CN111416715A - Quantum secret communication identity authentication system and method based on secret sharing - Google Patents

Quantum secret communication identity authentication system and method based on secret sharing Download PDF

Info

Publication number
CN111416715A
CN111416715A CN202010277217.2A CN202010277217A CN111416715A CN 111416715 A CN111416715 A CN 111416715A CN 202010277217 A CN202010277217 A CN 202010277217A CN 111416715 A CN111416715 A CN 111416715A
Authority
CN
China
Prior art keywords
service station
public key
key
component
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010277217.2A
Other languages
Chinese (zh)
Other versions
CN111416715B (en
Inventor
富尧
钟一民
杨羽成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Nanjing Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Nanjing Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd, Nanjing Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN202010277217.2A priority Critical patent/CN111416715B/en
Publication of CN111416715A publication Critical patent/CN111416715A/en
Application granted granted Critical
Publication of CN111416715B publication Critical patent/CN111416715B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a quantum secret communication identity authentication system and method based on secret sharing, which comprises service stations and user sides which are in communication connection, wherein each service station is provided with more than one user side, the user sides are mobile equipment groups formed by more than one mobile equipment, the mobile equipment in the same group secretly shares the same equipment ID, equipment false identity and equipment key, login identity authentication is implemented between the user side and the belonging service station, and a group session key is generated; and generating a session key between the two mobile devices in the identity authentication process between the two mobile devices. In the authentication method, the complete secret key and the ID of the user are not exposed in the network, the secret shared secret key is updated after each identity authentication, the threshold signature process is simplified, the attack of a quantum computer can be resisted without encryption, and the security of the identity authentication is greatly improved.

Description

Quantum secret communication identity authentication system and method based on secret sharing
Technical Field
The invention relates to the technical field of secret sharing, in particular to a quantum secret communication identity authentication system and method based on secret sharing.
Background
Quantum communication technology is an emerging secure communication technology established based on quantum physics. The quantum communication technology of China has already entered the stage of practicability, and its application prospect and strategic significance have also drawn extensive attention to the development of the industry by local governments and important industries. In addition to establishing quantum communication trunks, some large-scale metropolitan quantum communication networks have also been successfully built and operated. Based on the metropolitan area quantum communication network, the quantum communication technology also has primary application, and high-security video voice communication and other applications can be realized. Quantum communication networks such as quantum communication trunk and quantum communication metropolitan area networks constitute a quantum communication network, and the essence of the quantum communication network is Quantum Key Distribution (QKD). Quantum communication networks built on QKD technology can therefore be referred to as QKD networks.
With the rapid development of the mobile internet, the business websites in the enterprise and public institution gradually develop towards the mobile terminal, so that the user hopes to access the website server in the enterprise and public institution through the portable mobile terminal in order to facilitate the staff to know the work content at any time. If the identity authentication has a vulnerability, data leakage can be caused, and irreparable results can be brought to enterprises. Therefore, a secure and reliable identity authentication method is very necessary. The existing authentication methods for the mobile terminal mainly include: the authentication is carried out by logging in authentication through an account number and a password, authentication through a dynamic password, and authentication through comparing equipment identification information with user equipment information prestored in an authentication server, but the possibility that the account password, the dynamic password and the equipment ID are intercepted and leaked exists.
However, the existing mobile device identity authentication methods usually use an encryption method based on mathematical algorithm complexity in the information transmission process, such as currently mainstream asymmetric encryption algorithms, for example, RSA encryption algorithm, which are mostly based on two mathematical problems, namely factorization of large integers or calculation of discrete logarithms over a finite field. Their difficulty in breaking is also dependent on the efficiency with which these problems are solved. On a traditional computer, the two mathematical problems are required to be solved, and the time is taken to be exponential (namely, the cracking time increases in exponential order along with the increase of the length of the public key), which is not acceptable in practical application. The xiuer algorithm tailored for quantum computers can perform integer factorization or discrete logarithm calculation within polynomial time (i.e. the cracking time increases at the speed of k power along with the increase of the length of a public key, wherein k is a constant irrelevant to the length of an ID), so that the possibility is provided for the cracking of RSA and discrete logarithm encryption algorithms.
Patent document CN108650028B discloses a multiple authentication system and method based on a quantum communication network and a true random number, which is based on multiple authentications performed by the quantum communication network and the true random number, and aims to improve system security better, but in the process of performing bidirectional authentication between a user a and a user B, the user a sends a message including the random number to the user B in a plaintext form, a session key is generated by the user B and a quantum network service station synchronously, a session key is known by the service station, and the authentication process is mainly performed among the user a, the user B and a previous quantum communication service station, and the encryption and decryption modes are single.
Patent document CN 110808834A discloses a quantum key distribution method and a quantum key distribution system, and discloses quantum key distribution information including: a public key of the terminal and an encryption algorithm corresponding to the public key; receiving a quantum key sent by a quantum key node, encrypting the quantum key according to the public key and the encryption algorithm, and detecting the timeliness of the quantum key.
In summary, the conventional authentication method based on the mobile device has the following problems:
1. after the key fob is lost or stolen, the key fob may be hacked to obtain the internal key. If the private key of the asymmetric key system is known to the adversary, the ownership of the private key will be lost. If the public key of the asymmetric key system is known by an enemy, if the enemy owns the quantum computer, the private key is cracked through the public key, and the ownership corresponding to the private key is lost.
2. After the key fob is lost or stolen, it may be directly used and may damage the rights and interests corresponding to the user account. For example, the user account is transferred with the right, and the right is stolen.
3. The quantum computing resistance of the existing digital signature is not high, and a signature private key can be obtained by computing. In order to make the digital signature have quantum computing resistance, the digital signature must be encrypted, and the computation amount of the digital signature is increased.
4. The ID of the existing network communication subject is exposed in the network, and the security of the user privacy is not high.
5. The existing multi-party threshold signature method has the disadvantages of more complex flow and higher communication cost.
6. In the existing algorithm based on the ID cryptography, an elliptic curve generating element is used as a fixed parameter and cannot be changed permanently, and the safety of a system based on the ID cryptography is not high enough.
Disclosure of Invention
The technical purpose is as follows: aiming at the technical problems, the invention provides a quantum secret communication identity authentication system and method based on secret sharing.
The technical scheme is as follows: in order to achieve the technical purpose, the invention adopts the following technical scheme:
a quantum secret communication identity authentication system based on secret sharing is characterized in that: the system comprises service stations and user terminals which are in communication connection, wherein the service stations are quantum communication service stations, each service station is provided with more than one user terminal, and the user terminals are mobile equipment groups formed by more than one mobile equipment;
the mobile devices in the same group are issued with key fobs by the service station and share the same device ID, device false identity PID and device key with (n, n) secret, and corresponding secret sharing random numbers, ID components, device false identity PID components and key components are stored in each mobile device key fob in a distributed mode; the device key comprises a main private key, a main public key, a temporary private key and a temporary public key which are authenticated and updated at a time;
the service station is provided with a service station public key and a service station private key which are authenticated and updated once; implementing login identity authentication between a user side and a service station to which the user side belongs, and generating a group session key in the login identity authentication process; and performing communication identity authentication between the two mobile devices, and generating a session key between the mobile devices in the communication identity authentication process.
The invention also discloses a secret sharing-based secret key distribution method of the quantum secret communication identity authentication system, which is characterized by sequentially executing the following steps:
a1, the service station sends a group of secret sharing random numbers, a base point generator and the service station ID to each mobile device under the same user end; different mobile devices correspond to different secret sharing random numbers;
a2, each mobile device generates two true random numbers which are respectively used as a main private key component and a temporary private key component, and calculates the corresponding main public key component and temporary public key component by combining the received base point generator;
calculating a hash value of a combination of the base point generator and the service station ID and taking the hash value as a service station public key, and calculating a service station private key component according to the main private key component and the service station public key;
each mobile device sends the main public key component, the temporary public key component and the service station private key component to the service station;
a3, the service station calculates the complete master public key, temporary public key and service station private key according to the secret shared random number, the master public key component, temporary public key component and service station private key component sent by all mobile devices under the same user side, and calculates the hash value of the temporary public key;
calculating the false identity PID of the equipment according to the equipment ID and the corresponding base point generator, and carrying out secret sharing on the false identity PID of the equipment by using the corresponding secret sharing random number;
sending the obtained hash values of the multiple groups of equipment false identity PID components, the main public key and the temporary public key to a user side, and storing key items corresponding to the user side, wherein the key items comprise an equipment ID, the main public key, a service station private key, a base point generator, all secret sharing random numbers and equipment false identity PID components;
a4, each mobile device of the user end stores the corresponding device false identity PID component, secret sharing random number, main private key component, main public key, temporary private key component, temporary public key component, hash value of the temporary public key, base point generator and service station ID.
The invention also discloses a login identity authentication method of the quantum secret communication identity authentication system based on secret sharing, which is characterized in that login identity authentication is implemented between the user side and the service station to which the user side belongs, and a group session key is generated in the login identity authentication process; the method comprises the following steps:
b1, the mobile devices in the same group are used as the initiator of the authentication request, and send an encrypted first device-side message to the service station, wherein the first device-side message comprises a first message component and a first message authentication code generated by each mobile device;
b2, the service station is used as an authentication request processing party, verifies and processes the first equipment terminal message, and returns the first authentication terminal message to each mobile equipment of the user terminal, wherein the first authentication terminal message comprises notification content and a notification signature, and the notification content comprises a group session key;
b3, after the mobile devices verify and process the first authentication end message, sending an encrypted second device end message to the service station, wherein the second device end message comprises a second message component and a second message authentication code generated by each mobile device;
b4, the service station verifies and processes the second equipment terminal message, and returns a second authentication terminal message to each mobile equipment of the user terminal;
and B5, the mobile equipment verifies and processes the second authentication end message to obtain the notification content and the notification signature, and the identity authentication is finished after the verification is passed.
Preferably, the first message component comprises a device-side signature component, and the generating step comprises:
the mobile equipment generates an authentication request message and acquires a uniform timestamp with all the mobile equipment in the same group;
combining the service station ID, the authentication request information and the timestamp as transaction content, using the hash value of the temporary public key as an R signature parameter, calculating the hash value of the combination of the R signature parameter and the transaction content and using the hash value as an E signature parameter;
and calculating to obtain the device side signature component according to the temporary private key component, the main private key component and the E signature parameter.
Preferably, in step B2, the service station generates a new base point generator, a group session key, and a notification for use in a next round of signature, where the notification content includes the notification, the new base point generator, and the group session key, and the notification signature is calculated by the service station according to all device-side signature components.
Preferably, the first message component includes a first ciphertext, the first ciphertext is obtained by encrypting the temporary public key component stored locally by the mobile device using the service station public key of the service station to which the mobile device belongs, and adding a first offset in the encryption process; the first offset includes a timestamp, a locally stored secret shared random number, and a device false identity PID component.
Preferably, in step B3, the mobile device generates two true random numbers as a new master private key component and a new ephemeral private key component for the next round of use, calculates a corresponding new master public key component and new ephemeral public key component in combination with the received new base station generator, and calculates a hash value of a combination of the new base station generator and the service station ID as a new service station public key;
the second message component comprises a second ciphertext, the second ciphertext is obtained by encrypting the combination of the new master public key component, the new temporary public key sub-management and the new service station private key component by the mobile device by using the service station public key, a second offset is added in the encryption process, and the second offset comprises a timestamp, a group session key and a locally stored false identity PID component.
Preferably, in step B4, the service station calculates a complete new master public key, a new temporary public key, and a new service station private key according to the secret shared random number, the new master public key component, the new temporary public key component, and the new service station private key component sent by all mobile devices under the same user side, and calculates a hash value of the new temporary public key; and calculating the false identity PID of the new device according to the device ID and the corresponding new base point generator, and carrying out secret sharing on the false identity PID of the new device by using the corresponding secret sharing random number.
Preferably, the first message authentication code is obtained by calculating a hash value of the base point generator by the mobile device, and the second message authentication code is obtained by calculating the second message component by the mobile device using the group session key.
Before the communication identity authentication is implemented between two mobile devices, each mobile device and the affiliated service station complete login identity authentication to obtain respective group session keys, under the protection of the group session keys, the mobile devices apply for the session keys between the mobile devices from the service station, and the session keys between the mobile devices are used for encrypting transmission messages between the mobile devices after the communication identity authentication is completed.
Has the advantages that: due to the adoption of the technical scheme, the invention has the following technical effects:
1. in the invention, after the key fob is lost or stolen, the key fob cannot be cracked violently to acquire the internal key. If the adversary obtains the user's key fob, the user's key fob has stored therein a secret shared random number hash value HxiSecret shared public key component PKiSecret shared private key component SKiTherefore, SK, PK cannot be recovered using secret sharing, i.e. without any valid identity-related key information. If the enemy acquires the quantum communication service station key fob, all secret sharing random numbers are stored in the quantum communication service station key fob, and SK and PK cannot be recovered by using secret sharing, namely, no valid key information related to identity exists. Since the private key of the user cannot be enemyAs known, since a small number of key fobs cannot successfully perform identity authentication, the private key cannot be maliciously acquired, and the private key cannot be lost due to the loss of the small number of key fobs, so that the ownership of the account corresponding to the private key is greatly protected.
2. In the invention, the public key of the user is not disclosed, so that the quantum computer cannot obtain the public key and cannot obtain the private key corresponding to the public key; the public key of the user which is not disclosed is added into the process that the service station signs the user certificate, so that the certificate signature can resist the attack of quantum computation without extra encryption protection, and the computation amount of digital signature and verification signature is reduced; for the threshold signature, a signature component (namely TxsigE) is not disclosed, so that an adversary lacks the necessary parameters for cracking the threshold signature, and the threshold signature can resist attack of a quantum computer without encryption.
3. In the invention, the ID of the device owner is shared by the plurality of devices in a secret mode, and the service station recovers the secret of the ID after receiving the secret components of the IDs of the plurality of devices, so that the ID of the device owner is not exposed in the network, and the safety is improved.
4. In the invention, the secret shared secret key is updated after each identity authentication, thereby improving the safety.
5. In the invention, the threshold signature process is greatly simplified and the communication cost is reduced by pre-sharing the parameters of the threshold signature.
6. When the algorithm based on the ID cryptography is used, the elliptic curve generating element is used as a variable parameter, the identity authentication is changed every time, and the safety of the system based on the ID cryptography is greatly improved.
Drawings
Fig. 1 is a system configuration diagram according to an embodiment of the present invention.
Detailed Description
Description of the System
The system structure diagram of the present invention is shown in fig. 1, where a user side a and a user side B are mobile device clusters and have quantum key fobs, where the user side a is used as an active side and the user side B is used as a passive side. Key card of A is by quantum communication service stationQA, B, is issued by the quantum communication service station QB. The ID of A is IDAThe ID may be the ID of the device owner of the mobile device cluster corresponding to the a; similarly, the ID of B is IDB
The mobile device may be:
(1) the UKEY is connected with the user host through a USB interface;
(2) the IC key card is connected with the user host through an IC card reader;
(3) an NFC key fob connected to a user host through NFC;
(4) the Bluetooth KEY is connected with the user host through Bluetooth;
(5) the infrared KEY is connected with the user host through infrared;
(6) and the WIFI key fob is connected with the user host through WIFI.
The actual embodiment of the mobile device may be: the mobile phone comprises a car key, a mobile communication terminal (such as a mobile phone and the like), wearable equipment (such as a Bluetooth headset, smart glasses, a smart watch and the like), an IC card and the like.
The user host may be a PC, cell phone, or other computing device with networking capabilities.
The user goes to the QKD device in the area where the user is located to register and obtain a quantum key fob (with a unique quantum key fob ID) after approval. The quantum key card stores user registration information and is also internally provided with an identity authentication protocol, at least comprising a key generation algorithm and an authentication function or other algorithms related to identity authentication.
In the invention, the password system for communication of the mobile equipment A uses an ECC system.
The ID of Mobile device A is denoted IDAi(i∈[0,n-1])。
The number of secret components is n.
When the quantum communication service station QA issues a key fob for the mobile device A, the domain parameters of the elliptic curve including q, a, b, P and n are selected first. q represents the size of the finite field Fq; the variables a and b being elliptic curves y2=x3A coefficient of + ax + b, satisfies 4a3+27b2Not equal to 0; p is the base point generator. After generating the elliptic curve, selecting a base point generator P full ofIts order is an integer n. The generated private key sk and public key pk satisfy pk sk P. The relevant parameters q, a, b, P, n of the algorithm are written to the key fob designated area.
The secret sharing of (n, n) is performed for the private key SK of each user side. When secret sharing of (t, n) is carried out on information m, n is the number of fragments of m for splitting shared secret, t is the minimum number of fragments required for recovering m, and t is more than or equal to 2 and less than or equal to n.
Randomly selecting n different nonzero elements from finite field GF (q) of prime order q to generate secret sharing random number x0,x1,x2,...,xn-1Is assigned to participant Pi (i ∈ [0, n-1 ]])。
Selecting t-1 elements a from GF (q) aiming at a private key SK1,a2,...,at-1Structural polynomial
Figure BDA0002444239200000077
Figure BDA0002444239200000078
Then SK existsi=f(xi) (i is more than or equal to 0 and less than or equal to n-1). The calculated secret component is (x)i,SKi). In the case of an ECC system: PKi=SKi*P。
SK can be recovered by obtaining any t shadow secrets from n participants, and the specific steps are as follows:
according to the formula
Figure BDA0002444239200000071
Determining a Lagrangian parameter lambdaiAccording to the formula SK (f (0) ∑ λi*SKiSK is obtained. In the case of an ECC system:
Figure BDA0002444239200000072
Figure BDA0002444239200000073
for the user ID, the calculated secret component is (x)i,IDi). From n to nSK can be recovered by acquiring any t shadow secrets in a participant, and the specific steps are as follows: according to the formula
Figure BDA0002444239200000074
Determining a Lagrangian parameter lambdaiThen according to the formula
Figure BDA0002444239200000075
And obtaining the ID.
The invention performs secret sharing of (n, n).
Let the user's permanent private key SKMainThe permanent private key component is
Figure BDA0002444239200000076
The permanent public key of the user end is PKMain=SKMainP, permanent public key component PKiMain=SKiMain*P。
Taking a random number SKiTempAs a secret shared ephemeral private key component, the ephemeral public key component PKiTemp=SKiTempP, temporary private key
Figure BDA0002444239200000081
Temporary public key
Figure BDA0002444239200000082
Figure BDA0002444239200000083
Temporary public key hash value HPKTemp=H(PKTemp)=H(PKTempx||PKTempy) H (#) is a hash operation.
The user side key fob is obtained in a secure manner, e.g., by registering with the QKD device and importing corresponding key security information into the key fob.
Stage 1: key distribution
Step 1:
QA generates n sets of xi,(i∈[0,n-1]) Form n groups xi||PA||IDQAN to AAnd (4) each member. Wherein, PAIs a generator specific to a.
Step 2:
a receives xi||PA||IDQAThereafter, a true random number SK is generated by the key fobAMainiAnd SKATempiCalculating PKAMaini=SKAMaini*PA,PKATempi=SKATempi*PA
Calculation of PKQA=H1(PA||IDQA),H1() is a hash operation based on ID cryptography. SKQAi=SKAMaini*PKQA. N groups of PKAMaini||PKATempi||SKQAiAnd sent to QA.
And step 3:
QA from n groups (x)i,PKAMaini) To restore PKAMainThe principle is as follows:
Figure BDA0002444239200000084
according to the same principle, according to n groups (x)i,PKATempi) Recovery of
Figure BDA0002444239200000085
QA from n groups (x)i,SKQAi) And recovering SK based on ID cryptography principleQAThe principle is as follows:
Figure BDA0002444239200000086
Figure BDA0002444239200000087
computing
Figure BDA0002444239200000088
To PIDASecret sharing to obtain n groups (x)i,PIDAi)。
Calculating HPKATemp=H(PKATemp) N sets of PIDAi||PKAMain||HPKATempSending the data to A, and storing an item related to A, wherein the stored item is as follows: IDA||PKAMain||SKQA||PA||{(xi,PIDAi),(i∈[0,n-1])}。
And 4, step 4:
after receiving the PID, the user end A stores the PIDAi/xi/SKAMaini/PKAMaini/PKAMain/SKATempi/PKATempi/HPKATemp/PA/IDQA
And (2) stage: login identity authentication
Step 1: a → QA.
The n mobile devices obtain the uniform time timeR and the authentication Request message Request.
Each mobile device calculates the PKQA=H1(PA||IDQA) Using PKQAFor PKATempiUsing an encryption algorithm based on ID cryptography, the encryption process is as follows:
generating a random number r, EPKiU=r*PA,g=e(PKQA,PKAMaini),
Figure BDA0002444239200000091
Wherein H2() is a hash operation.
Is calculated to obtain
Figure BDA0002444239200000092
Figure BDA0002444239200000093
For EPKiUCalculating the offset to obtain EPK'i={EPKiU-HG(timeR||xi||PIDAi),EPKiV}. Where HG is a hash function that maps integers to elliptic curve points.
Each mobile device will IDQACombining timeR and Request into Tx, making TxsigR equal to HPKATempThen, TxsigE | | H (TxsigR | | Tx) is calculated. Where H (×) is a hash operation.
Each mobile device calculates a signature component ReqSigi=SKATempi+SKAMaini*TxsigE(modq)。
MsgA1 is made for each mobile devicei=PIDAi||Tx||EPK′i||ReqSigi
Computing HP per Mobile deviceA=H(PA) Using HPAFor MsgA1iMaking a message authentication code MAC (MsgA 1)i,HPA) All MsgA1iAnd the MsgA1 is combined and sent to the quantum communication service station QA. MsgA1 may be denoted as MsgA1 ═ { MsgA1i||MAC(MsgA1i,HPA),(i∈[0,n-1])}。
Step 2: QA → A.
After receiving the MsgA1, the QA judges the rationality of the timeR and the Request in the Tx, and checks whether all PIDs are contained locallyAiThe key entry of (2). QA extraction IDA||PKAMain||SKQA||PA||{(xi,PIDAi),(i∈[0,n-1])}。
According to PACalculating HPA=H(PA) For multiple MACs (MsgA 1)i,HPA) And (6) carrying out verification.
After the verification is passed, HG (timeR | | x) is calculatedi||PIDAi) And mixing EPK'iReverting to EPKi. Computing
Figure BDA0002444239200000094
Figure BDA0002444239200000095
According to n groups (x)i,PKATempi) Recovery of
Figure BDA0002444239200000096
Figure BDA0002444239200000101
Calculating HPKATemp=H(PKATemp) Let TxsigR be HPKATemp,TxsigE=H(TxsigR||Tx)。
QA makes a complete signature
Figure BDA0002444239200000102
Figure BDA0002444239200000103
PK for QAAMainVerifying the signature Txsig, which comprises the following specific steps:
(1) calculate PK'ATemp=Txsig*PA-PKAMainTxsigE; the principle is as follows: txsig PA-PKAMain*TxsigE=(SKATemp+SKAMain*TxsigE(mod q))*PA-PKAMain*TxsigE=PKATemp+PKAMain*TxsigE-PKAMain*TxsigE=PKATemp
To obtain PK'ATemp=(PK′ATempx,PK′ATempy)。
(2) Calculating TxsigR ═ H (PK'ATemp) Further, TxsigE 'H (TxsigR' | Tx) is calculated. And comparing the TxsigE' with the TxsigE obtained by decryption.
And after the verification is passed, the identity authentication is passed.
QA generates P usable by the next round of signatureANew
QA generates a group session key KS and a notification Notify.
Using SKQAFor Ntf1 Notify PANewI KS performs ID-based cryptographic signatures. The signature process is as follows:
generating a random number r, calculating PKQANew=H1(PANew||IDQA),UNtf1=r*PKQANew,h=H3(Ntf1,UNtf1),VNtf1=(r+h)*SKQA. Wherein H3() is a hash operation.
The signature Ntfsig1 is obtained as SIGN (Ntf1, SK)QA)=(UNtf1,VNtf1)。
Use of PKAMainiECIES encryption is carried out on the notification contents Ntf1 and Ntfsig1, and ENtf1 is obtained through calculationi=ENC(Ntf1||Ntfsig1,PKAMaini)={ENtf1iR,ENtf1ic,ENtf1it}. For ENtf1iRCalculating offset to obtain ENtf 1'i={ENtf1iR-PKATempi,ENtf1ic,ENtf1it}。
N groups of { ENtf 1'i,(i∈[0,n-1]) It is sent to a.
And step 3: a → QA.
Use of PKATempiMixing ENtf 1'iReverts to ENtf1iReuse of SKAMainiDecrypting ENtf1iResulting in Ntf1| | | Ntfsig 1.
Use of PKQAVerify Ntfsig1, verify (P)A,PKAMain,UNtf1+h*PKQANewVNtf1) is a Diffie-Hellman tuple. After the verification is passed, P is obtainedANew||KS。
After the verification is passed, each key fob of A generates a true random number SKAMainiNewAnd SKATempiNewCalculating PKAMainiNew=SKAMainiNew*PANew,PKATempiNew=SKATempiNew*PANew
Calculation of PKQANew=H1(PANew||IDQA),SKQAiNew=SKAMainiNew*PKQANew. N groups of PKAMainiNew||PKATempiNew||SKQAiNewAnd sent to QA.
Per mobile device usage PKQAFor PKAMainiNew||PKATempiNew||SKQAiNewThe calculation process is the same as above using an encryption algorithm based on ID cryptography.
Is calculated to obtain
Figure BDA0002444239200000111
Figure BDA0002444239200000112
For ESKiUCalculating offset to obtain 0 ESK'i={ESKiU-HG(timeR||KS||PIDAi),ESKiV}。
MsgA2 is made for each mobile devicei=PIDAi||ESK′i
KS pair MsgA2 for each mobile deviceiMaking a message authentication code MAC (MsgA 2)iKS), all MsgA2iAnd the MsgA2 is combined and sent to the quantum communication service station QA. MsgA2 may be denoted as MsgA2 ═ { MsgA2i||MAC(MsgA2i,KS),(i∈[0,n-1]))。
And 4, step 4: QA → A.
After receiving MsgA2, QA of quantum communication service station judges PIDAiIs reasonable (there are n PIDAs in the identity authentication session for which the search has not been completediSession(s).
Pairing multiple MACs according to KS (MsgA 2)iKS) was performed.
After the verification is passed, HG (timeR | | KS | | | PIDA) is calculatedi) Prepared from ESK'iReverting to ESKiCalculating
Figure BDA0002444239200000113
According to n groups (x)i,PKAMainiNew) Recovery of
Figure BDA0002444239200000114
According to n groups (x)i,PKATempiNew) Recovery of
Figure BDA0002444239200000115
According to n groups (x)i,SKQAiNew) Recovery of
Figure BDA0002444239200000116
Calculation of PKQANew=H1(PANew||IDQA),
Figure BDA0002444239200000117
To PIDANewTo carry outSecret sharing yields n groups (x)i,PIDAiNew)。
Calculating HPKATempNew=H(PKATempNew) N sets of Ntf2 are PIDAiNew||PKAMainNew||HPKATempNewThe signature based on the ID cryptography is performed, and the signature process is the same as above, resulting in the signature Ntfsig2 being SIGN (Ntf2, SK)QA)=(UNtf2,VNtf2)。
According to n groups (x)i,PKATempi) Recovery of
Figure BDA0002444239200000121
Use of PKAMainiNewECIES encryption is carried out on the notification contents Ntf2 and Ntfsig2, and ENtf2 is obtained through calculationi=ENC(Ntf2||Ntfsig2,PKAMainiNew)={ENtf2iR,ENtf2ic,ENtf2it}. For ENtf2iRCalculating offset to obtain ENtf 2'i={ENtf2iR-H(KS||PKAMainiNew),ENtf2ic,ENtf2it}。
N groups of { ENtf 2'i,(i∈[0,n-1]) It is sent to a.
QA updates the entry related to a: IDA||PKAMainNew||SKQANew||PANew||{(xi,PIDAiNew),(i∈[0,n-1])}。
Client A receives n groups of { ENtf 2'i,(i∈[0,n-1]) After that, H (KS | | | PK) is calculatedAMainiNew) And mixing ENtf 2'iReverts to ENtf2iReuse of SKAMainiNewDecrypting ENtf2iResulting in Ntf2| | | Ntfsig 2.
Use of PKQANewVerify Ntfsig2, verify (P)ANew,PKAMainiNew,UNtf2+h*PKQANewVNtf2) is a Diffie-Hellman tuple.
After the verification is passed, updating
PIDAiNew/xi/SKAMainiNew/PKAMainiNew/PKAMainNew/SKATempiNew/PKATempiNew/HPKATempNew/PANew/IDQA
And (3) stage: communication identity authentication
This phase is for a mobile device in client a to authenticate a communication identity with a mobile device in client B. In the following, A and B are used instead.
Let QA, QB be A, B's issuing service station, respectively. IDA and IDB carry information of IDQA and IDQB.
The session key of A logging in QA is KSAAnd the session key for B logging in QB is KSBThe flow of logging in and acquiring the session key is as described in stage 2.
QKD channel is built between QA and QB of quantum communication service station, QA and QB use quantum key KQCommunication, KQPosition in the symmetric key pool is PQ
Step 1:
the user end A knows that the service station of the opposite side is QB according to the IDB.
A utilization of KSAApplying QA for a key between QA and QB, QA will apply PQKey K for locationQUsing KSAThe protection of (2) is sent to a.
A selects a generator PABGenerating a public and private key pair SKA、PKA=SKA*PAB
Using KQEncryption PABAnd PKATo obtain { PAB||PKA}KQ. Combining to obtain MSGAB=IDA||IDB||TimeR||PQ||{PAB||PKA}KQ
Using KQFor MSGABComputing message authentication code and incorporating MSGABTogether as MAAnd sending the data to B. MACan be expressed as MSGAB||MAC(MSGAB,KQ)。
Step 2:
user B receives MAThereafter, using KSBApplying for P between QA and QB to QBQKey to location, QB to PQKey K for locationQUsing KSBThe protection of (2) is sent to B.
B uses KQFor MSGABComputing message authentication code and combining with MAC (MSG)AB,KQ) Performing comparison and verification, and using K after the verification is passedQDecrypting MSGABTo obtain PAB||PKA
According to the generation element PABGenerating a public and private key pair SKB、PKB=SKB*PAB
Calculating KAB=SKB*PKA
Using KQEncrypted PKBTo obtain { PKB}KQ. Combining to obtain MSGBA=IDA||IDB||TimeR||{PKB}KQ
Using KABFor MSGBAComputing message authentication code and incorporating MSGBATogether as MBAnd sending the data to A. MBCan be expressed as MSGBA||MAC(MSGBA,KAB). Subsequent B utilization of KABAnd carrying out message encryption and decryption and message authentication with the A. Can be combined with KABSplitting into KABEAnd KABAAs message encryption/decryption and message authentication keys, respectively.
And step 3:
user A receives MBThen, use KQDecrypting MSGBAObtaining PKB
Calculating KAB=SKA*PKB. Using KABFor MSGBAComputing message authentication code and combining with MAC (MSG)BA,KAB) Performing comparison and verification, and after the verification is passed, A confirms KABIs a session key. Subsequent A with KABAnd B, encrypting and decrypting the message and authenticating the message. Can be combined with KABSplitting into KABEAnd KABAAs message encryption/decryption and message authentication keys, respectively.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A quantum secret communication identity authentication system based on secret sharing is characterized in that: the system comprises service stations and user terminals which are in communication connection, wherein the service stations are quantum communication service stations, each service station is provided with more than one user terminal, and the user terminals are mobile equipment groups formed by more than one mobile equipment;
the mobile devices in the same group are issued with key fobs by the service station and share the same device ID, device false identity PID and device key with (n, n) secret, and corresponding secret sharing random numbers, ID components, device false identity PID components and key components are stored in each mobile device key fob in a distributed mode; the device key comprises a main private key, a main public key, a temporary private key and a temporary public key which are authenticated and updated at a time;
the service station is provided with a service station public key and a service station private key which are authenticated and updated once; implementing login identity authentication between a user side and a service station to which the user side belongs, and generating a group session key in the login identity authentication process; and performing communication identity authentication between the two mobile devices, and generating a session key between the mobile devices in the communication identity authentication process.
2. The secret sharing based secret secure quantum communication identity authentication system key distribution method according to claim 1, characterized by sequentially executing the following steps:
a1, the service station sends a group of secret sharing random numbers, a base point generator and the service station ID to each mobile device under the same user end; different mobile devices correspond to different secret sharing random numbers;
a2, each mobile device generates two true random numbers which are respectively used as a main private key component and a temporary private key component, and calculates the corresponding main public key component and temporary public key component by combining the received base point generator;
calculating a hash value of a combination of the base point generator and the service station ID and taking the hash value as a service station public key, and calculating a service station private key component according to the main private key component and the service station public key;
each mobile device sends the main public key component, the temporary public key component and the service station private key component to the service station;
a3, the service station calculates the complete master public key, temporary public key and service station private key according to the secret shared random number, the master public key component, temporary public key component and service station private key component sent by all mobile devices under the same user side, and calculates the hash value of the temporary public key;
calculating the false identity PID of the equipment according to the equipment ID and the corresponding base point generator, and carrying out secret sharing on the false identity PID of the equipment by using the corresponding secret sharing random number;
sending the obtained hash values of the multiple groups of equipment false identity PID components, the main public key and the temporary public key to a user side, and storing key items corresponding to the user side, wherein the key items comprise an equipment ID, the main public key, a service station private key, a base point generator, all secret sharing random numbers and equipment false identity PID components;
a4, each mobile device of the user end stores the corresponding device false identity PID component, secret sharing random number, main private key component, main public key, temporary private key component, temporary public key component, hash value of the temporary public key, base point generator and service station ID.
3. The login identity authentication method of the secret sharing based quantum secret communication identity authentication system according to claim 1, wherein the login identity authentication is implemented between the user side and the service station to which the user side belongs, and a group session key is generated in the login identity authentication process; the method comprises the following steps:
b1, the mobile devices in the same group are used as the initiator of the authentication request, and send an encrypted first device-side message to the service station, wherein the first device-side message comprises a first message component and a first message authentication code generated by each mobile device;
b2, the service station is used as an authentication request processing party, verifies and processes the first equipment terminal message, and returns the first authentication terminal message to each mobile equipment of the user terminal, wherein the first authentication terminal message comprises notification content and a notification signature, and the notification content comprises a group session key;
b3, after the mobile devices verify and process the first authentication end message, sending an encrypted second device end message to the service station, wherein the second device end message comprises a second message component and a second message authentication code generated by each mobile device;
b4, the service station verifies and processes the second equipment terminal message, and returns a second authentication terminal message to each mobile equipment of the user terminal;
and B5, the mobile equipment verifies and processes the second authentication end message, and the identity authentication is finished after the verification is passed.
4. The login authentication method of the secret sharing based quantum secure communication authentication system according to claim 3, wherein the first message component comprises a device-side signature component, and the generating step comprises:
the mobile equipment generates an authentication request message and acquires a uniform timestamp with all the mobile equipment in the same group;
combining the service station ID, the authentication request information and the timestamp as transaction content, using the hash value of the temporary public key as an R signature parameter, calculating the hash value of the combination of the R signature parameter and the transaction content and using the hash value as an E signature parameter;
and calculating to obtain the device side signature component according to the temporary private key component, the main private key component and the E signature parameter.
5. The login identity authentication method of the secret sharing based quantum secret communication identity authentication system according to claim 4, wherein: in step B2, the service station generates a new base point generator, a group session key, and a notification for use in the next round of signature, where the notification content includes the notification, the new base point generator, and the group session key, and the notification signature is calculated by the service station according to all device-side signature components.
6. The login identity authentication method of the secret sharing based quantum secret communication identity authentication system according to claim 3, wherein: the first message component comprises a first ciphertext, the first ciphertext is obtained by encrypting a temporary public key component which is locally stored by the mobile equipment by using a service station public key of a service station to which the mobile equipment belongs, and a first offset is added in the encryption process; the first offset includes a timestamp, a locally stored secret shared random number, and a device false identity PID component.
7. The login identity authentication method of the secret sharing based quantum secret communication identity authentication system according to claim 4, wherein: in step B3, the mobile device generates two true random numbers as a new master private key component and a new ephemeral private key component for the next round of use, calculates a corresponding new master public key component and new ephemeral public key component in combination with the received new base point generator, and calculates a hash value of a combination of the new base point generator and the service station ID as a new service station public key;
the second message component comprises a second ciphertext, the second ciphertext is obtained by encrypting the combination of the new master public key component, the new temporary public key sub-management and the new service station private key component by the mobile device by using the service station public key, a second offset is added in the encryption process, and the second offset comprises a timestamp, a group session key and a locally stored false identity PID component.
8. The login identity authentication method of the secret sharing based quantum secret communication identity authentication system according to claim 3, wherein: in step B4, the service station calculates a complete new master public key, a new temporary public key, and a new service station private key according to the secret shared random number, the new master public key component, the new temporary public key component, and the new service station private key component sent by all mobile devices under the same user side, and calculates a hash value of the new temporary public key; and calculating the false identity PID of the new device according to the device ID and the corresponding new base point generator, and carrying out secret sharing on the false identity PID of the new device by using the corresponding secret sharing random number.
9. The login authentication method of the secret sharing based quantum secret communication authentication system according to claim 3, wherein the first message authentication code is obtained by computing a hash value of the base point generator by the mobile device to compute the first message component, and the second message authentication code is obtained by computing the second message component by the mobile device using the group session key.
10. The communication identity authentication method of the secret sharing based quantum secret communication identity authentication system according to claim 1, wherein before the communication identity authentication between the two mobile devices, each mobile device and the belonging service station complete login identity authentication to obtain a respective group session key, under the protection of the group session key, the mobile device applies for the session key between the mobile devices from the service station, and the session key between the mobile devices is used for encrypting the transmission message between the mobile devices after the communication identity authentication is completed.
CN202010277217.2A 2020-04-09 2020-04-09 Quantum secret communication identity authentication system and method based on secret sharing Active CN111416715B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010277217.2A CN111416715B (en) 2020-04-09 2020-04-09 Quantum secret communication identity authentication system and method based on secret sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010277217.2A CN111416715B (en) 2020-04-09 2020-04-09 Quantum secret communication identity authentication system and method based on secret sharing

Publications (2)

Publication Number Publication Date
CN111416715A true CN111416715A (en) 2020-07-14
CN111416715B CN111416715B (en) 2022-11-01

Family

ID=71494977

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010277217.2A Active CN111416715B (en) 2020-04-09 2020-04-09 Quantum secret communication identity authentication system and method based on secret sharing

Country Status (1)

Country Link
CN (1) CN111416715B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113285800A (en) * 2021-05-14 2021-08-20 上海循态信息科技有限公司 Coherent state-based continuous variable quantum identity authentication method and system
CN114070549A (en) * 2020-07-31 2022-02-18 马上消费金融股份有限公司 Key generation method, device, equipment and storage medium
CN114362928A (en) * 2021-03-23 2022-04-15 长春大学 Quantum key distribution and reconstruction method for multi-node encryption
CN114765543A (en) * 2020-12-31 2022-07-19 科大国盾量子技术股份有限公司 Encryption communication method and system of quantum cryptography network expansion equipment
CN115001723A (en) * 2021-02-20 2022-09-02 南京如般量子科技有限公司 Group communication method and system based on tree structure and asymmetric key pool
CN116132042A (en) * 2023-04-13 2023-05-16 南京汇荣信息技术有限公司 Quantum technology-based network security data encryption method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190372763A1 (en) * 2017-02-09 2019-12-05 Huawei International Pte. Ltd. System and method for computing private keys for self certified identity based signature schemes
CN110830245A (en) * 2019-10-22 2020-02-21 如般量子科技有限公司 Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190372763A1 (en) * 2017-02-09 2019-12-05 Huawei International Pte. Ltd. System and method for computing private keys for self certified identity based signature schemes
CN110830245A (en) * 2019-10-22 2020-02-21 如般量子科技有限公司 Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114070549A (en) * 2020-07-31 2022-02-18 马上消费金融股份有限公司 Key generation method, device, equipment and storage medium
CN114765543A (en) * 2020-12-31 2022-07-19 科大国盾量子技术股份有限公司 Encryption communication method and system of quantum cryptography network expansion equipment
CN115001723A (en) * 2021-02-20 2022-09-02 南京如般量子科技有限公司 Group communication method and system based on tree structure and asymmetric key pool
CN115001723B (en) * 2021-02-20 2024-06-11 南京如般量子科技有限公司 Group communication method and system based on tree structure and asymmetric key pool
CN114362928A (en) * 2021-03-23 2022-04-15 长春大学 Quantum key distribution and reconstruction method for multi-node encryption
CN114362928B (en) * 2021-03-23 2023-11-24 长春大学 Quantum key distribution and reconstruction method for multi-node encryption
CN113285800A (en) * 2021-05-14 2021-08-20 上海循态信息科技有限公司 Coherent state-based continuous variable quantum identity authentication method and system
CN113285800B (en) * 2021-05-14 2022-10-25 上海循态量子科技有限公司 Coherent state-based continuous variable quantum identity authentication method and system
CN116132042A (en) * 2023-04-13 2023-05-16 南京汇荣信息技术有限公司 Quantum technology-based network security data encryption method and system

Also Published As

Publication number Publication date
CN111416715B (en) 2022-11-01

Similar Documents

Publication Publication Date Title
CN111416715B (en) Quantum secret communication identity authentication system and method based on secret sharing
CN110932870B (en) Quantum communication service station key negotiation system and method
CN111475796B (en) Anti-quantum computation identity authentication method and system based on secret sharing and quantum communication service station
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
CN111404664B (en) Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices
US8422670B2 (en) Password authentication method
CN111682938A (en) Three-party authenticatable key agreement method facing centralized mobile positioning system
CN103124269A (en) Bidirectional identity authentication method based on dynamic password and biologic features under cloud environment
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN111314083B (en) Quantum secret communication system and method based on secret sharing and asymmetric cryptography
CN107682152B (en) Group key negotiation method based on symmetric cipher
CN110224816B (en) Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment
CN116388995A (en) Lightweight smart grid authentication method based on PUF
CN111245609B (en) Secret sharing and random number based quantum secret communication key distribution and negotiation system and method thereof
CN113014376B (en) Method for safety authentication between user and server
CN110880969B (en) Method and system for generating QKD network authentication key based on alliance chain and implicit certificate
CN111245611B (en) Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN110740034B (en) Method and system for generating QKD network authentication key based on alliance chain
Chuang et al. Cryptanalysis of four biometric based authentication schemes with privacy-preserving for multi-server environment and design guidelines
CN110048852B (en) Quantum communication service station digital signcryption method and system based on asymmetric key pool
CN116055136A (en) Secret sharing-based multi-target authentication method
CN110572788B (en) Wireless sensor communication method and system based on asymmetric key pool and implicit certificate
CN110061895B (en) Close-range energy-saving communication method and system for quantum computing resisting application system based on key fob

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant