CN110417553B - Multi-party secret communication method and device and user terminal - Google Patents
Multi-party secret communication method and device and user terminal Download PDFInfo
- Publication number
- CN110417553B CN110417553B CN201910728424.2A CN201910728424A CN110417553B CN 110417553 B CN110417553 B CN 110417553B CN 201910728424 A CN201910728424 A CN 201910728424A CN 110417553 B CN110417553 B CN 110417553B
- Authority
- CN
- China
- Prior art keywords
- communication
- key
- party
- user terminal
- shared
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Abstract
The invention provides a multi-party secret communication method, a device and a user terminal, which relate to the technical field of communication, and the method comprises the following steps: when an establishment request of a multi-party shared secret key is obtained, obtaining identifiers of a plurality of communication objects corresponding to the establishment request, a public key of each communication object and two-party shared secret keys between every two communication objects; calculating to obtain a two-party shared secret key between the user terminal and each communication object according to a private key locally stored by the user terminal and a public key of each communication object; determining a multi-party shared key according to two-party shared keys between the user terminal and each communication object and two-party shared keys between every two communication objects; and respectively carrying out secret communication with each communication object based on the multi-party shared secret key and the identification of each communication object. Therefore, under the condition of not revealing the private key of the user terminal, secret communication between the user terminal and a plurality of communication objects is realized by establishing the multi-party shared secret key, and the requirement of multi-party secret communication is relieved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a multiparty secure communication method, apparatus, and user terminal.
Background
With the development of the blockchain, applications based on the blockchain are developed vigorously, and users using blockchain network applications pay more and more attention to protecting their privacy. The current block chain usually uses an asymmetric encryption algorithm to encrypt data information of a user, each user on the block chain has a pair of public and private keys, the private key is reserved by the user, and the public key is published on the block chain and used as an address of the user.
Communication of users on the blockchain may be performed using public-private key encryption mechanisms. For example, when the user a sends a message to the user B, the user a encrypts the message using the public key of the user B, and after receiving the ciphertext, the user B decrypts the ciphertext using the public key of the user B. The ciphertext encrypted by using the public key of the user B can be decrypted only by using the private key of the user B, so that the communication safety is ensured.
With the development of the application of the blockchain network, multi-user communication becomes possible, and the requirement for encrypting communication among multiple users becomes stronger and stronger. However, at present, only two-party key exchange mechanisms are used for secure communication, and three or more parties are lacking.
Disclosure of Invention
The invention aims to provide a multiparty secret communication method, a device and a user terminal so as to relieve the requirement of multiparty secret communication.
The invention provides a multi-party secret communication method, which is applied to a user terminal and comprises the following steps:
when an establishment request of a multi-party shared key is obtained, object information corresponding to the establishment request is obtained; the object information comprises identifications of a plurality of communication objects, a public key of each communication object and two-party shared secret keys between every two communication objects;
calculating to obtain a two-party shared secret key between the user terminal and each communication object according to a private key locally stored by the user terminal and the public key of each communication object;
determining a multi-party shared key according to the two-party shared key between the user terminal and each communication object and the two-party shared key between every two communication objects;
and respectively carrying out secret communication with each communication object based on the multi-party shared secret key and the identification of each communication object.
Further, when the establishment request of the multi-party shared key is obtained, obtaining object information corresponding to the establishment request includes:
when receiving a building request of a multiparty shared secret key triggered by a user, analyzing the building request to obtain identifiers of a plurality of communication objects, and acquiring a public key of each communication object from a block chain where a user terminal is located based on the identifier of each communication object; respectively sending the establishment request to each communication object, and receiving first shared key information returned by each communication object; and analyzing two parties sharing keys between every two communication objects from the first sharing key information.
Further, when the establishment request of the multi-party shared key is obtained, obtaining object information corresponding to the establishment request includes:
when an establishment request of a multi-party shared secret key sent by one communication object is received, analyzing the establishment request to obtain the identifiers of the plurality of communication objects, and acquiring the public key of each communication object from a block chain where the user terminal is located based on the identifier of each communication object; receiving first shared secret key information sent by each communication object; and analyzing two parties sharing keys between every two communication objects from the first sharing key information.
Further, the parsing out the two-party shared key between each two communication objects from each first shared key information includes:
and if the first shared secret key information is obtained by encrypting by using the public key of the user terminal, respectively analyzing the first shared secret key information by using the private key of the user terminal to obtain two-party shared secret keys between every two communication objects.
Further, the calculating, according to a private key locally stored in the user terminal and a public key of each communication object, a two-party shared key between the user terminal and each communication object includes:
and respectively performing linear multiplication operation of an asymmetric encryption algorithm on the private key locally stored by the user terminal and the public key of each communication object to obtain a two-party shared secret key between the user terminal and each communication object.
Further, the plurality of communication objects comprise a first object and a second object, and the two-party shared key between each two communication objects comprises a first shared key between the first object and the second object sent by the first object and a second shared key between the first object and the second object sent by the second object;
the determining a multi-party shared key according to the two-party shared key between the user terminal and each communication object and the two-party shared key between each two communication objects includes:
determining whether the first shared secret key and the second shared secret key are the same; if so, performing addition operation of an asymmetric encryption algorithm on the two-party shared key between the user terminal and the first object, the two-party shared key between the user terminal and the second object, and the first shared key to obtain a three-party shared key.
Further, after obtaining the two-party shared key between the user terminal and each communication object by calculation according to the private key locally stored in the user terminal and the public key of each communication object, the method further includes:
respectively sending second shared key information to each communication object so that each communication object obtains the multi-party shared key based on the second shared key information; wherein the second shared key information includes a two-party shared key between the user terminal and each of the communication partners.
Further, the sending the second shared key information to each of the communication partners includes:
for each communication object, encrypting a two-party shared key between the user terminal and other communication objects except the communication object in the plurality of communication objects by using a public key of the communication object to obtain second shared key information; and sending the second shared secret key information to the communication object.
The invention provides a multi-party secret communication device, which is applied to a user terminal and comprises:
the device comprises an acquisition module, a sending module and a receiving module, wherein the acquisition module is used for acquiring object information corresponding to an establishment request when the establishment request of a multi-party shared secret key is acquired; the object information comprises identifications of a plurality of communication objects, a public key of each communication object and a two-party shared secret key between every two communication objects;
the computing module is used for computing a two-party shared secret key between the user terminal and each communication object according to a private key locally stored by the user terminal and a public key of each communication object;
a determining module, configured to determine a multiparty shared key according to two-party shared keys between the user terminal and each of the communication objects and two-party shared keys between each two communication objects;
and the communication module is used for carrying out secret communication with each communication object respectively based on the multi-party shared secret key and the identification of each communication object.
The invention provides a user terminal, which comprises a memory and a processor, wherein a computer program capable of running on the processor is stored in the memory, and the processor executes the computer program to realize the multi-party secure communication method.
In the multi-party secret communication method, the device and the user terminal provided by the invention, the method comprises the following steps: when an establishment request of a multi-party shared key is obtained, object information corresponding to the establishment request is obtained; the object information comprises the identifications of a plurality of communication objects, the public key of each communication object and a two-party shared secret key between every two communication objects; according to a private key locally stored by the user terminal and the public key of each communication object, calculating to obtain a two-party shared secret key between the user terminal and each communication object; determining a multi-party shared secret key according to two-party shared secret keys between the user terminal and each communication object and two-party shared secret keys between each two communication objects; and respectively carrying out secret communication with each communication object based on the multi-party shared secret key and the identification of each communication object. Therefore, under the condition of not revealing the private key of the user terminal, secret communication between the user terminal and a plurality of communication objects is realized by establishing the multi-party shared secret key, and the requirement of multi-party secret communication is relieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram of an application environment of a multi-party secure communication method according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for secure multi-party communications according to an embodiment of the present invention;
FIG. 3 is a flow chart of another multiparty secure communication method according to an embodiment of the present invention;
FIG. 4 is a flow chart illustrating another multi-party secure communication method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram illustrating a scenario of three-party user interaction in a multi-party secure communication method according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a multi-party secure communications device according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of another multi-party secure communication device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a user terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be apparent that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
The blockchain network encrypts data information using an asymmetric encryption algorithm, and communications between users using blockchain network applications are generally encrypted using a public key and decrypted using a private key. A two-party key exchange mechanism, such as a Diffie-Hellman (DH) key exchange mechanism, refers to a mechanism in which two users can create a private key shared by both parties by exchanging their respective public keys (i.e., a shared key of both parties), thereby implementing a private key exchange mechanism. Then, the two parties can encrypt and decrypt the message by sharing the secret key by the two parties, so that the purpose of protecting the data of the two users is achieved. The two-party secret key exchange mechanism is based on a public-private key mechanism, and realizes the distribution of the two-party shared secret key on the basis of not revealing the private key of any party.
With the development of the application of the blockchain network, communication scenes among users are more and more abundant, and sometimes, a private key is shared by three parties to carry out a scene of encrypting communication in pairs among the three parties. Based on this, the multiparty secret communication method, the apparatus and the user terminal provided by the embodiment of the present invention design a multiparty secret key exchange mechanism based on two-party secret key exchange mechanism, so that on the basis that multiparty does not reveal their own private keys, multiparty can share one private key (i.e. multiparty shared secret key) by exchanging their own public keys, and further secret communication among multiparty can be realized based on the multiparty shared secret key.
For the understanding of the present embodiment, a multi-party secure communication method disclosed in the embodiment of the present invention will be described in detail first.
Referring to fig. 1, a schematic diagram of an application environment of a multi-party secure communication method is shown, in an embodiment of the multi-party secure communication method provided by the present invention, the application environment of the method includes: user A, user B and user C using blockchain network application, and a server cluster in which a public key set is stored in a blockchain. At least 10 hosts deploy a complete blockchain (redundancy of the blockchain is ensured, so that the blockchain is not easy to be broken by hackers), and the internet of things nodes in the server cluster store public keys of all users.
In the above application environment, when the three users need to perform secure communication, a three-party shared key needs to be created first, and then the secure communication between the three users is performed based on the three-party shared key. When the three-party shared key is created, firstly, the three parties acquire public keys of other users from the block chain, then, the two-party shared key is calculated according to respective private keys and the public keys of the other users, then, the corresponding two-party shared key is sent to the other users, finally, each user can obtain three different two-party shared keys, and the three-party shared key is obtained based on the three two-party shared keys.
As shown in fig. 1, assuming that private keys of user a, user B, and user C are nA, nB, and nC, respectively, their public keys are PA = nA × G, PB = nB × G, and PC = nC × G, respectively, where G is a point on an elliptic curve. nA × G represents linear multiplication of an elliptic curve, which is also called multiplication by an elliptic curve encryption mechanism. Based on the discrete logarithmic nature of the elliptic curve, nA is difficult to derive from PA and G. When the three-party shared key is created, the user A calculates the two-party shared key PAB = nA × PB and PAC = nA × PC, sends PAB to the user C and sends PAC to the user B; here, PAB indicates a two-party shared key between the user a and the user B, and PAC indicates a two-party shared key between the user a and the user C. Similar to the user A, the user B calculates to obtain the PAB and the PBC, sends the PAB to the user C and sends the PBC to the user A; and the user C calculates the PAC and the PBC, sends the PAC to the user B and sends the PBC to the user A. Finally, each user gets PAB, PAC and PBC, and may calculate the three-way shared key K = PAB + PAC + PBC. At the moment, any one of the three parties can take the three-party shared secret key without revealing the private key of the party, and the three-party shared secret key cannot be indirectly acquired by the outside through the public key.
It should be noted that, in this embodiment, the method is directed to three users, and the public-private key system adopts an elliptic curve cryptography algorithm, but the scope of the present invention is not limited thereto, and the method may be applied to four, five, or more users, and the public-private key system may adopt other asymmetric cryptography algorithms, as required. In addition, the present invention is not limited to a specific calculation method of the two-party shared key (for example, PAB = nA × PB) and a specific calculation method of the three-party shared key (for example, K = PAB + PAC + PBC).
Fig. 2 is a flowchart illustrating a method for secure multi-party communication according to an embodiment of the present invention, where the method can be executed by a user terminal corresponding to any one of the users in fig. 1. As shown in fig. 2, the multiparty secure communication method includes the following steps:
step S202, when an establishment request of a multi-party shared key is obtained, object information corresponding to the establishment request is obtained; the object information includes the identifications of a plurality of communication objects, the public key of each communication object and the two-party shared secret key between each two communication objects.
The establishment request may be triggered by the user at the ue, or may be sent by a communication object (other ue) of the ue.
Step S204, according to the private key locally stored by the user terminal and the public key of each communication object, calculating to obtain a two-party shared secret key between the user terminal and each communication object.
The existing two-party key exchange mechanism can be adopted when the two-party shared key is calculated. Optionally, based on a DH key exchange mechanism, linear multiplication of an asymmetric encryption algorithm may be performed on a private key locally stored in the user terminal and a public key of each communication object, respectively, to obtain a two-party shared key between the user terminal and each communication object. The asymmetric encryption algorithm may be, but is not limited to, an elliptic curve encryption algorithm.
Because the public-private key system adopts an asymmetric encryption algorithm, and linear multiplication of the asymmetric encryption algorithm is adopted when the shared secret keys of the two parties are calculated, the shared secret keys of the two parties obtained based on the private key of one party and the public key of the other party cannot be decrypted to obtain the private key of the two parties, and the private keys of the parties cannot be revealed when the multi-party shared secret key is subsequently established.
Step S206, determining a multi-party shared key according to the two-party shared key between the ue and each communication object and the two-party shared key between each two communication objects.
Optionally, the multiple communication objects include a first object and a second object, and the two parties of each two communication objects share a key, including a first shared key between the first object and the second object sent by the first object and a second shared key between the first object and the second object sent by the second object. Based on this, in some possible embodiments, the step S206 includes: judging whether the first shared secret key and the second shared secret key are the same; if so, performing addition operation of an asymmetric encryption algorithm on the two-party shared key between the user terminal and the first object, the two-party shared key between the user terminal and the second object and the first shared key to obtain a three-party shared key; if not, the two parties between the first object and the second object share the invalid secret key, and the process is ended. The asymmetric encryption algorithm may be, but is not limited to, an elliptic curve encryption algorithm, and may define that an addition P + Q of two points on an elliptic curve is a vector sum of the two points P and Q, for example, if a coordinate of the point P is (P1, P2), and a coordinate of the point Q is (Q1, Q2), then P + Q = (P1 + Q1, P2+ Q2); that is, the addition operation may be, but is not limited to, defined as calculating a vector sum of the respective two-party shared keys. The calculation method of the multi-party shared secret key is simple and easy to calculate.
Taking fig. 1 as an example, the user a receives the PBC sent by the user B and the user C at the same time, so the validity of the PBC can be verified by determining whether the values of the two PBC are equal, and only when the PBC is valid, the user a calculates the tripartite shared key K = PAB + PAC + PBC.
It should be noted that, when the number of the communication destinations is greater than or equal to 2, for any two communication destinations, the ue receives the two-party shared key between the two communication destinations, and can distinguish whether the two-party shared key is tampered by comparing whether the two-party shared key is the same. In addition, when calculating the three-party shared key, the protection scope of the present invention is not limited to directly adding each two-party shared key, and in other embodiments, each two-party shared key may be multiplied by a predetermined corresponding parameter (that is, each two-party shared key and the predetermined corresponding parameter are linearly multiplied), and then each product result may be added.
Step S208, the secret communication is respectively carried out with each communication object based on the multi-party shared secret key and the identification of each communication object.
The user terminal can communicate with the corresponding communication object based on the identification of the communication object, and related data during communication are encrypted and decrypted by adopting a multi-party shared secret key, so that secret communication between the user terminal and the plurality of communication objects is realized.
In the embodiment of the invention, the method comprises the following steps: when an establishment request of a multi-party shared secret key is acquired, acquiring object information corresponding to the establishment request; the object information comprises the identifications of a plurality of communication objects, the public key of each communication object and a two-party shared secret key between every two communication objects; calculating to obtain a two-party shared secret key between the user terminal and each communication object according to a private key locally stored by the user terminal and a public key of each communication object; determining a multi-party shared secret key according to two-party shared secret keys between the user terminal and each communication object and two-party shared secret keys between each two communication objects; and respectively carrying out secret communication with each communication object based on the multi-party shared secret key and the identification of each communication object. Therefore, under the condition of not revealing the private key of the user terminal, the secret communication between the user terminal and a plurality of communication objects is realized by establishing the multi-party shared secret key, and the requirement of multi-party secret communication is relieved.
The present embodiment provides a specific implementation of a multiparty secure communication method in which the establishment request is triggered by the user at the user terminal. Referring to fig. 3, a flow chart of a multiparty secure communication method is shown, which comprises the following steps:
step S302, when receiving a request for establishing a multiparty shared key triggered by a user, parsing the request for establishing to obtain identifiers of a plurality of communication objects.
And step S304, acquiring the public key of each communication object from the block chain where the user terminal is located based on the identification of each communication object.
Step S306, the above establishment request is sent to each communication partner.
Step S308, receiving the first shared key information returned by each communication object.
In step S310, two-party shared keys between two communication objects are analyzed from the first shared key information.
Specifically, if each piece of first shared key information is obtained by encrypting with the public key of the user terminal, each piece of first shared key information is analyzed with the private key of the user terminal, so as to obtain two-party shared keys between each two communication objects. In this way, when the first shared key information is intercepted by others, information leakage can be prevented.
Step S312, calculating to obtain the two-party shared key between the user terminal and each communication object according to the private key locally stored in the user terminal and the public key of each communication object.
Step S314, respectively sending second shared key information to each communication object, so that each communication object obtains a multiparty shared key based on the second shared key information; the second shared key information includes two-party shared keys between the user terminal and each communication object.
Optionally, for each communication object, encrypting a two-party shared key between the user terminal and another communication object except the communication object in the plurality of communication objects by using the public key of the communication object to obtain second shared key information; and sending the second shared key information to the communication object. In this way, when the first shared key information is intercepted by others, information leakage can be prevented.
Step S316, determining a multi-party shared key according to the two-party shared key between the ue and each communication object and the two-party shared key between each two communication objects.
Step S318, performing secret communication with each communication object respectively based on the multi-party shared key and the identifier of each communication object.
It should be noted that step S304 may be located at any position between step S302 and step S312; step S306, step S308 and step S310 keep the above-mentioned execution sequence, but the three may be located at any position between step S302 and step S316; step S314 may be located anywhere between step S312 and step S318.
The embodiment also provides a specific implementation manner of the multi-party secret communication method, wherein the establishment request is sent by a communication object of the user terminal. Referring to fig. 4, a flow chart of a multiparty secure communication method is shown, which comprises the following steps:
step S402, when receiving a request for establishing a multi-party shared key sent by a communication object, parsing the request for establishing to obtain identifiers of a plurality of communication objects.
Step S404, based on the identification of each communication object, the public key of each communication object is obtained from the block chain where the user terminal is located.
In step S406, the first shared key information sent by each communication partner is received.
In step S408, the two-party shared key between each two communication objects is analyzed from each first shared key information.
For details, reference may be made to corresponding contents of the foregoing step S310, which is not described herein again.
Step S410, calculating to obtain a two-party shared key between the user terminal and each communication object according to the private key locally stored in the user terminal and the public key of each communication object.
Step S412, respectively sending second shared key information to each communication object, so that each communication object obtains a multiparty shared key based on the second shared key information; the second shared key information includes two-party shared keys between the user terminal and each communication object.
For details, reference may be made to corresponding contents of the foregoing step S314, which is not described herein again.
Step S414, determining a multi-party shared key according to the two-party shared key between the ue and each communication object and the two-party shared key between each two communication objects.
Step S416, performing secret communication with each communication object based on the multi-party shared key and the identifier of each communication object.
It should be noted that step S404 may be located at any position between step S402 and step S410; step S406 and step S408 keep the above-mentioned sequential execution order, but both may be located at any position between step S402 and step S414; step S412 may be located anywhere between step S410 and step S416.
For convenience of understanding, referring to fig. 5, taking a user terminal as a user a, and the user a initiates establishment of a three-way shared key to a user B and a user C, an exemplary description is made of a user interaction process of the above method:
(1) respectively applying for establishing a three-party shared secret key to a user B and a user C;
(2) respectively issuing two-party shared secret keys to a user B and a user C;
(3) respectively receiving two parties of shared secret keys sent by a user B and a user C;
(4) calculating a three-party shared key K according to two-party shared keys among the three parties;
(5) the communication message with user B or user C is decrypted using K encryption.
The embodiment of the invention is based on a two-party secret key exchange mechanism, realizes that three parties share one private key (namely, the three parties share the secret key), can ensure that the private key of the three parties cannot be revealed by the three parties, and cannot allow the outside to obtain the three-party shared secret key through a public key, thereby realizing the secret communication between every two parties in the three parties.
The embodiment of the invention also provides a multi-party secure communication device, which is applied to a user terminal and is mainly used for executing the multi-party secure communication method provided by the embodiment of the invention.
Referring to fig. 6, a schematic diagram of a multi-party secure communication device is shown, the device including:
an obtaining module 62, configured to obtain object information corresponding to an establishment request when the establishment request of the multiparty shared key is obtained; the object information comprises the identifications of a plurality of communication objects, the public key of each communication object and a two-party shared secret key between every two communication objects;
the calculation module 64 is configured to calculate, according to a private key locally stored in the user terminal and a public key of each communication object, a two-party shared key between the user terminal and each communication object;
a determining module 66, configured to determine a multi-party shared key according to two-party shared keys between the user terminal and each communication object and two-party shared keys between each two communication objects;
and the communication module 68 is used for carrying out secret communication with each communication object respectively based on the multi-party shared secret key and the identification of each communication object.
In the embodiment of the present invention, when acquiring an establishment request of a multiparty shared key, the acquiring module 62 acquires object information corresponding to the establishment request; the object information comprises the identifications of a plurality of communication objects, the public key of each communication object and a two-party shared secret key between every two communication objects; the calculation module 64 calculates a two-party shared key between the user terminal and each communication object according to a private key locally stored in the user terminal and a public key of each communication object; the determining module 66 determines a multi-party shared key according to the two-party shared key between the user terminal and each communication object and the two-party shared key between each two communication objects; the communication module 68 performs secret communication with each communication partner based on the multiparty shared key and the identification of each communication partner, respectively. Therefore, under the condition of not revealing the private key of the user terminal, secret communication between the user terminal and a plurality of communication objects is realized by establishing the multi-party shared secret key, and the requirement of multi-party secret communication is relieved.
Optionally, in a possible implementation manner, the obtaining module 62 is specifically configured to: when receiving a building request of a multiparty shared secret key triggered by a user, analyzing the building request to obtain the identifications of a plurality of communication objects, and acquiring the public key of each communication object from a block chain where a user terminal is located on the basis of the identification of each communication object; respectively sending an establishment request to each communication object, and receiving first shared secret key information returned by each communication object; and analyzing two party shared keys between every two communication objects from the first shared key information.
Optionally, in another possible implementation manner, the obtaining module 62 is specifically configured to: when an establishment request of a multi-party shared secret key sent by a communication object is received, analyzing the establishment request to obtain identifiers of a plurality of communication objects, and acquiring a public key of each communication object from a block chain where a user terminal is located on the basis of the identifier of each communication object; receiving first shared secret key information sent by each communication object; and analyzing two party shared keys between every two communication objects from the first shared key information.
Optionally, when the obtaining module 62 analyzes two-party shared keys between two communication objects from each first shared key information, it is specifically configured to: and if the first shared secret key information is obtained by encrypting the public key of the user terminal, respectively analyzing the first shared secret key information by using the private key of the user terminal to obtain two-party shared secret keys between every two communication objects.
Optionally, the calculating module 64 is specifically configured to: and respectively carrying out linear multiplication operation of an asymmetric encryption algorithm on a private key locally stored in the user terminal and the public key of each communication object to obtain a two-party shared secret key between the user terminal and each communication object.
Optionally, the plurality of communication objects include a first object and a second object, and the two parties sharing keys between each two communication objects include a first sharing key between the first object and the second object sent by the first object and a second sharing key between the first object and the second object sent by the second object; the determining module 66 is specifically configured to: judging whether the first shared secret key and the second shared secret key are the same; if so, performing addition operation of an asymmetric encryption algorithm on the two-party shared key between the user terminal and the first object, the two-party shared key between the user terminal and the second object and the first shared key to obtain the three-party shared key.
Referring to fig. 7, a schematic structural diagram of another multiparty secure communication device is shown, and on the basis of fig. 6, the device further includes: a sending module 72, configured to send second shared key information to each correspondent, so that each correspondent obtains a multi-party shared key based on the second shared key information; the second shared key information includes two-party shared keys between the user terminal and each communication object.
Optionally, the sending module 72 is specifically configured to: for each communication object, encrypting two-party shared keys between the user terminal and other communication objects except the communication object in the plurality of communication objects by using the public key of the communication object to obtain second shared key information; and sending the second shared key information to the communication object.
The device provided by the embodiment has the same implementation principle and technical effect as the method embodiments, and for the sake of brief description, reference may be made to the corresponding contents in the method embodiments without reference to the device embodiments.
Referring to fig. 8, an embodiment of the present invention further provides a user terminal 800, including: the system comprises a processor 80, a memory 81, a bus 82 and a communication interface 83, wherein the processor 80, the communication interface 83 and the memory 81 are connected through the bus 82; the processor 80 is arranged to execute executable modules, such as computer programs, stored in the memory 81.
The Memory 81 may include a high-speed Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 83 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, etc. may be used.
Bus 82 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 8, but this does not indicate only one bus or one type of bus.
The memory 81 is used for storing a program, the processor 80 executes the program after receiving an execution instruction, and the method executed by the apparatus defined by the flow process disclosed in any of the foregoing embodiments of the present invention may be applied to the processor 80, or implemented by the processor 80.
The processor 80 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 80. The Processor 80 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in a memory 81, and the processor 80 reads the information in the memory 81 and completes the steps of the method in combination with the hardware.
The multi-party secret communication device and the user terminal provided by the embodiment of the invention have the same technical characteristics as the multi-party secret communication method provided by the embodiment, so the same technical problems can be solved, and the same technical effect is achieved.
In all examples shown and described herein, any particular value should be construed as merely exemplary, and not as a limitation, and thus other examples of example embodiments may have different values.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, and for example, the division of the units into only one type of logical function may be implemented in other ways, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be through some communication interfaces, indirect coupling or communication connection between devices or units, and may be in an electrical, mechanical or other form.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (9)
1. A multiparty secure communication method, applied to a user terminal, the method comprising:
when an establishment request of a multi-party shared secret key is acquired, acquiring object information corresponding to the establishment request; the object information comprises identifications of a plurality of communication objects, a public key of each communication object and two-party shared secret keys between every two communication objects;
calculating to obtain a two-party shared secret key between the user terminal and each communication object according to a private key locally stored by the user terminal and the public key of each communication object;
determining a multi-party shared key according to the two-party shared key between the user terminal and each communication object and the two-party shared key between each two communication objects;
respectively carrying out secret communication with each communication object based on the multi-party shared secret key and the identification of each communication object;
the plurality of communication objects comprise a first object and a second object, and the two-party shared key between every two communication objects comprises a first shared key between the first object and the second object sent by the first object and a second shared key between the first object and the second object sent by the second object;
the determining a multi-party shared key according to the two-party shared key between the user terminal and each communication object and the two-party shared key between each two communication objects includes:
determining whether the first shared secret key and the second shared secret key are the same;
and if so, adding the two-party shared key between the user terminal and the first object, the two-party shared key between the user terminal and the second object and the first shared key by an asymmetric encryption algorithm to obtain a three-party shared key.
2. The method according to claim 1, wherein when obtaining an establishment request of a multi-party shared key, obtaining object information corresponding to the establishment request comprises:
when receiving a building request of a multiparty shared secret key triggered by a user, analyzing the building request to obtain identifiers of a plurality of communication objects, and acquiring a public key of each communication object from a block chain where a user terminal is located based on the identifier of each communication object;
respectively sending the establishment request to each communication object, and receiving first shared key information returned by each communication object;
and analyzing two parties sharing keys between every two communication objects from the first sharing key information.
3. The method according to claim 1, wherein when obtaining an establishment request of a multi-party shared key, obtaining object information corresponding to the establishment request comprises:
when an establishment request of a multi-party shared secret key sent by one communication object is received, analyzing the establishment request to obtain the identifiers of the communication objects, and acquiring the public key of each communication object from a block chain where the user terminal is located based on the identifier of each communication object;
receiving first shared secret key information sent by each communication object;
and analyzing two parties of shared keys between every two communication objects from the first shared key information.
4. The method according to claim 2 or 3, wherein the parsing out the two-party shared key between each two of the communication objects from each of the first shared key information comprises:
and if the first shared secret key information is obtained by encrypting by using the public key of the user terminal, respectively analyzing the first shared secret key information by using the private key of the user terminal to obtain two-party shared secret keys between every two communication objects.
5. The method according to claim 1, wherein the calculating a two-party shared key between the user terminal and each of the communication objects according to a private key locally stored in the user terminal and a public key of each of the communication objects comprises:
and respectively carrying out linear multiplication operation of an asymmetric encryption algorithm on a private key locally stored in the user terminal and the public key of each communication object to obtain a two-party shared secret key between the user terminal and each communication object.
6. The method according to claim 1, wherein after calculating the two-party shared key between the user terminal and each of the communicating objects according to the private key stored locally by the user terminal and the public key of each of the communicating objects, the method further comprises:
respectively sending second shared key information to each communication object so that each communication object obtains the multi-party shared key based on the second shared key information; wherein the second shared key information includes a two-party shared key between the user terminal and each of the communication partners.
7. The method of claim 6, wherein said sending second shared key information to each of said communicating partners, respectively, comprises:
for each communication object, encrypting a two-party shared key between the user terminal and other communication objects except the communication object in the plurality of communication objects by using a public key of the communication object to obtain second shared key information;
and sending the second shared key information to the communication object.
8. A multiparty secure communication apparatus, for use in a user terminal, the apparatus comprising:
the device comprises an acquisition module, a sending module and a receiving module, wherein the acquisition module is used for acquiring object information corresponding to an establishment request when the establishment request of a multi-party shared secret key is acquired; the object information comprises identifications of a plurality of communication objects, a public key of each communication object and two-party shared secret keys between every two communication objects;
the computing module is used for computing a two-party shared secret key between the user terminal and each communication object according to a private key locally stored by the user terminal and a public key of each communication object;
a determining module, configured to determine a multiparty shared key according to two-party shared keys between the user terminal and each of the communication objects and two-party shared keys between each two communication objects;
the communication module is used for carrying out secret communication with each communication object respectively based on the multi-party shared secret key and the identification of each communication object;
the plurality of communication objects comprise a first object and a second object, and the two-party shared key between every two communication objects comprises a first shared key between the first object and the second object sent by the first object and a second shared key between the first object and the second object sent by the second object;
the determining module is specifically configured to: determining whether the first shared key and the second shared key are the same; if so, performing addition operation of an asymmetric encryption algorithm on the two-party shared key between the user terminal and the first object, the two-party shared key between the user terminal and the second object, and the first shared key to obtain a three-party shared key.
9. A user terminal comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the method of any one of claims 1-7 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910728424.2A CN110417553B (en) | 2019-08-07 | 2019-08-07 | Multi-party secret communication method and device and user terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910728424.2A CN110417553B (en) | 2019-08-07 | 2019-08-07 | Multi-party secret communication method and device and user terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110417553A CN110417553A (en) | 2019-11-05 |
| CN110417553B true CN110417553B (en) | 2022-12-27 |
Family
ID=68366455
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910728424.2A Active CN110417553B (en) | 2019-08-07 | 2019-08-07 | Multi-party secret communication method and device and user terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110417553B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112199697A (en) * | 2020-09-29 | 2021-01-08 | 深圳壹账通智能科技有限公司 | Information processing method, device, equipment and medium based on shared root key |
| CN114362925A (en) * | 2020-09-29 | 2022-04-15 | 中国移动通信有限公司研究院 | Key negotiation method, device and terminal |
| CN112367170B (en) * | 2021-01-12 | 2021-08-24 | 四川新网银行股份有限公司 | Data hiding query security sharing system and method based on multi-party security calculation |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105847002A (en) * | 2016-06-06 | 2016-08-10 | 北京京东尚科信息技术有限公司 | Method for sharing key in multi-party communication |
| CN106685989A (en) * | 2017-02-07 | 2017-05-17 | 杭州秘猿科技有限公司 | Privacy communication method based on license chain support and supervision |
| CN106779707A (en) * | 2016-12-23 | 2017-05-31 | 中钞信用卡产业发展有限公司北京智能卡技术研究院 | Monitoring and managing method, the apparatus and system of the digital cash Transaction Information based on block chain |
| CN108494581A (en) * | 2018-02-09 | 2018-09-04 | 孔泽 | The controller distributed information log generation method and device of SDN network |
| CN108900533A (en) * | 2018-08-01 | 2018-11-27 | 南京荣链科技有限公司 | A kind of shared data method for secret protection, system, terminal and medium |
| WO2019021105A1 (en) * | 2017-07-24 | 2019-01-31 | nChain Holdings Limited | Methods and Systems For Blockchain-Implemented Event-Lock Encryption |
| CN109922084A (en) * | 2019-04-10 | 2019-06-21 | 北京阿尔山区块链联盟科技有限公司 | Key management method, device and electronic equipment |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7162634B2 (en) * | 2001-04-18 | 2007-01-09 | Thomson Licensing | Method for providing security on a powerline-modem network |
| US20140245021A1 (en) * | 2013-02-27 | 2014-08-28 | Kabushiki Kaisha Toshiba | Storage system in which fictitious information is prevented |
| US20170132621A1 (en) * | 2015-11-06 | 2017-05-11 | SWFL, Inc., d/b/a "Filament" | Systems and methods for autonomous device transacting |
| US11258582B2 (en) * | 2017-05-01 | 2022-02-22 | Qbrics, Inc. | Distributed system and method for encryption of blockchain payloads |
| US11288740B2 (en) * | 2017-12-29 | 2022-03-29 | Intel Corporation | Securing distributed electronic wallet shares |
| CN108199850B (en) * | 2018-01-19 | 2020-11-17 | 电子科技大学 | Anonymous security authentication and key agreement method for NFC |
| CN108366057A (en) * | 2018-02-06 | 2018-08-03 | 武汉斗鱼网络科技有限公司 | A kind of data processing method, client and electronic equipment |
| CN108282334B (en) * | 2018-04-13 | 2021-04-27 | 浪潮集团有限公司 | Multi-party key negotiation device, method and system based on block chain |
-
2019
- 2019-08-07 CN CN201910728424.2A patent/CN110417553B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105847002A (en) * | 2016-06-06 | 2016-08-10 | 北京京东尚科信息技术有限公司 | Method for sharing key in multi-party communication |
| CN106779707A (en) * | 2016-12-23 | 2017-05-31 | 中钞信用卡产业发展有限公司北京智能卡技术研究院 | Monitoring and managing method, the apparatus and system of the digital cash Transaction Information based on block chain |
| CN106685989A (en) * | 2017-02-07 | 2017-05-17 | 杭州秘猿科技有限公司 | Privacy communication method based on license chain support and supervision |
| WO2019021105A1 (en) * | 2017-07-24 | 2019-01-31 | nChain Holdings Limited | Methods and Systems For Blockchain-Implemented Event-Lock Encryption |
| CN108494581A (en) * | 2018-02-09 | 2018-09-04 | 孔泽 | The controller distributed information log generation method and device of SDN network |
| CN108900533A (en) * | 2018-08-01 | 2018-11-27 | 南京荣链科技有限公司 | A kind of shared data method for secret protection, system, terminal and medium |
| CN109922084A (en) * | 2019-04-10 | 2019-06-21 | 北京阿尔山区块链联盟科技有限公司 | Key management method, device and electronic equipment |
Non-Patent Citations (2)
| Title |
|---|
| Blockchain & Multi-Agent System: A New Promising Approach for Cloud Data Integrity Auditing with Deduplication;Mohamed el Ghazouani ect.;《International Journal of Communication Networks and Information Security》;20190131;全文 * |
| 一种高效安全的去中心化数据共享模型;董祥千等;《计算机学报》;20180305(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110417553A (en) | 2019-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108377189B (en) | Block chain user communication encryption method and device, terminal equipment and storage medium | |
| CN109309569B (en) | SM2 algorithm-based collaborative signature method and device and storage medium | |
| CN108629027B (en) | User database reconstruction method, device, equipment and medium based on block chain | |
| CN110011795B (en) | Symmetric group key negotiation method based on block chain | |
| JP7221872B2 (en) | A Key Agreement Protocol Based on Elliptic Curve Homogenies | |
| CN112740733B (en) | Secure access method and device | |
| CN112926051B (en) | Multi-party security computing method and device | |
| CN110417553B (en) | Multi-party secret communication method and device and user terminal | |
| EP3247087B1 (en) | User-initiated migration of encryption keys | |
| US20200195446A1 (en) | System and method for ensuring forward & backward secrecy using physically unclonable functions | |
| CN106941404B (en) | Key protection method and device | |
| US20150341172A1 (en) | Key sharing network device and configuration thereof | |
| US11889307B2 (en) | End-to-end security for roaming 5G-NR communications | |
| US10630476B1 (en) | Obtaining keys from broadcasters in supersingular isogeny-based cryptosystems | |
| CN114157415A (en) | Data processing method, computing node, system, computer device and storage medium | |
| US20100005307A1 (en) | Secure approach to send data from one system to another | |
| CN111181944B (en) | Communication system, information distribution method, device, medium, and apparatus | |
| CN115174061A (en) | Message transmission method and device based on block chain relay communication network system | |
| CN112822177A (en) | Data transmission method, device, equipment and storage medium | |
| KR102315632B1 (en) | System and method for generating scalable group key based on homomorphic encryption with trust server | |
| WO2024001037A1 (en) | Message transmission method and apparatus, electronic device and storage medium | |
| Duits | The post-quantum Signal protocol: Secure chat in a quantum world | |
| WO2022239129A1 (en) | Key exchange system, device, key exchange method, and program | |
| US10880278B1 (en) | Broadcasting in supersingular isogeny-based cryptosystems | |
| CN112995210A (en) | Data transmission method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |