CN110730184B - Novel bidding encryption and decryption method based on SM2 cryptographic algorithm - Google Patents
Novel bidding encryption and decryption method based on SM2 cryptographic algorithm Download PDFInfo
- Publication number
- CN110730184B CN110730184B CN201911006294.8A CN201911006294A CN110730184B CN 110730184 B CN110730184 B CN 110730184B CN 201911006294 A CN201911006294 A CN 201911006294A CN 110730184 B CN110730184 B CN 110730184B
- Authority
- CN
- China
- Prior art keywords
- platform
- bidding
- data
- cloud encryption
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/08—Auctions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Abstract
The invention discloses a novel bidding encryption and decryption method based on a national secret SM2 algorithm, which comprises an electronic bidding document encryption process, wherein 1, a user encrypts an electronic bidding document by using a cloud encryption platform public key certificate prefabricated in a tool; 2. the user uses a tool to call the user USB KEY to issue a digital envelope to the encrypted electronic bidding document; 3. uploading the digital envelope to a bidding platform; 4. and the bidding platform sends the digital envelope to the cloud encryption platform. The invention also discloses a decryption process of the electronic bidding document, the cloud encryption platform directly decrypts the encrypted electronic bidding document on the cloud encryption platform by extracting parameters in the digital envelope, calculating and transmitting the temporary points of the elliptic curve and the like, and a complex decryption method with high resource consumption that a supplier downloads the complete digital envelope and uploads the decrypted electronic bidding document again is not needed when the bidding is started.
Description
Technical Field
The invention relates to a computer information security technology, in particular to a novel PKI solution for bidding, encrypting and decrypting based on a SM2 algorithm.
Background
As shown in fig. 1, the existing bid encryption and decryption scheme flows.
The encryption process comprises the following steps:
1. writing an electronic bidding document, and expressing the electronic bidding document by da and ta;
2. public key P of bidding platform prefabricated in offline encryption tool for usertEncrypt bidding document d a t a to generate Pt-e n c(d a t a);
3. The user uses the tool to call the user USB KEY to the encrypted bidding document PtGenerate P K C S7 (P) by issuing a digital envelopet_e n c(d a t a));
4. Uploading digital envelopeP K C S 7(Pt_en c (d a t a)) to the bidding platform;
the decryption process comprises the following steps:
1. digital envelope PkC S7 (P) for downloading bidding from bidding platformt-e n c(d a t a))。
2. Using a tool to call the USB KEY to unseal the digital envelope to obtain Pt-e n c(d a t a)。
3. Upload P againt-e n c (d a t a) to the bidding platform.
4. Platform private key P for bidding platformt-e n c (d a t a) pair of decrypted ticket.
The prior scheme has the following defects:
1. in the on-line decryption process, the electronic bidding document protected by the digital envelope needs to be downloaded again, the electronic bidding document is uploaded again after the digital envelope is unsealed, and under the condition that the bidding document is large, the system and the network are greatly loaded, and particularly when the bidding document is centrally bid at a certain time point, the system for bidding is greatly loaded.
For example: one user downloads a digital envelope, wherein the size of the digital envelope is larger than that of a bidding document, the size of the bidding document uploaded and encrypted by using a public key is also larger than that of the bidding document, if the bidding document is 50MB, the uploaded and downloaded data is larger than 50 x 2MB, namely, the data is larger than 100MB, if 5 users upload and download simultaneously, the data is 500MB, and if the number of the users is slightly larger, the network bandwidth and the platform pressure are imaginable, so the original method is not suitable for a large bidding platform or a public resource transaction platform.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a novel bid encryption and decryption method based on the SM2 algorithm, which comprises an electronic bid encryption process and an electronic bid decryption process, and comprises the following specific steps:
the electronic bidding document encryption process comprises the following steps:
step 1, encrypting a bidding document da ta by using a cloud encryption platform public key certificate prefabricated in a tool by a user to generate Pc_e n c(d a t a);
Step 2, the user uses the tool to call the user USB KEY to issue a digital envelope to the bidding document of the encrypted country, and a PkC S7 (P) is generatedc_e n c(d a t a));
Step 3, uploading the digital envelope P K C S7 (P)c_en c (d a t a)) to the bidding platform;
step 4, bidding platform sends digital envelope P K C S7 (P)cE n c (d a t a)) to the cloud encryption platform.
The electronic bidding document decryption process comprises the following steps:
step 1, after a user sends a decapsulation request, a bidding platform applies decapsulation to a cloud encryption platform;
step 2, after receiving the request, the cloud encryption platform receives a digital envelope P K C S7 (P) of the bidding documentc-e n C (d a t a)) extracts SM2 algorithm ciphertext data encrypted by the SM2 algorithm, and extracts elliptic curve points C from the SM2 algorithm ciphertext data1And bit string C2;
Step 3, the cloud encryption platform generates a random number r1CalculatingSending the data to a bidding platform;
step 4, sending r by the bidding platform1,P1Giving the user;
step 5, the user uses a tool or a control to call the USB KEY and calculates Wherein d is the SM2 private key of the user USBKEY;
step 6, sending Pc_e n c(P2) Going to a bidding platform;
step 7, sending P by bidding platformc_e n c(P2) To a cloud encryption platform;
step 8, cloud encryption platform decryption P2;
Step 9, cloud encryptionPlatform computing P3=P2-C1Calculate P3Point P in affine coordinates3=(x3,y3);
Step 10, computing K' ═ K D F (x) by the cloud encryption platform3||y3K l e n), if k'! If 0, then C is extracted from the ciphertext2Calculating
Step 11, computing u-H by the cloud encryption platform256(x3||k||y3);
Step 12, the cloud encryption platform extracts C from the ciphertext3If u is equal to C3If so, outputting k;
step 13, decrypting P by using kc-e n c(d a t a);
Step 14, decrypting P by using cloud encryption platform private keyc-e n c (d a t a) to the electronic bidding document d a t a;
and step 15, the cloud encryption platform transmits the electronic bidding document d a t a to the bidding platform.
Has the advantages that:
1. the invention flexibly applies the mathematical algorithm based on the SM2 cryptographic principle, not only increases the efficiency, greatly reduces the system load and the network bandwidth, but also improves the safety, and is hard to obtain, safe and efficient.
2. The scheme of the prior art transfers the encrypted electronic bidding document for many times, and the invention uses the private KEY decryption scheme in the user USB KEY under the condition of not transferring any electronic bidding related content, thereby having better security and repairing the potential safety hazard which may appear in the prior art compared with the prior art.
3. The decryption of the bidding document is processed on the platform, so that the possibility that the document is modified on the user side is completely eliminated.
4. The decryption and the platform are closely combined in the prior art, the operational performance can influence other services of bidding, and the invention is decoupled from the bidding platform, so that the bidding platform is not influenced by the decryption performance.
Drawings
Fig. 1 is a flowchart of a bidding encryption and decryption method in the prior art.
FIG. 2 is a flow chart of the bidding encryption and decryption method of the present invention.
Detailed Description
The invention is described in further detail below with reference to the figures and specific examples.
The novel bid encryption and decryption method based on the SM2 cryptographic algorithm in the embodiment comprises an electronic bid encryption process and an electronic bid decryption process, and specifically comprises the following steps:
the electronic bidding document encryption process comprises the following steps:
step 1, encrypting a bidding document da ta by using a cloud encryption platform public key certificate prefabricated in a tool by a user to generate Pc_e n c(d a t a);
Step 2, the user uses the tool to call the user USB KEY to issue a digital envelope to the bidding document of the encrypted country, and a PkC S7 (P) is generatedc-e n c(d a t a));
Step 3, uploading the digital envelope P K C S7 (P)c-e n c (d a t a)) to the bidding platform;
step 4, bidding platform sends digital envelope P K C S7 (P)c-e n c (d a t a)) to the cloud encryption platform.
The electronic bidding document decryption process comprises the following steps:
step 1, after a user sends a decapsulation request, a bidding platform applies decapsulation to a cloud encryption platform;
step 2, after receiving the request, the cloud encryption platform receives a digital envelope P K C S7 (P) of the bidding documentc-e n C (d a t a)) extracts SM2 algorithm ciphertext data encrypted by the SM2 algorithm, and extracts elliptic curve points C from the SM2 algorithm ciphertext data1And bit string C2;
Step 3, the cloud encryption platform generates a random number r1CalculatingSending the data to a bidding platform;
step 4, sending r by the bidding platform1,P1Giving the user;
step 5, the user uses a tool or a control to call the USB KEY and calculates Wherein d is the SM2 private key of the user USBKEY;
step 6, sending Pc_e n c(P2) Going to a bidding platform;
step 7, sending P by bidding platformc_e n c(P2) To a cloud encryption platform;
step 8, cloud encryption platform decryption P2;
Step 9, computing P by the cloud encryption platform3=P2-C1Calculate P3Point P in affine coordinates3=(x3,y3);
Step 10, computing K' ═ K D F (x) by the cloud encryption platform3||y3K l e n), if k'! If 0, then C is extracted from the ciphertext2Calculating
Step 11, computing u-H by the cloud encryption platform256(x3||k||y3);
Step 12, the cloud encryption platform extracts C from the ciphertext3If u is equal to C3If so, outputting k;
step 13, decrypting P by using kc_e n c(d a t a);
Step 14, decrypting P by using cloud encryption platform private keycE _ nc (d a t a) to the electronic bid document d a t a;
and step 15, the cloud encryption platform transmits the electronic bidding document d a t a to the bidding platform.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the technical scope of the present invention, so that any minor modifications, equivalent changes and modifications made to the above embodiment according to the technical spirit of the present invention are within the technical scope of the present invention.
Claims (1)
1. A novel bid encryption and decryption method based on a state secret SM2 algorithm comprises an electronic bid encryption process and an electronic bid decryption process, and is characterized in that:
the electronic bidding document encryption process comprises the following specific steps:
step 1, encrypting the bidding document data by using a cloud encryption platform public key certificate prefabricated in a tool by a user to generate Pc_enc(data);
Step 2, the user uses the tool to call the user USB KEY to issue a digital envelope to the bidding document of the encrypted country, and a PKCS7 (P) is generatedc_enc(data));
Step 3, uploading the digital envelope PKCS7 (P)c_ enc (data)) to the bidding platform;
step 4, the bidding platform sends the digital envelope PKCS7 (P)cTransmitting _enc (data)) to a cloud encryption platform;
the electronic bidding tender decryption process comprises the following specific steps:
step 1, after a user sends a decapsulation request, a bidding platform applies decapsulation to a cloud encryption platform;
step 2, after receiving the request, the cloud encryption platform sends the digital envelope of the bidding document
PKCS7(PcExtracting SM2 algorithm ciphertext data encrypted by an SM2 algorithm from _enc (data)), and extracting elliptic curve points C from the SM2 algorithm ciphertext data1And bit string C2;
Step 3, the cloud encryption platform generates a random number r1CalculatingSending the data to a bidding platform;
step 4, sending r by the bidding platform1,P1Giving the user;
step 5, the user uses a tool or a control to call the USB KEY and calculates r2=((di+1)*r1)-1mod n, points on an elliptic curveTo obtain Pc_enc(P2) Ciphertext data; wherein d isiThe SM2 private key for the user USBKEY;
step 6, sending Pc_enc(P2) Sending the ciphertext data to a bidding platform;
step 7, sending P by bidding platformc_enc(P2) To a cloud encryption platform;
step 8, cloud encryption platform decryption P2;
Step 9, computing P by the cloud encryption platform3=P2-C1Calculate P3Point P in affine coordinates3=(x3,y3);
Step 10, computing k' ═ KDF (x) by the cloud encryption platform3||y3Klen), if k'! If 0, then C is extracted from the ciphertext2Calculating
Step 11, computing u-H by the cloud encryption platform256(x3||k||y3);
Step 12, the cloud encryption platform extracts C from the ciphertext3If u is equal to C3If so, outputting k;
step 13, decrypting P by using kc_enc(data);
Step 14, decrypting P by using cloud encryption platform private keyc_ enc (data) to the electronic bid and bid document data;
and step 15, the cloud encryption platform transmits the electronic bidding document data to the bidding platform.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911006294.8A CN110730184B (en) | 2019-10-22 | 2019-10-22 | Novel bidding encryption and decryption method based on SM2 cryptographic algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911006294.8A CN110730184B (en) | 2019-10-22 | 2019-10-22 | Novel bidding encryption and decryption method based on SM2 cryptographic algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110730184A CN110730184A (en) | 2020-01-24 |
CN110730184B true CN110730184B (en) | 2021-11-05 |
Family
ID=69222804
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911006294.8A Active CN110730184B (en) | 2019-10-22 | 2019-10-22 | Novel bidding encryption and decryption method based on SM2 cryptographic algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110730184B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111934873A (en) * | 2020-10-12 | 2020-11-13 | 江西省精彩纵横采购咨询有限公司 | Bidding file encryption and decryption method and device |
CN114971796B (en) * | 2022-05-27 | 2023-07-21 | 盐城塔斯科技有限公司 | Bidding system based on cloud service platform |
CN117541367B (en) * | 2024-01-08 | 2024-04-02 | 辽宁省网联数字科技产业有限公司 | Digital bidding document making and evaluating system based on artificial intelligence |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101655931A (en) * | 2008-08-21 | 2010-02-24 | 东方钢铁电子商务有限公司 | Electronic public bidding method based on digital certificate |
CN102891898A (en) * | 2012-11-05 | 2013-01-23 | 北京理工大学 | Network bid inviting and bidding system based on cloud storage |
CN103795523A (en) * | 2014-01-14 | 2014-05-14 | 福州市勘测院 | Multilayer electronic tender encryption and decryption system and method for electronic tendering |
CN105282103A (en) * | 2014-07-01 | 2016-01-27 | 无锡华赛信息技术有限公司 | Improvement method for secure storage |
CN105790940A (en) * | 2016-04-14 | 2016-07-20 | 广东省电子商务认证有限公司 | Electronic bid-inviting and bidding system and method based on Shamir threshold |
CN106506470A (en) * | 2016-10-31 | 2017-03-15 | 大唐高鸿信安(浙江)信息科技有限公司 | network data security transmission method |
CN106921638A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | A kind of safety device based on asymmetric encryption |
CN109962784A (en) * | 2019-03-22 | 2019-07-02 | 西安电子科技大学 | A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2368422B (en) * | 2000-05-10 | 2003-03-26 | Sony Corp | Electronic settlement system, settlement management device, store device, client, data storage device, computer program, and storage medium |
CN102412971B (en) * | 2011-11-30 | 2015-04-29 | 西安西电捷通无线网络通信股份有限公司 | SM2 key exchange protocol based key agreement method and device |
-
2019
- 2019-10-22 CN CN201911006294.8A patent/CN110730184B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101655931A (en) * | 2008-08-21 | 2010-02-24 | 东方钢铁电子商务有限公司 | Electronic public bidding method based on digital certificate |
CN102891898A (en) * | 2012-11-05 | 2013-01-23 | 北京理工大学 | Network bid inviting and bidding system based on cloud storage |
CN103795523A (en) * | 2014-01-14 | 2014-05-14 | 福州市勘测院 | Multilayer electronic tender encryption and decryption system and method for electronic tendering |
CN105282103A (en) * | 2014-07-01 | 2016-01-27 | 无锡华赛信息技术有限公司 | Improvement method for secure storage |
CN106921638A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | A kind of safety device based on asymmetric encryption |
CN105790940A (en) * | 2016-04-14 | 2016-07-20 | 广东省电子商务认证有限公司 | Electronic bid-inviting and bidding system and method based on Shamir threshold |
CN106506470A (en) * | 2016-10-31 | 2017-03-15 | 大唐高鸿信安(浙江)信息科技有限公司 | network data security transmission method |
CN109962784A (en) * | 2019-03-22 | 2019-07-02 | 西安电子科技大学 | A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope |
Non-Patent Citations (1)
Title |
---|
"数字签名技术在招投标系统中的应用与实现";吴培;《中国优秀硕士学位论文信息科技辑》;20160229;第25页1-10行,第39页1-7行 * |
Also Published As
Publication number | Publication date |
---|---|
CN110730184A (en) | 2020-01-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11483161B2 (en) | Method for information processing and non-transitory computer readable storage medium | |
CN110730184B (en) | Novel bidding encryption and decryption method based on SM2 cryptographic algorithm | |
CN102377564B (en) | Method and device for encrypting private key | |
US5604801A (en) | Public key data communications system under control of a portable security device | |
CN109889494B (en) | Revocable cloud data security sharing method | |
US20140195804A1 (en) | Techniques for secure data exchange | |
CN105553662A (en) | Dynamic digital right management method and system based on identification password | |
CN109818741B (en) | Decryption calculation method and device based on elliptic curve | |
CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
CN106209352B (en) | Efficient key derivation with forward security | |
KR20070029864A (en) | Method and apparatus for securely transmitting and receiving data in peer to peer | |
JP2007514377A (en) | System and method for secure information transfer | |
CN110719295B (en) | Identity-based food data security-oriented proxy re-encryption method and device | |
CN110175169B (en) | Encrypted data deduplication method, system and related device | |
CN102801730A (en) | Information protection method and device for communication and portable devices | |
KR100834364B1 (en) | System and memthod for encrypting and verifying messages using three-phase encryption | |
CN107306254B (en) | Digital copyright protection method and system based on double-layer encryption | |
WO2015065472A1 (en) | Content encryption to produce multiply encrypted content | |
CN103731423A (en) | Safe method for repeated data deleting | |
US20150227353A1 (en) | Method for safely downloading application | |
KR101579696B1 (en) | System and method for obfuscating initiation values of a cryptography protocol | |
CN112737783B (en) | Decryption method and device based on SM2 elliptic curve | |
CN103605919A (en) | Method and device for generating software authentication files and method and device for authenticating software | |
CN116318696B (en) | Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties | |
CN113572604B (en) | Method, device and system for sending secret key and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |