CN111740821B - Method and device for establishing shared secret key - Google Patents

Method and device for establishing shared secret key Download PDF

Info

Publication number
CN111740821B
CN111740821B CN202010371284.0A CN202010371284A CN111740821B CN 111740821 B CN111740821 B CN 111740821B CN 202010371284 A CN202010371284 A CN 202010371284A CN 111740821 B CN111740821 B CN 111740821B
Authority
CN
China
Prior art keywords
subgroup
key
establishing
sigma
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010371284.0A
Other languages
Chinese (zh)
Other versions
CN111740821A (en
Inventor
王晓峰
林汉玲
凌一品
王威鉴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen University
Original Assignee
Shenzhen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen University filed Critical Shenzhen University
Priority to CN202010371284.0A priority Critical patent/CN111740821B/en
Publication of CN111740821A publication Critical patent/CN111740821A/en
Application granted granted Critical
Publication of CN111740821B publication Critical patent/CN111740821B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The application is suitable for the technical field of information security, and provides a method and a device for establishing a shared secret key, which can solve the problem that hidden danger exists in security based on the existing public key cipher. A method of establishing a shared key, comprising: the first device determines the index asThe braid group Bn of n is a public key; first equipment selecting braid group B n A subgroup P generated by a plurality of elements of the group P, and selecting an element x from the subgroup P as a first private key; the first device receives { y } transmitted by the second device ‑1 σ 1 y,y ‑1 σ 2 y,...,y ‑1 σ n‑1 y }; the first device calculates { x } of each element of the first private key and the public key ‑1 σ 1 x,x ‑1 σ 2 x,...,x ‑1 σ n‑1 x } to the second device, such that the second device will have all sigma in the second private key k Replaced by x ‑1 σ k x, obtain f y (x ‑1 σ 1 x,x ‑1 σ 2 x,...,x ‑1 σ n‑1 x)=x ‑1 yx, and calculate the shared key x ‑1 y ‑1 xy; all sigma in a first private key of a first device k Replaced by y ‑1 σ k y, obtain f x (y ‑1 σ 1 y,y ‑1 σ 2 y,...,y ‑1 σ n‑1 y)=y ‑1 xy, and calculating to obtain shared key as x ‑1 y ‑1 xy。

Description

Method and device for establishing shared secret key
Technical Field
The application belongs to the technical field of information security, and particularly relates to a method and a device for establishing a shared secret key.
Background
In the classical public key cryptographic algorithm, as a practical calculation difficulty problem of security guarantee, the difficulty of the computer is greatly reduced along with the improvement of the performance of the computer. In particular, quantum computing systems based on the well-known Shor quantum algorithm proposed by Shor in 1997 will perform large integer factorization and discrete logarithm computation in polynomial time, respectively, while Google and IBM have respectively claimed that their designed quantum computing systems have been or are being implemented. This means that the public key cryptographic protocol established based on the algorithm RSA, ECC, elGamal etc. will no longer be secure.
On the other hand, key exchange protocols are established against the braid-based element conjugation problem proposed by anshelld et al, and attack schemes such as length-based attack, linear representation attack, super-sum-set attack, and the like have been discovered successively. Thus, the corresponding public key cryptosystem also has potential safety hazards.
Disclosure of Invention
The embodiment of the application provides a method and a device for establishing a shared key, which can solve the problem of hidden danger of safety based on the existing public key cipher and establish a method for resisting various attacks of the shared key.
In a first aspect, an embodiment of the present application provides a method for establishing a shared key, including: the first device determines a braid group Bn with an index of n as a public key; wherein B is n =<σ 12 ,…,σ n-1i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the The plait group B n Each element in (a) is represented by a set { sigma } 12 ,…,σ n-1 A word representing the element, and having a unique normal form, n.gtoreq.6, n being an integer; the first equipment selects braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x12 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the The first device receives { y } transmitted by the second device -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device is a device for establishing a shared key with the first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q to serve as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y12 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the k=1, 2, …, n-1; the first device calculates { x } of each element of the first private key x and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n- 1 x } to the second device, so thatThe second device obtains all sigma in the second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy; all sigma in a first private key x of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
The embodiment of the application provides a method for establishing a shared secret key, which is used for determining a braid group B with an index of n based on first equipment and second equipment n As a both party public key; both are respectively from braid group B n Selecting a subgroup and taking one element in the subgroup as a private key of the subgroup; performing conjugate calculation on each element of the private key and the public key; then, the two parties respectively send the respective conjugation results to the other party, and then calculate the shared secret key according to the conjugation results. Due to the introduced pigtail group B n The member problems of the subgroup are insoluble, so that the security of the established method for sharing the secret key is fully proven in theory, and various attacks such as quantum computing attacks can be realized.
Optionally, the first device selects braid group B n A subgroup P generated by a plurality of elements of (a) comprising: the braid group Bn contains a subgroup L isomorphic to the direct product of two free groups of rank 2 u :L u =<σ u 2u+1 2u+3 2u+4 2 >The method comprises the steps of carrying out a first treatment on the surface of the u=1, 2,/v, n-5; according to the subgroup L u Generates subgroup M u :M u =<σ u 2 σ u+3 2u+1 2 σ u+4 2 ,S uv ,T uv >The method comprises the steps of carrying out a first treatment on the surface of the v=1, 2, 27; selecting one of the subgroups M u As said subgroup P.
Alternatively, whenu=1, 2,..n-5, 27S uv The method comprises the following steps of:
Figure BDA0002478388390000031
Figure BDA0002478388390000032
Figure BDA0002478388390000033
Figure BDA0002478388390000034
Figure BDA0002478388390000035
Figure BDA0002478388390000036
Figure BDA0002478388390000037
Figure BDA0002478388390000038
Figure BDA0002478388390000039
Figure BDA00024783883900000310
Figure BDA00024783883900000311
Figure BDA00024783883900000312
Figure BDA00024783883900000313
Figure BDA00024783883900000314
Figure BDA0002478388390000041
Figure BDA0002478388390000042
Figure BDA0002478388390000043
Figure BDA0002478388390000044
Figure BDA0002478388390000045
Figure BDA0002478388390000046
Figure BDA0002478388390000047
Figure BDA0002478388390000048
Figure BDA0002478388390000049
Figure BDA00024783883900000410
Figure BDA0002478388390000051
Figure BDA0002478388390000052
Figure BDA0002478388390000053
Figure BDA0002478388390000054
Figure BDA0002478388390000055
optionally, the 27S uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv
Optionally, the subgroup P and the subgroup Q are Mihailova subgroups with a subgroup member that is insoluble.
In a second aspect, an embodiment of the present application provides an apparatus for establishing a shared key, including: the device for establishing the shared secret key comprises a processing unit and a receiving and transmitting unit; the processing unitThe method comprises the steps of determining a braid group Bn with an index of n as a public key; wherein B is n =<σ 12 ,…,σ n-1i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the The plait group B n Each element in (a) is represented by a set { sigma } 12 ,…,σ n-1 A word representing the element, and having a unique normal form, n.gtoreq.6, n being an integer; and also used for selecting the braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x12 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the The receiving and transmitting unit is configured to receive { y } sent by the second device -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device is a device for establishing a shared key with the first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q to serve as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y12 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the k=1, 2, …, n-1; and { x } calculated for each element of the first private key x and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x to the second device, so that the second device will have all sigma in said second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy; the processing unit is further configured to use all sigma in the first private key x of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
Optionally, the processing unit is configured to select the braid group B n A subgroup P generated by a plurality of elements of (a) comprising: the braid group Bn contains a subgroup L isomorphic to the direct product of two free groups of rank 2 u :L u =<σ u 2u+1 2u+3 2u+4 2 >The method comprises the steps of carrying out a first treatment on the surface of the u=1, 2,/v, n-5; the processing unit is used for processing the sub-group L u Generates subgroup M u :M u =<σ u 2 σ u+3 2u+1 2 σ u+4 2 ,S uv ,T uv >The method comprises the steps of carrying out a first treatment on the surface of the v=1, 2, 27; and is also used for selecting one subgroup M u As said subgroup P.
Alternatively, when u=1, 2,..n-5, 27S uv The method comprises the following steps of:
Figure BDA0002478388390000071
Figure BDA0002478388390000072
Figure BDA0002478388390000073
Figure BDA0002478388390000074
Figure BDA0002478388390000075
Figure BDA0002478388390000076
Figure BDA0002478388390000077
Figure BDA0002478388390000078
Figure BDA0002478388390000079
Figure BDA00024783883900000710
Figure BDA00024783883900000711
Figure BDA00024783883900000712
Figure BDA00024783883900000713
Figure BDA00024783883900000714
Figure BDA0002478388390000081
Figure BDA0002478388390000082
Figure BDA0002478388390000083
Figure BDA0002478388390000084
Figure BDA0002478388390000085
Figure BDA0002478388390000086
Figure BDA0002478388390000087
Figure BDA0002478388390000088
Figure BDA0002478388390000089
Figure BDA00024783883900000810
Figure BDA0002478388390000091
Figure BDA0002478388390000092
Figure BDA0002478388390000093
Figure BDA0002478388390000094
Figure BDA0002478388390000095
the 27S are processed uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv
In a third aspect, embodiments of the present application provide a computer device, including: a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method of establishing a shared key as described above when executing the computer program.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program which, when executed by a processor, implements a method of establishing a shared key as described above.
In a fifth aspect, embodiments of the present application provide a computer program product, which when run on a computer device, causes the computer device to perform the method of establishing a shared key as described in any of the first aspects above.
It will be appreciated that the advantages of the second to fifth aspects may be found in the relevant description of the first aspect, and are not described here again.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required for the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is an application scenario diagram provided by an embodiment of the present application;
FIG. 2 is an interactive schematic diagram of a method for establishing a shared key according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an apparatus for establishing a shared key according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
The method for establishing the shared key provided by the embodiment of the application can be applied to computer equipment, and as shown in fig. 1, the shared key is established between the computer equipment 1 and the computer equipment 2.
The computer device 1 comprises a memory, a processor, and a computer program stored in the memory and executable on the processor, which processor when executing the computer program implements a method of establishing a shared secret as described herein.
The memory may in some embodiments be an internal storage unit of the computer device 1, such as a hard disk or a memory of the computer device 1. The memory may in other embodiments also be an external storage device of the computer device 1, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the computer device 1. The memory may also include both internal storage units and external storage devices of the computer device 1. The memory is used to store an operating system, application programs, boot Loader (Boot Loader), data, and other programs, etc., such as program code for a computer program, etc. The memory may also be used to temporarily store data that has been output or is to be output.
The processor may be a central processing unit (Central Processing Unit, CPU), which may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It is to be understood that the structures illustrated in the embodiments of the present application do not constitute a particular limitation of the computer device 1, and in other embodiments, the computer device 1 may include more or less components than illustrated, or may combine certain components, or may split certain components, or may have a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware. The computer device 2 and the computer device 1 may have the same structure, and are not described in detail herein.
In the prior art, on the one hand, the public key cryptographic protocol established based on the RSA, ECC, elGamal algorithm is no longer secure because the quantum computing system is already implemented or being implemented. On the other hand, key exchange protocols are established against the braid-based element conjugation problem proposed by Anshell et al, and attack schemes such as length-based attacks, linear representation attacks, super-Summit-set attacks, and the like have been discovered successively. Thus, the corresponding public key cryptosystem also has potential safety hazards.
Therefore, the security of the method for establishing the shared secret key is fully proved in theory, and various attacks such as quantum computing attacks can be realized.
Embodiments of the present application are described below with reference to the accompanying drawings in the embodiments of the present application.
The present application provides a method for establishing a shared key, which can be applied to the computer device 1 or the computer device 2 in fig. 1. Wherein the computer device 1 performs the method as a first device and the computer device 2 as a second device; alternatively, the computer device 2 performs the method as a first device and the computer device 1 as a second device.
As shown in fig. 2, the method includes:
s21, the first device determines that a braid group Bn with an index of n is a public key.
Wherein bn=<σ 12 ,…,σ n-1i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the Each element in braid group Bn is grouped in a set { sigma ] 12 ,…,σ n-1 The word representing the element is represented by a unique normal form, n.gtoreq.6, n being an integer.
The product operation and the inversion operation based on the normal form group can be calculated.
S22, the second device determines that the braid group Bn with the index n is a public key.
The second device is a device for establishing a shared key with the first device, and the public key determined by the second device is the same as that determined by the first device.
S23, the first device selects a subgroup P generated by a plurality of elements of the braid group Bn, and selects an element x from the subgroup P as a first private key. Wherein the definition of x is x=f x12 ,…,σ n-1 )。
Wherein x is sigma 12 ,…,σ n-1 The product of Fang Mi (integer index), which can be expressed as x=f x12 ,…,σ n-1 )
Optionally, the first device selects a subgroup P generated by a plurality of elements of the braid group Bn, including:
plait group Bn contains two and F 2 ×F 2 Isomorphic subgroup L u I.e. from sigma u 2u+1 2u+3 2u+4 2 Generating a direct product isomorphic subgroup L of two free groups with rank of 2 u :L u =<σ u 2u+1 2u+3 2u+4 2 >;u=1,2,...,n-5。
According to subgroup L u Generates subgroup M u :M u =<σ u 2 σ u+3 2u+1 2 σ u+4 2 ,S uv ,T uv >;v=1,2,...,27。
The first device selects one of the subgroups M u As subgroup P.
Wherein, when u=1, 2,..n-5, 27S uv The method comprises the following steps of:
Figure BDA0002478388390000131
Figure BDA0002478388390000132
Figure BDA0002478388390000133
Figure BDA0002478388390000134
Figure BDA0002478388390000135
Figure BDA0002478388390000136
Figure BDA0002478388390000137
Figure BDA0002478388390000138
Figure BDA0002478388390000139
Figure BDA00024783883900001310
Figure BDA00024783883900001311
Figure BDA00024783883900001312
Figure BDA00024783883900001313
Figure BDA00024783883900001314
Figure BDA0002478388390000141
Figure BDA0002478388390000142
Figure BDA0002478388390000143
Figure BDA0002478388390000144
Figure BDA0002478388390000145
/>
Figure BDA0002478388390000146
Figure BDA0002478388390000147
Figure BDA0002478388390000148
Figure BDA0002478388390000149
Figure BDA00024783883900001410
Figure BDA0002478388390000151
Figure BDA0002478388390000152
Figure BDA0002478388390000153
Figure BDA0002478388390000154
/>
Figure BDA0002478388390000155
will 27S uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv
It should be noted that, the method of selecting, by the second device, one subgroup Q generated by the plurality of elements of the braid group Bn is the same as the method of selecting, by the first device, one subgroup P generated by the plurality of elements of the braid group Bn, and will not be described herein.
Based on this, the subgroup P and the subgroup Q may be the same or different.
S24, the second device selects a subgroup Q generated by a plurality of elements of the braid group Bn, and selects an element y from the subgroup Q as a second private key. Wherein the definition of y is y=f y12 ,…,σ n-1 )。
Wherein y is sigma 12 ,…,σ n-1 The product of Fang Mi (integer index), which can be expressed as y=f y12 ,…,σ n-1 )。
It should be noted that the index n of the strand group Bn is not less than 6.
It should be understood that when n=6, the value range of u is 1, and the strand group Bn has a subgroup L which is identical to the direct product of two free groups of rank 2 1 :L 1 =<σ 1 22 24 25 2 >I.e. both subgroups are identical. Based on subgroup L 1 Can generate subgroup M 1 :M 1 =<σ 1 2 σ 4 2 ,,σ 2 2 σ 5 2 ,S 1v ,T 1v >The method comprises the steps of carrying out a first treatment on the surface of the v=1, 2,..27. At this time, since only the subgroup M is generated 1 So the first device can select subgroup M 1 As subgroup P, the second device may select subgroup M 1 As subgroup Q.
It should be understood that when n=7, u has a value in the range of 1 or 2, and that strand group Bn has a free rank of 2 with twoStraight product isomorphic subgroups of groups, respectively L 1 And L 2 Wherein L is 1 =<σ 1 22 24 25 2 >,L 2 =<σ 2 23 25 26 2 >The method comprises the steps of carrying out a first treatment on the surface of the Based on subgroup L 1 Elements, which can generate subgroup M 1 :M 1 =<σ 1 2 σ 4 22 2 σ 5 2 ,S 1v ,T 1v >The method comprises the steps of carrying out a first treatment on the surface of the According to subgroup L 2 Elements, which can generate subgroup M 2 :M 2 =<σ 2 2 σ 5 23 2 σ 6 2 ,S 2v ,T 2v >. At this time, since two subgroups M are generated 1 And M 2 So the first device can select subgroup M 1 Or subgroup M 2 As subgroup P. Similarly, the second device may also select subgroup M 1 Or subgroup M 2 As subgroup Q.
It should be understood that when n=8, u has a value ranging from 1,2 or 3, then strand group Bn contains subgroups isomorphic to the direct product of two more free groups of rank 2, respectively L 1 、L 2 And L 3 Wherein L is 1 =<σ 1 22 24 25 2 >,L 2 =<σ 2 23 25 26 2 >,L 3 =<σ 3 24 26 27 2 >The method comprises the steps of carrying out a first treatment on the surface of the Based on subgroup L 1 Elements, which can generate subgroup M 1 :M 1 =<σ 1 2 σ 4 22 2 σ 5 2 ,S 1v ,T 1v >The method comprises the steps of carrying out a first treatment on the surface of the According to subgroup L 2 Elements, which can generate subgroup M 2 :M 2 =<σ 2 2 σ 5 23 2 σ 6 2 ,S 2v ,T 2v >The method comprises the steps of carrying out a first treatment on the surface of the According to subgroup L 3 Can generate subgroup M 3 :M 3 =<σ 3 2 σ 6 24 2 σ 7 2 ,S 3v ,T 3v >. At this time, a subgroup M is generated 1 、M 2 And M 3 So the first device can select subgroup M from 1 Or subgroup M 2 Or subgroup M 3 As subgroup P. Similarly, the second device may also select subgroup M 1 Or subgroup M 2 Or subgroup M 3 As subgroup Q.
By analogy, when the value of n is larger, and accordingly the value range of u is larger, the plait group Bn contains a subgroup L which is isomorphic with the direct product of two or more free groups with rank 2 u The method comprises the steps of carrying out a first treatment on the surface of the Based on different subgroups L u Can correspondingly generate different subgroups M u . At this time, since a plurality of subgroups M are generated u So the first device can select any subgroup M from u As subgroup P, the second device also selects any subgroup M from u As subgroup Q. Of course, the first device and the second device may select the same subgroup M u As subgroup P and subgroup Q, different subgroups M may be selected u As the subgroup P and the subgroup Q, the present application does not particularly limit this.
On the basis, the first device selects an element x from the subgroup P as a first private key x, i.e. the first device selects the subgroup M u Selecting an element x as a first private key x; the second device selects an element from subgroup Q as the second private key y, i.e. the second device selects subgroup M u An element is selected as the second private key y.
S25, the first device calculates x of each element of the first private key and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n- 1 x is sent to the second device.
S26, the second device stores the second private key and the public keyCalculated y for each element of (2) -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y is sent to the first device.
S27, the first equipment receives y sent by the second equipment -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y, all sigma in the first private key of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
S28, the second equipment receives x sent by the first equipment -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x, all sigma in the second private key y of the second device is to be calculated k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy。
Alternatively, both subgroup P and subgroup Q are Mihailova subgroups with subgroup members that are insoluble.
Thus, it can be understood that the above-mentioned subgroup P and subgroup Q are Mihailova subgroups, i.e., subgroup M is illustrated as subgroup P and subgroup Q u For the Mihailova subgroup, then all subgroups M u The member problem of (a) is insoluble.
Note that the subgroup membership problem (membership problem or generalized word problem) refers to: given a subgroup H of group G whose generated tuple is X, it is determined whether any element G in G can be represented by a word on X, i.e., whether G is an element in H.
If a third party tries to attack the public key cryptographic protocol established by the first device and the second device, the third party can only pass through the public information of the first device and the second device<σ 12 ,…,σ n-1 >And { x over (x) obtained through the channel -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x and y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y implements the attack.
If a third party can obtain the elements s and t of the braid group Bn, the s is -1 σ i s=y -1 σ i y,t -1 σ i t=x -1 σ i x,i=1,2,…,n-1。
Let s=cy, t=dx, then there is s -1 σ i s=(cy) -1 σ i cy=y -1 c -1 σ i cy=y -1 σ i y, i=1, 2, …, n-1. Thereby having c -1 σ i c=σ i I=1, 2, …, n-1. I.e. c and each sigma i Multiplication is exchangeable.
Due to B n From sigma 12 ,…,σ n-1 C is the element of the Bn center. And Bn is centered by delta 2 Generated infinite loop subgroups<Δ 2 >Wherein Δ=σ 1 σ 2 …σ n-1 σ 1 σ 2 …σ n-2 …σ 1 σ 2 σ 3 σ 1 σ 2 σ 1 . Whereby c is<Δ 2 >Is an element of (a). Similarly, d is<Δ 2 >Is an element of (a).
Due to<Δ 2 >Is B n And sigma(s) i 22 >,σ i+1 22 >,σ i+3 22 >Sum sigma i+4 22 >Generated business group B n /<Δ 2 >Subgroup and sigma of (2) i 2i+1 2i+3 2 Sum sigma i+4 2 Generation of B n And thus is also a free group of rank 2. Therefore, sub-business group (M i2 >)/<Δ 2 >Also business group B n /<Δ 2 >Is a subgroup of Mihailova. So (M) i2 >)/<Δ 2 >The subgroup membership problem of (a) is also insoluble.
Thus, if a third party attacker can obtain B n Elements s and t of (1) are such that s -1 σ i s=y -1 σ i y,t -1 σ i t=x -1 σ i t, i=1, 2, …, n-1. Then s=cy, t=dx, c, d e<Δ 2 >Therefore, in business group B n /<Δ 2 >In s<Δ 2 >=y<Δ 2 >And t<Δ 2 >=x<Δ 2 >. That is, a third party attacker is in business group B n /<Δ 2 >Must find the Mihailova subgroup (M i <Δ 2 >)/<Δ 2 >Element y of<Δ 2 >And x<Δ 2 >. However, due to (M i2 >)/<Δ 2 >The subgroup membership problem of (2) is insoluble, so that no algorithm exists to enable an attacker to successfully obtain y<Δ 2 >And x<Δ 2 >So that there is no algorithm either that allows the attacker to successfully obtain the s and t needed.
The embodiment of the application provides a method for establishing a shared secret key, which is used for determining a braid group B with an index of n based on first equipment and second equipment n As a both party public key; both are respectively from braid group B n Selecting a subgroup and taking one element in the subgroup as a private key of the subgroup; performing conjugate calculation on each element of the private key and the public key; then, the two parties respectively send the respective conjugation results to the other party, and then calculate the shared secret key according to the conjugation results. Since the member problem of the introduced subgroup is insoluble, the security of the established method for sharing the secret key is fully proven in theory, and various attacks such as quantum computing attacks can be realized.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic of each process, and should not limit the implementation process of the embodiment of the present application in any way.
The embodiment of the present application further provides an apparatus for establishing a shared key, as shown in fig. 3, where the apparatus for establishing a shared key 10 is applied to a first device, and includes a processing unit 11 and a transceiver unit 12.
A processing unit 11, configured to determine a braid group Bn with an index n as a public key.
Wherein B is n =<σ 12 ,…,σ n-1i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the Plait group B n Each element in (a) is represented by a set { sigma } 12 ,…,σ n-1 The word representing the element is represented on the }, and the word has a unique normal form, n is equal to or greater than 6, and n is an integer.
The processing unit 11 is also used for selecting a braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x12 ,…,σ n-1 )。
A transceiver unit 12 for receiving { y } transmitted by the second device -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device is a device for establishing a shared key with the first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q to serve as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y12 ,…,σ n-1 );k=1,2,…,n-1。
The transceiver unit 12 is further configured to calculate { x } for each element of the first private key x and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x } to the second device, so that the second device will have all sigma in the second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy;
The processing unit is further configured to compare all sigma in the first private key x of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
Optionally, a processing unit 11 is configured to select the braid group B n A subgroup P generated by a plurality of elements of (a) comprising:
plait group Bn contains subgroups L isomorphic to the direct product of two rank 2 free groups u :L u =<σ u 2u+1 2u+3 2u+4 2 >;u=1,2,...,n-5;
A processing unit 11 for generating a sub-group L u Generates subgroup M u :M u =<σ u 2 σ u+3 2u+1 2 σ u+4 2 ,S uv ,T uv >;v=1,2,...,27;
And also for selecting a subgroup M u As subgroup P.
When u=1, 2,..n-5, 27S uv The method comprises the following steps of:
Figure BDA0002478388390000201
Figure BDA0002478388390000202
Figure BDA0002478388390000203
Figure BDA0002478388390000204
/>
Figure BDA0002478388390000205
Figure BDA0002478388390000206
Figure BDA0002478388390000207
Figure BDA0002478388390000208
Figure BDA0002478388390000209
Figure BDA00024783883900002010
Figure BDA00024783883900002011
Figure BDA00024783883900002012
Figure BDA00024783883900002013
Figure BDA00024783883900002014
Figure BDA0002478388390000211
Figure BDA0002478388390000212
Figure BDA0002478388390000213
Figure BDA0002478388390000214
Figure BDA0002478388390000215
/>
Figure BDA0002478388390000216
Figure BDA0002478388390000217
Figure BDA0002478388390000218
Figure BDA0002478388390000219
Figure BDA00024783883900002110
Figure BDA0002478388390000221
Figure BDA0002478388390000222
Figure BDA0002478388390000223
Figure BDA0002478388390000224
/>
Figure BDA0002478388390000225
the 27S are processed uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv
The device for establishing the shared key provided in the embodiment of the present application has the same beneficial effects as the method for establishing the shared key, and is not described herein.
The embodiment of the present application further provides a computer device, as shown in fig. 4, the computer device 40 includes: a memory 41, a processor 42 and a computer program 43 stored in said memory and executable on said processor, the processor implementing the method of establishing a shared key as described above when executing the computer program.
Embodiments of the present application also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements a method of establishing a shared key as described above.
Embodiments of the present application provide a computer program product which, when run on a computer device, causes the computer device to perform the above-described method of establishing a shared key.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.

Claims (10)

1. A method of establishing a shared key, comprising:
the first device determines a braid group Bn with an index of n as a public key;
wherein B is n =<σ 12 ,…,σ n-1i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ i+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the The plait group B n Each element in (a) is represented by a set { sigma } 12 ,…,σ n-1 A word representing the element, and having a unique normal form, n.gtoreq.6, n being an integer;
the first equipment selects braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x12 ,…,σ n-1 );
The first device receives { y } transmitted by the second device -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device is a device for establishing a shared key with the first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y12 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the k=1, 2, …, n-1; the method for selecting one subgroup Q generated by the plurality of elements of the braid group Bn by the second device is the same as the method for selecting one subgroup P generated by the plurality of elements of the braid group Bn by the first device; the first device and the second device select the same subgroup Mu as a subgroup P and a subgroup Q, or select different subgroup Mu as a subgroup P and a subgroup Q;
the first device calculates { x } of each element of the first private key and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x to the second device, so that the second device will have all sigma in said second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy;
All sigma in a first private key of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n- 1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
2. The method of establishing a shared secret according to claim 1, wherein the first device selects strand group B n A subgroup P generated by a plurality of elements of (a) comprising:
the braid group Bn contains a subgroup L isomorphic to the direct product of two free groups of rank 2 u :L u =<σ u 2u+1 2u+3 2u+4 2 >;u=1,2,...,n-5;
According to the subgroup L u Generates subgroup M u :M u =<σ u 2 σ u+3 2u+1 2 σ u+4 2 ,S uv ,T uv >;v=1,2,...,27;
Selecting one of the subgroups M u As said subgroup P.
3. The method of establishing a shared key according to claim 2, wherein when u=1, 2,..n-5, 27S uv The method comprises the following steps of:
Figure QLYQS_1
Figure QLYQS_2
Figure QLYQS_3
Figure QLYQS_4
Figure QLYQS_5
Figure QLYQS_6
Figure QLYQS_7
Figure QLYQS_8
Figure QLYQS_9
Figure QLYQS_10
Figure QLYQS_11
Figure QLYQS_12
Figure QLYQS_13
Figure QLYQS_14
Figure QLYQS_15
Figure QLYQS_16
Figure QLYQS_17
Figure QLYQS_18
Figure QLYQS_19
Figure QLYQS_20
Figure QLYQS_21
Figure QLYQS_22
Figure QLYQS_23
Figure QLYQS_24
Figure QLYQS_25
Figure QLYQS_26
Figure QLYQS_27
Figure QLYQS_28
Figure QLYQS_29
4. a method of establishing a shared key as defined in claim 3, wherein the 27S are uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv
5. The method of establishing a shared key of claim 1, wherein the subgroup P and the subgroup Q are each a michailova subgroup with subgroup members that are insoluble.
6. An apparatus for establishing a shared key is applied to a first device, and the apparatus for establishing the shared key comprises a processing unit and a receiving and transmitting unit;
the processing unit is used for determining a braid group Bn with an index of n as a public key;
wherein B is n =<σ 12 ,…,σ n-1i σ j= σ j σ i ,|i-j|≥2,σ i σ i+1 σ i= σ i+1 σ i σ ii+1 ,1≤i≤n-2>The method comprises the steps of carrying out a first treatment on the surface of the The plait group B n Each element in (a) is represented by a set { sigma } 12 ,…,σ n-1 A word representing the element, and having a unique normal form, n.gtoreq.6, n being an integer;
and also used for selecting the braid group B n A subgroup P generated by a plurality of elements of (a), and selecting an element x from the subgroup P as a first private key, wherein x is defined as x=f x12 ,…,σ n-1 );
The receiving and transmitting unit is used for receiving { y } sent by the second equipment -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y }; wherein the second device isDevice for establishing a shared key with said first device, y -1 σ k y is a subgroup Q generated by a plurality of elements of the braid group Bn selected by the second equipment, one element y is selected from the subgroup Q as a second private key, and the second private key and each element in the public key are calculated according to the second private key; wherein the definition of y is y=f y12 ,…,σ n-1 ) The method comprises the steps of carrying out a first treatment on the surface of the k=1, 2, …, n-1; the method for selecting one subgroup Q generated by the plurality of elements of the braid group Bn by the second device is the same as the method for selecting one subgroup P generated by the plurality of elements of the braid group Bn by the first device; the first device and the second device select the same subgroup Mu as a subgroup P and a subgroup Q, or select different subgroup Mu as a subgroup P and a subgroup Q;
and is further configured to calculate { x } for each element of the first private key and the public key -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n- 1 x to the second device, so that the second device will have all sigma in said second private key y k Replaced by x -1 σ k x, obtain f y (x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)=x -1 yx, and calculate the shared key x -1 y -1 xy;
The processing unit is further configured to use all sigma in the first private key of the first device k Replaced by y -1 σ k y, obtain f x (y -1 σ 1 y,y -1 σ 2 y,...,y -1 σ n-1 y)=y -1 xy, and calculating to obtain shared key as x -1 y -1 xy。
7. The apparatus for establishing a shared secret according to claim 6, wherein the processing unit is configured to select a braid group B n A subgroup P generated by a plurality of elements of (a) comprising:
the braid group Bn contains a subgroup L isomorphic to the direct product of two free groups of rank 2 u :L u =<σ u 2u+1 2u+3 2u+4 2 >;u=1,2,...,n-5;
The processing unit is used for processing the sub-group L u Generates subgroup M u :M u =<σ u 2 σ u+3 2u+1 2 σ u+4 2 ,S uv ,T uv >;v=1,2,...,27;
And is also used for selecting one subgroup M u As said subgroup P.
8. The apparatus for establishing a shared key as defined in claim 7, wherein when u=1, 2,..n-5, 27S uv The method comprises the following steps of:
Figure QLYQS_30
Figure QLYQS_31
Figure QLYQS_32
Figure QLYQS_33
Figure QLYQS_34
Figure QLYQS_35
Figure QLYQS_36
Figure QLYQS_37
Figure QLYQS_38
Figure QLYQS_39
Figure QLYQS_40
Figure QLYQS_41
Figure QLYQS_42
Figure QLYQS_43
Figure QLYQS_44
Figure QLYQS_45
Figure QLYQS_46
Figure QLYQS_47
Figure QLYQS_48
Figure QLYQS_49
Figure QLYQS_50
Figure QLYQS_51
Figure QLYQS_52
Figure QLYQS_53
Figure QLYQS_54
Figure QLYQS_55
Figure QLYQS_56
Figure QLYQS_57
Figure QLYQS_58
the 27S are processed uv Sigma of (a) u Replacement by sigma u+3 ,σ u+1 Replacement by sigma u+4 Obtain corresponding 27T uv
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method of establishing a shared key according to any of claims 1 to 5 when the computer program is executed.
10. A computer readable storage medium storing a computer program, characterized in that the computer program, when executed by a processor, implements a method of establishing a shared key according to any of claims 1 to 5.
CN202010371284.0A 2020-05-06 2020-05-06 Method and device for establishing shared secret key Active CN111740821B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010371284.0A CN111740821B (en) 2020-05-06 2020-05-06 Method and device for establishing shared secret key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010371284.0A CN111740821B (en) 2020-05-06 2020-05-06 Method and device for establishing shared secret key

Publications (2)

Publication Number Publication Date
CN111740821A CN111740821A (en) 2020-10-02
CN111740821B true CN111740821B (en) 2023-06-27

Family

ID=72647004

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010371284.0A Active CN111740821B (en) 2020-05-06 2020-05-06 Method and device for establishing shared secret key

Country Status (1)

Country Link
CN (1) CN111740821B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114221753B (en) * 2021-11-23 2023-08-04 深圳大学 Key data processing method and electronic equipment
CN114640463B (en) * 2022-02-25 2023-05-12 深圳大学 Digital signature method, computer equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107911209A (en) * 2017-12-28 2018-04-13 深圳大学 The method for establishing the security public key cryptography of resisting quantum computation attack
CN109787752A (en) * 2018-09-30 2019-05-21 王威鉴 The method for establishing the shared key of attack resistance

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103414569B (en) * 2013-08-21 2016-08-10 王威鉴 A kind of method of the public key cryptography setting up attack resistance
US10505722B2 (en) * 2016-07-06 2019-12-10 Securerf Corporation Shared secret communication system with use of cloaking elements
US20190215148A1 (en) * 2018-01-11 2019-07-11 Shenzhen University Method of establishing anti-attack public key cryptogram
CN108768639B (en) * 2018-06-06 2021-07-06 电子科技大学 Public key order-preserving encryption method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107911209A (en) * 2017-12-28 2018-04-13 深圳大学 The method for establishing the security public key cryptography of resisting quantum computation attack
CN109787752A (en) * 2018-09-30 2019-05-21 王威鉴 The method for establishing the shared key of attack resistance

Also Published As

Publication number Publication date
CN111740821A (en) 2020-10-02

Similar Documents

Publication Publication Date Title
US11301571B2 (en) Neural-network training using secure data processing
US11159305B2 (en) Homomorphic data decryption method and apparatus for implementing privacy protection
CN112446052B (en) Aggregated signature method and system suitable for secret-related information system
CN111740821B (en) Method and device for establishing shared secret key
US11902432B2 (en) System and method to optimize generation of coprime numbers in cryptographic applications
CN112769542B (en) Multiplication triple generation method, device, equipment and medium based on elliptic curve
Kuang et al. A new quantum-safe multivariate polynomial public key digital signature algorithm
CN112865973A (en) Method for generating encryption key and digital signature based on lattice
US8160256B2 (en) Key calculation method and key agreement method using the same
WO2021223090A1 (en) Method and apparatus for establishing shared key
US20220085998A1 (en) System and method to generate prime numbers in cryptographic applications
US20220278843A1 (en) Computer implemented method and system for knowledge proof in blockchain transactions
CN114221753B (en) Key data processing method and electronic equipment
CN114640463B (en) Digital signature method, computer equipment and medium
CN111970130B (en) Quantum block chain establishment method and system
CN117795901A (en) Generating digital signature shares
CN111614465B (en) Public key generation method and device based on super-singular homologous secret key encapsulation protocol
Lochter Blockchain as cryptanalytic tool
de Oliveira et al. An efficient software implementation of the hash-based signature scheme MSS and its variants
JP2002508523A (en) Fast finite field operation on elliptic curves
Krikun et al. Parallelized Montgomery Exponentiation in GF (2 k) for Diffie–Hellman Key Exchange Protocol.
RU2356172C1 (en) Method for generation and authentication of electronic digital signature that verifies electronic document
CN115840953A (en) Identity authentication method, device, terminal and readable storage medium
CN114257377A (en) Multivariate aggregation signature method, system, equipment and medium
WO2024038028A1 (en) Improved blockchain system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant