CN110730184B - Novel bidding encryption and decryption method based on SM2 cryptographic algorithm - Google Patents

Novel bidding encryption and decryption method based on SM2 cryptographic algorithm Download PDF

Info

Publication number
CN110730184B
CN110730184B CN201911006294.8A CN201911006294A CN110730184B CN 110730184 B CN110730184 B CN 110730184B CN 201911006294 A CN201911006294 A CN 201911006294A CN 110730184 B CN110730184 B CN 110730184B
Authority
CN
China
Prior art keywords
platform
bidding
data
cloud encryption
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911006294.8A
Other languages
Chinese (zh)
Other versions
CN110730184A (en
Inventor
赵统一
庄昱垚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Syan Technology Co ltd
Original Assignee
Jiangsu Syan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Syan Technology Co ltd filed Critical Jiangsu Syan Technology Co ltd
Priority to CN201911006294.8A priority Critical patent/CN110730184B/en
Publication of CN110730184A publication Critical patent/CN110730184A/en
Application granted granted Critical
Publication of CN110730184B publication Critical patent/CN110730184B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/08Auctions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]

Abstract

The invention discloses a novel bidding encryption and decryption method based on a national secret SM2 algorithm, which comprises an electronic bidding document encryption process, wherein 1, a user encrypts an electronic bidding document by using a cloud encryption platform public key certificate prefabricated in a tool; 2. the user uses a tool to call the user USB KEY to issue a digital envelope to the encrypted electronic bidding document; 3. uploading the digital envelope to a bidding platform; 4. and the bidding platform sends the digital envelope to the cloud encryption platform. The invention also discloses a decryption process of the electronic bidding document, the cloud encryption platform directly decrypts the encrypted electronic bidding document on the cloud encryption platform by extracting parameters in the digital envelope, calculating and transmitting the temporary points of the elliptic curve and the like, and a complex decryption method with high resource consumption that a supplier downloads the complete digital envelope and uploads the decrypted electronic bidding document again is not needed when the bidding is started.

Description

Novel bidding encryption and decryption method based on SM2 cryptographic algorithm
Technical Field
The invention relates to a computer information security technology, in particular to a novel PKI solution for bidding, encrypting and decrypting based on a SM2 algorithm.
Background
As shown in fig. 1, the existing bid encryption and decryption scheme flows.
The encryption process comprises the following steps:
1. writing an electronic bidding document, and expressing the electronic bidding document by da and ta;
2. public key P of bidding platform prefabricated in offline encryption tool for usertEncrypt bidding document d a t a to generate Pt-e n c(d a t a);
3. The user uses the tool to call the user USB KEY to the encrypted bidding document PtGenerate P K C S7 (P) by issuing a digital envelopet_e n c(d a t a));
4. Uploading digital envelopeP K C S 7(Pt_en c (d a t a)) to the bidding platform;
the decryption process comprises the following steps:
1. digital envelope PkC S7 (P) for downloading bidding from bidding platformt-e n c(d a t a))。
2. Using a tool to call the USB KEY to unseal the digital envelope to obtain Pt-e n c(d a t a)。
3. Upload P againt-e n c (d a t a) to the bidding platform.
4. Platform private key P for bidding platformt-e n c (d a t a) pair of decrypted ticket.
The prior scheme has the following defects:
1. in the on-line decryption process, the electronic bidding document protected by the digital envelope needs to be downloaded again, the electronic bidding document is uploaded again after the digital envelope is unsealed, and under the condition that the bidding document is large, the system and the network are greatly loaded, and particularly when the bidding document is centrally bid at a certain time point, the system for bidding is greatly loaded.
For example: one user downloads a digital envelope, wherein the size of the digital envelope is larger than that of a bidding document, the size of the bidding document uploaded and encrypted by using a public key is also larger than that of the bidding document, if the bidding document is 50MB, the uploaded and downloaded data is larger than 50 x 2MB, namely, the data is larger than 100MB, if 5 users upload and download simultaneously, the data is 500MB, and if the number of the users is slightly larger, the network bandwidth and the platform pressure are imaginable, so the original method is not suitable for a large bidding platform or a public resource transaction platform.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a novel bid encryption and decryption method based on the SM2 algorithm, which comprises an electronic bid encryption process and an electronic bid decryption process, and comprises the following specific steps:
the electronic bidding document encryption process comprises the following steps:
step 1, encrypting a bidding document da ta by using a cloud encryption platform public key certificate prefabricated in a tool by a user to generate Pc_e n c(d a t a);
Step 2, the user uses the tool to call the user USB KEY to issue a digital envelope to the bidding document of the encrypted country, and a PkC S7 (P) is generatedc_e n c(d a t a));
Step 3, uploading the digital envelope P K C S7 (P)c_en c (d a t a)) to the bidding platform;
step 4, bidding platform sends digital envelope P K C S7 (P)cE n c (d a t a)) to the cloud encryption platform.
The electronic bidding document decryption process comprises the following steps:
step 1, after a user sends a decapsulation request, a bidding platform applies decapsulation to a cloud encryption platform;
step 2, after receiving the request, the cloud encryption platform receives a digital envelope P K C S7 (P) of the bidding documentc-e n C (d a t a)) extracts SM2 algorithm ciphertext data encrypted by the SM2 algorithm, and extracts elliptic curve points C from the SM2 algorithm ciphertext data1And bit string C2
Step 3, the cloud encryption platform generates a random number r1Calculating
Figure BDA0002242882870000021
Sending the data to a bidding platform;
step 4, sending r by the bidding platform1,P1Giving the user;
step 5, the user uses a tool or a control to call the USB KEY and calculates
Figure BDA0002242882870000031
Figure BDA0002242882870000032
Wherein d is the SM2 private key of the user USBKEY;
step 6, sending Pc_e n c(P2) Going to a bidding platform;
step 7, sending P by bidding platformc_e n c(P2) To a cloud encryption platform;
step 8, cloud encryption platform decryption P2
Step 9, cloud encryptionPlatform computing P3=P2-C1Calculate P3Point P in affine coordinates3=(x3,y3);
Step 10, computing K' ═ K D F (x) by the cloud encryption platform3||y3K l e n), if k'! If 0, then C is extracted from the ciphertext2Calculating
Figure BDA0002242882870000033
Step 11, computing u-H by the cloud encryption platform256(x3||k||y3);
Step 12, the cloud encryption platform extracts C from the ciphertext3If u is equal to C3If so, outputting k;
step 13, decrypting P by using kc-e n c(d a t a);
Step 14, decrypting P by using cloud encryption platform private keyc-e n c (d a t a) to the electronic bidding document d a t a;
and step 15, the cloud encryption platform transmits the electronic bidding document d a t a to the bidding platform.
Has the advantages that:
1. the invention flexibly applies the mathematical algorithm based on the SM2 cryptographic principle, not only increases the efficiency, greatly reduces the system load and the network bandwidth, but also improves the safety, and is hard to obtain, safe and efficient.
2. The scheme of the prior art transfers the encrypted electronic bidding document for many times, and the invention uses the private KEY decryption scheme in the user USB KEY under the condition of not transferring any electronic bidding related content, thereby having better security and repairing the potential safety hazard which may appear in the prior art compared with the prior art.
3. The decryption of the bidding document is processed on the platform, so that the possibility that the document is modified on the user side is completely eliminated.
4. The decryption and the platform are closely combined in the prior art, the operational performance can influence other services of bidding, and the invention is decoupled from the bidding platform, so that the bidding platform is not influenced by the decryption performance.
Drawings
Fig. 1 is a flowchart of a bidding encryption and decryption method in the prior art.
FIG. 2 is a flow chart of the bidding encryption and decryption method of the present invention.
Detailed Description
The invention is described in further detail below with reference to the figures and specific examples.
The novel bid encryption and decryption method based on the SM2 cryptographic algorithm in the embodiment comprises an electronic bid encryption process and an electronic bid decryption process, and specifically comprises the following steps:
the electronic bidding document encryption process comprises the following steps:
step 1, encrypting a bidding document da ta by using a cloud encryption platform public key certificate prefabricated in a tool by a user to generate Pc_e n c(d a t a);
Step 2, the user uses the tool to call the user USB KEY to issue a digital envelope to the bidding document of the encrypted country, and a PkC S7 (P) is generatedc-e n c(d a t a));
Step 3, uploading the digital envelope P K C S7 (P)c-e n c (d a t a)) to the bidding platform;
step 4, bidding platform sends digital envelope P K C S7 (P)c-e n c (d a t a)) to the cloud encryption platform.
The electronic bidding document decryption process comprises the following steps:
step 1, after a user sends a decapsulation request, a bidding platform applies decapsulation to a cloud encryption platform;
step 2, after receiving the request, the cloud encryption platform receives a digital envelope P K C S7 (P) of the bidding documentc-e n C (d a t a)) extracts SM2 algorithm ciphertext data encrypted by the SM2 algorithm, and extracts elliptic curve points C from the SM2 algorithm ciphertext data1And bit string C2
Step 3, the cloud encryption platform generates a random number r1Calculating
Figure BDA0002242882870000041
Sending the data to a bidding platform;
step 4, sending r by the bidding platform1,P1Giving the user;
step 5, the user uses a tool or a control to call the USB KEY and calculates
Figure BDA0002242882870000042
Figure BDA0002242882870000043
Wherein d is the SM2 private key of the user USBKEY;
step 6, sending Pc_e n c(P2) Going to a bidding platform;
step 7, sending P by bidding platformc_e n c(P2) To a cloud encryption platform;
step 8, cloud encryption platform decryption P2
Step 9, computing P by the cloud encryption platform3=P2-C1Calculate P3Point P in affine coordinates3=(x3,y3);
Step 10, computing K' ═ K D F (x) by the cloud encryption platform3||y3K l e n), if k'! If 0, then C is extracted from the ciphertext2Calculating
Figure BDA0002242882870000051
Step 11, computing u-H by the cloud encryption platform256(x3||k||y3);
Step 12, the cloud encryption platform extracts C from the ciphertext3If u is equal to C3If so, outputting k;
step 13, decrypting P by using kc_e n c(d a t a);
Step 14, decrypting P by using cloud encryption platform private keycE _ nc (d a t a) to the electronic bid document d a t a;
and step 15, the cloud encryption platform transmits the electronic bidding document d a t a to the bidding platform.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the technical scope of the present invention, so that any minor modifications, equivalent changes and modifications made to the above embodiment according to the technical spirit of the present invention are within the technical scope of the present invention.

Claims (1)

1. A novel bid encryption and decryption method based on a state secret SM2 algorithm comprises an electronic bid encryption process and an electronic bid decryption process, and is characterized in that:
the electronic bidding document encryption process comprises the following specific steps:
step 1, encrypting the bidding document data by using a cloud encryption platform public key certificate prefabricated in a tool by a user to generate Pc_enc(data);
Step 2, the user uses the tool to call the user USB KEY to issue a digital envelope to the bidding document of the encrypted country, and a PKCS7 (P) is generatedc_enc(data));
Step 3, uploading the digital envelope PKCS7 (P)c_ enc (data)) to the bidding platform;
step 4, the bidding platform sends the digital envelope PKCS7 (P)cTransmitting _enc (data)) to a cloud encryption platform;
the electronic bidding tender decryption process comprises the following specific steps:
step 1, after a user sends a decapsulation request, a bidding platform applies decapsulation to a cloud encryption platform;
step 2, after receiving the request, the cloud encryption platform sends the digital envelope of the bidding document
PKCS7(PcExtracting SM2 algorithm ciphertext data encrypted by an SM2 algorithm from _enc (data)), and extracting elliptic curve points C from the SM2 algorithm ciphertext data1And bit string C2
Step 3, the cloud encryption platform generates a random number r1Calculating
Figure FDA0003232819250000011
Sending the data to a bidding platform;
step 4, sending r by the bidding platform1,P1Giving the user;
step 5, the user uses a tool or a control to call the USB KEY and calculates r2=((di+1)*r1)-1mod n, points on an elliptic curve
Figure FDA0003232819250000012
To obtain Pc_enc(P2) Ciphertext data; wherein d isiThe SM2 private key for the user USBKEY;
step 6, sending Pc_enc(P2) Sending the ciphertext data to a bidding platform;
step 7, sending P by bidding platformc_enc(P2) To a cloud encryption platform;
step 8, cloud encryption platform decryption P2
Step 9, computing P by the cloud encryption platform3=P2-C1Calculate P3Point P in affine coordinates3=(x3,y3);
Step 10, computing k' ═ KDF (x) by the cloud encryption platform3||y3Klen), if k'! If 0, then C is extracted from the ciphertext2Calculating
Figure FDA0003232819250000013
Step 11, computing u-H by the cloud encryption platform256(x3||k||y3);
Step 12, the cloud encryption platform extracts C from the ciphertext3If u is equal to C3If so, outputting k;
step 13, decrypting P by using kc_enc(data);
Step 14, decrypting P by using cloud encryption platform private keyc_ enc (data) to the electronic bid and bid document data;
and step 15, the cloud encryption platform transmits the electronic bidding document data to the bidding platform.
CN201911006294.8A 2019-10-22 2019-10-22 Novel bidding encryption and decryption method based on SM2 cryptographic algorithm Active CN110730184B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911006294.8A CN110730184B (en) 2019-10-22 2019-10-22 Novel bidding encryption and decryption method based on SM2 cryptographic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911006294.8A CN110730184B (en) 2019-10-22 2019-10-22 Novel bidding encryption and decryption method based on SM2 cryptographic algorithm

Publications (2)

Publication Number Publication Date
CN110730184A CN110730184A (en) 2020-01-24
CN110730184B true CN110730184B (en) 2021-11-05

Family

ID=69222804

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911006294.8A Active CN110730184B (en) 2019-10-22 2019-10-22 Novel bidding encryption and decryption method based on SM2 cryptographic algorithm

Country Status (1)

Country Link
CN (1) CN110730184B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111934873A (en) * 2020-10-12 2020-11-13 江西省精彩纵横采购咨询有限公司 Bidding file encryption and decryption method and device
CN114971796B (en) * 2022-05-27 2023-07-21 盐城塔斯科技有限公司 Bidding system based on cloud service platform
CN117541367B (en) * 2024-01-08 2024-04-02 辽宁省网联数字科技产业有限公司 Digital bidding document making and evaluating system based on artificial intelligence

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101655931A (en) * 2008-08-21 2010-02-24 东方钢铁电子商务有限公司 Electronic public bidding method based on digital certificate
CN102891898A (en) * 2012-11-05 2013-01-23 北京理工大学 Network bid inviting and bidding system based on cloud storage
CN103795523A (en) * 2014-01-14 2014-05-14 福州市勘测院 Multilayer electronic tender encryption and decryption system and method for electronic tendering
CN105282103A (en) * 2014-07-01 2016-01-27 无锡华赛信息技术有限公司 Improvement method for secure storage
CN105790940A (en) * 2016-04-14 2016-07-20 广东省电子商务认证有限公司 Electronic bid-inviting and bidding system and method based on Shamir threshold
CN106506470A (en) * 2016-10-31 2017-03-15 大唐高鸿信安(浙江)信息科技有限公司 network data security transmission method
CN106921638A (en) * 2015-12-28 2017-07-04 航天信息股份有限公司 A kind of safety device based on asymmetric encryption
CN109962784A (en) * 2019-03-22 2019-07-02 西安电子科技大学 A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2368422B (en) * 2000-05-10 2003-03-26 Sony Corp Electronic settlement system, settlement management device, store device, client, data storage device, computer program, and storage medium
CN102412971B (en) * 2011-11-30 2015-04-29 西安西电捷通无线网络通信股份有限公司 SM2 key exchange protocol based key agreement method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101655931A (en) * 2008-08-21 2010-02-24 东方钢铁电子商务有限公司 Electronic public bidding method based on digital certificate
CN102891898A (en) * 2012-11-05 2013-01-23 北京理工大学 Network bid inviting and bidding system based on cloud storage
CN103795523A (en) * 2014-01-14 2014-05-14 福州市勘测院 Multilayer electronic tender encryption and decryption system and method for electronic tendering
CN105282103A (en) * 2014-07-01 2016-01-27 无锡华赛信息技术有限公司 Improvement method for secure storage
CN106921638A (en) * 2015-12-28 2017-07-04 航天信息股份有限公司 A kind of safety device based on asymmetric encryption
CN105790940A (en) * 2016-04-14 2016-07-20 广东省电子商务认证有限公司 Electronic bid-inviting and bidding system and method based on Shamir threshold
CN106506470A (en) * 2016-10-31 2017-03-15 大唐高鸿信安(浙江)信息科技有限公司 network data security transmission method
CN109962784A (en) * 2019-03-22 2019-07-02 西安电子科技大学 A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"数字签名技术在招投标系统中的应用与实现";吴培;《中国优秀硕士学位论文信息科技辑》;20160229;第25页1-10行,第39页1-7行 *

Also Published As

Publication number Publication date
CN110730184A (en) 2020-01-24

Similar Documents

Publication Publication Date Title
US11483161B2 (en) Method for information processing and non-transitory computer readable storage medium
CN110730184B (en) Novel bidding encryption and decryption method based on SM2 cryptographic algorithm
CN102377564B (en) Method and device for encrypting private key
US5604801A (en) Public key data communications system under control of a portable security device
CN109889494B (en) Revocable cloud data security sharing method
US20140195804A1 (en) Techniques for secure data exchange
CN105553662A (en) Dynamic digital right management method and system based on identification password
CN109818741B (en) Decryption calculation method and device based on elliptic curve
CN110958219B (en) SM2 proxy re-encryption method and device for medical cloud shared data
CN106209352B (en) Efficient key derivation with forward security
KR20070029864A (en) Method and apparatus for securely transmitting and receiving data in peer to peer
JP2007514377A (en) System and method for secure information transfer
CN110719295B (en) Identity-based food data security-oriented proxy re-encryption method and device
CN110175169B (en) Encrypted data deduplication method, system and related device
CN102801730A (en) Information protection method and device for communication and portable devices
KR100834364B1 (en) System and memthod for encrypting and verifying messages using three-phase encryption
CN107306254B (en) Digital copyright protection method and system based on double-layer encryption
WO2015065472A1 (en) Content encryption to produce multiply encrypted content
CN103731423A (en) Safe method for repeated data deleting
US20150227353A1 (en) Method for safely downloading application
KR101579696B1 (en) System and method for obfuscating initiation values of a cryptography protocol
CN112737783B (en) Decryption method and device based on SM2 elliptic curve
CN103605919A (en) Method and device for generating software authentication files and method and device for authenticating software
CN116318696B (en) Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties
CN113572604B (en) Method, device and system for sending secret key and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant