a key table is stored in the symmetric key pool.

Further, the first terminal obtains the key Km by looking up a key table in the key fob according to the application server random number and the first terminal random number in the session code, including:

obtaining a first terminal random number according to the session code, and simultaneously extracting an application server random number;

and combining the first terminal random number and the application server random number with a pointer function respectively to obtain a first terminal private key pointer and an application server private key pointer, wherein the first terminal private key pointer and the application server private key pointer correspond to the rows and columns of the key table, and further obtain a key Km.

The application also provides a computer device, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the online and offline signature-based quantum computing energy-saving communication method when executing the computer program.

The application also provides an anti-quantum computing energy-saving communication system based on the online and offline signature, wherein the anti-quantum computing energy-saving communication system comprises a first terminal, a second terminal, an application server and a communication network; the application server is configured with an application server key fob in which a public key pool and a private key pool are stored; the second terminal is configured with a second terminal key fob in which a public key pool and a private key pool are stored; the first terminal is configured with a first terminal key fob, a temporary public key pool, a temporary private key pool, a public key pool, a private key pool and a symmetric key pool are stored in the first terminal key fob, and a key table is stored in the symmetric key pool;

the first terminal, the second terminal and the application server realize the anti-quantum computing energy-saving communication method based on the online and offline signature through the communication network.

In the application, the first terminal with low power consumption does not use a public key and a private key to perform public-private key algorithm calculation, only table lookup is needed to obtain a shared key in encrypted communication with the application server, and in addition, a temporary key pool assisted online and offline signature method is adopted in the signature process, so that the signature can be obtained only by lookup and a small amount of calculation. Therefore, the method and the device have the advantages of small calculation amount, high speed, energy conservation and prolongation of the service time of the battery of the first terminal. The application server as a communication center only needs to store a plurality of groups of public key pools without storing a plurality of large-capacity symmetric key pools, so that the storage space of the application server is greatly saved. When an Nth second terminal is added to the application server, according to a symmetric key pool method, a key amount which is the same as that of the Nth second terminal needs to be added and stored originally, namely m x N; now, only the amount of the key of the public key pool corresponding to the Nth second terminal needs to be added, namely N, the amount of the newly added key is greatly reduced. Thus greatly saving the storage space of the application server.

Drawings

Fig. 1 is a networking diagram of an application system provided in an embodiment of the present application;

FIG. 2 is a schematic diagram of a key area of a key card of an application server;

FIG. 3 is a schematic diagram of a public key pool in a key area of a key card of an application server;

FIG. 4 is a schematic diagram of a key zone within a key fob using an IC card;

FIG. 5 is a schematic diagram of a symmetric key pool in a key area of an IC card;

fig. 6 is a flowchart for acquiring a public and private key of an application server according to an embodiment of the present application;

fig. 7 is a flowchart for acquiring a public key of an application terminal according to an embodiment of the present disclosure;

fig. 8 is a communication timing diagram of a key agreement process.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In the short-distance energy-saving communication scheme of the application system, the application system can be various systems needing short-distance identity authentication, and comprises an application server and a plurality of application clients, wherein the application clients comprise an application terminal and an application IC card, and the application IC card is low-performance equipment. The application server runs a business service program, and the application client runs a business client program. The application system of the present application may be, but is not limited to: an access control system; a traffic card swiping system; attendance systems, and the like. In the case of the aforementioned three application systems, the application servers are respectively: the system comprises an access control system server, a traffic card swiping system server and an attendance system server; the application terminals are respectively as follows: entrance guard imprinter, traffic imprinter, attendance imprinter; the application IC card is respectively as follows: entrance guard card, traffic card, attendance card. The physical form of the application IC card may be a key fob in the form of a smart card or a key fob in the form of a mobile SDKEY.

Application system architecture as shown in fig. 1, an application server (hereinafter, denoted by the letter "S") is used for issuing a key fob (to an application terminal) and an application IC card, and also for issuing a session key. The application server and the application terminal are connected using a wired network or a wireless network. The application IC card and the application terminal are connected by using a near field communication mode (such as BLE/NFC/infrared).

It is assumed herein that the application server ID (application server code) is SID and S-key card is used. The specific structure of the key area of the application server S key card is shown in fig. 2, and includes a public key pool and a private key pool. The specific structure of the public key pool is shown in fig. 3, and includes a server public key pool and N client public key pools of N clients. The initial position of the server public key pool is Kp0, and the size of the server public key pool is Ks0. The size of the server private key pool is also Ks0. The initial positions of the N client public key pools are Kp1, kp2, \8230;, kpn, and the sizes of the N client private key pools are Ks1, ks2, \8230;, and Ksn, respectively. The size of the key pool varies from 1G to 4096G. The server key numbers are respectively 1-m, the server private key pool is { S1, S2, \8230;, sm }, and the server public key pool is { S1, S2, \8230;, sm }. According to the Diffie-Hellman protocol, a large prime number p and a multiplicative group G with a generator G are defined, G is the primitive root of modulo p, and G and p are parameters of the Diffie-Hellman protocol. The server generates a true random large integer Si (i e {1,2, \8230;, m }) from the matched key fob as its own private key, and obtains the public key Si = gsi mod p (i e {1,2, \8230;, m }) by calculation.

The application server randomly selects three integers of A, B and Z (Z = p) and uses a multiplicative group G with a generator G as an algorithm parameter of online and offline signatures used in the invention (the online and offline Signature method used herein is derived from the reference of On the Fly Authentication and Signature Schemes Based On Groups of Unknown Order). The server will also select a hash function h with an output range within 0, b-1 according to an online-offline algorithm. The online and offline algorithm parameters { A, B, Z, G, G, h } are stored in various types of key fobs or IC cards.

The application client includes an application terminal (hereinafter, the letter "C" denotes an application server) and an application IC card (hereinafter, the letter "M" denotes an application server), the application terminal C is a high-performance device, and the application IC card M is a low-performance device. It is assumed herein that an application terminal ID (application terminal code) is IDC, a C key card is used, an application IC card ID (application IC card code) is IDM, and an M key card is used. The C key fob structure is consistent with the S key fob structure. The specific structure of the M-key card key area is shown in fig. 4, and includes a temporary public key pool/temporary private key pool of the application IC card, a public key pool/private key pool of the application IC card, and a symmetric key pool. The temporary private key number of the application IC card is 1-tn, the temporary private key pool is { M1, M2, \8230; (M) tn }, and the temporary public key pool is { M1, M2, \8230;, mtn }. Temporary private keys (m) o (o E {1,2, \8230;, tn }) of the application IC card are all in the range of [0, A-1]]The random large integer of (m) is calculated to obtain the public key Mo = g (m) o mod p (o is equal to {1,2, \8230;, tn }). The specific structure of the symmetric key pool is shown in fig. 5. Setting the key number of certain IC card client end as 1-n, and the private key of IC card client endThe pool is { C1, C2, \8230;, cn }, and the public key pool of the IC card client is { C1, C2, \8230;, cn }, wherein Cj = g ^cj mod p, j ∈ {1,2, \8230;, n }. The application server, i.e. the key fob issuer, calculates all Kij for the application IC card in a manner of Kij = (Si) ^cj mod p, copy the key field (i.e., the gray area in fig. 5) into the key fob to form a key table.

In one embodiment, the quantum computation resistant energy-saving communication method based on online and offline signatures comprises the following steps:

the second terminal acquires and utilizes the first terminal random number to generate a session code and provides the session code to the application server;

the second terminal acquires the message Msc, the application server random number and the first signature from the application server, verifies the first signature, analyzes the message Msc to obtain a bill after the verification is passed, and sends the session code, the application server random number and the bill to the first terminal;

the method comprises the steps that a first terminal obtains a session code, an application server random number and a bill from a second terminal, a key table in a key fob is looked up according to the application server random number and the first terminal random number in the session code to obtain a key Km, the bill is decrypted by using the key Km to obtain a session key, message authentication is carried out by using the session key, and after the message authentication is passed, a second signature and a third signature are generated by using the first terminal random number and sent to the second terminal;

the second terminal obtains a second signature and a third signature from the first terminal, generates a fourth signature after the third signature is verified, and sends the second signature and the fourth signature to the application server;

and the application server completes key negotiation between the first terminal and the second terminal according to the second signature and the fourth signature from the second terminal.

The first terminal in the embodiment does not use the public key and the private key to perform public-private key algorithm calculation, and only needs to look up a table to obtain the shared key for encrypted communication with the application server, so that the calculation amount is small, the speed is high, energy can be saved for the first terminal, and the battery service time of the first terminal is prolonged.

In one embodiment, the application server is configured with an application server key fob having stored therein a public key pool and a private key pool; the second terminal is configured with a second terminal key fob in which a public key pool and a private key pool are stored; the first terminal is configured with a first terminal key fob, a temporary public key pool, a temporary private key pool, a public key pool, a private key pool and a symmetric key pool are stored in the first terminal key fob, and a key table is stored in the symmetric key pool.

The application server in the embodiment does not need to store a plurality of large-capacity symmetric key pools, only needs to store a plurality of groups of public key pools, and greatly saves the storage space of the application server.

In one embodiment, the obtaining, by the first terminal, the key Km from a key table lookup in the key fob according to the application server random number and the first terminal random number in the session code includes:

In the case where no specific description is given, each name in the present application is subject to a combination of letters and numbers, such as S, application server S, and servers hereinafter mean the same meaning, i.e., application server S; and as the key Km, km hereinafter means the same meaning, i.e. key Km; the rest names are the same. And Km, C and Nc in the expressions of key Km, application terminal C, random number Nc, etc. are only for convenience of distinction and description, and do not additionally limit the parameters themselves, such as S, M in application server S and application IC card M; also as pointer random number rs, rs and Msc in message Msc; the other same principles are adopted.

In the embodiment, the pointer required by table lookup is obtained by using the two random numbers, and the symmetric key can be obtained according to the row and column of the key table corresponding to the pointer, so that the table lookup operation is simple and the speed is high.

In a specific application scenario, for convenience of description, the first terminal is set as an application IC card M, the second terminal is set as an application terminal C, and the application server is set as an application server S.

Example 1

In this embodiment, a process that the second terminal (application terminal C) and the first terminal (application IC card M) perform key agreement through the application server S and perform message authentication in a communication process is taken as an example, and details of the quantum computing energy-saving communication method based on online and offline signature are further described.

Since the present embodiment has a process of negotiating a key for multiple times, in order to simplify the main communication flow, the following details a process of negotiating a key between an application server and an application terminal as an example:

the application server S obtains an application server asymmetric key pointer random number rs and an application terminal asymmetric key pointer random number rc. And obtaining a key Kc according to the application server asymmetric key pointer random number rs and the application terminal asymmetric key pointer random number rc. The process is shown in fig. 6 to 7, and the text is described as follows:

and obtaining an application server private key pointer Ps by combining the application server asymmetric key pointer random number rs with a specific application server asymmetric key pointer function Fs, and extracting an application server private key SKs from an application server private key pool through the application server private key pointer Ps. And obtaining a public key pointer Kss of the application server by adding the private key pointer Ps of the application server and the initial position Ks0 of the public key pool of the application server, and extracting the public key PKs of the application server from the public key pool by the Kss.

And obtaining an application terminal private key pointer Pc by combining the application terminal asymmetric key pointer random number rc with a specific application terminal asymmetric key pointer function Fc, obtaining an application terminal public key pointer Ksc by adding Pc and the initial position KSN of the application terminal public key pool, and extracting the application terminal public key PKc from the public key pool by the application terminal public key pointer Ksc.

Calculation of Kc = (PKc) ^SKs mod p, where PKc is the application terminal public key and SKs is the application server private key.

The application server S communicates with the second terminal (application terminal C) using Kc as a key.

After receiving the application terminal C, the second terminal utilizes the application server private key pointer Ps and the application server public key pool start position Ks0 to obtain an application server public key pointer Ks according to the application server private key pointer Ps and the application terminal private key pointer Pc, extracts the application server public key PKs from the public key pool through the application server public key pointer Ks, extracts the application terminal private key SKc from the application terminal private key pool through the Pc, and calculates to obtain Kc = (PKs) ^SKc mod p。

Specifically, the process of the first terminal (application IC card M and the second terminal (application terminal C)) negotiating the key through the application server S is shown in fig. 8, and the text is described as follows:

1. the first terminal (application IC card M) and the second terminal (application terminal C) transmit key agreement basic information to the application server.

1.1, the first terminal (application IC card M) generates a random number Nm (i.e. a first terminal random number, where Nm is equivalent to the above application terminal asymmetric key pointer random number rc.) from a random number generator in the matched first terminal key fob (M key fob), and the first terminal random number Nm is sent to the second terminal (application terminal C) together with the coded IDM of the first terminal (application IC card M).

1.2, after receiving the first terminal (application terminal C), the second terminal (application terminal C) generates a second terminal random number Nc according to a random number generator in the matched second terminal key fob (C key fob) (where Nc is equivalent to the application terminal asymmetric key pointer random number rc), and sends { IDC | | | Nc | | IDM | | | Nm } to the application server S, where IDC is an application terminal code, nc is a second terminal random number, IDM is a first terminal code, and Nm is a first terminal random number. This message, also as a session code (i.e., session ID) for this key agreement, can be expressed as session code sesssid = IDC | | | Nc | | | IDM | | Nm. Meanwhile, the second terminal (application terminal C) retains the session code sesssid and the second terminal random number Nc.

2. The application server distributes the ticket.

2.1, after receiving the message of the second terminal (application terminal C), the application server S generates an application server random number Ns (where Ns is equivalent to the above application server asymmetric key pointer random number rs.) according to a random number generator in the key fob of the application server S, and also generates a session key Kmc between the first terminal (application IC card M) and the second terminal (application terminal C), and creates a ticket Tm. The bill Tm is encrypted by a key Km, the key Km is calculated and determined by the first terminal random number Nm and the application server random number Ns, the calculation process is the same as the above, and the bill Tm can be expressed as { Kmc | | | IDC | | Nm } Km. The application server S takes the ticket Tm, the session key Kmc, the first terminal code IDM and the second terminal random number Nc as a message Msc. The application server S generates a random number generator in the range 0, A-1 based on the matching random number generator in the application server S key fob]The random number SKSt (A is an integer randomly selected by the application server) in the database is calculated to obtain PKSt = g ^SKSt mod p, p is a defined large prime number p, g is the primitive root modulo p, and g and p are both parameters of the Diffie-Hellman protocol. And the application server S takes out the private key SKSNs from the private key pool according to the random number Ns of the application server. The application server S obtains the first signature (Csc, ysc) by the following calculation.

Csc＝h(Msc,PKSt)

Ysc＝SKSt+Csc×SKSNs

The message mscs and the first signature (Csc, ysc) are encrypted using a key Kc, which is computationally determined from the second terminal random number Nc and the application server random number Ns, in the same manner as described above. The content sent by the application server S to the second terminal (application terminal C) may be represented as sesssid | | Ns | { Msc | | Csc | | | Ysc } Kc.

2.2, after receiving the message, the second terminal (application terminal C) finds out the second terminal random number Nc according to the session coding sesssid, calculates to obtain a secret key Kc by using the second terminal random number Nc and the received application server random number Ns, and decrypts by using the secret key Kc to obtain the message Msc and the first signature message (i.e. the signature of the Msc). And the second terminal (application terminal C) takes out a public key PKSNs from a server public key pool in the public key area public key pool according to the application server random number Ns, verifies the first signature (Csc, ysc) by using the public key PKSNs, calculates the following steps to obtain Csc ', compares the Csc ' with the Csc, if the Csc ' is the same as the Csc, the verification is passed, and otherwise, the signature verification fails.

PKSt’＝gYsc/(PKSNs)Csc

Csc’＝h(Msc,PKSt’)

And after the verification is passed, the message Msc is analyzed to obtain a session key Kmc, and after the second terminal random number Nc in the message Msc is verified to be equal to the second terminal random number Nc stored locally, the session key Kmc is trusted. The session key Kmc is then used to make a message authentication code, which may be denoted as MACcm = MAC (Kmc, nm | | | Nc | | | IDC), for the first terminal random number Nm, the second terminal random number Nc, and the application terminal code IDC. Where MAC (k, m) represents a message authentication code with k as a key and m as a message. And sending the SESSID (N (TM) MACcm) to the application IC card M.

3. And performing message authentication.

3.1, after receiving the request, the first terminal (application IC card M) finds out a first terminal random number Nm according to a session code SESSID, uses the first terminal random number Nm to combine with a specific pointer function to obtain a first terminal private key pointer, uses the received application server random number Ns to combine with the specific pointer function to obtain an application server private key pointer, and uses the first terminal private key pointer and the application server private key pointer to correspond to the rows and columns of a key table to obtain a key Km through table look-up, uses the key Km to decrypt a bill Tm to obtain a session key Kmc, and trusts the session key Kmc after verifying the first terminal random number Nm in the bill Tm and the locally stored first terminal random number Nm. And then calculating MACcm ' for Nm | Nc | I | IDC by using the session key Kmc, comparing the MACcm ' with a message authentication code MACcm, and finishing message authentication if the MACcm ' is equal to the Nm | | | Nc | | | IDC.

After the message authentication code MACcm is verified, the first terminal (application IC card M) calculates the first terminal random number Nm to obtain two numbers Nm1 and Nm2 within the range of [1, M ]. The first terminal (application IC card M) takes out the temporary public keys PKMt1 and PKMt2 from the temporary public key pool of the first terminal (IC card M) respectively according to Nm1 and Nm2, and the first terminal (application IC card M) takes out the temporary private keys SKMt1 and SKMt2 from the temporary private key pool of the IC card respectively according to Nm1 and Nm2. And the first terminal (the application IC card M) respectively takes out private keys SKMNm1 and SKMNm2 from the private key pool of the IC card M according to the Nm1 and the Nm2. And performing a digital signature algorithm on the first terminal random number Nm and the application server random number Ns by using PKMt1, SKMt1 and SKMNm1 to obtain a second signature (Cm, ym).

The digital signature algorithm is described in step 2.1, i.e., cm = h (Nm | | Ns, PKMt 1), ym = SKMt1+ Cm × SKMNm1. Encryption using key Km results in SIGNm = { Cm | | Ym } Km. And performing a digital signature algorithm on the first terminal random number Nm and the second terminal random number Nc by using PKMt2, SKMt2 and SKMNm2 to obtain a third signature (Cmc, ymc).

The digital signature algorithm is described in reference to step 2.1, namely Cmc = h (Nm | | | Nc, PKMt 2), ymc = SKMt2+ Csc × SKMNm2. And obtaining SIGNMc = { Cmc | | Ymc } Kmc by using Kmc encryption, and sending SESSID | | | SIGNM | | | SIGNMc to the application terminal C.

3.2, after receiving the message, the second terminal (application terminal C) decrypts SIGNMc by using the session key Kmc to obtain (Cmc, ymc), the second terminal (application terminal C) calculates according to the first terminal random number Nm to obtain Nm1 and Nm2, and takes out the public key PKMNm2 of the application IC card from the key fob public key pool. The third signature (Cmc, ymc) is digitally signed and verified using PKMNm2 in the manner described with reference to step 2.2.

After the verification is passed, the second terminal (application terminal C) generates a random number SKCt in the range [0, a-1] according to the random number generator in the matched C key fob and calculates to obtain PKCt = gSKCt mod p. And the application terminal C takes the self private key SKCNc from the private key pool according to the Nc. And performing a digital signature algorithm on the Nc and the Ns by using the PKCt, the SKCt and the SKCNc to obtain a fourth signature (Cc, yc). The digital signature algorithm is described in step 2.1, namely Cc = h (Nc | | Ns, PKCt), yc = SKCt + Cc × SKCNc. Using Kc encryption yields SIGNc = { Cc | | Yc } Kc.

And 3.3, after receiving the signature, the application server S uses the public keys of the second terminal (the application terminal C) and the first terminal (the application IC card M) to verify the digital signatures of SIGNC and SIGNM, and the verification mode refers to the step 2.2.

After the verification is passed, the key agreement between the first terminal (application IC card M) and the second terminal (application terminal C) is completed, and the event is recorded in a log for later audit.

In the anti-quantum-computation energy-saving communication method based on the online and offline signature, the technical characteristics are reasonably deduced, so that the beneficial effect of solving the technical problems in the background technology is achieved. The present embodiment may be regarded as directed to the respective embodiments described above with respect to each step, and may also be regarded as a combination of the respective embodiments described above with respect to all steps.

In order to facilitate understanding of the quantum computation-resistant energy-saving communication method based on online and offline signatures, a single-side party in the communication process is taken as a main body for description.

In one embodiment, the quantum computation resistant energy-saving communication method based on online and offline signatures is implemented in a first terminal and comprises the following steps:

obtaining a session code, a bill and an application server random number from a second terminal, looking up a key table in a key fob according to the application server random number and a first terminal random number in the session code to obtain a key Km, decrypting the bill by using the key Km to obtain a session key, and performing message authentication by using the session key; the bill is obtained by the second terminal by analyzing the message Msc after the first signature is verified; the first signature is generated by an application server, the bill is a ciphertext containing a session key, the bill is obtained by the application server according to the session code, and the message Msc is generated by the application server according to the bill;

and after the message authentication is passed, generating a second signature and a third signature by using the first terminal random number, and sending the second signature and the third signature to the second terminal, wherein the third signature is used for the second terminal to generate a fourth signature after being verified, and the second signature and the fourth signature are used for an application server to verify so as to complete key agreement between the first terminal and the second terminal.

In one embodiment, the quantum computation resistant energy-saving communication method based on online and offline signatures is implemented in a second terminal and comprises the following steps:

obtaining a first terminal random number from a first terminal;

sending a session code, a bill and an application server random number to a first terminal, wherein the session code is used for the first terminal to obtain the first terminal random number, the first terminal random number and the application server random number are used for the first terminal to look up a key table in a key fob to obtain a key Km, the key Km is used for the first terminal to decrypt the bill to obtain a session key, and the session key is used for the first terminal to perform message authentication;

In an embodiment, the quantum computation resistant energy-saving communication method based on online and offline signatures is implemented in an application server and comprises the following steps:

acquiring a second signature and a fourth signature from the second terminal to complete key agreement between the first terminal and the second terminal; the second signature is generated by the first terminal according to the first terminal random number, the fourth signature is generated by the second terminal after the third signature passes verification, and the third signature is generated by the first terminal according to the first terminal random number.

The definition of the flow executed by taking each single side as the main body can refer to the definition of the flow executed in sequence, and is not described herein again.

Key fobs are identity authentication and encryption/decryption products that combine cryptographic techniques, hardware security isolation techniques, quantum physics techniques (with quantum random number generators). The embedded chip and operating system of the key fob may provide secure storage of keys and cryptographic algorithms, among other functions. Due to its independent data processing capabilities and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob can be protected by a hardware PIN code, and the PIN code and hardware constitute two essential factors for a user to use the key fob, so-called "two-factor authentication", and a user can log in the system only by simultaneously acquiring the key fob and the user PIN code which store relevant authentication information. Even if the PIN code of the user is leaked, the identity of the legal user cannot be counterfeited as long as the key fob held by the user is not stolen; if the key card of the user is lost, the finder can not imitate the identity of the legal user because the user PIN code is not known. In short, the key fob prevents confidential information such as keys from appearing in the form of plaintext on the disk and memory of the host, thereby effectively ensuring the security of the confidential information.

The members of the application system are all provided with key fobs, and the key fobs are independent hardware devices for storing the keys, so that the possibility of stealing the keys by malicious software or malicious operations is greatly reduced. Meanwhile, each member extracts the public key of the required application system member by combining the random number with the asymmetric key pool, and the public key of the application system member is stored in the key fob, so that the quantum computer is ensured not to obtain the user public key and further not to obtain the corresponding private key, and the risk of cracking by the quantum computer is reduced.

The low-power consumption application IC card does not use public key and private key to calculate public and private key algorithm, only needs table look-up to obtain the shared key in encrypted communication with the application server, and in addition, the signature process adopts an online and offline signature method assisted by a temporary key pool, and the signature can be obtained only through look-up and a small amount of calculation. Therefore, the scheme has small calculated amount and high speed; and can save energy and prolong the battery service time of the application IC card using the battery.

The application server as a communication center does not need to store a plurality of large-capacity symmetric key pools, only needs to store a plurality of groups of public key pools, and greatly saves the storage space of the application server. According to the embodiment, when the application server adds the Nth application terminal, according to the symmetric key pool method, the key quantity which is the same as that of the Nth application terminal needs to be added and stored originally, namely m x N; now, only the amount of the key of the public key pool corresponding to the Nth application terminal needs to be added, namely N, the amount of the newly added key is greatly reduced. The above-described embodiments thus provide a significant savings in storage space for the application server.

In an embodiment, the present application further provides a computer device, where the computer device may be a first terminal device, a second terminal device, or an application server device, and the computer device includes a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the online and offline signature-based quantum computation immunity energy-saving communication method when executing the computer program.

For specific limitations of the computer device, reference may be made to the above limitations of the quantum computing energy-saving communication method, which are not described herein again. The various modules in the computer device described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.

The computer device may be a terminal whose internal structure may include a processor, a memory, a network interface, a display screen, and an input device connected through a system bus. Wherein the processor of the computer device is used to provide computing and control capabilities. The memory of each device includes a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to realize the anti-quantum computing energy-saving communication method based on the online and offline signature. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on a shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.

In another embodiment, an anti-quantum computing energy-saving communication system based on online and offline signatures is provided, which comprises a first terminal, a second terminal, an application server and a communication network; the application server is configured with an application server key fob in which a public key pool and a private key pool are stored; the second terminal is configured with a second terminal key fob in which a public key pool and a private key pool are stored; the first terminal is configured with a first terminal key fob, a temporary public key pool, a temporary private key pool, a public key pool, a private key pool and a symmetric key pool are stored in the first terminal key fob, and a key table is stored in the symmetric key pool;

For specific limitations of the quantum computing power saving communication system based on the online and offline signature, reference may be made to the above limitations of the quantum computing power saving communication method based on the online and offline signature, and details are not repeated here.

The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims

1. The energy-saving communication method based on online and offline signature is implemented in a first terminal, and is characterized by comprising the following steps:

the application server is configured with an application server key fob in which a public key pool and a private key pool are stored; the second terminal is configured with a second terminal key fob in which a public key pool and a private key pool are stored; the first terminal is configured with a first terminal key fob, a temporary public key pool, a temporary private key pool, a public key pool, a private key pool and a symmetric key pool are stored in the first terminal key fob, and a key table is stored in the symmetric key pool;

the first terminal has a first terminal code, and the second terminal generates a second terminal random number;

obtaining a session code, a bill and an application server random number from a second terminal, and looking up a key table in a key fob according to the application server random number and a first terminal random number in the session code to obtain a key Km;

the way to obtain the key Km includes: obtaining a first terminal random number according to session coding, simultaneously extracting an application server random number, and combining the first terminal random number and the application server random number with a pointer function respectively to obtain a first terminal private key pointer and an application server private key pointer, wherein the first terminal private key pointer and the application server private key pointer correspond to rows and columns of the key table so as to obtain a key Km;

decrypting the bill by using the key Km to obtain a session key, and performing message authentication by using the session key; the bill is obtained by the second terminal after verifying the first signature and analyzing the message Msc, and the application server takes the bill, the session key, the first terminal code and the second terminal random number as the message Msc;

the first signature is generated by an application server, the bill is a ciphertext containing a session key, the bill is obtained by the application server according to the session code, and the message Msc is generated by the application server according to the bill;

the first signature is (Csc, ysc), csc = h (Msc, PKSt), ysc = SKSt + Csc × SKSNs, where h is a hash function, msc is a message, PKSt = g ^SKSt mod p, p is a defined large prime number p, g is the primitive root modulo p, SKSt is the range [0, A-1] for the application server's key fob generation]The method comprises the following steps that A is an integer randomly selected by an application server, and SKSNs is a private key taken out from a private key pool by the application server according to the random number of the application server;

after the message authentication is passed, generating a second signature and a third signature by using the random number of the first terminal, and sending the second signature and the third signature to the second terminal, wherein the third signature is used for the second terminal to generate a fourth signature after the second terminal passes the verification, and the second signature and the fourth signature are used for the application server to verify so as to complete the key agreement between the first terminal and the second terminal;

the second signature is obtained by carrying out a digital signature algorithm on the first terminal random number and the application server random number by using PKMt1, SKMt1 and SKMNm 1;

the third signature is obtained by performing a digital signature algorithm on the first terminal random number and the second terminal random number by using PKMt2, SKMt2 and SKMNm 2;

the method comprises the following steps that PKMt1 and PKMt2 are temporary public keys which are respectively taken out from a temporary public key pool of a first terminal by the first terminal according to Nm1 and Nm2, SKMNm1 and SKMt2 are private keys which are taken out from a private key pool of the first terminal by the first terminal according to Nm1 and Nm2, nm1 and Nm2 are two numbers which are obtained by calculating random numbers of the first terminal by the first terminal and are in a range of [1, m ], and m is a secret key number;

and the fourth signature is obtained by performing a digital signature algorithm on the second terminal random number and the application server random number by using PKCt, SKCt and SKCNc, wherein the PKCt = gSKCt mod p, and the SKCt is the random number generated by the second terminal and in the range of [0, A-1 ].

2. The energy-saving communication method based on the online and offline signature is implemented in the second terminal, and is characterized by comprising the following steps:

acquiring a first terminal random number from a first terminal;

the first terminal is provided with a first terminal code and generates a first terminal random number, the second terminal generates a second terminal random number, and the application server takes the bill, the session key, the first terminal code and the second terminal random number as a message Msc;

sending a session code, a bill and an application server random number to a first terminal, wherein the session code is used for the first terminal to obtain the first terminal random number, and the first terminal random number and the application server random number are used for the first terminal to obtain a key Km by looking up a key table in a key fob;

the key Km is used for the first terminal to decrypt the bill to obtain a session key, and the session key is used for the first terminal to perform message authentication;

sending a second signature and the fourth signature to an application server, wherein the second signature and the fourth signature are used for the application server to verify so as to complete key agreement between the first terminal and the second terminal;

the first signature is (Csc, ysc), csc = h (Msc, PKSt), ysc = SKSt + Csc SKSNs, where h is a hash function, msc is a message, PKSt = g SKSt mod p, p is a defined large prime number p, g is an original root of modulo p, SKSt is a random number within a range [0, a-1] generated by a key card of an application server, a is an integer randomly selected by the application server, and SKSNs is a private key taken out of a private key pool by the application server according to the random number of the application server;

and the fourth signature is obtained by performing a digital signature algorithm on the second terminal random number and the application server random number by using PKCt, SKCt and SKCNc, wherein PKCt = gSKCt mod p, and SKCt is the random number generated by the second terminal and in the range of [0, A-1 ].

3. The energy-saving communication method based on online and offline signature is implemented in an application server, and is characterized by comprising the following steps:

obtaining a session code from a second terminal, wherein the session code is generated by the second terminal according to a random number of the first terminal;

the first terminal has a first terminal code and generates a first terminal random number, and the second terminal generates a second terminal random number;

generating a bill according to the session code, obtaining a message Msc by the bill, and taking the bill, the session key, the first terminal code and the second terminal random number as the message Msc by the application server;

the application server generates a first signature and sends the first signature and the message Msc to a second terminal;

the first signature is (Csc, ysc), csc = h (Msc, PKSt), ysc = SKSt + Csc × SKSNs, where h is a hash function, msc is a message, PKSt = g ^SKSt mod p, p is a large prime number defined, g is the primitive root of modulo p, SKSt is the range for key-card generation by the application server [0, A-1]Random number of innerA is an integer randomly selected by the application server, and SKSNs is a private key taken out from a private key pool by the application server according to the random number of the application server;

the bill is a ciphertext containing a session key, the first signature is used for the second terminal to verify, the message Msc is used for the second terminal to analyze after verifying the first signature and obtain the bill, the session code is used for the first terminal to obtain a first terminal random number, and the first terminal random number is used for the first terminal to look up a key table in a key fob to obtain a key Km;

acquiring a second signature and a fourth signature from the second terminal to complete key agreement between the first terminal and the second terminal; the second signature is generated by the first terminal according to the first terminal random number, the fourth signature is generated by the second terminal after the third signature is verified by the second terminal, and the third signature is generated by the first terminal according to the first terminal random number;

4. The energy-saving communication method based on the online and offline signature is characterized by comprising the following steps:

the second terminal generates a second terminal random number;

the application server acquires and generates a bill according to the session code, the bill obtains a message Msc, and the application server takes the bill, the session key, the first terminal code and the second terminal random number as the message Msc;

the application server generates a first signature and an application server random number, wherein the first signature is (Csc, ysc), csc = h (Msc, PKSt), ysc = SKSt + Csc × SKSNs, where h is a hash function, mscs is a message, PKSt = g ^SKSt mod p, p is a defined large prime number p, g is the primitive root modulo p, SKSt is the range [0, A-1] for the application server's key fob generation]The random number in the application server, A is an integer randomly selected by the application server, and SKSNs is the random number according to the application serverA private key taken out of the private key pool by using a server random number;

sending the first signature, the random number of the application server and the message Msc to a second terminal, wherein the bill is a ciphertext containing a session key;

the application server completes key negotiation between the first terminal and the second terminal according to the second signature and the fourth signature from the second terminal;

the method comprises the steps that PKMt1 and PKMt2 are temporary public keys which are respectively taken out from a temporary public key pool of a first terminal by the first terminal according to Nm1 and Nm2, SKMNm1 and SKMt2 are private keys which are taken out from a private key pool of the first terminal by the first terminal according to Nm1 and Nm2, nm1 and Nm2 are two numbers which are within a range of [1, m ] and are obtained by calculating random numbers of the first terminal by the first terminal, and m is a key number;

5. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program performs the steps of the online offline signature-based energy-saving communication method according to any one of claims 1 to 3.