CN111211910A - Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof - Google Patents

Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof Download PDF

Info

Publication number
CN111211910A
CN111211910A CN201911395270.6A CN201911395270A CN111211910A CN 111211910 A CN111211910 A CN 111211910A CN 201911395270 A CN201911395270 A CN 201911395270A CN 111211910 A CN111211910 A CN 111211910A
Authority
CN
China
Prior art keywords
public key
certificate
holder
user
secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911395270.6A
Other languages
Chinese (zh)
Other versions
CN111211910B (en
Inventor
富尧
钟一民
余秋炜
刘骄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Nanjing Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Nanjing Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd, Nanjing Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201911395270.6A priority Critical patent/CN111211910B/en
Publication of CN111211910A publication Critical patent/CN111211910A/en
Application granted granted Critical
Publication of CN111211910B publication Critical patent/CN111211910B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Abstract

The invention discloses a quantum computation resistant CA and certificate issuing system based on a secret shared public key pool and an issuing and verifying method thereof. The invention uses the random number of the pointer of the public key unit and the secret fragment of the user public key to replace the public key, so that the public key in the digital certificate is not public, therefore, a quantum computer can not crack the corresponding private key through the public key, and only needs to sign the actual content of the certificate which can not be known by an enemy in the digital certificate, thereby reducing the calculation pressure and simultaneously improving the security and the reliability of the quantum computation resistance of the digital certificate.

Description

Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof
Technical Field
The invention relates to the technical field of asymmetric cryptosystems and digital certificate systems, in particular to an anti-quantum computation CA and certificate issuing system based on a secret shared public key pool and an issuing and verifying method thereof.
Background
Digital signatures, also known as public key digital signatures, electronic signatures, etc., are a method for authenticating digital information using public key encryption techniques. A set of digital signatures typically defines two complementary operations, one for signing and the other for verification. The digital signature is a digital string which can be produced only by the sender of the information and cannot be forged by others, and the digital string is also a valid proof of the authenticity of the information sent by the sender of the information.
Generally, a digital signature is some data appended to a data unit or a cryptographic transformation performed on a data unit. Such data or transformations allow the recipient of the data unit to verify the source of the data unit and the integrity of the data unit and to protect the data against counterfeiting by a person (e.g., the recipient). Which is a method of signing a message in electronic form, a signed message being capable of being transmitted in a communication network. The digital signature includes a general digital signature and a special digital signature. Common digital signature algorithms include RSA, ElGamal, Fiat-Shamir, Guillou-Quisquarter, Schnorr, Ong-Schnorr-Shamir digital signature algorithm, DSA, elliptic curve digital signature algorithm, and the like. The special digital signature includes blind signature, proxy signature, group signature, undeniable signature, fair blind signature, threshold signature, signature with message recovery function, etc., and is closely related to a specific application environment. Obviously, the application of digital signatures is related to legal issues, and the federal government of the united states has established its own Digital Signature Standard (DSS) based on discrete logarithm problems over a finite field.
In today's field of cryptography, there are two main types of cryptosystems, one being symmetric key cryptosystems, i.e. the same encryption key and decryption key are used. The other is a public key cryptosystem, i.e. the encryption key and the decryption key are different, one of which may be public. And the digital certificate is realized based on an asymmetric cryptosystem.
However, with the development of quantum computers, the classical asymmetric key encryption algorithm is no longer secure, and no matter the encryption and decryption method, the digital signature method or the key exchange method, the quantum computer can obtain a private key through public key calculation, so that the current classical digital certificate becomes overwhelming in the quantum era.
In order to solve the above problem of quantum computation resistance, reduce the computation amount of the digital certificate and the burden of the key fob, it is necessary to improve the existing digital certificate issuing system and method to reduce the efficiency of certificate issuing and certificate verification.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the defects in the prior art, the invention discloses a quantum computation resistant CA based on a secret sharing public key pool, a certificate issuing system and an issuing and verifying method thereof.
The technical scheme is as follows: in order to achieve the technical purpose, the invention adopts the following technical scheme:
a quantum computation resistant CA and certificate issuing system based on secret shared public key pool is characterized in that: the CA server and each user are provided with a key fob in which the same public key pool and respective public and private key pairs are stored, the CA server issues the key fob and a digital certificate, and the CA server obtains a user public key secret fragment I and a user public key secret fragment II for each user public key in a secret sharing mode;
the public key pool stores public key units corresponding to the number of users in the group, and each public key unit comprises a public key unit pointer random number used for representing user public key information, a public key pointer function, a user public key secret fragment I and a public key algorithm;
the user key card also stores a CA public key, a user public key secret fragment II and a public key unit pointer random number;
the digital certificate includes certificate information, issuer information, holder information, and an issuer digital signature.
Preferably, when both the issuer and the holder of the digital certificate are CA servers, the CA servers generate an anti-quantum certificate as a CA root certificate from a signature, and the holder information includes the holder name, the holder public key algorithm and the hash value of the CA public key; when the issuer and the holder of the digital certificate are different, the anti-quantum certificate generated by the CA server is used as a common digital certificate, and the holder information comprises a holder name, a holder public key algorithm, a public key unit pointer random number and a public key secret fragment II.
Preferably, the public key pointer function includes a public key pointer function algorithm ID and an internal parameter, and the position pointer value of the public key unit is obtained by calculation with the random number of the pointer of the public key unit as an input quantity.
A method for issuing anti-quantum computation CA and certificate based on secret sharing public key pool is characterized in that the digital certificate issuing step is as follows:
generating certificate information comprising a version number, a serial number and a validity period;
generating issuer information including an issuer name;
generating holder information which comprises a holder name, a holder public key algorithm, a holder public key unit pointer random number and a holder public key secret fragment II of the holder after the holder public key is subjected to secret sharing in the step (2, 2);
generating a CA digital signature, finding a corresponding public key secret fragment I by a CA server through a public key unit pointer random number of a holder before the digital signature is carried out, carrying out secret recovery calculation by combining a holder public key secret fragment II disclosed by the holder to obtain a holder public key and obtain actual holder information, wherein the actual holder information comprises a holder name, a holder public key algorithm, a holder public key unit pointer random number and a holder public key;
taking the certificate information, the issuer information and the actual holder information as actual certificate contents, and performing digital signature calculation on the actual certificate contents by using a CA (certificate authority) private key to obtain a digital signature;
and sending the signed anti-quantum certificate to a corresponding user.
A method for resisting quantum computation CA and certificate verification based on secret shared public key pool is characterized in that the method for verifying CA root certificate is as follows:
the user takes out the CA public key stored in the key fob, the hash value obtained by carrying out hash operation on the CA public key is compared with the hash value in the digital certificate, if the CA public key is the same, the next step is carried out, otherwise, the process is ended;
the user adopts the CA public key to verify the digital signature of the issuer in the root certificate, the next step is entered after the verification, otherwise, the process is finished;
and the user checks the validity period of the digital certificate, if the digital certificate is in the validity period, the root certificate is successfully verified and stored in the root certificate set, otherwise, the authentication of the root certificate fails.
A quantum computation resistant CA and certificate verification method based on secret shared public key pool is characterized in that the quantum computation resistant CA and certificate verification method comprises the following steps:
the user verifies whether the holder of the anti-quantum digital certificate is the issuer CA server, if so, the authentication process of the CA root certificate is started; if not, entering the next common digital certificate verification process;
before the digital signature verification, a user finds a matched public key unit in a public key pool according to a public key unit pointer random number in a certificate;
the user takes out the secret fragment I in the matched public key unit, performs secret recovery calculation by combining with the corresponding secret fragment II in the digital certificate to obtain the public key of the holder, obtains actual holder information, and takes the certificate information, the issuer information and the actual holder information as the actual content of the certificate;
the user adopts the CA public key and utilizes the actual content of the certificate to verify the digital signature of an issuer in the digital certificate, the next step is entered after the verification is passed, otherwise, the process is ended;
the user checks the validity period of the digital certificate, if the validity period is within the validity period, the digital certificate is successfully verified, otherwise, the digital certificate fails to be verified.
Preferably, the step of searching the matched public key unit by the user is as follows: the user searches the public key unit with the same pointer random number of the public key unit in the public key pool according to the pointer random number of the public key unit, if the public key unit is not found, the verification fails, and the process is finished; if the random number is found, calculating the pointer random number of the public key unit according to the public key pointer function in the matched public key unit, and comparing the calculated position pointer value of the public key unit with the position pointer of the public key unit; if the public key units are identical, the verification is passed, and the units are matched public key units.
Has the advantages that: due to the adoption of the technical scheme, the invention has the following technical effects:
(1) in the invention, the public key is replaced by the random number of the pointer of the public key unit and the secret fragment obtained by secret sharing of the user public key in the public key pool, so that the public key in the digital certificate is not public, and therefore, the quantum computer cannot crack the corresponding private key through the public key; such a scheme ensures the security of the asymmetric algorithm system of the CA server and the holder, so that the certificate has the capability of resisting quantum computation.
(2) The invention does not need extra encryption step to protect the signature in the digital certificate, and only needs to sign the actual content of the certificate which can not be known by the enemy, so that the signature can realize anti-quantum computation without increasing the computation pressure of a CA server and a user on the signature and verification of the digital certificate; the principle is that since the public key and the private key of the signature of the CA server are not disclosed and the input of the digital signature is not disclosed, the output of the public digital signature does not cause any one of the public key, the private key and the input of the digital signature to be cracked by the quantum computer.
(3) In the invention, the used key fob is an independent hardware isolation device, other related parameters such as a public key, a private key, a true random number and the like are generated in the CA server, and the key is stored in the key fob after being distributed, so that the possibility that a user steals the key by malicious software or malicious operation is greatly reduced when the key fob is used, and the key fob cannot be acquired and cracked by a quantum computer; the public keys and related algorithm parameters in all asymmetric algorithms used by the digital certificate system do not participate in network transmission, so that the possibility that the public and private keys of two communication parties are stolen and cracked is low.
Drawings
FIG. 1 is a key zone layout of a CA key fob of the present invention;
FIG. 2 is a key zone layout of a user key fob of the present invention;
fig. 3 is a structural diagram of a digital certificate of the present invention.
Detailed Description
The scheme is further explained by combining the attached drawings.
Fig. 1 is a schematic structural diagram of an embodiment of a quantum computation resistant CA and certificate issuing system based on a secret shared public key pool, which implements a quantum computation resistant digital certificate system based on a secret shared public key pool. The scene realized by the invention is a group consisting of members with the same public key pool. The CA servers in the group have CA key fobs, while the other members have user key fobs. The key fob of the present invention can not only store large amounts of data, but also have the ability to process information. In the present invention, all key fobs have the corresponding required algorithms.
A key fob is described in the patent application serial No. 201610843210.6. When the mobile terminal is used, the key fob is preferably a key SD card; when a fixed terminal is used, the key fob is preferably a key USBKey or a host key fob.
The mechanism of issuance of key fobs differs from that of the patent application No. 201610843210.6. The key fob issuer of the present invention is the owner of the key fob, typically the management of a group, such as the management of an enterprise or institution; the key fob is issued as a member of the key fob's master management, typically a staff of all levels of a business or institution. The user first applies for an account opening to the key fob's supervisor. When the user side has approved registration, a key fob (having a unique key fob ID) will be obtained. The key fob stores customer registration information. The user-side keys in the key fob are all downloaded from the CA service station and the pool of keys stored in each key fob it issues is completely consistent for the owner of the same key fob. The key pool size stored in the key fob may be 1G, 2G, 4G, 8G, 16G, 32G, 64G, 128G, 256G, 512G, 1024G, 2048G, 4096G, etc.
Key fobs have evolved from smart card technology as identity authentication and encryption/decryption products that incorporate true random number generators (preferably quantum random number generators), cryptography, and hardware security isolation techniques. The embedded chip and operating system of the key fob may provide secure storage of keys and cryptographic algorithms, among other functions. Due to its independent data processing capabilities and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob is protected by a hardware PIN code, the PIN code and hardware constituting two essential factors for the user to use the key fob. So-called "two-factor authentication", a user can log in to the system only by simultaneously acquiring a key fob and a user PIN code, which store relevant authentication information. Even if the PIN code of the user is leaked, the identity of the legal user cannot be counterfeited as long as the key fob held by the user is not stolen; if the key card of the user is lost, the finder can not imitate the identity of the legal user because the user PIN code is not known.
Description of the System
PK unit
The public key pool is composed of N PK units, namely public key units, and the number of N is the number of all user members in the group. The PK unit is composed of four parts of PKR, FPOS information, (x1, PK1) and a PK algorithm, and the structure of the PK unit is shown as follows. The public key unit (PKR) is a public key unit pointer random number (storage location parameter of a public key), the FPOS is a public key pointer function, the (x1, PK1) is a secret fragment obtained after secret sharing of the public key PK through the (2,2), and the PK algorithm, namely the public key algorithm, comprises a signature algorithm number and related algorithm parameters.
The principle of the secret sharing algorithm is as follows:
n different non-zero elements x1, x2, …, xn are randomly selected from the finite field gf (q) of prime order q, and divided into n groups of secret shards denoted as Pi (i ═ 1,2, …, n). Let the shared secret information be M, select t-1 elements a1, a2, …, a (t-1) from GF (q), construct polynomial
Figure BDA0002346128710000051
Then there is Mif (xi) (1. ltoreq. i. ltoreq. n). (xi, Mi) as secret patches Pi.
Obtaining any t secret shards from the n secret shards to obtain the shared secret information M, which comprises the following specific steps: according to the formula
Figure BDA0002346128710000061
T lagrangian parameters λ i can be found, so M can be found according to the formula M ═ f (0) ═ Σ λ i Mi.
The secret shards (x1, PK1) and (x2, PK2) are obtained after the CA server performs (2,2) secret sharing calculation for each PK. Assuming that PK is generated based on ECC algorithm, i.e. the pattern of elliptic curve points (x, y), the concatenation of x and y is used as a secret for sharing. Secret shards (x1, PK1) are stored in PK units of the public key pool. Other users can recover the initial PK by collecting 2 groups of secrets when obtaining corresponding public keys, and the specific recovery steps are as follows:
2 sets of secrets to derive Lagrangian parameters:
λ1=(-x2)/(x1-x2)
λ2=(-x1)/(x2-x1)
obtaining PK λ 1 × PK1+ λ 2 × PK2 ═ x1 × PK2-x2 × PK1)/(x1-x2)
PK unit:
PKR FPOS information (x1,PK1) PK algorithm
Wherein the FPOS information includes the FPOS algorithm ID and internal parameters, as shown below.
FPOS information:
FPOS Algorithm ID Internal parameters
The algorithm for FPOS can be calculated in various ways, for example, FPOS (PKR) = (a × PKR + b)% n. Wherein% is modulo arithmetic; PKR is an input variable; n (number of PK units) is an external parameter; a. b is an internal parameter; or fpos (PKR ^ c) × d% n; wherein ^ is power operation,% is modulus operation; PKR is an input variable; n (number of PK units) is an external parameter; c. d is an internal parameter. The above two algorithms are only used as references, and the present invention is not limited to the two calculation methods.
The PK algorithm refers to a specific public key algorithm (asymmetric cryptographic algorithm), and there may be a variety of public key algorithms, such as RSA/DSA/ECC.
2. Key fob
Key fobs in the present invention are divided into two key fobs, one is a CA key fob for a CA system and the other is a user key fob. The CA key card comprises a public key pool and a CA public and private key pair; the user key fob includes a pool of public keys, a pair of user public and private keys, a user public key secret shard (x2, PK2), a public key unit pointer random number, and a CA public key. The public key pool of the CA key fob is the same as the public key pool in the user key fob. The key fob distribution is as shown in fig. 1 and 2.
The CA server creates a public key pool file having a size of at least N sp and a private key pool file having a size of at least N ss before issuing the key fob. sp is the size of 1 PK unit, ss is the size of 1 SK, and SK is the private key. The CA server will generate N PK/SK pairs, denoted PKv/SKv, for v ∈ [1, N ]. And (2,2) secret sharing calculation is carried out on the public key PKv to obtain (x1, PK1) v, (x2, PK2) v, and v belongs to [1, N ]. The CA server generates a PKR, which is a true random number, preferably a quantum random number. And the CA server randomly generates an FPOS algorithm ID and an FPOS internal parameter, and calculates to obtain a PKPOS (public key system) which is a position pointer of the public key unit. The CA server assigns the position of the public key pool file PKPOS, namely writes PKR, FPOS information, (x1, PK1) v and PK algorithm. And the CA server assigns the position of the private key pool file PKPOS, namely writes the SK. If the position of the PKPOS is assigned, replacing 1 or more of the PKR, the FPOS algorithm ID and the FPOS internal parameters, and executing the process again until the position which is not assigned is found.
The CA server generates a public and private key pair PKCA/SKCA based on RSA algorithm as the key of the CA server. And sending the CA public and private key pair PKCA/SKCA and the public key pool to the CA key card in a secure mode by taking the issued first key card as the CA key card. And the key fob issued subsequently is a user key fob, the CA public key and the public key pool are sent to the user key fob in a secure manner, an unassigned public key unit or private key is found from the public key pool or private key pool of the CA server, and the corresponding public and private key pair PKv/SKv and the corresponding public key unit pointer random number, public key secret shard (x2, PK2) v are issued to the user key fob.
The method of secure transmission may be any of the following 6 cases:
(1) the user key fob is directly connected to the CA key fob through a USB or network interface or the like, and information is transmitted by the CA key fob;
(2) the user key card and the CA key card are both connected to a certain security host approved by CA through a USB or network interface and the like, and the host transfers information;
(3) the CA key fob and the user key fob are distributed with pre-shared keys, the CA key fob encrypts information with the pre-shared keys, and the information is decrypted by the user key fob after being transmitted to the user key fob by the network;
(4) a quantum key distribution network is arranged between the CA key fob and the user key fob, and the CA key fob encrypts information by using a key distributed by the quantum key, transmits the information to the user key fob and is decrypted by the user key fob;
(5) copying information directly into a user key fob via a secure storage medium;
(6) other secure transmission means not mentioned.
Example one
1.1 digital certificate Generation
The structure of the digital certificate is shown in fig. 3.
In this embodiment, the digital certificate includes four parts, namely certificate information, issuer information, holder information, and an issuer digital signature. The certificate information comprises a version number, a serial number and a validity period; the information of the issuer is the name of the issuer; the holder information comprises (x2, PK2) v after the holder name, the holder public key algorithm, the pointer random number of the public key unit of the holder and the holder public key PKv are shared by (2,2) secret; the issuer digital signature includes a CA digital signature.
The generation of the CA digital signature is as follows:
before digital signature, the CA server finds out corresponding secret fragments (x1, PK1) through a random number of a public key unit pointer of the holder, performs secret recovery calculation by combining the secret fragments (x2, PK2) disclosed by the holder to obtain a holder public key PKv, and obtains actual holder information. The actual holder information includes the holder name, the holder public key algorithm, the holder's public key unit pointer random number, and the holder public key PKv.
The certificate information, the issuer information and the actual holder information are collectively called as the actual content of the certificate and named as PCERT3, the CA server utilizes a private key SKCA of the CA server to perform signature calculation of an RSA algorithm on the PCERT3 to obtain a signature SIGCA ═ HASH (PCERT3) ^ SKCAmod n, wherein HASH () represents a HASH algorithm used in the RSA algorithm and used for calculating a HASH value; n is the parameter of the RSA algorithm, i.e. the product of 2 large prime numbers.
In particular, the quantum computation resistant root certificate is a CA self-signed certificate: the issuer is the holder, i.e. the CA server. The main difference between the root certificate and the ordinary digital certificate is that the holder information of the root certificate is as follows: holder name, public key algorithm, hash of CA public key hash (pkca).
Before using a common digital certificate, a user generally downloads and installs a CA root certificate in advance, verifies the validity of the CA root certificate, and sets the CA root certificate as a trusted certificate. The CA root certificate is used to authenticate other digital certificates.
1.2. Digital certificate verification
1.2.1 authentication of generic digital certificates
The classic digital certificate is generated with the holder public key, but the digital certificate in the embodiment has no public key, and only the random number of the public key unit pointer and the public key PKv pass through (2,2) secret to share the generated (x2, PK2) v. Therefore, an adversary cannot crack the corresponding private keys, including the private key of the user and the private key of the CA server, through the digital certificate. The security of the digital certificate is guaranteed.
Before verifying the digital certificate, the user firstly matches in the public key pool according to the random number PKR of the pointer of the public key unit, whether the PK unit with the same PKR can be found or not is judged, if not, the verification fails, and the process is ended. If found, the PKR is then calculated based on the FPOS information in the matched PK unit, and the resulting value is compared to the PKPOS for that PK unit. If so, the PKR verification is passed. And taking out the secret shards (x1, PK1) v in the PK unit, and carrying out secret recovery calculation by combining the corresponding secret shards (x2, PK2) v in the digital certificate to obtain the holder public key PKv. Verification of the digital signature is then performed.
First the user takes the CA public key PKCA stored inside the key fob and verifies the issuer digital signature in the digital certificate using PCERT3 (certificate information, issuer information, and actual holder information). If the signature verification fails, the digital certificate is false. Otherwise, the validity period of the digital certificate is verified, and if the validity period is within the validity period, the digital certificate is successfully verified. Otherwise, the digital certificate fails to verify.
1.2.2 authentication of root certificates
If the user verifies a digital certificate, the issuer of the certificate is found to be the holder, and then the verification process of the root certificate is entered.
The specific process of root certificate verification is as follows:
firstly, the user takes out the CA public key PKCA stored in the key fob, hash operation is carried out on the public key PKCA to obtain HASH (PKCA) ', the HASH (PKCA) ' and the hash value HASH (PKCA) in the digital certificate are compared, if the HASH (PKCA) ' and the hash value HASH (PKCA) are different, the digital certificate is failed to be verified, and the process is ended. Otherwise, the next verification is carried out. The issuer digital signature in the root certificate is verified using the public key PKCA. If the signature verification fails, the digital certificate is false. Otherwise, further verification is carried out. And checking the validity period of the digital certificate and verifying whether the certificate is positioned in the validity period. If the root certificate is successfully verified within the validity period, the root certificate can be stored in the root certificate set. Otherwise, the root certificate authentication fails.
1.3. Digital certificate verification of subsequent instances
The user is verifying the holder's digital certificate and obtaining the digital certificate holder's public key. If the holder's public-private key pair is based on the ECDSA algorithm, the signature computed by the private key can be denoted as r, s. Because r in the signature is easy to be cracked by a quantum computer, the private key is leaked, so that the offset calculation needs to be carried out on r, and the negotiation of the offset can be realized through a public key pool. For example, a secret fragment (x1, PK1) v of the public key unit of the signer is taken, a HASH value algorithm is performed on the secret fragment and the s parameter in the signature to obtain HASH ((x1, PK1) v | | | s), an offset is performed on r by using the HASH value to obtain r + HASH ((x1, PK1) v | | | s), and the final signature is expressed as (r + HASH ((x1, PK1) v | | | s), s). Since HASH ((x1, PK1) v | | | s) cannot be known by an adversary, r cannot be known by the adversary, and therefore cracking of r by a quantum computer can be prevented.
In summary, the invention provides security and reliability of quantum computation resistance for the digital certificate by means of secret sharing of the user public key without affecting the generation efficiency.
The above description is only of the preferred embodiments of the present invention, and it should be noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention and these are intended to be within the scope of the invention.

Claims (7)

1. A quantum computation resistant CA and certificate issuing system based on secret shared public key pool is characterized in that: the CA server and each user are provided with a key fob in which the same public key pool and respective public and private key pairs are stored, the CA server issues the key fob and a digital certificate, and the CA server obtains a user public key secret fragment I and a user public key secret fragment II for each user public key in a secret sharing mode;
the public key pool stores public key units corresponding to the number of users in the group, and each public key unit comprises a public key unit pointer random number used for representing user public key information, a public key pointer function, a user public key secret fragment I and a public key algorithm;
the user key card also stores a CA public key, a user public key secret fragment II and a public key unit pointer random number;
the digital certificate includes certificate information, issuer information, holder information, and an issuer digital signature.
2. The secret shared public key pool based quantum computation resistant CA and certificate issuance system according to claim 1, wherein: when an issuer and a holder of the digital certificate are both CA servers, the CA servers generate anti-quantum certificates serving as CA root certificates through self-signing, and holder information comprises holder names, holder public key algorithms and hash values of CA public keys; when the issuer and the holder of the digital certificate are different, the anti-quantum certificate generated by the CA server is used as a common digital certificate, and the holder information comprises a holder name, a holder public key algorithm, a public key unit pointer random number and a public key secret fragment II.
3. The secret shared public key pool based quantum computation resistant CA and certificate issuance system according to claim 1, wherein: the public key pointer function comprises a public key pointer function algorithm ID and internal parameters, and the position pointer value of the public key unit is obtained by calculation by taking the random number of the pointer of the public key unit as the input quantity.
4. The secret shared public key pool-based quantum computation-resistant CA and certificate issuing method according to claim 1, wherein the digital certificate issuing step is:
generating certificate information comprising a version number, a serial number and a validity period;
generating issuer information including an issuer name;
generating holder information which comprises a holder name, a holder public key algorithm, a holder public key unit pointer random number and a holder public key secret fragment II of the holder after the holder public key is subjected to secret sharing in the step (2, 2);
generating a CA digital signature, finding a corresponding public key secret fragment I by a CA server through a public key unit pointer random number of a holder before the digital signature is carried out, carrying out secret recovery calculation by combining a holder public key secret fragment II disclosed by the holder to obtain a holder public key and obtain actual holder information, wherein the actual holder information comprises a holder name, a holder public key algorithm, a holder public key unit pointer random number and a holder public key;
taking the certificate information, the issuer information and the actual holder information as actual certificate contents, and performing digital signature calculation on the actual certificate contents by using a CA (certificate authority) private key to obtain a digital signature;
and sending the signed anti-quantum certificate to a corresponding user.
5. The secret shared public key pool-based quantum computation-resistant CA and certificate verification method according to claim 2, wherein the CA root certificate verification method is as follows:
the user takes out the CA public key stored in the key fob, the hash value obtained by carrying out hash operation on the CA public key is compared with the hash value in the digital certificate, if the CA public key is the same, the next step is carried out, otherwise, the process is ended;
the user adopts the CA public key to verify the digital signature of the issuer in the root certificate, the next step is entered after the verification, otherwise, the process is finished;
and the user checks the validity period of the digital certificate, if the digital certificate is in the validity period, the root certificate is successfully verified and stored in the root certificate set, otherwise, the authentication of the root certificate fails.
6. The secret shared public key pool-based quantum computation CA and certificate verification method according to claim 5, wherein the quantum computation CA and certificate verification method comprises:
the user verifies whether the holder of the anti-quantum digital certificate is the issuer CA server, if so, the authentication process of the CA root certificate is started; if not, entering the next common digital certificate verification process;
before the digital signature verification, a user finds a matched public key unit in a public key pool according to a pointer random number of the public key unit;
the user takes out the secret fragment I in the matched public key unit, performs secret recovery calculation by combining with the corresponding secret fragment II in the digital certificate to obtain the public key of the holder, obtains actual holder information, and takes the certificate information, the issuer information and the actual holder information as the actual content of the certificate;
the user adopts the CA public key and utilizes the actual content of the certificate to verify the digital signature of an issuer in the digital certificate, the next step is entered after the verification is passed, otherwise, the process is ended;
the user checks the validity period of the digital certificate, if the validity period is within the validity period, the digital certificate is successfully verified, otherwise, the digital certificate fails to be verified.
7. The secret shared public key pool-based quantum computation-resistant CA and certificate verification method according to claim 6, wherein: the steps of the user finding the matched public key unit are as follows: the user searches the public key unit with the same pointer random number of the public key unit in the public key pool according to the pointer random number of the public key unit, if the public key unit is not found, the verification fails, and the process is finished; if the random number is found, calculating the pointer random number of the public key unit according to the public key pointer function in the matched public key unit, and comparing the calculated position pointer value of the public key unit with the position pointer of the public key unit; if the public key units are identical, the verification is passed, and the units are matched public key units.
CN201911395270.6A 2019-12-30 2019-12-30 Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof Active CN111211910B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911395270.6A CN111211910B (en) 2019-12-30 2019-12-30 Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911395270.6A CN111211910B (en) 2019-12-30 2019-12-30 Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof

Publications (2)

Publication Number Publication Date
CN111211910A true CN111211910A (en) 2020-05-29
CN111211910B CN111211910B (en) 2023-04-14

Family

ID=70786448

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911395270.6A Active CN111211910B (en) 2019-12-30 2019-12-30 Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof

Country Status (1)

Country Link
CN (1) CN111211910B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112037054A (en) * 2020-07-21 2020-12-04 杜晓楠 Method and computer readable medium for hiding a user's quota of assets in a decentralized identity system
CN113541972A (en) * 2021-09-17 2021-10-22 杭州天谷信息科技有限公司 Digital certificate generation method and electronic signature method
CN113742760A (en) * 2021-11-04 2021-12-03 武汉泰乐奇信息科技有限公司 Big data calling method and device for preventing data increase
CN113919005A (en) * 2021-10-18 2022-01-11 北京理工大学 Digital certificate issuing method based on Schnorr polymerization signature
CN113986845A (en) * 2021-12-27 2022-01-28 南京大学 Method and system for issuing unconditional trusted timestamp
CN114095199A (en) * 2020-08-07 2022-02-25 Abb瑞士股份有限公司 Industrial automation system apparatus, system, and method with secure communications
CN114362952A (en) * 2020-10-13 2022-04-15 如般量子科技有限公司 Sender offline digital currency quantum computation resistant transaction method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002344438A (en) * 2001-05-14 2002-11-29 Nippon Telegr & Teleph Corp <Ntt> Key sharing system, key sharing device and program thereof
WO2016209939A1 (en) * 2015-06-22 2016-12-29 Cyphre, Llc Accelerated encryption and decryption of files with shared secret and method therefor
CN109672537A (en) * 2019-01-18 2019-04-23 如般量子科技有限公司 Anti- quantum certificate acquisition system and acquisition methods based on public key pond
CN109918888A (en) * 2019-01-15 2019-06-21 如般量子科技有限公司 Anti- quantum certificate authority method based on public key pond and issue system
CN110519046A (en) * 2019-07-12 2019-11-29 如般量子科技有限公司 Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002344438A (en) * 2001-05-14 2002-11-29 Nippon Telegr & Teleph Corp <Ntt> Key sharing system, key sharing device and program thereof
WO2016209939A1 (en) * 2015-06-22 2016-12-29 Cyphre, Llc Accelerated encryption and decryption of files with shared secret and method therefor
CN109918888A (en) * 2019-01-15 2019-06-21 如般量子科技有限公司 Anti- quantum certificate authority method based on public key pond and issue system
CN109672537A (en) * 2019-01-18 2019-04-23 如般量子科技有限公司 Anti- quantum certificate acquisition system and acquisition methods based on public key pond
CN110519046A (en) * 2019-07-12 2019-11-29 如般量子科技有限公司 Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112037054A (en) * 2020-07-21 2020-12-04 杜晓楠 Method and computer readable medium for hiding a user's quota of assets in a decentralized identity system
CN112037054B (en) * 2020-07-21 2023-10-03 杜晓楠 Method and computer readable medium for hiding user's asset line in a decentralized identity system
CN114095199A (en) * 2020-08-07 2022-02-25 Abb瑞士股份有限公司 Industrial automation system apparatus, system, and method with secure communications
CN114362952A (en) * 2020-10-13 2022-04-15 如般量子科技有限公司 Sender offline digital currency quantum computation resistant transaction method and system
CN113541972A (en) * 2021-09-17 2021-10-22 杭州天谷信息科技有限公司 Digital certificate generation method and electronic signature method
CN113919005A (en) * 2021-10-18 2022-01-11 北京理工大学 Digital certificate issuing method based on Schnorr polymerization signature
CN113742760A (en) * 2021-11-04 2021-12-03 武汉泰乐奇信息科技有限公司 Big data calling method and device for preventing data increase
CN113986845A (en) * 2021-12-27 2022-01-28 南京大学 Method and system for issuing unconditional trusted timestamp

Also Published As

Publication number Publication date
CN111211910B (en) 2023-04-14

Similar Documents

Publication Publication Date Title
CN111211910B (en) Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof
CN109672537B (en) Anti-quantum certificate acquisition system and method based on public key pool
US9967239B2 (en) Method and apparatus for verifiable generation of public keys
CN109918888B (en) Anti-quantum certificate issuing method and issuing system based on public key pool
CN109583893B (en) Traceable block chain-based digital currency transaction system
US20150288527A1 (en) Verifiable Implicit Certificates
US9385872B2 (en) Reissue of cryptographic credentials
CN110690957B (en) Anti-quantum computing private key backup, loss report and recovery method and system
CN110661613B (en) Anti-quantum-computation implicit certificate issuing method and system based on alliance chain
EP3496331A1 (en) Two-party signature device and method
CN110545169B (en) Block chain method and system based on asymmetric key pool and implicit certificate
CN110737915B (en) Anti-quantum-computation anonymous identity recognition method and system based on implicit certificate
KR20230024369A (en) Creation of Secret Shares
US8356182B2 (en) Electronic signature system and electronic signature verifying method
KR20230093432A (en) Identification of Denial of Service Attacks
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity
TW202318833A (en) Threshold signature scheme
WO2023016729A1 (en) Generating digital signature shares
CN110572257B (en) Identity-based data source identification method and system
CN110838918B (en) Anti-quantum certificate issuing method and system based on public key pool and signature offset
EP4304130A1 (en) Verifying authenticity of a transaction message
WO2023016730A1 (en) Generating digital signatures
KR20240045231A (en) Creation of digitally signed shares

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant