CN111526131B - Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station - Google Patents

Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station Download PDF

Info

Publication number
CN111526131B
CN111526131B CN202010271659.6A CN202010271659A CN111526131B CN 111526131 B CN111526131 B CN 111526131B CN 202010271659 A CN202010271659 A CN 202010271659A CN 111526131 B CN111526131 B CN 111526131B
Authority
CN
China
Prior art keywords
signature
service station
key
communication service
quantum communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010271659.6A
Other languages
Chinese (zh)
Other versions
CN111526131A (en
Inventor
富尧
钟一民
余秋炜
邱雅剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Nanjing Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Nanjing Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd, Nanjing Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN202010271659.6A priority Critical patent/CN111526131B/en
Publication of CN111526131A publication Critical patent/CN111526131A/en
Application granted granted Critical
Publication of CN111526131B publication Critical patent/CN111526131B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a quantum computation resistant electronic official document transmission method and system based on secret sharing and quantum communication service stations. The key card can not be cracked to obtain the user key, the key is not worried about the failure even if the key card is lost, the quantum computation resistance is realized, the threshold signature of the flow is simplified, the file receiver does not have the public key of the authority so as to protect the private key of the authority, the service station can only obtain the hash value of the electronic document and can not obtain the file content in the verification and signature processes, and the user rights and interests are guaranteed.

Description

Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
Technical Field
The invention relates to the technical field of quantum communication identity authentication, in particular to a quantum computation resistant electronic official document transmission method and system based on secret sharing and a quantum communication service station.
Background
The document transmission system generally uses a data encryption technology to realize the confidentiality of document information in the document transmission process by a networking means, and the system uses a symmetric encryption system to encrypt document information to ensure the confidentiality of the document information. The file information exists in a ciphertext form on a storage medium and a transmission channel, and only a receiving user appointed by a sender can obtain the plaintext of the file information, so that the confidential information is prevented from being leaked and lost.
The file information is signed by using an asymmetric encryption system, namely, a sender signs the HASH value of the file information by using a signature private key of the sender to form the signature value of the file information, the signature value is encrypted together with the file and then sent to a receiver, and the receiver signs the received signature value by using a verification public key of the sender to verify. In this way, the integrity of the file information and the non-repudiation of the sending party to the sending action are guaranteed.
The above encryption or signature may be implemented by a key fob.
The patent document with publication number CN104796254A discloses an ECC-based official document circulation method, in which an electronic official document sender generates an original electronic official document digest from an original electronic official document, then uses a sender private key to digitally sign the original electronic official document digest, the sender performs AES encryption on the original electronic official document with a symmetric key negotiated by both parties to obtain an original electronic official document ciphertext, the sender encrypts the symmetric key negotiated by both parties with a receiver public key by using an ECC algorithm to obtain an encrypted public key, the sender combines the digitally signed original electronic official document digest, the original electronic official document ciphertext and the encrypted public key in order into a combined electronic official document to send to the receiver, the calculation amount is small, the file transmission safety is improved to a certain extent, the key management mode is traditional, and the verification of the information source is simple, and the reliable protection of the user privacy and the information safety can not be realized.
The problems existing in the prior art are as follows:
1. after the key fob is lost or stolen, the key fob may be hacked to obtain the internal key. If the private key of the asymmetric key system is known to the adversary, the ownership of the private key will be lost. If the public key of the asymmetric key system is known by an enemy, if the enemy owns the quantum computer, the private key is cracked through the public key, and the ownership corresponding to the private key is lost.
2. After the key fob is lost or stolen, the owner performs key fob loss, and assuming that an enemy has the ability to crack the key fob, the loss of the key fob will cause the public and private key pair corresponding to the key fob to fail at the same time, and the key fob is no longer allowed to be used.
3. The existing multi-party threshold signature method has the role of a signature organizer, needs to collect signature intermediate variables and signature components for multiple times, and has a complex flow and high communication cost.
4. In the existing official document transmission system, a document receiver has an authority mechanism such as a public key of a CA mechanism, once a key fob of the receiver is cracked, the public key of the CA mechanism is exposed, and a private key of the CA mechanism can be obtained through cracking by a quantum computer.
5. In the existing document transmission system, if a document receiver requests a document server to verify a document signature, the document server may obtain the document content, so that sensitive information of the document receiver is exposed to the document server.
Disclosure of Invention
The technical purpose is as follows: aiming at the technical problems, the invention provides a quantum computation resistant electronic official document transmission method and system based on secret sharing and a quantum communication service station, a key fob cannot be cracked to obtain a user key, the key is not worried about key failure even if the key is lost, quantum computation resistance is realized, the process is simplified, a file receiver does not own a public key of an authority so as to protect a private key of the authority, the service station can only obtain a hash value of the electronic official document in the verification and signature processes but cannot obtain file contents, and the user rights and interests are guaranteed.
The technical scheme is as follows: in order to achieve the technical purpose, the invention adopts the following technical scheme:
a quantum computation resistant electronic official document transmission method based on secret sharing and a quantum communication service station is characterized in that: the system comprises office organizations and regional branches, wherein quantum communication service stations and user terminals are deployed in the regional branches; when electronic official document transmission is carried out between two user sides, an initiator is marked as a first user side, a receiver is marked as a second user side, and corresponding quantum communication service stations are respectively marked as a first service station and a second service station, comprising the following steps:
s1, the first user terminal sends an initiator request message and a first verification ciphertext to the first service station, wherein the initiator request message comprises a ciphertext of the hash value of the electronic document to be transmitted; the first service station verifies and processes the message sent by the first user terminal, and returns an inter-service-station ciphertext and a second verification ciphertext to the first user terminal, wherein the inter-service-station ciphertext comprises an electronic official document hash value and a first random number generated by the first user terminal, and the first random number is used for encrypting the electronic official document hash value;
s2, the first user end sends the initiator trade information to the second user end, the initiator trade information includes initiator request information, cipher text between service stations, file cipher text and initiator general threshold signature, the file cipher text is obtained by encrypting the electronic official document through the first random number.
Preferably, the method further comprises the steps of:
s3, the second user terminal performs preliminary verification on the initiator transaction information, and after the verification is passed, a receiver request message and a third verification ciphertext are sent to the second service station, wherein the third verification ciphertext comprises a second random number generated by the second user terminal, and the receiver request message comprises the initiator request message and an inter-service station ciphertext; the second service station verifies and processes the message sent by the second user end, decrypts the ciphertext between the service stations and returns a random number ciphertext to the second user end, and the second random number ciphertext is obtained by encrypting the first random number by using a second random number;
and S4, the second user side decrypts the random number ciphertext to obtain a first random number, and decrypts the file ciphertext by adopting the first random number to obtain the electronic official document.
Preferably, each user end and the corresponding quantum communication service station in the same intranet share a pair of master keys in a (2,2) secret sharing mode, each master key comprises a master public key and a master private key, the corresponding secret sharing random numbers and key components are respectively stored in a user end key card and a quantum communication service station key card, and the secret sharing random numbers and the key components in the quantum communication service station key card are searched according to the ID of the user end;
the user side and the quantum communication service station generate a true random number as a private key component of the own party during each communication, a corresponding temporary public key component is calculated according to the private key component, and a main key component stored by a local key fob, the generated temporary key component and a complete main key recovered according to a secret sharing principle are used for signature and encryption operation in a transaction process.
Preferably, the generating steps of the first verification ciphertext, the second verification ciphertext and the third verification ciphertext all include:
taking out a main public key component from a local key fob to encrypt ciphertext contents to obtain corresponding verification ciphertext, adding an offset in the generation process of the verification ciphertext, wherein the ciphertext contents comprise a local secret sharing random number, a locally generated temporary public key component and a first random number on a first user side, a second random number on a second user side, and a local secret sharing random number and a locally generated temporary public key component on a first service station side;
and the receiver of the verification ciphertext calculates the corresponding offset, decrypts the verification ciphertext and obtains the ciphertext content after decryption.
Preferably, the messages sent by the user side to the service station each include a signer signature for verifying identity, the signer signature includes corresponding signature parameters, and the method includes the following steps:
the user side generates a first signer signature and a first signature parameter and sends the first signer signature and the first signature parameter to the quantum communication service station;
the quantum communication service station verifies the signature of the first signer and the first signature parameter, and the next step is carried out after the verification is passed;
the quantum communication service station generates a second signer signature and a second signature parameter and returns the second signer signature and the second signature parameter to the user terminal;
and the user side verifies the signature of the second signer and the second signature parameter generated by the service station side, and the verification is passed to indicate that the identity authentication is passed.
Preferably, the step of generating the first signer signature, the second signer signature and the corresponding signature parameters includes:
generating a random number as a verification private key, and calculating a verification public key according to the verification private key;
taking the x-direction parameter of the verification public key to perform modular operation to obtain a signature R parameter;
performing hash operation on the combination of the signature R parameter and the signature content, wherein the obtained result is used as a signature parameter, the signature content comprises an initiator request message on a first user side, an initiator request message and an inter-service station ciphertext on a second user side, and the initiator request message, a first random number and a hash value of an electronic document on a second service station side;
and calculating to obtain the corresponding signer signature according to the verification private key, the signature parameters and the local main private key component.
Preferably, after the first user end completes verification of the second signer signature generated by the first service station side, a third signer signature and a corresponding third signature parameter are generated; the third signer signature, the second signer signature at the first service station side and the second signature parameter all comprise the following steps:
recovering a complete temporary public key according to a secret sharing principle, and performing modular operation on the x-direction parameter of the temporary public key to obtain a signature R parameter;
performing hash operation on the combination of the signature R parameter, the request message of the sender and the ciphertext of the service station, and taking the obtained result as the signature parameter;
calculating to obtain a corresponding signer signature according to the temporary private key component, the signature parameter and the local main private key component;
the sender total threshold signature is obtained by calculation according to a second signer signature on the first service station side and a third signer signature on the user side, and the sender total signature parameter is obtained by calculation according to the second signature parameter and the third signature parameter.
Preferably, the initiator transaction message further includes a CA signature, the CA signature is obtained by signing a combination of the user ID and the master public key with a CA server private key, the CA public key is stored in a key fob private area of the quantum communication service station, the second user forwards the CA signature to the second service station, and the second service station verifies the CA signature.
Preferably, the quantum communication service station key card stores its own private key and public keys of all quantum communication service stations, or a QKD device is provided between the quantum communication service stations, and the QKD device generates a QKD key for communication.
An electronic official document transmission system based on secret sharing and quantum communication service station and resisting quantum computation is characterized in that: the system comprises office organizations, regional branches and quantum communication service stations, wherein a plurality of regional branches and quantum communication service stations with respective internal networks are arranged under each office organization, the regional branches are used as user terminals, and a quantum communication network is provided with a key management server for issuing key cards to the quantum communication service stations and the user terminals;
each user side and the quantum communication service station respectively comprise a memory and a processor, the memory stores a computer program, and the processor realizes the anti-quantum-computation electronic official document transmission method based on secret sharing and the quantum communication service station when executing the computer program.
Has the advantages that: due to the adoption of the technical scheme, the invention has the following technical effects:
1. after the key fob is lost or stolen, the key fob cannot be cracked violently to obtain the internal key. If the enemy acquires the user key card, the secret component of the public and private keys is stored in the user key card, but the public and private key pair of the user cannot be recovered by utilizing secret sharing, namely, no valid key information related to the identity exists. If the enemy acquires the service station key card, the service station key card stores a corresponding random number pool and a secret component of a part of public and private keys, and the corresponding public and private key pair can not be recovered by utilizing secret sharing, namely, no valid key information related to identity exists. Because the private key of the user of the electronic official document transmission system cannot be known by an enemy, and a plurality of identical user key fobs are issued at the same time as backups each time the user key fobs are issued, the private key cannot be maliciously acquired, and the private key cannot be lost, so that all rights and interests of the whole key fobs system account corresponding to the private key are greatly protected.
2. After the key fob is lost or stolen, the owner performs key fob loss report, even if an enemy has the ability to crack the key fob, the key fob loss report does not cause the simultaneous failure of the public and private key pair corresponding to the key fob, and the public and private key pair can continue to be used.
3. The threshold signature method of the invention realizes the threshold signature of quantum computation resistance, greatly simplifies the threshold signature process and reduces the communication cost by removing the role of a signature organizer.
4. According to the official document transmission system, the file receiving party does not own the public key of the authority such as the CA mechanism, even if the key fob of the receiving party is cracked, the public key of the CA mechanism cannot be exposed, and an enemy cannot crack through a quantum computer to obtain the private key of the CA mechanism.
5. According to the document transmission system, although the document receiver requests the document server to verify the signature of the document, the document server only acquires the HASH value of the document and does not acquire the content of the document, so that sensitive information of the document receiver is not exposed to the document server.
Drawings
FIG. 1 is a schematic diagram of a client key fob;
FIG. 2 is a schematic diagram of a quantum communication service station key fob;
FIG. 3 is a schematic diagram of a network architecture without a QKD device between two quantum communication service stations;
fig. 4 is a schematic diagram of a network structure with a QKD device between two quantum communication service stations.
Detailed Description
Description of the System
The implementation scene of the invention is an anti-quantum computation electronic official document transmission system based on secret sharing and a quantum communication service station. An office organization in which official document transmission is performed has a plurality of regional branches, each branch having its own internal network, and official document transmission often needs to be transmitted from the intranet of one branch across the internet to the intranet of another branch. Through the existing quantum secret communication network, a plurality of regional parts of an office organization are subjected to key distribution by using QKD equipment, and a quantum communication service station is built in each regional part in combination with the QKD equipment to serve as a secure communication center. There may be a QKD line directly connected between any 2 quantum communication service stations; there may also be no QKD lines directly connected. The quantum communication service station is simultaneously used as an official document transmission service center of each regional division of the office organization and used for identifying official documents transmitted from the internet.
The present invention relates to key fobs and is described in the patent application No. 201610843210.6. Key fobs not only can store large amounts of data, but also have the ability to process information. In the present invention, a corresponding algorithm exists within the key fob to satisfy the needs of the invention. When the mobile terminal is used, the key fob is preferably a key SD card; when a fixed terminal is used, the key fob is preferably a key USBKey or a host key fob. In the invention, the user and the quantum communication service station are matched with corresponding key fobs. Key fobs have evolved from smart card technology as identity authentication and encryption/decryption products that incorporate true random number generators (preferably quantum random number generators), cryptography, and hardware security isolation techniques. The embedded chip and operating system of the key fob may provide secure storage of keys and cryptographic algorithms, among other functions. Due to its independent data processing capabilities and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob is protected by a hardware PIN code, the PIN code and hardware constituting two essential factors for the user to use the key fob. So-called "two-factor authentication", a user can log in to the system only by simultaneously acquiring a key fob and a user PIN code, which store relevant authentication information. Even if the PIN code of the user is leaked, the identity of the legal user cannot be counterfeited as long as the key fob held by the user is not stolen; if the key card of the user is lost, the finder can not imitate the identity of the legal user because the user PIN code is not known.
The cipher system used by the key card of the user side and the key card of the quantum communication service station is based on an ECC system, namely, the cipher system based on elliptic curve. When a system is initialized, Fq is a finite field with the element number q, the characteristic value is p, p and q are large prime numbers, E is a safe elliptic curve defined on the Fq, and the discrete logarithm problem is difficult to solve. A base point P is selected, and P ∈ E (Fq), the order μ of which is a large prime number. The key fob systems of all quantum communication service stations are based on the algorithm parameters of the elliptic curve.
A quantum communication service station and the user group under the quantum communication service station are a key fob group, and N is the number of all users of the quantum communication service station. When the key fob group is established, a pair of public and private key pairs PKMain/SKMain, namely a master public and private key pair, for signature is generated based on the elliptic curve system.
The key management server generates N pairs of true random numbers, denoted xai and xbi, i ∈ [1, N ]. And (SKaMain, SKbMain) i, i epsilon [1, N ] is obtained by respectively carrying out (2,2) secret sharing on SKMain by utilizing xai and xbi. And (SKaMain, SKbMain) i, i belongs to [1, N ] to calculate a secret component (SKaMain P, SKbMain P) i ═ PKaMain i, i belongs to [1, N ] of the master public key.
When the key management server issues the client key fob, a unique ID is first assigned, a private key SKCA of a CA server under a quantum communication service station is used to sign (ID | | PKMain) to obtain a CA signature SIGCA ═ SIGNRSA (ID | | PKMain, SKCA), and the signature is stored in the key fob. Where SIGNARSA (M, SK) denotes RSA signing M with the private key SK. Since PKMain is not publicly available, the adversary cannot find SKCA by SIGCA. The key management server will store xa/PKaMain/SKaMain/PKbMain into the key fob. And the SKaMain is a secret component obtained by calculating the xa/xb of the main public and private key pair through the corresponding random number, and the PKaMain/PKbMain is a main public key component obtained by calculating the main private key component through a public key calculation mode. Please refer to fig. 1 for a specific structure of the key area of the client. In addition, the key fob also has stored therein corresponding elliptic curve parameters.
When the key management server issues the quantum communication service station key card, the key management server is also assigned with a service station identity ID. Xbi, i e [1, N ] of a pair of random numbers used to compute the secret component of the ephemeral public-private key pair are stored in a pool of random numbers of the service station key fob, and the random numbers correspond to the user ID. The key management server stores (ID/PKaMain/PKbMain/SKbMain) i, i E [1, N ] in the key area of the key fob, and stores the i, i E [1, N ] in the form of public-private key secret components and corresponding user IDs respectively. The service station key fob also has stored therein the public key PKCA of the CA server. In addition, the key card of the service station also stores the private RSA key of the service station and all the public keys of the service station in the quantum communication network, namely a public key pool of the service station. The public key of the quantum communication service station can be obtained from the public key pool of the quantum communication service station according to the ID of the quantum communication service station. The cryptographic system of communication between the service stations uses the RSA algorithm. Please refer to fig. 2 for a specific structure of the key region of the quantum communication service station. In addition, the key fob also has stored therein corresponding elliptic curve parameters.
The private zone of the quantum communication service station key fob may be an area of higher security within the present key fob. For example inside a secure chip; or it may be a private zone key fob that is controlled with a quantum communication service station key fob and can ensure that no hostile wired communication connection, such as a USB connection, exists, or that is controlled with a quantum communication service station key fob and can ensure that no hostile wireless communication connection, such as an NFC connection, exists.
Examples
The embodiment is to realize the electronic document transmission between the user a and the user B. The user A belongs to the quantum communication service station QA, the user B belongs to the quantum communication service station QB, namely the user A and the user B belong to different regional parts of the office organization respectively. As shown in fig. 3, the cryptographic system communicating with the QKD channel between QA and QB uses a QKD key agreement system; as shown in fig. 4, a cryptographic system that communicates without an QKQ path between QA and QB uses an RSA system.
The electronic document transmission comprises the following specific steps:
1. procedure a to QA:
1.1, A acquires the current Time stamp Time.
1.2, A, carrying out hash calculation on the file F to obtain HF, wherein the file F is an electronic document to be transmitted.
1.3, A generates a true random number as a temporary private key component SKaTemp, and calculates with the base point P to obtain a temporary public key component PKaTemp ═ SKaTemp ═ P.
1.4, A generates a true random number NA, and uses NA to encrypt HF to obtain a message { HF } NA.
1.5, a combines IDA, IDB, Time, { HF } NA into a message MA ═ IDA | | | IDB | | | Time | { HF } NA, where IDA and IDB are the identity IDs of user a and user B, respectively.
1.6, A takes the random number xa and the master public key component PKbMain from the key zone, which can be denoted as (PKbMainx, PKbMainy).
1.7, a composes xa, PKaTemp, and NA into a message, and performs ECIES (elliptic curve integrated encryption scheme) encryption on the message by using PKbMain to obtain a message EAQ, and obtains three component messages EAQR, EAQc, and EAQt after encryption, that is, EAQ ═ ENC (xa | PKaTemp | | NA, PKbMain) ═ { EAQR, EAQc, EAQt }.
1.8, A, forming a message by PKbMainx, PKbMainy and Time, and calculating by using a hash function to obtain HG (PKbMainx | | PKbMainy | | | Time), wherein HG () is the hash function for mapping an integer to an elliptic curve point.
1.9, a uses HG (PKbMainx | | PKbMainy | | | Time) as an offset to encrypt and protect the EAQR to obtain EAQR-HG (PKbMainx | | PKbMainy | | | Time), and forms a ciphertext message EAQ' ═ { EAQR-HG (PKbMainx | | PKbMainy | | | Time), EAQc, EAQt } with the component message EAQc and EAQt.
1.10, a generates a true random number MASK according to the key fob, and calculates a MAPK MASK P (MAPKx, MAPKy) from the base point P.
1.11, a calculates the abscissa of the MAPK to obtain a message mash ═ mapkx (mod q), and combines the message with MA to obtain a message mash ═ H (mash | | | MA) by hash calculation.
1.12, A takes out the secret key SKaMain from the secret key area, and calculates to obtain the message MASig ═ MASK + MASige ═ SKaMain.
1.13, A sends the information MsgAQ formed by MA, EAQ', MASig and MASige to QA.
2. QA to A procedure:
2.1, QA receives MsgAQ of A and analyzes to obtain IDA, IDB, Time, { HF } NA, EAQ', MASig and MASig E. And the QA judges whether the A belongs to a legal client of the QA according to the attribute of the IDA, judges whether the current request is legal according to the Time, and carries out the next step if the current request is legal.
And 2.2, QA calculates MAPK '═ MAPKx', MAPKky '═ MASig P-MASIGE PKaMaiin according to MASig, the base point P and the key PKaMaiin, calculates MASigR' ═ MAPKx '(mod q) by taking the horizontal coordinate MAPKx', and calculates MASigR '═ MAPKx' (mod q) by hashing with the MA composition message to obtain a message MASigE '═ H (MASigR' | MA).
QA judges whether MASigE and MASigE' are the same, if so, the next step is carried out.
2.3, QA uses PKbMain, EAQ' and timestamp Time to carry out EAQ restoration calculation, namely HG (PKbMainx | | PKbMainy | | Time) is calculated, EAQR-HG (PKbMainx | | | PKbMainy | | | Time) is added with HG (PKbMainx | | | PKbMainy | | | | Time) to obtain EAQR, and then EAQ is obtained. And the SKbMain is used for decrypting the EAQ to obtain xa | | | PKaTemp | | | NA. Deciphering { HF } NA to obtain HF.
2.4, QA generates a true random number as a temporary private key component SKbTemp, and calculates with the base point P to obtain a temporary public key component PKbTemp ═ SKbTemp ═ P. And finding PKaMain, PKbMain, SKbMain and xb from the key zone according to IDA.
And 2.5, QA carries out (2,2) secret sharing and recovery calculation according to xa/xb/PKaMain/PKbMain to obtain PKMain, and the xa/xb/PKaTemp/PKbTemp are used for obtaining the temporary public key PKTemp through the same calculation.
Because of the fact that
Figure BDA0002442055720000091
While
Figure BDA0002442055720000092
Figure BDA0002442055720000093
Therefore, the calculation of the temporary public key of PKTemp holds.
2.6, QA combines xb and PKbTemp and performs ECIES encryption on them by using PKaMain to obtain a message EQA ═ ENC (xb | PKbTemp, PKaMain) ═ eqaar, EQAc, eqaat }.
The main public key component PKaMain may be expressed as PKaMain ═ PKaMainx, PKaMainy, and the PKaMainx, PKaMainy, and Time are combined into a message and calculated by a hash function to obtain HG (PKaMainx | | | PKaMainy | | | Time), and HG (PKaMainx | | | PKaMainy | | | Time) is used as an offset to perform encryption protection on Time ar, to obtain EQAR-HG (PKaMainx | | | | | PKaMainy | | | | | Time), and form a ciphertext message EQA a' ═ EQA { EQAR-HG (pkaainx | | PKaMainy | | |), EQAc, EQA }.
2.7, QA finds the ID of the quantum communication service station to which the QA belongs, namely IDQB according to the IDB. If no QKD equipment exists between the QA and the QB of the quantum communication service station, the QA carries out RSA encryption on PKMain | | | NA by the QB by utilizing an RSA public key PKQB of the QB to obtain a message ENCQA ═ ENCRSA (PKMain | | NA | | | HF, PKQB), wherein the ENCRSA (M, PK) represents that M uses PK to carry out RSA encryption; if a QKD device exists between QA and QB of the quantum communication service station, the QKD device is used for negotiating a symmetric key KQ of both sides, and KQ is used for encrypting PKMain | | | NA, so that a message ENCQA ═ ENCQKD (PKMain | | | NA | | | HF, KQ) is obtained, and ENCQKD (M, KQ) represents that the QKD key KQ negotiated by both sides for M use is symmetrically encrypted.
2.8, QA makes MA and ENCQA into message to get MQA | | | ENCQA. PKTemp can be expressed as PKTemp ═ (PKTemp ), and the abscissa PKTemp of PKTemp is calculated to obtain the message MQASigR ═ PKTemp mod q.
2.9, QA composes MQASigR and MQA into a message and performs hash calculation to obtain a message MQASigE ═ H (MQASigR | | MQA).
The QA calculates and obtains message MQASG SKbTemp + MQASGE SKbMain.
2.10, the message MsgQA ═ MA | | | EQA' | | ENCQQA | | mqaasig, and MsgQA is sent to a.
3. Procedure from A to B
And 3.1, after receiving MsgQA of QA, analyzing, finding out an initial request message according to MA, simultaneously verifying whether the Time is legal, and performing the next step after the Time is legal.
And 3.2, performing recovery EQA calculation by using PKaMain, EQA' and the timestamp Time by using A, and performing decryption calculation on the EQA by using the SKaMain to obtain xb and PKbTemp.
3.3, recovering the PKMain according to xa/xb/PKaMain/PKbMain and calculating a temporary public key PKTemp according to xa/xb/PKaTemp/PKbTemp.
And 3.4. A, forming a message MQA (MA | | ENCQA) by the MA and the ENCQA, calculating the abscissa of PKTemp ═ PKTempx (PKTempy) to obtain MQASTR ═ PKTempx mod q, and combining the MQA and the MQASTR to obtain a message MQASGE | | | | MQA (MQASTR | | MQA) which is subjected to hash calculation.
And 3.5, verifying whether MQASGAP (PKbTemp + MQASGE) PKbMain is established or not by A, and calculating to obtain MQASGAP (SKaTemp + MQASGE) SKaMain if the equation is established.
3.6, a calculates SigA ═ λ a × MQASigA + λ b × MQASig, and the principle is as follows:
the method comprises the steps of obtaining a signal of λ a × MQASGAA + λ b × MQASG ═ λ a [ (. SKaTemp + MQASE:. SKaMain) + λ b (. SKbTemp + MQASE [. SKbMain) [. λ a × SKaTemp + λ b [. SKbTemp + λ a ]. MQASE [. SKaMain + λ b ]. MQASE [. SKbMain [ (. SKTemp + MQASE [. SKMain) ], wherein
Figure BDA0002442055720000111
3.7, A encrypts the file F by using NA to obtain { F } NA, and forms a message MsgAB | | { F } NA | | | SigA | | | MQASEE | | | SIGCAA, and sends the message MsgAB to the user B, wherein the SIGCAA is a CA signature in the user A key card.
4. Procedure from B to QB:
4.1, B receives MsgAB message sent by A to analyze, and judges whether the timestamp is legal according to the analyzed Time, if so, the next step is carried out.
4.2, B takes the master public key component PKbMainB from the key fob.
4.3, B generates a true random number NB and ECIES encrypts it with PKbMainB to get a message EBQ ═ ENC (NB, PKbMainB) ═ { EBQR, EBQc, EBQt }.
4.4, PKbMainB can be expressed as { PKbMainBx, PKbMainBy }, and HG (PKbMainBx | | | PKbMainBy | | Time) is obtained by calculating a message composed of the coordinates and Time by using a hash function.
And B uses HG (PKbMainBx | | | PKbMainBy | | | Time) as an offset to carry out encryption protection on the EBQR and form a ciphertext message with the message components EBQc and EBQt.
EBQ’={EBQR-HG(PKbMainBx||PKbMainBy||Time),EBQc,EBQt}。
4.5, B makes message MB MQA. B generates a true random number MBSK and calculates a public key MBPK ═ MBSK ═ P. The coordinates of the points of the MBPK on the elliptic curve are calculated as MBPK ═ (MBPKx, MBPKy).
And 4.6, B calculates to obtain a message MBSigR ═ MBPKx mod q, performs hash calculation with the MB to obtain MBSigE ═ H (MBSigR | | MB), and calculates to obtain MBSig ═ MBSK + MBSigE × SKaMainB.
4.8, B composes message MsgBQ | | MB | | EBQ' | | MBSig | | MBSigE | | | SIGCAA, and sends MsgBQ to QB.
5. Procedure QB to B:
5.1, QB receives MsgBQ of B and analyzes MB to obtain IDA, IDB, Time, { F } NA and ENCQA. And the QB judges whether the current request belongs to a legal user side of the QB according to the IDB, judges whether the current request is legal according to the Time, and carries out the next step if the current request is legal.
And 5.2, the QB takes out the PKaMainB and the PKbMainB from the user public key pool of the key area according to the IDB.
And 5.3, calculating QB to obtain (MBPKx ', MBPKy ') -MBSig ═ P-MBSigE ═ PKaMainB, and calculating to obtain MBSigR ═ MBPKx ' mod q. And carrying out hash calculation on the MBSigR ' and the MB to obtain a message MBSigE ' | | H (MBSigR ' | MB), verifying whether the MBSigE ' | MBSigE is equal or not, and carrying out the next step if the MBSigR ' and the MB are equal.
5.4, QB carries out decryption calculation on ENCQA: if QKD equipment does not exist between QA and QB of the quantum communication service station, RSA private key SKQB is used for carrying out RSA decryption calculation on ENCQA to obtain PKMain, NA and HF; if QKD equipment exists between QA and QB of the quantum communication service station, finding corresponding IDQA according to IDA, and obtaining a QKD negotiation key KQ between the IDQA and the IDQB to decrypt and calculate the ENCQA to obtain PKMain, NA and HF.
5.5, signature message SIGCAA of CA in message MsgBQ by QB is sigrsa (IDA | | PKMain, SKCA) (sigrsa (M, SK) indicates that M is RSA signed with private key SK), the signature is verified by CA public key PKCA, and if the signature passes, the PKMain is proved to be a legal public key, and the next step is carried out.
5.6, QB verifies the threshold signature (SigA, MQASKE) by using PKMain, and the next step is carried out after the threshold signature passes.
5.7, the QB utilizes PKbMainB to calculate and recover EBQ' to be EBQ, and the SKbMainB is used for decrypting EBQ to obtain the message NB.
5.8, QB makes mqbsq ═ MA | | | | NA | | HF, and takes random number MQBSK, calculates public key MQBSK ═ MQBSK × P.
5.8, the mqbspk may be represented by mqbspk ═ (mqbspx, mqbsky), and the calculated mqbsign ═ mqbspkx mod q is obtained, and the message consisting of the mqbsign and the MQB is hashed to obtain the message MQBSigE ═ H (mqbsign | | MQB). And the QB calculates to obtain a message MQBSIG (MQBSSK + MQBSIESKbMainB).
5.10, the message MsgQB ═ MA | { NA } NB | | | mqbsge |, and is sent to B.
6、B:
6.1, B receives MsgQB message of QB to analyze, and finds out the initial request message according to MA. And judging whether the current request is legal or not according to the Time.
6.2, B obtains NA according to NB decryption message { NA } NB. Decrypting { F } NA with NA yields F, which is calculated to yield HF' ═ h (F).
6.3, B, calculating to obtain (MQBPKx ', MQBPKy') -MQBSIG P-MQBSIGE PKaMainB, and calculating to obtain MQBSIGR '═ MQBPKx' mod q,
and B, making MQB | | | NA | | HF ', carrying out Hash calculation on the messages formed by MQBSIGR ' and MQB to obtain MQBSIGE ═ H (MQBSIGR | | MQB), verifying whether MQBSIGE ═ MQBSIGE ' is true, and if yes, B confirms that F is from A.
If B needs to send feedback message FF of receiving official document to A, then refer to the flow of A sending F to B, and then the process can be completed.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (9)

1. A quantum computation resistant electronic official document transmission method based on secret sharing and a quantum communication service station is characterized in that: the system comprises office organizations and regional branches, wherein quantum communication service stations and user terminals are deployed in the regional branches; when electronic official document transmission is carried out between two user sides, an initiator is marked as a first user side, a receiver is marked as a second user side, and corresponding quantum communication service stations are respectively marked as a first service station and a second service station, comprising the following steps:
s1, the first user terminal sends an initiator request message and a first verification ciphertext to the first service station, wherein the initiator request message comprises a ciphertext of the hash value of the electronic document to be transmitted; the first service station verifies and processes the message sent by the first user terminal, and returns an inter-service-station ciphertext and a second verification ciphertext to the first user terminal, wherein the inter-service-station ciphertext comprises an electronic official document hash value and a first random number generated by the first user terminal, and the first random number is used for encrypting the electronic official document hash value;
s2, the first user end sends initiator trade information to the second user end, the initiator trade information includes initiator request information, cipher text between service stations, file cipher text and initiator general threshold signature, the file cipher text is obtained by encrypting the electronic official document through the first random number;
s3, the second user terminal performs preliminary verification on the initiator transaction information, and after the verification is passed, a receiver request message and a third verification ciphertext are sent to the second service station, wherein the third verification ciphertext comprises a second random number generated by the second user terminal, and the receiver request message comprises the initiator request message and an inter-service station ciphertext; the second service station verifies and processes the message sent by the second user end, decrypts the ciphertext between the service stations and returns a random number ciphertext to the second user end, and the second random number ciphertext is obtained by encrypting the first random number by using a second random number;
and S4, the second user side decrypts the random number ciphertext to obtain a first random number, and decrypts the file ciphertext by adopting the first random number to obtain the electronic official document.
2. The method according to claim 1, wherein a pair of master keys is shared between each user end and the corresponding quantum communication service station in the same intranet in a (2,2) secret sharing manner, the master keys include a master public key and a master private key, the corresponding secret sharing random number and key component are respectively stored in the user end key card and the quantum communication service station key card, and the secret sharing random number and key component in the quantum communication service station key card are searched according to the user end ID;
the user side and the quantum communication service station generate a true random number as a private key component of the own party during each communication, a corresponding temporary public key component is calculated according to the private key component, and a main key component stored by a local key fob, the generated temporary key component and a complete main key recovered according to a secret sharing principle are used for signature and encryption operation in a transaction process.
3. The method for transmitting the electronic official document based on the secret sharing and quantum communication service station and resisting the quantum computation, as claimed in claim 2, wherein the generating steps of the first verification secret text, the second verification secret text and the third verification secret text each comprise:
taking out a main public key component from a local key fob to encrypt ciphertext contents to obtain corresponding verification ciphertext, adding an offset in the generation process of the verification ciphertext, wherein the ciphertext contents comprise a local secret sharing random number, a locally generated temporary public key component and a first random number on a first user side, a second random number on a second user side, and a local secret sharing random number and a locally generated temporary public key component on a first service station side;
and the receiver of the verification ciphertext calculates the corresponding offset, decrypts the verification ciphertext and obtains the ciphertext content after decryption.
4. The method for transmitting the electronic official document based on the secret sharing and quantum communication service station and resisting the quantum computation of the claim 3, wherein the messages sent by the user side to the service station all include the signer signature for verifying the identity, and the signer signature includes the corresponding signature parameters, comprising the steps of:
the user side generates a first signer signature and a first signature parameter and sends the first signer signature and the first signature parameter to the quantum communication service station;
the quantum communication service station verifies the signature of the first signer and the first signature parameter, and the next step is carried out after the verification is passed;
the quantum communication service station generates a second signer signature and a second signature parameter and returns the second signer signature and the second signature parameter to the user terminal;
and the user side verifies the signature of the second signer and the second signature parameter generated by the service station side, and the verification is passed to indicate that the identity authentication is passed.
5. The method for transmitting electronic official document based on secret sharing and quantum communication service station and resisting quantum computation of claim 4, wherein the steps of generating the first signer signature, the second signer signature and the corresponding signature parameters comprise:
generating a random number as a verification private key, and calculating a verification public key according to the verification private key;
taking the x-direction parameter of the verification public key to perform modular operation to obtain a signature R parameter;
performing hash operation on the combination of the signature R parameter and the signature content, wherein the obtained result is used as a signature parameter, the signature content comprises an initiator request message on a first user side, an initiator request message and an inter-service station ciphertext on a second user side, and the initiator request message, a first random number and a hash value of an electronic document on a second service station side;
and calculating to obtain the corresponding signer signature according to the verification private key, the signature parameters and the local main private key component.
6. The method for transmitting the electronic official document based on the secret sharing and the quantum communication service station and resisting the quantum computation of the claim 4 is characterized in that after the first user end completes the verification of the signature of the second signer generated by the first service station side, a third signer signature and a corresponding third signature parameter are generated; the third signer signature, the second signer signature at the first service station side and the second signature parameter all comprise the following steps:
recovering a complete temporary public key according to a secret sharing principle, and performing modular operation on the x-direction parameter of the temporary public key to obtain a signature R parameter;
performing hash operation on the combination of the signature R parameter, the request message of the sender and the ciphertext of the service station, and taking the obtained result as the signature parameter;
calculating to obtain a corresponding signer signature according to the temporary private key component, the signature parameter and the local main private key component;
the sender total threshold signature is obtained by calculation according to a second signer signature on the first service station side and a third signer signature on the user side, and the sender total signature parameter is obtained by calculation according to the second signature parameter and the third signature parameter.
7. The electronic official document transmission method resisting quantum computation based on secret sharing and quantum communication service station as claimed in claim 1, wherein: the initiator transaction message also comprises a CA signature, the CA signature is obtained by signing a combination of the user ID and the main public key by adopting a CA server private key, the CA public key is stored in a key fob private area of the quantum communication service station, the second user forwards the CA signature to the second service station, and the CA signature is verified by the second service station.
8. The electronic official document transmission method resisting quantum computation based on the secret sharing and quantum communication service station as claimed in claim 3, characterized in that: the quantum communication service station key card stores a private key of the quantum communication service station and public keys of all quantum communication service stations, or QKD equipment is arranged between the quantum communication service stations, and a QKD key for communication is generated through the QKD equipment.
9. An electronic official document transmission system based on secret sharing and quantum communication service station and resisting quantum computation is characterized in that: the system comprises office organizations, regional branches and quantum communication service stations, wherein a plurality of regional branches and quantum communication service stations with respective internal networks are arranged under each office organization, the regional branches are used as user terminals, and a quantum communication network is provided with a key management server for issuing key cards to the quantum communication service stations and the user terminals;
each user side and the quantum communication service station respectively comprise a memory and a processor, the memory stores a computer program, and the processor implements the electronic official document transmission method based on secret sharing and quantum communication service station quantum computation resistance as claimed in any one of claims 1 to 8 when executing the computer program.
CN202010271659.6A 2020-04-08 2020-04-08 Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station Active CN111526131B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010271659.6A CN111526131B (en) 2020-04-08 2020-04-08 Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010271659.6A CN111526131B (en) 2020-04-08 2020-04-08 Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station

Publications (2)

Publication Number Publication Date
CN111526131A CN111526131A (en) 2020-08-11
CN111526131B true CN111526131B (en) 2022-02-01

Family

ID=71902047

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010271659.6A Active CN111526131B (en) 2020-04-08 2020-04-08 Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station

Country Status (1)

Country Link
CN (1) CN111526131B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785527B (en) * 2022-06-17 2022-09-16 深圳市深圳通有限公司 Data transmission method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109299618A (en) * 2018-09-20 2019-02-01 如般量子科技有限公司 Anti- quantum calculation cloud storage method and system based on quantum key card
CN110493006A (en) * 2019-08-28 2019-11-22 如般量子科技有限公司 Anti- quantum calculation two dimensional code authentication method and system based on unsymmetrical key pond and sequence number
CN110868295A (en) * 2019-12-12 2020-03-06 南京如般量子科技有限公司 Anti-quantum computing alliance chain system based on secret sharing and communication method
CN110932870A (en) * 2019-12-12 2020-03-27 南京如般量子科技有限公司 Secret sharing and timestamp based quantum communication service station key negotiation system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411521B (en) * 2015-07-31 2020-02-18 阿里巴巴集团控股有限公司 Identity authentication method, device and system for quantum key distribution process

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109299618A (en) * 2018-09-20 2019-02-01 如般量子科技有限公司 Anti- quantum calculation cloud storage method and system based on quantum key card
CN110493006A (en) * 2019-08-28 2019-11-22 如般量子科技有限公司 Anti- quantum calculation two dimensional code authentication method and system based on unsymmetrical key pond and sequence number
CN110868295A (en) * 2019-12-12 2020-03-06 南京如般量子科技有限公司 Anti-quantum computing alliance chain system based on secret sharing and communication method
CN110932870A (en) * 2019-12-12 2020-03-27 南京如般量子科技有限公司 Secret sharing and timestamp based quantum communication service station key negotiation system and method

Also Published As

Publication number Publication date
CN111526131A (en) 2020-08-11

Similar Documents

Publication Publication Date Title
CN111475796B (en) Anti-quantum computation identity authentication method and system based on secret sharing and quantum communication service station
US11552792B2 (en) Systems and methods for generating signatures
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
CN110932851B (en) PKI-based multi-party cooperative operation key protection method
CN111404664B (en) Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices
US11870891B2 (en) Certificateless public key encryption using pairings
JP2011501585A (en) Method, system and apparatus for key distribution
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
CN110932870A (en) Secret sharing and timestamp based quantum communication service station key negotiation system and method
CN102594551B (en) Method for reliable statistics of privacy data on radio frequency identification (RFID) tag
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN107465665A (en) A kind of file encryption-decryption method based on fingerprint identification technology
CN110545169B (en) Block chain method and system based on asymmetric key pool and implicit certificate
US11888832B2 (en) System and method to improve user authentication for enhanced security of cryptographically protected communication sessions
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
CN110380859B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol
CN111245611B (en) Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
US20220038267A1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
KR20060078768A (en) System and method for key recovery using distributed registration of private key
US20210044435A1 (en) Method for transmitting data from a motor vehicle and method for another vehicle to receive the data through a radio communication channel
CN116055136A (en) Secret sharing-based multi-target authentication method
CN110557248A (en) Secret key updating method and system for resisting quantum computation signcryption based on certificateless cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant