CN112202551B - Password verification method and device based on zero-knowledge proof and electronic equipment - Google Patents

Password verification method and device based on zero-knowledge proof and electronic equipment Download PDF

Info

Publication number
CN112202551B
CN112202551B CN202011011023.4A CN202011011023A CN112202551B CN 112202551 B CN112202551 B CN 112202551B CN 202011011023 A CN202011011023 A CN 202011011023A CN 112202551 B CN112202551 B CN 112202551B
Authority
CN
China
Prior art keywords
client
password
server
random number
password authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011011023.4A
Other languages
Chinese (zh)
Other versions
CN112202551A (en
Inventor
何伟明
刘丽娟
廖敏飞
成楚天
赖敷君
周思彤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202011011023.4A priority Critical patent/CN112202551B/en
Publication of CN112202551A publication Critical patent/CN112202551A/en
Application granted granted Critical
Publication of CN112202551B publication Critical patent/CN112202551B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a password verification method, a device and electronic equipment based on zero-knowledge proof, which are applied to the field of password verification, wherein the method comprises the following steps: the advantage of zero-knowledge proof is exerted, information related to the account password is not transmitted in the account password verification process, a network eavesdropper cannot acquire any information related to the account password, and the user password is effectively prevented from being leaked due to network transmission. Moreover, replay attack is prevented, and the existence of two random numbers not only ensures the verifiability of the mobile user password, but also ensures that the mobile user password is not disturbed by replay attack; moreover, secret factors (mobile user passwords) encrypted by the client are not transmitted to the background, the management difficulty of the server-side protection key is effectively reduced, the passwords cannot be cracked or collided even if the server-side storage information is leaked, the server-side information protection requirement is low, and the password leakage risk does not exist even if the server-side storage information is taken off a warehouse.

Description

Password verification method and device based on zero-knowledge proof and electronic equipment
Technical Field
The application relates to the technical field of password verification, in particular to a password verification method and device based on zero knowledge proof and electronic equipment.
Background
Before the client uses the service of the server, authentication is required. The most traditional and most common verification means is password verification, however, the existing password verification method usually requires the server to perform key comparison, and requires the client and the authentication center (server) to share a key (i.e. the client uploads the key to the server). Therefore, the existing password verification method has the risk of user information leakage and is poor in safety; in addition, the server runs the risk of the key being off-stock and assumes the responsibility of keeping the key.
Disclosure of Invention
The application provides a password verification method and device based on zero-knowledge proof and electronic equipment, which are used for verifying the identity of a client user on the premise of not transmitting account password related information. The technical scheme adopted by the application is as follows:
in a first aspect, a password authentication method based on zero knowledge proof is provided, which is applied to a client and includes:
the client generates a random number K, and maps the random number K to a finite field G to obtain K-K-G;
sending password authentication information to a server, wherein the password authentication information comprises K; the server is used for generating a random number e, inquiring the A obtained by encrypting the first random number R1 based on the client private key uploaded when the client sets the password, and returning the random numbers e and A to the client;
the client decrypts the received A based on a local key SK1 to obtain R1;
the client side splices the user password and a first random number R1, calculates a summary x, calculates R as k + ex, and sends R to the server side; the server is used for calculating r '═ K + e X, and determining whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G.
Optionally, the finite field G is determined by the server and sent to the client.
Optionally, the finite field is a 256-bit finite field.
Optionally, the calculation formula of a is a ═ SM4SK1 (R1);
correspondingly, the client decrypts the received A based on the local key SK1 to obtain R1, which comprises:
r1 is obtained by decryption with the formula R1 ═ DecryptSM4SK1 (a).
Optionally, the computing the digest x by the client after splicing the user password and the first random number R1 includes:
x is calculated by SM3 (passed | | | R1).
In a second aspect, a password authentication method based on zero knowledge proof is provided, which is applied to a server and includes:
receiving password authentication information sent by a client, wherein the password authentication information comprises K, and the K is obtained by mapping a random number K generated by the client to a finite field G;
the server generates a random number e, a random number A obtained by encrypting and calculating the random number R1 based on a client private key uploaded when the client is queried to set a password, and returns the random numbers e and A to the client; the client is used for decrypting the received A based on the local key SK1 to obtain R1; the client is further used for splicing the user password and the first random number R1, calculating a summary x, then calculating R which is k + ex, and sending R to the server;
the server calculates r '═ K + e X, and determines whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G.
Optionally, the finite field G is determined by the server and sent to the client.
Optionally, the finite field is a 256-bit finite field.
Optionally, the calculation formula of a is a ═ SM4SK1 (R1);
correspondingly, the client decrypts the received A based on the local key SK1 to obtain R1, which comprises:
r1 is obtained by decryption with the formula R1 ═ DecryptSM4SK1 (a).
Optionally, the client is configured to calculate the digest x after splicing the user password and the first random number R1, and includes:
x is calculated by SM3 (passed | | | R1).
In a third aspect, a password authentication apparatus based on zero knowledge proof is provided, which is applied to a client, and includes:
the generating module is used for generating a random number K and mapping the random number K to a finite field G to obtain K-K-G;
the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending password authentication information to a server side, and the password authentication information comprises K; the server is used for generating a random number e, inquiring the A obtained by encrypting the first random number R1 based on the client private key uploaded when the client sets the password, and returning the random numbers e and A to the client;
the decryption module is used for decrypting the received A based on the local key SK1 to obtain R1;
the second sending module is used for splicing the user password and the first random number R1, calculating the abstract x, then calculating R which is k + ex, and sending R to the server; the server is used for calculating r '═ K + e X, and determining whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G.
Optionally, the finite field G is determined by the server and sent to the client.
Optionally, the finite field is a 256-bit finite field.
Optionally, the calculation formula of a is a ═ SM4SK1 (R1);
correspondingly, the decryption module is specifically configured to decrypt the R1 according to the formula R1 ═ DecryptSM4SK1 (a).
Optionally, the second sending module is specifically configured to calculate x by using x ═ SM3 (passed | | R1).
In a fourth aspect, a password authentication apparatus based on zero knowledge proof is provided, which is applied to a server, and includes:
the system comprises a receiving module, a password authentication module and a password authentication module, wherein the receiving module is used for receiving password authentication information sent by a client, the password authentication information comprises K, and the K is obtained by mapping a random number K generated by the client to a finite field G;
the generation module is used for generating a random number e, a random number A which is obtained by encrypting and calculating the random number R1 based on a client private key and is uploaded when the client is inquired for setting the password, and returning the random numbers e and A to the client; the client is used for decrypting the received A based on the local key SK1 to obtain R1; the client is further used for splicing the user password and the first random number R1, calculating a summary x, calculating R as k + ex, and sending R to the server;
and the calculation module is used for calculating r '═ K + e X, determining whether the password verification passes based on r and r', wherein X is uploaded to the server side when the client side sets the password, and the client side obtains X through a formula X ═ X G.
Optionally, the finite field G is determined by the server and sent to the client.
Optionally, the finite field is a 256-bit finite field.
Optionally, the calculation formula of a is a ═ SM4SK1 (R1); correspondingly, the client decrypts the received A based on the local key SK1 to obtain R1, which comprises: r1 is obtained by decryption with the formula R1 ═ DecryptSM4SK1 (a).
Optionally, the client is configured to calculate the digest x after splicing the user password and the first random number R1, and includes: x is calculated by SM3 (passed | | | R1).
In a fifth aspect, an electronic device is provided, which includes:
one or more processors;
a memory;
one or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to: the cryptographic authentication method based on zero-knowledge proof shown in the first aspect is performed.
In a sixth aspect, a computer-readable storage medium is provided, which is used for storing computer instructions, which when run on a computer, make the computer perform the cryptographic authentication method based on zero-knowledge proof shown in the first aspect.
Compared with the prior art that a client needs to share a secret key to a server, the password authentication method, the password authentication device and the electronic equipment based on zero knowledge proof generate a random number K through the client, and map the random number K to a finite field G to obtain K K G; sending password authentication information to a server, wherein the password authentication information comprises K; the server is used for generating a random number e, inquiring A obtained by encrypting and calculating a first random number R1 based on a client private key uploaded when the client sets a password, and returning the random numbers e and A to the client; the client decrypts the received A based on a local key SK1 to obtain R1; the client side splices the user password and a first random number R1 and then calculates a summary x, and then calculates R as k + ex and sends R to the server side; the server is used for calculating r '═ K + e X, and determining whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G. The advantage of zero knowledge proof is exerted, information related to the account password is not transmitted in the account password verification process, a network eavesdropper cannot acquire any information related to the account password, and leakage caused by the fact that the user password is transmitted through the network is effectively prevented. Moreover, replay attack is prevented, and the existence of two random numbers not only ensures the verifiability of the mobile user password, but also ensures that the mobile user password is not disturbed by replay attack; moreover, secret factors (mobile user passwords) encrypted by the client are not transmitted to the background, the management difficulty of the server-side protection key is effectively reduced, the passwords cannot be cracked or collided even if the server-side storage information is leaked, the server-side information protection requirement is low, and the password leakage risk does not exist even if the server-side storage information is taken off a warehouse.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The above and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart of a password authentication method based on zero-knowledge proof according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating a password authentication method based on zero knowledge proof according to an embodiment of the present application;
FIG. 3 is a schematic structural diagram of a password authentication apparatus based on zero-knowledge proof according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a password authentication apparatus based on zero-knowledge proof according to an embodiment of the present application;
FIG. 6 is an exemplary flow chart of a password setup phase;
FIG. 7 is a flowchart illustrating a password authentication phase.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, the following detailed description of the embodiments of the present application will be made with reference to the accompanying drawings.
The following describes the technical solution of the present application and how to solve the above technical problems in detail by specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Example one
The embodiment of the application provides a password authentication method based on zero knowledge proof, which is applied to a client, and as shown in fig. 1, the method may include the following steps:
step S101, a client generates a random number K, and maps the random number K to a finite field G to obtain K-K-G;
step S102, sending password authentication information to a server, wherein the password authentication information comprises K; the server is used for generating a random number e, inquiring the A obtained by encrypting the first random number R1 based on the client private key uploaded when the client sets the password, and returning the random numbers e and A to the client;
step S103, the client decrypts the received A based on the local key SK1 to obtain R1;
step S104, the client splices the user password and the first random number R1 and then calculates a summary x, then calculates R as k + ex, and sends R to the server; the server is used for calculating r '═ K + e X, and determining whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G.
In the password verification process, two random number combinations of a client and a server are involved, and the two random number combinations are different in each verification. Therefore, even if the message of the user in a certain authentication process is intercepted, the message cannot be used in the next password authentication process. The non-repeatability of the password verification process is ensured, so that replay attack is avoided. For example, if the random number generated by the client is R1 and the random number generated by the server is R2, if the authentication process is to replay attacks, the authentication process must generate the same random number combination, i.e., R1 ═ R1 and R2 ═ R2, next time, as long as R1 and R2 are long enough and add time stamps and other elements, the probability of repetition is extremely low, so that the attacks become infeasible, and the replay attacks are prevented.
And the finite field G is determined by the server and is sent to the client.
Specifically, the finite field is a 256-bit finite field.
Specifically, the calculation formula of a is a ═ SM4SK1 (R1);
correspondingly, the client decrypts the received A based on the local key SK1 to obtain R1, which comprises:
r1 is obtained by decryption with the formula R1 ═ DecryptSM4SK1 (a).
Specifically, the calculating, by the client, the digest x after the user password and the first random number R1 are spliced includes:
x is calculated by SM3 (passed | | | R1).
Illustratively, fig. 6 shows an exemplary diagram of the password setup phase, provided that: the server selects a 256-bit finite field GF (2^256) and issues the GF to the client, the finite field is G for short, and the password setting stage mainly comprises the following steps:
1. the client generates an SM4 symmetric key SK1 and a random number R1, and encrypts the random number R1 by using the SK1 to obtain A ═ SM4SK1 (R1);
2. after inputting a Password, the client side splices the Password and a random number R1 and then extracts the Password, wherein x is SM3(Password R1);
3. mapping to a finite field G, wherein X is x.G;
4. a and X are sent to a server for storage, the symmetric key SK1 is stored locally at the client, and the client remembers the Password.
Fig. 7 shows an exemplary diagram of the password authentication phase, and as shown in fig. 7, the password authentication phase mainly includes:
1. the client requests to carry out password verification, a random number K is randomly generated and mapped to a finite field, and K is k.G;
2. the client sends the account id and the account K to the server;
3. the server generates a random number e, inquires A sent when the password is set according to the account id sent by the client, and returns A and e to the client;
4. the client uses the locally stored key SK1 to decrypt to obtain R1 (DecryptSM 4SK1 (A);
5. the client computes x-SM 3 (passed | | | R1), and then computes R-k + ex. And sending r to the server;
6. the server calculates r ═ K + e.X, and compares r' with r to judge whether r is equal. If the password is equal, the password passes the verification, otherwise, the verification fails.
For the embodiment of the application, the advantage of zero knowledge proof is exerted, the information related to the account password is not transmitted in the account password verification process, a network eavesdropper cannot acquire any information about the account password, and the user password is effectively prevented from being leaked due to network transmission. Moreover, replay attack is prevented, and the existence of two random numbers not only ensures the verifiability of the mobile user password, but also ensures that the mobile user password is not disturbed by replay attack; moreover, secret factors (mobile user passwords) encrypted by the client are not transmitted to the background, the management difficulty of a server-side protection key is effectively reduced, even if the server-side storage information is leaked, the passwords cannot be cracked or collided, the server-side information protection requirement is low, and even if the server-side storage information is taken off a warehouse, the password leakage risk does not exist.
Example two
The embodiment of the application provides a password authentication method based on zero knowledge proof, which is applied to a server side, and as shown in fig. 1, the method may include the following steps:
step S201, receiving password authentication information sent by a client, wherein the password authentication information comprises K, and the K is obtained by mapping a random number K generated by the client to a finite field G;
step S202, the server generates a random number e, an A obtained by encrypting and calculating the random number R1 based on a client private key uploaded when the client is inquired for setting the password, and returns the random numbers e and A to the client; the client is used for decrypting the received A based on the local key SK1 to obtain R1; the client is further used for splicing the user password and the first random number R1, calculating a summary x, calculating R as k + ex, and sending R to the server;
in step S203, the server calculates r '═ K + e × X, and determines whether the password verification passes based on r and r', where X is uploaded to the server by the client when the password is set, and the client obtains X by using a formula X ═ X × G.
In the password verification process, two random number combinations of a client and a server are involved, and the two random number combinations are different in each verification. Therefore, even if the message of the user in a certain authentication process is intercepted, the message cannot be used in the next password authentication process. The irreproducibility of the password verification process is ensured, so that replay attack is avoided. For example, if the random number generated by the client is R1 and the random number generated by the server is R2, if the authentication process is to replay attacks, the authentication process must generate the same random number combination, i.e., R1 ═ R1 and R2 ═ R2, next time, as long as R1 and R2 are long enough and add time stamps and other elements, the probability of repetition is extremely low, so that the attacks become infeasible, and the replay attacks are prevented.
And the finite field G is determined by the server and is sent to the client.
Wherein, the finite field is a 256-bit finite field.
Specifically, the calculation formula of a is a ═ SM4SK1 (R1);
correspondingly, the client decrypts the received A based on the local key SK1 to obtain R1, which comprises:
r1 is obtained by decryption with the formula R1 ═ DecryptSM4SK1 (a).
Specifically, the client is configured to calculate the digest x after splicing the user password and the first random number R1, and includes:
x is calculated by SM3 (passed | | | R1).
According to the method and the device, the advantage of zero knowledge proof is played, information related to the account password is not transmitted in the account password verification process, a network eavesdropper cannot acquire any information about the account password, and the user password is effectively prevented from being leaked due to network transmission. Moreover, replay attack is prevented, and the existence of two random numbers not only ensures the verifiability of the mobile user password, but also ensures that the mobile user password is not disturbed by replay attack; moreover, secret factors (mobile user passwords) encrypted by the client are not transmitted to the background, the management difficulty of the server-side protection key is effectively reduced, the passwords cannot be cracked or collided even if the server-side storage information is leaked, the server-side information protection requirement is low, and the password leakage risk does not exist even if the server-side storage information is taken off a warehouse.
EXAMPLE III
Fig. 3 is a password authentication apparatus based on zero knowledge proof according to an embodiment of the present application, applied to a client, where the apparatus 30 includes:
a generating module 301, configured to generate a random number K, and map the random number K to a finite field G, so as to obtain K ═ K × G;
a first sending module 302, configured to send password authentication information to a server, where the password authentication information includes K; the server is used for generating a random number e, inquiring the A obtained by encrypting the first random number R1 based on the client private key uploaded when the client sets the password, and returning the random numbers e and A to the client;
a decryption module 303, configured to decrypt the received a based on the local key SK1 to obtain R1;
a second sending module 304, configured to splice the user password and the first random number R1, calculate a digest x, then calculate R ═ k + ex, and send R to the server; the server is used for calculating r '═ K + e X, and determining whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G.
Optionally, the finite field G is determined by the server and sent to the client.
Optionally, the finite field is a 256-bit finite field.
Optionally, the calculation formula of a is a ═ SM4SK1 (R1);
correspondingly, the decryption module is specifically configured to decrypt the R1 according to the formula R1 ═ DecryptSM4SK1 (a).
Optionally, the second sending module is specifically configured to calculate x by using x ═ SM3 (passed | | R1).
The beneficial effects of the password authentication apparatus based on zero knowledge proof in the embodiment of the present application are similar to those of the password authentication method based on zero knowledge proof in the first embodiment, and are not described herein again.
Example four
The embodiment of the present application provides a password authentication device based on zero knowledge proof, and the device 50 includes:
a receiving module 501, configured to receive password authentication information sent by a client, where the password authentication information includes K, and the K is obtained by mapping a random number K generated by the client to a finite field G;
a generating module 502, configured to generate a random number e, a random number R1 encrypted and calculated based on a client private key, which is uploaded when the client is queried for setting a password, and return the random numbers e and a to the client; the client is used for decrypting the received A based on the local key SK1 to obtain R1; the client is further used for splicing the user password and the first random number R1, calculating a summary x, calculating R as k + ex, and sending R to the server;
the calculating module 503 is configured to calculate r '═ K + e × X, and determine whether the password verification passes based on r and r', where X is uploaded to the server by the client when the client sets the password, and the client obtains X by using a formula X ═ X × G.
Optionally, the finite field G is determined by the server and sent to the client.
Optionally, the finite field is a 256-bit finite field.
Optionally, the calculation formula of a is a ═ SM4SK1 (R1); correspondingly, the client decrypts the received A based on the local key SK1 to obtain R1, which comprises: r1 is obtained by decryption with the formula R1 ═ DecryptSM4SK1 (a).
Optionally, the client is configured to calculate the digest x after splicing the user password and the first random number R1, and includes: x is calculated by SM3 (passed | | | R1).
The beneficial effects of the password verification apparatus based on zero knowledge proof in the embodiment of the present application are similar to those of the password verification method based on zero knowledge proof in the second embodiment, and are not described herein again.
The embodiment of the application provides a password verification device based on zero knowledge proof, the embodiment of the application exerts the advantages of the zero knowledge proof, information related to an account password is not transmitted in the account password verification process, a network eavesdropper cannot acquire any information about the account password, and the user password is effectively prevented from being leaked due to network transmission. Moreover, replay attack is prevented, and the existence of two random numbers not only ensures the verifiability of the mobile user password, but also ensures that the mobile user password is not disturbed by replay attack; moreover, secret factors (mobile user passwords) encrypted by the client are not transmitted to the background, the management difficulty of the server-side protection key is effectively reduced, the passwords cannot be cracked or collided even if the server-side storage information is leaked, the server-side information protection requirement is low, and the password leakage risk does not exist even if the server-side storage information is taken off a warehouse.
EXAMPLE five
An embodiment of the present application provides an electronic device, as shown in fig. 4, an electronic device 40 shown in fig. 4 includes: a processor 401 and a memory 403. Wherein the processor 401 is coupled to the memory 403, such as via a bus 402. Further, the electronic device 40 may also include a transceiver 404. It should be noted that the transceiver 404 is not limited to one in practical applications, and the structure of the electronic device 40 is not limited to the embodiment of the present application. The processor 401 is applied in the embodiment of the present application, and is configured to implement the functions of the modules shown in fig. 2. The transceiver 404 includes a receiver and a transmitter.
The processor 401 may be a CPU, general purpose processor, DSP, ASIC, FPGA or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 401 may also be a combination of computing functions, e.g., comprising one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
Bus 402 may include a path that transfers information between the above components. The bus 402 may be a PCI bus or an EISA bus, etc. The bus 402 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 4, but this does not indicate only one bus or one type of bus.
The memory 403 may be, but is not limited to, a ROM or other type of static storage device that can store static information and instructions, a RAM or other type of dynamic storage device that can store information and instructions, an EEPROM, a CD-ROM or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 403 is used for storing application program codes for executing the scheme of the application, and the execution is controlled by the processor 401. The processor 401 is configured to execute application program code stored in the memory 403 to implement the functions of the apparatus provided by the embodiments shown in fig. 3 or fig. 5.
The embodiment of the application provides electronic equipment, and the embodiment of the application has the advantages of zero knowledge proof, information related to an account password is not transmitted in the account password verification process, a network eavesdropper cannot acquire any information related to the account password, and leakage caused by the fact that the user password is transmitted through a network is effectively prevented. Moreover, replay attack is prevented, and the existence of two random numbers not only ensures the verifiability of the mobile user password, but also ensures that the mobile user password is not disturbed by replay attack; moreover, secret factors (mobile user passwords) encrypted by the client are not transmitted to the background, the management difficulty of the server-side protection key is effectively reduced, the passwords cannot be cracked or collided even if the server-side storage information is leaked, the server-side information protection requirement is low, and the password leakage risk does not exist even if the server-side storage information is taken off a warehouse.
The embodiment of the application provides an electronic device suitable for the method embodiment. And will not be described in detail herein.
EXAMPLE VI
The present application provides a computer-readable storage medium, on which a computer program is stored, and when the program is executed by a processor, the method shown in the above embodiments is implemented.
The embodiment of the application provides a computer-readable storage medium, the embodiment of the application has the advantage of zero knowledge proof, information related to an account password is not transmitted in the account password verification process, a network eavesdropper cannot acquire any information related to the account password, and leakage of the user password caused by network transmission is effectively prevented. Moreover, replay attack is prevented, and the existence of two random numbers not only ensures the verifiability of the mobile user password, but also ensures that the mobile user password is not disturbed by replay attack; moreover, secret factors (mobile user passwords) encrypted by the client are not transmitted to the background, the management difficulty of the server-side protection key is effectively reduced, the passwords cannot be cracked or collided even if the server-side storage information is leaked, the server-side information protection requirement is low, and the password leakage risk does not exist even if the server-side storage information is taken off a warehouse.
The embodiment of the application provides a computer-readable storage medium which is suitable for the method embodiment. And will not be described in detail herein.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims (15)

1. A password authentication method based on zero knowledge proof is characterized in that the password authentication method is applied to a client and comprises the following steps:
the client generates a random number K, and maps the random number K to a finite field G to obtain K-K-G;
sending password authentication information to a server, wherein the password authentication information comprises K; the server is used for generating a random number e, inquiring the A obtained by encrypting the first random number R1 based on the client private key uploaded when the client sets the password, and returning the random numbers e and A to the client;
the client decrypts the received A based on a local key SK1 to obtain R1;
the client side splices the user password and a first random number R1, calculates a summary x, calculates R as k + ex, and sends R to the server side; the server is used for calculating r '═ K + e X, and determining whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G.
2. The method of claim 1, wherein the finite field G is determined by the server and sent to the client.
3. The method of claim 2, wherein the finite field is a 256-bit finite field.
4. The method of any one of claims 1-3, wherein a is calculated as a ═ SM4SK1 (R1);
correspondingly, the client decrypts the received A based on the local key SK1 to obtain R1, which comprises:
r1 is obtained by decryption with the formula R1 ═ DecryptSM4SK1 (a).
5. The method according to any one of claims 1 to 3, wherein the client computing the digest x after splicing the user password and the first random number R1 comprises:
x is calculated by SM3 (passed | | | R1).
6. A password authentication method based on zero knowledge proof is characterized in that the password authentication method is applied to a server side and comprises the following steps:
receiving password authentication information sent by a client, wherein the password authentication information comprises K, and the K is obtained by mapping a random number K generated by the client to a finite field G;
the server generates a random number e, a random number A obtained by encrypting and calculating the random number R1 based on a client private key uploaded when the client is queried to set a password, and returns the random numbers e and A to the client; the client is used for decrypting the received A based on the local key SK1 to obtain R1; the client is further used for splicing the user password and the first random number R1, calculating a summary x, calculating R as k + ex, and sending R to the server;
the server calculates r '═ K + e X, and determines whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G.
7. The method of claim 6, wherein the finite field G is determined by the server and sent to the client.
8. The method of claim 7, wherein the finite field is a 256-bit finite field.
9. The method of any one of claims 6-8, wherein a is calculated as a ═ SM4SK1 (R1);
correspondingly, the client decrypts the received A based on the local key SK1 to obtain R1, which comprises:
r1 is obtained by decryption with the formula R1 ═ DecryptSM4SK1 (a).
10. The method according to any one of claims 6 to 8, wherein the client is configured to calculate the digest x after splicing the user password and the first random number R1, and includes:
x is calculated by SM3 (passed | | | R1).
11. A password authentication device based on zero-knowledge proof is characterized in that the password authentication device is applied to a client and comprises:
the generating module is used for generating a random number K and mapping the random number K to a finite field G to obtain K-K-G;
the system comprises a first sending module, a second sending module and a third sending module, wherein the first sending module is used for sending password authentication information to a server side, and the password authentication information comprises K; the server is used for generating a random number e, inquiring the A obtained by encrypting the first random number R1 based on the client private key uploaded when the client sets the password, and returning the random numbers e and A to the client;
the decryption module is used for decrypting the received A based on the local key SK1 to obtain R1;
the second sending module is used for splicing the user password and the first random number R1, calculating the abstract x, then calculating R which is k + ex, and sending R to the server; the server is used for calculating r '═ K + e X, and determining whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G.
12. A password authentication device based on zero knowledge proof is characterized in that the password authentication device is applied to a server side and comprises:
the system comprises a receiving module, a password authentication module and a password authentication module, wherein the receiving module is used for receiving password authentication information sent by a client, the password authentication information comprises K, and the K is obtained by mapping a random number K generated by the client to a finite field G;
the generation module is used for generating a random number e, a random number A which is obtained by encrypting and calculating the random number R1 based on a client private key and is uploaded when the client is inquired for setting the password, and returning the random numbers e and A to the client; the client is used for decrypting the received A based on the local key SK1 to obtain R1; the client is further used for splicing the user password and the first random number R1, calculating a summary x, calculating R as k + ex, and sending R to the server;
and the calculation module is used for calculating r '═ K + e X, determining whether password verification passes or not based on r and r', wherein X is uploaded to the server when the client sets the password, and the client obtains X through a formula X ═ X G.
13. The apparatus of claim 12, wherein the finite field G is determined by the server and sent to the client.
14. An electronic device, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to: performing a cryptographic authentication method based on a zero-knowledge proof according to any one of claims 1 to 10.
15. A computer-readable storage medium for storing computer instructions which, when executed on a computer, cause the computer to perform the zero-knowledge proof-based password authentication method of any one of claims 1 to 10.
CN202011011023.4A 2020-09-23 2020-09-23 Password verification method and device based on zero-knowledge proof and electronic equipment Active CN112202551B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011011023.4A CN112202551B (en) 2020-09-23 2020-09-23 Password verification method and device based on zero-knowledge proof and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011011023.4A CN112202551B (en) 2020-09-23 2020-09-23 Password verification method and device based on zero-knowledge proof and electronic equipment

Publications (2)

Publication Number Publication Date
CN112202551A CN112202551A (en) 2021-01-08
CN112202551B true CN112202551B (en) 2022-09-27

Family

ID=74016117

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011011023.4A Active CN112202551B (en) 2020-09-23 2020-09-23 Password verification method and device based on zero-knowledge proof and electronic equipment

Country Status (1)

Country Link
CN (1) CN112202551B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113783705A (en) * 2021-11-12 2021-12-10 北京华云安信息技术有限公司 Zero knowledge proof method, verification terminal, equipment and storage medium of key

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8112626B1 (en) * 2006-01-20 2012-02-07 Symantec Corporation Method and apparatus to provide public key authentication with low complexity devices
CN107948189B (en) * 2017-12-19 2020-10-30 数安时代科技股份有限公司 Asymmetric password identity authentication method and device, computer equipment and storage medium
CN108769061B (en) * 2018-06-25 2021-04-06 北京奇虎科技有限公司 Login method, login verification method, corresponding devices and electronic equipment
US10887100B2 (en) * 2018-11-09 2021-01-05 Ares Technologies, Inc. Systems and methods for distributed key storage

Also Published As

Publication number Publication date
CN112202551A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
JP7119040B2 (en) Data transmission method, device and system
CN113569294B (en) Zero knowledge proving method and device, electronic equipment and storage medium
JP7105308B2 (en) Digital signature method, device and system
CA2512645A1 (en) System, apparatus and method for replacing a cryptographic key
CN109800588B (en) Dynamic bar code encryption method and device and dynamic bar code decryption method and device
US20200336470A1 (en) Method and apparatus for effecting a data-based activity
US20050268103A1 (en) Anonymity revocation
GB2398713A (en) Anonymous access to online services for users registered with a group membership authority
CN105141426B (en) Industrial control equipment safety certifying method, server and client side
GB2401014A (en) Identifier based encryption method using an encrypted condition and a trusted party
CN111080299B (en) Anti-repudiation method for transaction information, client and server
US20220385642A1 (en) Method and apparatus for effecting a data-based activity
CN111865582A (en) Private key offline storage method, system and storage medium based on zero knowledge proof
CN111970114A (en) File encryption method, system, server and storage medium
CN113312655A (en) File transmission method based on redirection, electronic equipment and readable storage medium
WO2023184858A1 (en) Timestamp generation method and apparatus, and electronic device and storage medium
CN115567312B (en) Alliance chain data authority management system and method capable of meeting various scenes
CN112202551B (en) Password verification method and device based on zero-knowledge proof and electronic equipment
US11570008B2 (en) Pseudonym credential configuration method and apparatus
US8504832B2 (en) Mobile terminal for sharing resources, method of sharing resources within mobile terminal and method of sharing resources between web server and terminal
CN115913521A (en) Method for identity authentication based on quantum key
CN116318739B (en) Electronic data exchange method and system
CN111314059B (en) Processing method, device and equipment for account authority proxy and readable storage medium
CN116055141A (en) Data security transmission method, system, device and storage medium
CN116318637A (en) Method and system for secure network access communication of equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant