CN111740821B - Method and device for establishing shared secret key - Google Patents
Method and device for establishing shared secret key Download PDFInfo
- Publication number
- CN111740821B CN111740821B CN202010371284.0A CN202010371284A CN111740821B CN 111740821 B CN111740821 B CN 111740821B CN 202010371284 A CN202010371284 A CN 202010371284A CN 111740821 B CN111740821 B CN 111740821B
- Authority
- CN
- China
- Prior art keywords
- subgroup
- key
- establishing
- sigma
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The application is suitable for the technical field of information security, and provides a method and a device for establishing a shared secret key, which can solve the problem that hidden danger exists in security based on the existing public key cipher. A method of establishing a shared key, comprising: the first device determines the index asThe braid group Bn of n is a public key; first equipment selecting braid group B n A subgroup P generated by a plurality of elements of the group P, and selecting an element x from the subgroup P as a first private key; the first device receives { y } transmitted by the second device ‑1 σ 1 y,y ‑1 σ 2 y,...,y ‑1 σ n‑1 y }; the first device calculates { x } of each element of the first private key and the public key ‑1 σ 1 x,x ‑1 σ 2 x,...,x ‑1 σ n‑1 x } to the second device, such that the second device will have all sigma in the second private key k Replaced by x ‑1 σ k x, obtain f y (x ‑1 σ 1 x,x ‑1 σ 2 x,...,x ‑1 σ n‑1 x)=x ‑1 yx, and calculate the shared key x ‑1 y ‑1 xy; all sigma in a first private key of a first device k Replaced by y ‑1 σ k y, obtain f x (y ‑1 σ 1 y,y ‑1 σ 2 y,...,y ‑1 σ n‑1 y)=y ‑1 xy, and calculating to obtain shared key as x ‑1 y ‑1 xy。
Description
Technical Field
The application belongs to the technical field of information security, and particularly relates to a method and a device for establishing a shared secret key.
Background
In the classical public key cryptographic algorithm, as a practical calculation difficulty problem of security guarantee, the difficulty of the computer is greatly reduced along with the improvement of the performance of the computer. In particular, quantum computing systems based on the well-known Shor quantum algorithm proposed by Shor in 1997 will perform large integer factorization and discrete logarithm computation in polynomial time, respectively, while Google and IBM have respectively claimed that their designed quantum computing systems have been or are being implemented. This means that the public key cryptographic protocol established based on the algorithm RSA, ECC, elGamal etc. will no longer be secure.
On the other hand, key exchange protocols are established against the braid-based element conjugation problem proposed by anshelld et al, and attack schemes such as length-based attack, linear representation attack, super-sum-set attack, and the like have been discovered successively. Thus, the corresponding public key cryptosystem also has potential safety hazards.
Disclosure of Invention
The embodiment of the application provides a method and a device for establishing a shared key, which can solve the problem of hidden danger of safety based on the existing public key cipher and establish a method for resisting various attacks of the shared key.
In a first aspect, an embodiment of the present application provides a method for establishing a shared key, including: the first device determines a braid group Bn with an index of n as a public key; wherein B is n =<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the The plait group B n Each element in (a) is represented by a set { sigma } 1 ,σ 2 ,…,σ n-1 A word representing the element, and having a unique normal form, n.gtoreq.6, n being an integer; the first equipment selects braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x (σ 1 ,σ 2 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the The first device receives { y } transmitted by the second device -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device is a device for establishing a shared key with the first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q to serve as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y (σ 1 ,σ 2 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the k=1, 2, …, n-1; the first device calculates { x } of each element of the first private key x and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n- 1 x } to the second device, so thatThe second device obtains all sigma in the second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy; all sigma in a first private key x of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
The embodiment of the application provides a method for establishing a shared secret key, which is used for determining a braid group B with an index of n based on first equipment and second equipment n As a both party public key; both are respectively from braid group B n Selecting a subgroup and taking one element in the subgroup as a private key of the subgroup; performing conjugate calculation on each element of the private key and the public key; then, the two parties respectively send the respective conjugation results to the other party, and then calculate the shared secret key according to the conjugation results. Due to the introduced pigtail group B n The member problems of the subgroup are insoluble, so that the security of the established method for sharing the secret key is fully proven in theory, and various attacks such as quantum computing attacks can be realized.
Optionally, the first device selects braid group B n A subgroup P generated by a plurality of elements of (a) comprising: the braid group Bn contains a subgroup L isomorphic to the direct product of two free groups of rank 2 u :L u =<σ u 2 ,σ u+1 2 ,σ u+3 2 ,σ u+4 2 >The method comprises the steps of carrying out a first treatment on the surface of the u=1, 2,/v, n-5; according to the subgroup L u Generates subgroup M u :M u =<σ u 2 σ u+3 2 ,σ u+1 2 σ u+4 2 ,S uv ,T uv >The method comprises the steps of carrying out a first treatment on the surface of the v=1, 2, 27; selecting one of the subgroups M u As said subgroup P.
Alternatively, whenu=1, 2,..n-5, 27S uv The method comprises the following steps of:
optionally, the 27S uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv 。
Optionally, the subgroup P and the subgroup Q are Mihailova subgroups with a subgroup member that is insoluble.
In a second aspect, an embodiment of the present application provides an apparatus for establishing a shared key, including: the device for establishing the shared secret key comprises a processing unit and a receiving and transmitting unit; the processing unitThe method comprises the steps of determining a braid group Bn with an index of n as a public key; wherein B is n =<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the The plait group B n Each element in (a) is represented by a set { sigma } 1 ,σ 2 ,…,σ n-1 A word representing the element, and having a unique normal form, n.gtoreq.6, n being an integer; and also used for selecting the braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x (σ 1 ,σ 2 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the The receiving and transmitting unit is configured to receive { y } sent by the second device -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device is a device for establishing a shared key with the first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q to serve as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y (σ 1 ,σ 2 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the k=1, 2, …, n-1; and { x } calculated for each element of the first private key x and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x to the second device, so that the second device will have all sigma in said second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy; the processing unit is further configured to use all sigma in the first private key x of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
Optionally, the processing unit is configured to select the braid group B n A subgroup P generated by a plurality of elements of (a) comprising: the braid group Bn contains a subgroup L isomorphic to the direct product of two free groups of rank 2 u :L u =<σ u 2 ,σ u+1 2 ,σ u+3 2 ,σ u+4 2 >The method comprises the steps of carrying out a first treatment on the surface of the u=1, 2,/v, n-5; the processing unit is used for processing the sub-group L u Generates subgroup M u :M u =<σ u 2 σ u+3 2 ,σ u+1 2 σ u+4 2 ,S uv ,T uv >The method comprises the steps of carrying out a first treatment on the surface of the v=1, 2, 27; and is also used for selecting one subgroup M u As said subgroup P.
Alternatively, when u=1, 2,..n-5, 27S uv The method comprises the following steps of:
the 27S are processed uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv 。
In a third aspect, embodiments of the present application provide a computer device, including: a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method of establishing a shared key as described above when executing the computer program.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program which, when executed by a processor, implements a method of establishing a shared key as described above.
In a fifth aspect, embodiments of the present application provide a computer program product, which when run on a computer device, causes the computer device to perform the method of establishing a shared key as described in any of the first aspects above.
It will be appreciated that the advantages of the second to fifth aspects may be found in the relevant description of the first aspect, and are not described here again.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required for the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is an application scenario diagram provided by an embodiment of the present application;
FIG. 2 is an interactive schematic diagram of a method for establishing a shared key according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an apparatus for establishing a shared key according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
The method for establishing the shared key provided by the embodiment of the application can be applied to computer equipment, and as shown in fig. 1, the shared key is established between the computer equipment 1 and the computer equipment 2.
The computer device 1 comprises a memory, a processor, and a computer program stored in the memory and executable on the processor, which processor when executing the computer program implements a method of establishing a shared secret as described herein.
The memory may in some embodiments be an internal storage unit of the computer device 1, such as a hard disk or a memory of the computer device 1. The memory may in other embodiments also be an external storage device of the computer device 1, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the computer device 1. The memory may also include both internal storage units and external storage devices of the computer device 1. The memory is used to store an operating system, application programs, boot Loader (Boot Loader), data, and other programs, etc., such as program code for a computer program, etc. The memory may also be used to temporarily store data that has been output or is to be output.
The processor may be a central processing unit (Central Processing Unit, CPU), which may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It is to be understood that the structures illustrated in the embodiments of the present application do not constitute a particular limitation of the computer device 1, and in other embodiments, the computer device 1 may include more or less components than illustrated, or may combine certain components, or may split certain components, or may have a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware. The computer device 2 and the computer device 1 may have the same structure, and are not described in detail herein.
In the prior art, on the one hand, the public key cryptographic protocol established based on the RSA, ECC, elGamal algorithm is no longer secure because the quantum computing system is already implemented or being implemented. On the other hand, key exchange protocols are established against the braid-based element conjugation problem proposed by Anshell et al, and attack schemes such as length-based attacks, linear representation attacks, super-Summit-set attacks, and the like have been discovered successively. Thus, the corresponding public key cryptosystem also has potential safety hazards.
Therefore, the security of the method for establishing the shared secret key is fully proved in theory, and various attacks such as quantum computing attacks can be realized.
Embodiments of the present application are described below with reference to the accompanying drawings in the embodiments of the present application.
The present application provides a method for establishing a shared key, which can be applied to the computer device 1 or the computer device 2 in fig. 1. Wherein the computer device 1 performs the method as a first device and the computer device 2 as a second device; alternatively, the computer device 2 performs the method as a first device and the computer device 1 as a second device.
As shown in fig. 2, the method includes:
s21, the first device determines that a braid group Bn with an index of n is a public key.
Wherein bn=<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the Each element in braid group Bn is grouped in a set { sigma ] 1 ,σ 2 ,…,σ n-1 The word representing the element is represented by a unique normal form, n.gtoreq.6, n being an integer.
The product operation and the inversion operation based on the normal form group can be calculated.
S22, the second device determines that the braid group Bn with the index n is a public key.
The second device is a device for establishing a shared key with the first device, and the public key determined by the second device is the same as that determined by the first device.
S23, the first device selects a subgroup P generated by a plurality of elements of the braid group Bn, and selects an element x from the subgroup P as a first private key. Wherein the definition of x is x=f x (σ 1 ,σ 2 ,…,σ n-1 )。
Wherein x is sigma 1 ,σ 2 ,…,σ n-1 The product of Fang Mi (integer index), which can be expressed as x=f x (σ 1 ,σ 2 ,…,σ n-1 )
Optionally, the first device selects a subgroup P generated by a plurality of elements of the braid group Bn, including:
plait group Bn contains two and F 2 ×F 2 Isomorphic subgroup L u I.e. from sigma u 2 ,σ u+1 2 ,σ u+3 2 ,σ u+4 2 Generating a direct product isomorphic subgroup L of two free groups with rank of 2 u :L u =<σ u 2 ,σ u+1 2 ,σ u+3 2 ,σ u+4 2 >;u=1,2,...,n-5。
According to subgroup L u Generates subgroup M u :M u =<σ u 2 σ u+3 2 ,σ u+1 2 σ u+4 2 ,S uv ,T uv >;v=1,2,...,27。
The first device selects one of the subgroups M u As subgroup P.
Wherein, when u=1, 2,..n-5, 27S uv The method comprises the following steps of:
will 27S uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv 。
It should be noted that, the method of selecting, by the second device, one subgroup Q generated by the plurality of elements of the braid group Bn is the same as the method of selecting, by the first device, one subgroup P generated by the plurality of elements of the braid group Bn, and will not be described herein.
Based on this, the subgroup P and the subgroup Q may be the same or different.
S24, the second device selects a subgroup Q generated by a plurality of elements of the braid group Bn, and selects an element y from the subgroup Q as a second private key. Wherein the definition of y is y=f y (σ 1 ,σ 2 ,…,σ n-1 )。
Wherein y is sigma 1 ,σ 2 ,…,σ n-1 The product of Fang Mi (integer index), which can be expressed as y=f y (σ 1 ,σ 2 ,…,σ n-1 )。
It should be noted that the index n of the strand group Bn is not less than 6.
It should be understood that when n=6, the value range of u is 1, and the strand group Bn has a subgroup L which is identical to the direct product of two free groups of rank 2 1 :L 1 =<σ 1 2 ,σ 2 2 ,σ 4 2 ,σ 5 2 >I.e. both subgroups are identical. Based on subgroup L 1 Can generate subgroup M 1 :M 1 =<σ 1 2 σ 4 2 ,,σ 2 2 σ 5 2 ,S 1v ,T 1v >The method comprises the steps of carrying out a first treatment on the surface of the v=1, 2,..27. At this time, since only the subgroup M is generated 1 So the first device can select subgroup M 1 As subgroup P, the second device may select subgroup M 1 As subgroup Q.
It should be understood that when n=7, u has a value in the range of 1 or 2, and that strand group Bn has a free rank of 2 with twoStraight product isomorphic subgroups of groups, respectively L 1 And L 2 Wherein L is 1 =<σ 1 2 ,σ 2 2 ,σ 4 2 ,σ 5 2 >,L 2 =<σ 2 2 ,σ 3 2 ,σ 5 2 ,σ 6 2 >The method comprises the steps of carrying out a first treatment on the surface of the Based on subgroup L 1 Elements, which can generate subgroup M 1 :M 1 =<σ 1 2 σ 4 2 ,σ 2 2 σ 5 2 ,S 1v ,T 1v >The method comprises the steps of carrying out a first treatment on the surface of the According to subgroup L 2 Elements, which can generate subgroup M 2 :M 2 =<σ 2 2 σ 5 2 ,σ 3 2 σ 6 2 ,S 2v ,T 2v >. At this time, since two subgroups M are generated 1 And M 2 So the first device can select subgroup M 1 Or subgroup M 2 As subgroup P. Similarly, the second device may also select subgroup M 1 Or subgroup M 2 As subgroup Q.
It should be understood that when n=8, u has a value ranging from 1,2 or 3, then strand group Bn contains subgroups isomorphic to the direct product of two more free groups of rank 2, respectively L 1 、L 2 And L 3 Wherein L is 1 =<σ 1 2 ,σ 2 2 ,σ 4 2 ,σ 5 2 >,L 2 =<σ 2 2 ,σ 3 2 ,σ 5 2 ,σ 6 2 >,L 3 =<σ 3 2 ,σ 4 2 ,σ 6 2 ,σ 7 2 >The method comprises the steps of carrying out a first treatment on the surface of the Based on subgroup L 1 Elements, which can generate subgroup M 1 :M 1 =<σ 1 2 σ 4 2 ,σ 2 2 σ 5 2 ,S 1v ,T 1v >The method comprises the steps of carrying out a first treatment on the surface of the According to subgroup L 2 Elements, which can generate subgroup M 2 :M 2 =<σ 2 2 σ 5 2 ,σ 3 2 σ 6 2 ,S 2v ,T 2v >The method comprises the steps of carrying out a first treatment on the surface of the According to subgroup L 3 Can generate subgroup M 3 :M 3 =<σ 3 2 σ 6 2 ,σ 4 2 σ 7 2 ,S 3v ,T 3v >. At this time, a subgroup M is generated 1 、M 2 And M 3 So the first device can select subgroup M from 1 Or subgroup M 2 Or subgroup M 3 As subgroup P. Similarly, the second device may also select subgroup M 1 Or subgroup M 2 Or subgroup M 3 As subgroup Q.
By analogy, when the value of n is larger, and accordingly the value range of u is larger, the plait group Bn contains a subgroup L which is isomorphic with the direct product of two or more free groups with rank 2 u The method comprises the steps of carrying out a first treatment on the surface of the Based on different subgroups L u Can correspondingly generate different subgroups M u . At this time, since a plurality of subgroups M are generated u So the first device can select any subgroup M from u As subgroup P, the second device also selects any subgroup M from u As subgroup Q. Of course, the first device and the second device may select the same subgroup M u As subgroup P and subgroup Q, different subgroups M may be selected u As the subgroup P and the subgroup Q, the present application does not particularly limit this.
On the basis, the first device selects an element x from the subgroup P as a first private key x, i.e. the first device selects the subgroup M u Selecting an element x as a first private key x; the second device selects an element from subgroup Q as the second private key y, i.e. the second device selects subgroup M u An element is selected as the second private key y.
S25, the first device calculates x of each element of the first private key and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n- 1 x is sent to the second device.
S26, the second device stores the second private key and the public keyCalculated y for each element of (2) -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y is sent to the first device.
S27, the first equipment receives y sent by the second equipment -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y, all sigma in the first private key of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
S28, the second equipment receives x sent by the first equipment -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x, all sigma in the second private key y of the second device is to be calculated k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy。
Alternatively, both subgroup P and subgroup Q are Mihailova subgroups with subgroup members that are insoluble.
Thus, it can be understood that the above-mentioned subgroup P and subgroup Q are Mihailova subgroups, i.e., subgroup M is illustrated as subgroup P and subgroup Q u For the Mihailova subgroup, then all subgroups M u The member problem of (a) is insoluble.
Note that the subgroup membership problem (membership problem or generalized word problem) refers to: given a subgroup H of group G whose generated tuple is X, it is determined whether any element G in G can be represented by a word on X, i.e., whether G is an element in H.
If a third party tries to attack the public key cryptographic protocol established by the first device and the second device, the third party can only pass through the public information of the first device and the second device<σ 1 ,σ 2 ,…,σ n-1 >And { x over (x) obtained through the channel -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x and y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y implements the attack.
If a third party can obtain the elements s and t of the braid group Bn, the s is -1 σ i s=y -1 σ i y,t -1 σ i t=x -1 σ i x,i=1,2,…,n-1。
Let s=cy, t=dx, then there is s -1 σ i s=(cy) -1 σ i cy=y -1 c -1 σ i cy=y -1 σ i y, i=1, 2, …, n-1. Thereby having c -1 σ i c=σ i I=1, 2, …, n-1. I.e. c and each sigma i Multiplication is exchangeable.
Due to B n From sigma 1 ,σ 2 ,…,σ n-1 C is the element of the Bn center. And Bn is centered by delta 2 Generated infinite loop subgroups<Δ 2 >Wherein Δ=σ 1 σ 2 …σ n-1 σ 1 σ 2 …σ n-2 …σ 1 σ 2 σ 3 σ 1 σ 2 σ 1 . Whereby c is<Δ 2 >Is an element of (a). Similarly, d is<Δ 2 >Is an element of (a).
Due to<Δ 2 >Is B n And sigma(s) i 2 <Δ 2 >,σ i+1 2 <Δ 2 >,σ i+3 2 <Δ 2 >Sum sigma i+4 2 <Δ 2 >Generated business group B n /<Δ 2 >Subgroup and sigma of (2) i 2 ,σ i+1 2 ,σ i+3 2 Sum sigma i+4 2 Generation of B n And thus is also a free group of rank 2. Therefore, sub-business group (M i <Δ 2 >)/<Δ 2 >Also business group B n /<Δ 2 >Is a subgroup of Mihailova. So (M) i <Δ 2 >)/<Δ 2 >The subgroup membership problem of (a) is also insoluble.
Thus, if a third party attacker can obtain B n Elements s and t of (1) are such that s -1 σ i s=y -1 σ i y,t -1 σ i t=x -1 σ i t, i=1, 2, …, n-1. Then s=cy, t=dx, c, d e<Δ 2 >Therefore, in business group B n /<Δ 2 >In s<Δ 2 >=y<Δ 2 >And t<Δ 2 >=x<Δ 2 >. That is, a third party attacker is in business group B n /<Δ 2 >Must find the Mihailova subgroup (M i <Δ 2 >)/<Δ 2 >Element y of<Δ 2 >And x<Δ 2 >. However, due to (M i <Δ 2 >)/<Δ 2 >The subgroup membership problem of (2) is insoluble, so that no algorithm exists to enable an attacker to successfully obtain y<Δ 2 >And x<Δ 2 >So that there is no algorithm either that allows the attacker to successfully obtain the s and t needed.
The embodiment of the application provides a method for establishing a shared secret key, which is used for determining a braid group B with an index of n based on first equipment and second equipment n As a both party public key; both are respectively from braid group B n Selecting a subgroup and taking one element in the subgroup as a private key of the subgroup; performing conjugate calculation on each element of the private key and the public key; then, the two parties respectively send the respective conjugation results to the other party, and then calculate the shared secret key according to the conjugation results. Since the member problem of the introduced subgroup is insoluble, the security of the established method for sharing the secret key is fully proven in theory, and various attacks such as quantum computing attacks can be realized.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic of each process, and should not limit the implementation process of the embodiment of the present application in any way.
The embodiment of the present application further provides an apparatus for establishing a shared key, as shown in fig. 3, where the apparatus for establishing a shared key 10 is applied to a first device, and includes a processing unit 11 and a transceiver unit 12.
A processing unit 11, configured to determine a braid group Bn with an index n as a public key.
Wherein B is n =<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the Plait group B n Each element in (a) is represented by a set { sigma } 1 ,σ 2 ,…,σ n-1 The word representing the element is represented on the }, and the word has a unique normal form, n is equal to or greater than 6, and n is an integer.
The processing unit 11 is also used for selecting a braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x (σ 1 ,σ 2 ,…,σ n-1 )。
A transceiver unit 12 for receiving { y } transmitted by the second device -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device is a device for establishing a shared key with the first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q to serve as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y (σ 1 ,σ 2 ,…,σ n-1 );k=1,2,…,n-1。
The transceiver unit 12 is further configured to calculate { x } for each element of the first private key x and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x } to the second device, so that the second device will have all sigma in the second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy;
The processing unit is further configured to compare all sigma in the first private key x of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
Optionally, a processing unit 11 is configured to select the braid group B n A subgroup P generated by a plurality of elements of (a) comprising:
plait group Bn contains subgroups L isomorphic to the direct product of two rank 2 free groups u :L u =<σ u 2 ,σ u+1 2 ,σ u+3 2 ,σ u+4 2 >;u=1,2,...,n-5;
A processing unit 11 for generating a sub-group L u Generates subgroup M u :M u =<σ u 2 σ u+3 2 ,σ u+1 2 σ u+4 2 ,S uv ,T uv >;v=1,2,...,27;
And also for selecting a subgroup M u As subgroup P.
When u=1, 2,..n-5, 27S uv The method comprises the following steps of:
the 27S are processed uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv 。
The device for establishing the shared key provided in the embodiment of the present application has the same beneficial effects as the method for establishing the shared key, and is not described herein.
The embodiment of the present application further provides a computer device, as shown in fig. 4, the computer device 40 includes: a memory 41, a processor 42 and a computer program 43 stored in said memory and executable on said processor, the processor implementing the method of establishing a shared key as described above when executing the computer program.
Embodiments of the present application also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements a method of establishing a shared key as described above.
Embodiments of the present application provide a computer program product which, when run on a computer device, causes the computer device to perform the above-described method of establishing a shared key.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (10)
1. A method of establishing a shared key, comprising:
the first device determines a braid group Bn with an index of n as a public key;
wherein B is n =<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the The plait group B n Each element in (a) is represented by a set { sigma } 1 ,σ 2 ,…,σ n-1 A word representing the element, and having a unique normal form, n.gtoreq.6, n being an integer;
the first equipment selects braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x (σ 1 ,σ 2 ,…,σ n-1 );
The first device receives { y } transmitted by the second device -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device is a device for establishing a shared key with the first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y (σ 1 ,σ 2 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the k=1, 2, …, n-1; the method for selecting one subgroup Q generated by the plurality of elements of the braid group Bn by the second device is the same as the method for selecting one subgroup P generated by the plurality of elements of the braid group Bn by the first device; the first device and the second device select the same subgroup Mu as a subgroup P and a subgroup Q, or select different subgroup Mu as a subgroup P and a subgroup Q;
the first device calculates { x } of each element of the first private key and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x to the second device, so that the second device will have all sigma in said second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy;
All sigma in a first private key of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n- 1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
2. The method of establishing a shared secret according to claim 1, wherein the first device selects strand group B n A subgroup P generated by a plurality of elements of (a) comprising:
the braid group Bn contains a subgroup L isomorphic to the direct product of two free groups of rank 2 u :L u =<σ u 2 ,σ u+1 2 ,σ u+3 2 ,σ u+4 2 >;u=1,2,...,n-5;
According to the subgroup L u Generates subgroup M u :M u =<σ u 2 σ u+3 2 ,σ u+1 2 σ u+4 2 ,S uv ,T uv >;v=1,2,...,27;
Selecting one of the subgroups M u As said subgroup P.
4. a method of establishing a shared key as defined in claim 3, wherein the 27S are uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv 。
5. The method of establishing a shared key of claim 1, wherein the subgroup P and the subgroup Q are each a michailova subgroup with subgroup members that are insoluble.
6. An apparatus for establishing a shared key is applied to a first device, and the apparatus for establishing the shared key comprises a processing unit and a receiving and transmitting unit;
the processing unit is used for determining a braid group Bn with an index of n as a public key;
wherein B is n =<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ ii+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the The plait group B n Each element in (a) is represented by a set { sigma } 1 ,σ 2 ,…,σ n-1 A word representing the element, and having a unique normal form, n.gtoreq.6, n being an integer;
and also used for selecting the braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x (σ 1 ,σ 2 ,…,σ n-1 );
The receiving and transmitting unit is used for receiving { y } sent by the second equipment -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device isDevice for establishing a shared key with said first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y (σ 1 ,σ 2 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the k=1, 2, …, n-1; the method for selecting one subgroup Q generated by the plurality of elements of the braid group Bn by the second device is the same as the method for selecting one subgroup P generated by the plurality of elements of the braid group Bn by the first device; the first device and the second device select the same subgroup Mu as a subgroup P and a subgroup Q, or select different subgroup Mu as a subgroup P and a subgroup Q;
and is further configured to calculate { x } for each element of the first private key and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n- 1 x to the second device, so that the second device will have all sigma in said second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy;
The processing unit is further configured to use all sigma in the first private key of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
7. The apparatus for establishing a shared secret according to claim 6, wherein the processing unit is configured to select a braid group B n A subgroup P generated by a plurality of elements of (a) comprising:
the braid group Bn contains a subgroup L isomorphic to the direct product of two free groups of rank 2 u :L u =<σ u 2 ,σ u+1 2 ,σ u+3 2 ,σ u+4 2 >;u=1,2,...,n-5;
The processing unit is used for processing the sub-group L u Generates subgroup M u :M u =<σ u 2 σ u+3 2 ,σ u+1 2 σ u+4 2 ,S uv ,T uv >;v=1,2,...,27;
And is also used for selecting one subgroup M u As said subgroup P.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method of establishing a shared key according to any of claims 1 to 5 when the computer program is executed.
10. A computer readable storage medium storing a computer program, characterized in that the computer program, when executed by a processor, implements a method of establishing a shared key according to any of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010371284.0A CN111740821B (en) | 2020-05-06 | 2020-05-06 | Method and device for establishing shared secret key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010371284.0A CN111740821B (en) | 2020-05-06 | 2020-05-06 | Method and device for establishing shared secret key |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111740821A CN111740821A (en) | 2020-10-02 |
CN111740821B true CN111740821B (en) | 2023-06-27 |
Family
ID=72647004
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010371284.0A Active CN111740821B (en) | 2020-05-06 | 2020-05-06 | Method and device for establishing shared secret key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111740821B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114221753B (en) * | 2021-11-23 | 2023-08-04 | 深圳大学 | Key data processing method and electronic equipment |
CN114640463B (en) * | 2022-02-25 | 2023-05-12 | 深圳大学 | Digital signature method, computer equipment and medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107911209A (en) * | 2017-12-28 | 2018-04-13 | 深圳大学 | The method for establishing the security public key cryptography of resisting quantum computation attack |
CN109787752A (en) * | 2018-09-30 | 2019-05-21 | 王威鉴 | The method for establishing the shared key of attack resistance |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103414569B (en) * | 2013-08-21 | 2016-08-10 | 王威鉴 | A kind of method of the public key cryptography setting up attack resistance |
US10505722B2 (en) * | 2016-07-06 | 2019-12-10 | Securerf Corporation | Shared secret communication system with use of cloaking elements |
US20190215148A1 (en) * | 2018-01-11 | 2019-07-11 | Shenzhen University | Method of establishing anti-attack public key cryptogram |
CN108768639B (en) * | 2018-06-06 | 2021-07-06 | 电子科技大学 | Public key order-preserving encryption method |
-
2020
- 2020-05-06 CN CN202010371284.0A patent/CN111740821B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107911209A (en) * | 2017-12-28 | 2018-04-13 | 深圳大学 | The method for establishing the security public key cryptography of resisting quantum computation attack |
CN109787752A (en) * | 2018-09-30 | 2019-05-21 | 王威鉴 | The method for establishing the shared key of attack resistance |
Also Published As
Publication number | Publication date |
---|---|
CN111740821A (en) | 2020-10-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11301571B2 (en) | Neural-network training using secure data processing | |
US11159305B2 (en) | Homomorphic data decryption method and apparatus for implementing privacy protection | |
CN112446052B (en) | Aggregated signature method and system suitable for secret-related information system | |
CN111740821B (en) | Method and device for establishing shared secret key | |
US11902432B2 (en) | System and method to optimize generation of coprime numbers in cryptographic applications | |
CN112769542B (en) | Multiplication triple generation method, device, equipment and medium based on elliptic curve | |
Kuang et al. | A new quantum-safe multivariate polynomial public key digital signature algorithm | |
CN112865973A (en) | Method for generating encryption key and digital signature based on lattice | |
US8160256B2 (en) | Key calculation method and key agreement method using the same | |
WO2021223090A1 (en) | Method and apparatus for establishing shared key | |
US20220085998A1 (en) | System and method to generate prime numbers in cryptographic applications | |
US20220278843A1 (en) | Computer implemented method and system for knowledge proof in blockchain transactions | |
CN114221753B (en) | Key data processing method and electronic equipment | |
CN114640463B (en) | Digital signature method, computer equipment and medium | |
CN111970130B (en) | Quantum block chain establishment method and system | |
CN117795901A (en) | Generating digital signature shares | |
CN111614465B (en) | Public key generation method and device based on super-singular homologous secret key encapsulation protocol | |
Lochter | Blockchain as cryptanalytic tool | |
de Oliveira et al. | An efficient software implementation of the hash-based signature scheme MSS and its variants | |
JP2002508523A (en) | Fast finite field operation on elliptic curves | |
Krikun et al. | Parallelized Montgomery Exponentiation in GF (2 k) for Diffie–Hellman Key Exchange Protocol. | |
RU2356172C1 (en) | Method for generation and authentication of electronic digital signature that verifies electronic document | |
CN115840953A (en) | Identity authentication method, device, terminal and readable storage medium | |
CN114257377A (en) | Multivariate aggregation signature method, system, equipment and medium | |
WO2024038028A1 (en) | Improved blockchain system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |