CN112398648A

CN112398648A - Key management method and device for key management

Info

Publication number: CN112398648A
Application number: CN202011224436.0A
Authority: CN
Inventors: 王天雨
Original assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Current assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date: 2020-11-05
Filing date: 2020-11-05
Publication date: 2021-02-23
Anticipated expiration: 2040-11-05
Also published as: CN112398648B

Abstract

The embodiment of the invention provides a key management method and device and a device for key management. The method comprises the following steps: determining n participants participating in a collaborative computing task, wherein n is an integer greater than or equal to 2; generating a random number factor according to a preset cryptographic algorithm; generating a private key and a public key based on the random number factor; according to a preset participation authority level and a participant quantity threshold corresponding to each participation authority level, fragmenting a private key or a random number factor through Berchhoff interpolation to generate private key related data corresponding to each participant; generating verification data according to an nth-order polynomial generated in the process of Berchhoff interpolation; and sending the private key related data to corresponding participants so that the participants holding the private key related data execute the collaborative computing task together, and sending the verification data to a verifier so that the verifier verifies the private key related data participating in the collaborative computing task by using the verification data. The embodiment of the invention can improve the security of the private key.

Description

Key management method and device for key management

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for key management.

Background

Key management refers to the process of managing each link in the life cycle of a key to meet the security requirements. At present, a key management method for performing multi-party collaboration based on MPC (Secure multiple party communication) has been implemented.

The multi-party security calculation is to solve the problem of cooperative calculation among mutually untrusted parties on the premise of ensuring data security. Specifically, assuming that a plurality of participants respectively hold private data, the participants want to use the data as input to jointly complete the calculation of a certain function, and each participant is required to not obtain any private information of other participants except the calculation result.

Although the multi-party cooperative key management method can improve the privacy security of the key to a certain extent, it cannot ensure whether each participant uses the correct key fragment, thereby affecting the accuracy of the generated key.

Disclosure of Invention

Embodiments of the present invention provide a key management method, a key management device, and a key management device, which can verify a key fragment used by each participant, ensure that each participant uses a correct key fragment, and further improve accuracy of generating a key.

In order to solve the above problem, an embodiment of the present invention discloses a key management method, where the method includes:

determining n participants participating in a collaborative computing task, wherein n is an integer greater than or equal to 2;

generating a random number factor according to a preset cryptographic algorithm;

generating a private key and a public key based on the random number factor;

according to a preset participation authority level and a participant quantity threshold corresponding to each participation authority level, fragmenting the private key or the random number factor through Berchhoff interpolation to generate private key related data corresponding to each participant;

generating verification data according to an nth-order polynomial generated in the Burkhovin interpolation process;

and sending the private key related data to corresponding participants so that the participants holding the private key related data execute the collaborative computing task together, and sending the verification data to a verifier so that the verifier verifies the private key related data participating in the collaborative computing task by using the verification data.

Optionally, the collaborative computing task comprises: and performing collaborative calculation on the basis of the data related to the private key held by each participant, and performing digital signature on the message to be signed, or performing collaborative calculation on the basis of the data related to the private key held by each participant, and decrypting ciphertext data, wherein the ciphertext data is obtained by encrypting by using the public key.

Optionally, the preset cryptographic algorithm includes an SM2 algorithm or an SM9 algorithm, and the SM2 algorithm includes an SM2 algorithm in an autonomous mode or an SM9 algorithm in a proxy mode.

Optionally, the preset cryptographic algorithm is an SM2 algorithm in an autonomous mode, and generating a random number factor according to the preset cryptographic algorithm includes:

the method comprises the steps that each participant generates a first random number factor through security calculation without leakage of original private key fragments based on the original private key fragments generated by each participant;

the generating a private key and a public key based on the random number factor includes:

generating a private key and a public key based on the first random number factor;

the generating of the relevant data of the private key corresponding to each participant by fragmenting the private key or the random number factor through a Berchhoff interpolation according to a preset participation right level and a participant number threshold corresponding to each participation right level comprises:

the participants respectively generate n-th-order polynomials based on the generated original private key fragments;

based on the n-degree polynomials generated by the participants, the private key is segmented through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level, and private key related data of the participants and private key related data of other participants are generated;

the sending the data related to the private key to the corresponding party comprises:

and each participant respectively sends the generated data related to the private keys of other participants to the corresponding participants.

Optionally, the preset cryptographic algorithm is an SM2 algorithm of a proxy mode, and the generating a random number factor according to the preset cryptographic algorithm includes:

generating, by the first agent, a second random number factor;

generating a private key and a public key based on the second random number factor;

the first agent generates an nth-order polynomial based on the second random factor;

the first agent divides the private key into pieces through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level based on the n-th-order polynomial generated by the first agent, and generates private key related data corresponding to each participant;

and the first agent sends the generated data related to the private key corresponding to each participant to the corresponding participants respectively.

Optionally, the preset cryptographic algorithm is an SM9 algorithm, and generating a random number factor according to the preset cryptographic algorithm includes:

generating, by the second agent, a third random number factor;

generating a private key and a public key based on the third random number factor;

the second agent generates an nth-order polynomial based on the third random factor;

the second agent divides the third random factor into pieces through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level based on the n-th-order polynomial generated by the second agent, and generates private key related data corresponding to each participant;

and the second agent sends the generated data related to the private key corresponding to each participant to the corresponding participants respectively.

Optionally, the performing, by each participant, a collaborative calculation based on data related to a private key held by each participant, and digitally signing the message to be signed includes:

the participants respectively define a linear independent system;

each participant calculates an interpolation coefficient according to a linear independent system defined by the participant;

each participant cooperatively calculates a random number factor according to the calculated interpolation coefficient and the held data related to the private key;

the participators cooperatively calculate the s value in the digital signature according to the calculation relationship in the digital signature and the random number factor of the cooperative calculation;

and continuing to perform subsequent steps of standard digital signature according to the value s so as to finish the digital signature of the message to be signed.

Optionally, the performing, by each participant, cooperative computation based on the data related to the private key held by each participant, to decrypt the ciphertext data includes:

the participants respectively define a linear independent system;

the participators cooperatively calculate the coordinates of the elliptic curve points according to the cooperatively calculated random number factors;

and continuing the subsequent steps of standard decryption according to the point coordinates of the elliptic curve to finish the decryption of the ciphertext data.

Optionally, the generating verification data according to an nth-order polynomial generated in the burkhovin interpolation process includes:

and generating verification data according to the coefficient of the nth-order polynomial and the base point in the preset cryptographic algorithm.

Optionally, after sending the verification data to the verifier, the method further includes:

the participants perform collaborative calculation based on the private key related data held by the participants, and after the message to be signed is digitally signed, the verifying party verifies the private key related data corresponding to each participant participating in the digital signature and the calculation process of the digital signature based on the verification data;

and after the participants carry out cooperative calculation based on the private key related data held by the participants and decrypt the ciphertext data, the verifying party verifies the private key related data corresponding to each participant participating in decryption and the decryption calculation process based on the verification data.

On the other hand, the embodiment of the invention discloses a key management device, which comprises:

the participator determining module is used for determining n participators participating in the collaborative computing task, wherein n is an integer greater than or equal to 2;

the random number factor generation module is used for generating a random number factor according to a preset cryptographic algorithm;

a key generation module for generating a private key and a public key based on the random number factor;

the private key fragmentation module is used for fragmenting the private key or the random number factor through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level to generate private key related data corresponding to each participant;

the verification data generation module is used for generating verification data according to an nth-order polynomial generated in the process of the Berchhoff interpolation;

and the data sending module is used for sending the private key related data to corresponding participants so that the participants holding the private key related data can jointly execute the collaborative computing task, and sending the verification data to a verifier so that the verifier verifies the private key related data participating in the collaborative computing task by using the verification data.

Optionally, the preset cryptographic algorithm is an SM2 algorithm in an autonomous mode, and the random number factor generation module is specifically configured to generate, by the participants, a first random number factor based on the generated original private key fragments and through security calculation without leakage of the original private key fragments;

the key generation module is specifically configured to generate a private key and a public key based on the first random number factor;

the private key fragmentation module is specifically used for respectively generating n-th-order polynomials based on the generated original private key fragmentation by each participant; the private key is segmented through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level through each participant based on the n-th-order polynomial generated by each participant, and private key related data of the private key and other participants are generated;

the data sending module is specifically configured to send the generated data related to the private keys of the other participants to the corresponding participants through the participants.

Optionally, the preset cryptographic algorithm is an SM2 algorithm in a proxy mode, and the random number factor generation module is specifically configured to generate a second random number factor by a first proxy party;

the key generation module is specifically configured to generate a private key and a public key based on the second random number factor;

the private key fragmentation module is specifically configured to generate an nth-order polynomial through the first agent based on the second random factor; the first agent generates an nth-order polynomial based on the first agent, and the private key is partitioned through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level to generate private key related data corresponding to each participant;

the data sending module is specifically configured to send, by the first agent, the generated data related to the private key corresponding to each participant to the corresponding participant.

Optionally, the preset cryptographic algorithm is an SM9 algorithm, and the random number factor generating module is specifically configured to generate a third random number factor by a second agent;

the key generation module is specifically configured to generate a private key and a public key based on the third random number factor;

the private key fragmentation module is specifically configured to generate an nth-order polynomial through the second agent based on the third random factor; the second agent generates an nth-order polynomial based on the second agent, and the third random factor is segmented through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level to generate private key related data corresponding to each participant;

the data sending module is specifically configured to send, by the second agent, the generated data related to the private key corresponding to each participant to the corresponding participant.

Optionally, the apparatus further includes a digital signature module, configured to perform collaborative computation on the basis of data related to private keys held by the participants, and perform digital signature on a message to be signed; the digital signature module comprises:

the first definition sub-module is used for respectively defining a linear independent system through each participant;

the first coefficient calculation submodule is used for calculating an interpolation coefficient through each participant according to a linear independent system defined by each participant;

the first factor calculation submodule is used for cooperatively calculating a random number factor through the interpolation coefficient calculated by each participant according to the participant and the relevant data of the private key held by the participant;

the s value operator module is used for cooperatively calculating the s value in the digital signature by each participant according to the calculation relationship in the digital signature and the cooperative calculation random number factor;

and the first execution submodule is used for continuing to perform the subsequent steps of standard digital signature according to the s value so as to finish the digital signature of the message to be signed.

Optionally, the apparatus further includes a decryption module, configured to perform collaborative computation on the basis of the data related to the private key held by each of the participants, and decrypt the ciphertext data; the decryption module includes:

a second defining submodule for defining a linear independent system by each participant;

the second coefficient calculation submodule is used for calculating an interpolation coefficient through each participant according to a linear independent system defined by each participant;

the second factor calculation submodule is used for cooperatively calculating the random number factor through the interpolation coefficient calculated by each participant according to the participant and the relevant data of the private key held by the participant;

the coordinate calculation submodule is used for cooperatively calculating the coordinates of the elliptic curve points through all the participants according to the cooperatively calculated random number factors;

and the second execution submodule is used for continuing the subsequent steps of standard decryption according to the elliptic curve point coordinates so as to finish the decryption of the ciphertext data.

Optionally, the verification data generating module is specifically configured to generate verification data according to the coefficient of the nth-order polynomial and the base point in the preset cryptographic algorithm.

Optionally, the apparatus further comprises:

the first verification module is used for verifying the private key related data corresponding to each participant participating in the digital signature and the calculation process of the digital signature by the verifier based on the verification data after the participant carries out the digital signature on the message to be signed by performing the collaborative calculation based on the private key related data held by each participant;

and the second verification module is used for performing collaborative calculation on the basis of the private key related data held by each participant and verifying the private key related data corresponding to each participant participating in decryption and the calculation process of decryption by the verifier on the basis of the verification data after the ciphertext data is decrypted.

In yet another aspect, an embodiment of the present invention discloses an apparatus for key management, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and configured to be executed by the one or more processors comprises instructions for:

generating a private key and a public key based on the random number factor;

generating, by the first agent, a second random number factor;

generating, by the second agent, a third random number factor;

the participants respectively define a linear independent system;

Optionally, the device is also configured to execute the one or more programs by the one or more processors including instructions for:

In yet another aspect, embodiments of the invention disclose a machine-readable medium having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform a key management method as described in one or more of the preceding.

The embodiment of the invention has the following advantages:

the invention is based on Burkhoff interpolation, carries out certain adaptation and modification to the flow of the secret sharing-based cryptographic algorithm, and can realize the following effects on the basis of the original cryptographic algorithm: firstly, a private key generated based on a random number factor or the random number factor is sliced through a birkhoff interpolation value to generate private key related data (also called as key slices) corresponding to each participant, so that each participant in n participants participating in a collaborative computing task only holds the private key related data, all participants holding the private key related data execute the collaborative computing task together, and the private key can be ensured not to be leaked. Secondly, the quantity and the grade of the private key related data participating in the collaborative computing task are limited, that is, the fact that a certain collaborative computing task needs to participate in computing by a plurality of private key related data (participant quantity threshold) meeting the preset participation permission level can be limited, so that the safety of the collaborative computing task is improved. And thirdly, a verification function is added to the private key related data, namely, in the process of the collaborative computing task, a verifier can verify whether each participant uses the correct private key related data held by the participant, so as to ensure the accuracy and reliability of the collaborative computing task.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.

FIG. 1 is a flow chart of the steps of one embodiment of a key management method of the present invention;

FIG. 2 is a schematic flow chart of the autonomous mode based SM2 algorithm for generating private key related data and verification data according to the present invention;

fig. 3 is a schematic flow chart of the private key-related data and the verification data generated by the SM2 algorithm based on the proxy mode according to the present invention;

fig. 4 is a schematic flow chart of the SM9 algorithm for generating private key related data and verification data according to the present invention;

FIG. 5 is a block diagram of a key management device according to an embodiment of the present invention;

FIG. 6 is a block diagram of an apparatus 800 for key management of the present invention;

fig. 7 is a schematic diagram of a server in some embodiments of the invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 1, a flowchart illustrating steps of an embodiment of a key management method of the present invention is shown, where the method may specifically include the following steps:

step 101, determining n participants participating in a collaborative computing task, wherein n is an integer greater than or equal to 2;

102, generating a random number factor according to a preset cryptographic algorithm;

103, generating a private key and a public key based on the random number factor;

104, fragmenting the private key or the random number factor through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level to generate private key related data corresponding to each participant;

105, generating verification data according to an nth-order polynomial generated in the Burkhovin interpolation process;

and 106, sending the private key related data to corresponding participants so that the participants holding the private key related data execute the collaborative computing task together, and sending the verification data to a verifier so that the verifier verifies the private key related data participating in the collaborative computing task by using the verification data.

The key management algorithm of the embodiment of the invention can be applied to a secret sharing (secret sharing) based cryptographic algorithm. The basic principle of secret sharing is to split a secret (e.g. a secret key) into multiple shards (shares) and respectively deliver the shards to different parties for storage. Only when the number of the collected shares exceeds the preset threshold number, the secret can be recovered; if the number of shares collected is less than the preset threshold number, no secret information can be recovered based on the shares.

In an alternative embodiment of the present invention, the preset cryptographic algorithm may include an SM2 algorithm or an SM9 algorithm, and the SM2 algorithm may include an SM2 algorithm in an autonomous mode or an SM9 algorithm in a proxy mode.

The key management algorithm of the embodiment of the invention can be applied to a secret sharing-based cryptographic algorithm. That is, the cryptographic algorithm that can linearly combine the private key fragments to calculate the signature and decrypt the signature is applicable. Such as ECC (Elliptic Curve Cryptography) algorithm, SM2 algorithm, SM9 algorithm, etc. The embodiment of the invention mainly takes the SM2 algorithm and the SM9 algorithm as examples for explanation. The SM2 algorithm is an elliptic curve public key cryptographic algorithm issued by the national crypto authority. The SM9 algorithm is an identification cipher algorithm issued by the national cipher authority.

The invention carries out certain adaptation and modification on processes of secret sharing-based cryptographic algorithms such as SM2, SM9 and ECC based on Burkhoff (birkhoff) interpolation, and can realize the following effects on the basis of the original cryptographic algorithms:

firstly, a private key generated based on a random number factor or the random number factor is sliced through a birkhoff interpolation value to generate private key related data (also called as key slices) corresponding to each participant, so that each participant in n participants participating in a collaborative computing task only holds the private key related data, all participants holding the private key related data execute the collaborative computing task together, and the private key can be ensured not to be leaked.

Secondly, the quantity and the grade of the private key related data participating in the collaborative computing task are limited, that is, the fact that a certain collaborative computing task needs to participate in computing by a plurality of private key related data (participant quantity threshold) meeting the preset participation permission level can be limited, so that the safety of the collaborative computing task is improved.

The preset participation right level and the number threshold of the participants corresponding to each participation right level can be determined according to actual service application, and the service application can include applications such as electronic commerce and identity authentication. In an exemplary scenario, the preset participation right level and the number threshold of participants corresponding to each participation right level are shown in table 1.

TABLE 1

Participation privilege level	Number of participating parties threshold
		0	2
1	3
		2	4

As shown in table 1, the preset participation right levels include three levels of company high level, financial staff, and middle level manager, which are respectively defined as levels 0, 1, and 2. The threshold number of participants for each level of participation right is shown in table 1, the number of participants at level 0 should be greater than or equal to 2, the number of participants at level 1 should be greater than or equal to 3, and the number of participants at level 2 should be greater than or equal to 4. Therefore, only when the data which meets the preset participation authority level and the number of the private keys related to the number threshold number of the participants corresponding to the preset participation authority level are calculated together, the collaborative computing tasks such as digital signature and decryption can be completed correctly.

Thirdly, the embodiment of the invention realizes the verification function of the data related to the private key. Specifically, verification data is generated according to an nth-order polynomial generated in the burkhovin interpolation process, and the verification data is sent to a verifier, so that the verifier verifies the private key related data participating in the collaborative computing task by using the verification data, and whether each participant uses the correct private key related data held by the participant is verified. Through the embodiment of the invention, the private key related data used by each participant can be verified, so that each participant can use correct private key related data, and the accuracy and reliability of the collaborative computing task can be further ensured.

In the embodiment of the present invention, the cooperative computing task refers to that each participant cooperatively executes a cryptographic computing task based on the private key related data (key fragment) that each participant has. In an optional embodiment of the invention, the collaborative computing task may comprise: and performing collaborative calculation on the basis of the data related to the private key held by each participant, and performing digital signature on the message to be signed, or performing collaborative calculation on the basis of the data related to the private key held by each participant, and decrypting ciphertext data, wherein the ciphertext data is obtained by encrypting by using the public key.

In the process that all participants perform collaborative calculation based on the relevant data of private keys held by the participants and perform digital signature on a message to be signed, if participants with grades not conforming to a preset participation authority level exist in the participants who participate in decryption, or the number of the participants with a certain participation authority level does not conform to the number of a preset participant number threshold, verification in the process of digital signature fails, and further digital signature fails. Similarly, in the process of performing collaborative calculation on each participant based on the data related to the private key held by each participant and decrypting the ciphertext data, if participants with levels not meeting the preset participation permission level exist in the participants who participate in decryption, or the number of the participants with a certain participation permission level does not meet the preset number threshold number of the participants, verification in the decryption process is failed, and decryption is failed.

The following describes specific implementation flows of the key management method of the present invention in the key generation, digital signature, and decryption processes with respect to the SM2 algorithm and the SM9 algorithm, respectively.

In an optional embodiment of the present invention, the preset cryptographic algorithm is an SM2 algorithm in an autonomous mode, and the step 102 of generating a random number factor according to the preset cryptographic algorithm includes: the method comprises the steps that each participant generates a first random number factor through security calculation without leakage of original private key fragments based on the original private key fragments generated by each participant;

step 103, generating a private key and a public key based on the random number factor includes: generating a private key and a public key based on the first random number factor;

step 104, the fragmenting the private key or the random number factor through burkhovin interpolation according to the preset participation right level and the participant number threshold corresponding to each participation right level to generate the data related to the private key corresponding to each participant, including: the participants respectively generate n-th-order polynomials based on the generated original private key fragments; based on the n-degree polynomials generated by the participants, the private key is segmented through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level, and private key related data of the participants and private key related data of other participants are generated;

the sending of the data related to the private key to the corresponding participant in step 106 includes: and each participant respectively sends the generated data related to the private keys of other participants to the corresponding participants.

For the SM2 algorithm in autonomous mode, each participant first generates a first random number factor based on the original private key fragment that it generates, through secure computation that does not compromise the original private key fragment. The original private key fragments generated by each participant can be random numbers generated by each participant, such as d 1-dn. The n participants may derive a first random number factor d0, such as d0 ═ d1+ … + dn, based on a secure computation that does not leak the original private key shard. The embodiment of the invention does not limit the algorithm of the safety calculation, and the safety calculation can adopt multi-party safety calculation algorithms such as secret sharing, homomorphic encryption, a garbled circuit and the like.

Each participant then generates a private key PA and a public key dA based on the first random number factor d 0. Specifically, each participant calculates the private key dA ═ 1/d0-1 ═ 1/(d1+ … + dn) -1, and then calculates the public key PA ═ G × dA. The embodiment of the invention does not limit the algorithm of the safety calculation, and the safety calculation can adopt multi-party safety calculation algorithms such as secret sharing, homomorphic encryption, a garbled circuit and the like.

And then, each participant respectively generates n-degree polynomials based on the generated original private key fragments, and based on the generated n-degree polynomials, the private key is fragmented through Berkoff interpolation according to a preset participation authority level and a participant quantity threshold corresponding to each participation authority level to generate own private key related data and other participant private key related data.

Specifically, each participant generates an nth-order polynomial f (x) based on the respective generated original private key fragments d 1-dn. The method comprises the following specific steps:

f(x)＝a₀+a₁x+…+a_n-1x^n-1 (1)

wherein, a₀Is a constant term. The embodiment of the invention realizes secret sharing of the original private key fragments d 1-dn by a polynomial f (x), and sets a constant term to be shared d 1-dn. For example, for Party 1, the constant term a₀Set as the original private key fragment d1 generated by party 1, the nth order polynomial generated by party 1 is: f. of₁(x)＝d1+a₁ ¹x+…+a¹ _n-1x^n-1. For Party 2, it is usualNumber a₀Set as the original private key fragment d2 generated by party 2, the nth order polynomial generated by party 2 is: f. of₂(x)＝d2+a₂ ¹x+…+a² _n-1x^n-1. By analogy, for the participant n, the constant term a₀Setting the original private key fragmentation dn generated by the participant n, wherein the nth-degree polynomial generated by the participant n is as follows: f. of_n(x)＝dn+a_n ¹x+…+aⁿ _n-1x^n-1。

And each participant divides the private key dA into pieces through a Berchhoff interpolation value according to a preset participation authority level and a participant number threshold corresponding to each participation authority level based on the n-th-order polynomial generated by each participant, and generates private key related data of the participant and private key related data of other participants.

Each participant generates private key related data (SS) according to birkhoff interpolation method based on respective generated n-th-order polynomial aiming at participation authority level specified by service application and participant number threshold corresponding to each participation authority level₁₁～SS_nn). Therefore, when the participators have the level classification, the participators can be ensured to participate in the process of participating in the collaborative computing task by the private key related data held by the participators with the number more than the set participator threshold in the designated level.

For the SM2 algorithm of the autonomous mode, each participant divides the private key dA according to the preset participation authority level and the participant number threshold corresponding to each participation authority level and the bikhoff interpolation method based on the generated nth-degree polynomial to generate the data SS related to the private key_i. The method comprises the following specific steps:

wherein k is_tFor the participant number threshold, ri is a random number that serves as the input of f (x) for secret sharing of the original private key splits d 1-dn. Each participant respectively generates own private key related data and other participant private key related numbers according to the formulaAnd sending the data related to the private keys of the other participants to the other participants according to the corner marks. For example, party 1 has generated its own private key related data SS₁₁And private key related data SS of the other party is generated₁₂-SS_1nThen participant 1 will SS₁₂Send to participant 2, SS₁₃Sends to participant 3, and so on, sends the SS_1nAnd sending the data to the participant n. Similarly, each of the participants 2 to n sends the generated data related to the private keys of the other participants to the other participants according to the corner marks.

After the nth-order polynomial is generated, the verification data is generated according to the generated nth-order polynomial, and the verification data is used for verifying the related data of the private key used by each participant so as to ensure that each participant uses the correct related data of the private key. In an optional embodiment of the present invention, the generating 105 verification data according to an nth-order polynomial generated in the burkhovin interpolation process includes: and generating verification data according to the coefficient of the nth-order polynomial and the base point in the preset cryptographic algorithm.

For the SM2 algorithm for autonomous mode, each participant may generate the following verification data: a isⁱ _jG, wherein, aⁱ _jThe coefficients of the nth order polynomial generated for each participant. G is the base point in the SM2 algorithm.

And each participant sends the generated verification data to the holder of the verifier, so that the verifier can verify the data related to the private key participating in the collaborative computing task by using the verification data to verify whether each participant uses the correct data related to the private key held by the participant. It should be noted that the verifying party may be a specified party or several parties, or may be all participating parties.

Referring to fig. 2, there is shown a schematic flow chart of the self-contained mode-based SM2 algorithm for generating private key related data and verification data according to the present invention.

In an optional embodiment of the present invention, the preset cryptographic algorithm is a SM2 algorithm in a proxy mode, and the step 102 of generating a random number factor according to the preset cryptographic algorithm includes: generating, by the first agent, a second random number factor;

step 103, generating a private key and a public key based on the random number factor includes: generating a private key and a public key based on the second random number factor;

step 104, the fragmenting the private key or the random number factor through burkhovin interpolation according to the preset participation right level and the participant number threshold corresponding to each participation right level to generate the data related to the private key corresponding to each participant, including: the first agent generates an nth-order polynomial based on the second random factor; the first agent divides the private key into pieces through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level based on the n-th-order polynomial generated by the first agent, and generates private key related data corresponding to each participant;

the sending of the data related to the private key to the corresponding participant in step 106 includes: and the first agent sends the generated data related to the private key corresponding to each participant to the corresponding participants respectively.

For the SM2 algorithm in proxy mode, private key related data is generated by the proxy instead of each participant. In the embodiment of the present invention, the agent in the SM2 algorithm of the proxy mode is referred to as a first agent. The first agent comprises a trusted third party that may be aware of the original of the private key, e.g., the first agent may be a key management system or the like.

Specifically, the second random number factor d0 is generated by the first proxy, and is different from the first random number factor in the SM2 algorithm of the autonomous mode in that in the SM2 algorithm of the proxy mode, the second random number factor d0 is generated by the proxy alone, and the second random number factor d0 may be one random number. The first agent generates a private key dA and a public key PA based on said second random number factor d 0. For example, the first agent may generate the following private key: dA ═ 1/d0) -1, and the following public key was generated: PA G dA, G is the base point in the SM2 algorithm.

The first agent generates an nth degree polynomial f (x) based on the second random factor d 0. The method comprises the following specific steps:

f(x)＝d₀+a¹x+…+a¹ _n-1x^n-1 (3)

the first agent generates n-degree polynomials based on the first agent, fragments the generated private key dA through a Berchhoff interpolation value according to a preset participation authority level and a participant number threshold corresponding to each participation authority level, and generates private key related data SS corresponding to each participant_i. The method comprises the following specific steps:

wherein k is_tFor the participant number threshold, ri is a random number that serves as the input of f (x) for secret sharing of the original private key splits d 1-dn. In particular, the first agent generates private key related data SS of party 1₁Generating private key related data SS of party 2₂And so on, generating the data SS related to the private key of the participant n_n。

The first agent will generate private key related data SS corresponding to each participant_iAnd sending the information to each participant according to the corner mark. For example, the first agent will generate private key related data SS for party 1₁Sent to the participant 1, the data SS relating to the private key of the participant 2 to be generated₂Sending the data to the participant 2, and so on, generating the data SS related to the private key of the participant n_nAnd sending the data to the participant n.

For the SM2 algorithm for proxy mode, the first agent may generate the following verification data: ai G, wherein ai is the coefficient of the nth order polynomial generated by the first agent. G is the base point in the SM2 algorithm.

The first agent sends the generated verification data to the verification party. It should be noted that the verifying party may be a specified party or several parties, or may be all participating parties.

Referring to fig. 3, a schematic flow chart of the private key related data and the verification data generated by the SM2 algorithm based on the proxy mode of the present invention is shown.

In an optional embodiment of the present invention, the preset cryptographic algorithm is an SM9 algorithm, and the step 102 of generating a random number factor according to the preset cryptographic algorithm includes: generating, by the second agent, a third random number factor;

step 103, generating a private key and a public key based on the random number factor includes: generating a private key and a public key based on the third random number factor;

step 104, the fragmenting the private key or the random number factor through burkhovin interpolation according to the preset participation right level and the participant number threshold corresponding to each participation right level to generate the data related to the private key corresponding to each participant, including: the second agent generates an nth-order polynomial based on the third random factor; the second agent divides the third random factor into pieces through Berchhoff interpolation according to a preset participation authority level and a participant number threshold corresponding to each participation authority level based on the n-th-order polynomial generated by the second agent, and generates private key related data corresponding to each participant;

the sending of the data related to the private key to the corresponding participant in step 106 includes: and the second agent sends the generated data related to the private key corresponding to each participant to the corresponding participants respectively.

For the SM9 algorithm, the SM9 private key generation mode is a proxy mode according to the standard definition specification of the SM9 algorithm, i.e., the SM9 private key is generated by the proxy party. The agent in the SM9 algorithm is referred to as a second agent in the embodiments of the present invention, and the second agent may be a trusted third party, such as a KGC (Key Generation Center) and the like, which can know the original text of the private Key.

Specifically, a third random number factor t2 is generated by the second agent; and generating, by the second agent, a private key and a public key based on the third random number factor, wherein t2 may be a random number generated by the second agent. For the SM9 algorithm, the private key cannot be sliced directly, so embodiments of the present invention replace the third random number factor t2 with slicingInstead of slicing the private key. Wherein the second agent (KGC) generates the private key d of the user A by using the master private key and the user identity (hereinafter referred to as ID)_A，d_AT 2P 1, and pass ID_AThe public key of user a can be uniquely determined.

The second agent generates a polynomial f (x) of degree n based on said third random factor t 2. The method comprises the following specific steps:

f¹(x)＝t2+a¹x+…+a¹ _n-1x^n-1 (5)

the second agent generates n-degree polynomial based on the second agent, and according to the preset participation authority level and the participant number threshold corresponding to each participation authority level, the third random factor t2 is sliced through Berchhoff interpolation to generate the data SS related to the private key corresponding to each participant_i. The method comprises the following specific steps:

wherein k is_tFor the participant number threshold, ri is a random number that serves as the input of f (x) for secret sharing of the original private key splits d 1-dn. In particular, the second agent generates private key related data SS of party 1₁Generating private key related data SS of party 2₂And so on, generating the data SS related to the private key of the participant n_n。

The second agent will generate private key related data SS corresponding to each participant_iAnd sending the information to each participant according to the corner mark. For example, the second agent will generate private key related data SS for party 1₁Sent to the participant 1, the data SS relating to the private key of the participant 2 to be generated₂Sending the data to the participant 2, and so on, generating the data SS related to the private key of the participant n_nAnd sending the data to the participant n.

For the SM9 algorithm, the second agent may generate the following verification data: ai P1, where ai is the coefficient of the nth order polynomial generated by the second agent. P1 is the base point in the SM9 algorithm.

The second agent sends the generated verification data to the verification party. It should be noted that the verifying party may be a specified party or several parties, or may be all participating parties.

Referring to fig. 4, a schematic flow chart of the SM9 algorithm for generating private key related data and verification data of the present invention is shown.

After the private key related data is sent to the corresponding participants in step 106, the participants holding the private key related data collectively execute the collaborative computing task, and the collaborative computing task may perform collaborative computing on the basis of the private key related data held by the participants, and perform digital signature on a message to be signed. The digital signature process in the embodiment of the present invention is described below with respect to the SM2 algorithm and the SM9 algorithm, respectively.

In an optional embodiment of the present invention, performing collaborative computation on the participating parties based on the data related to the private key held by the participating parties, and digitally signing the message to be signed includes:

step S11, each participant defines a linear independent system;

step S12, calculating interpolation coefficients by each participant according to the linear independent system defined by each participant;

step S13, each participant cooperatively calculates a random number factor according to the calculated interpolation coefficient and the related data of the private key held by each participant;

step S14, the participants calculate the S value in the digital signature cooperatively according to the calculation relationship in the digital signature and the random number factor of cooperative calculation;

and step S15, continuing to perform the subsequent steps of standard digital signature according to the S value so as to finish the digital signature of the message to be signed.

It should be noted that, in the process of performing digital signature, the interpolation coefficients, the private key related data, the random number factors, and the S values generated in the above steps S11 to S15 may be different for the SM2 and SM9 algorithms.

For the SM2 algorithm of the autonomous mode, the embodiment of the invention improves the SM2 digital signature process of the standard autonomous mode, and the specific improvement is that the calculation of the s value in the original calculation process is changed into that each participant uses the relevant data of the private key held by the participant to calculate, and other processes are kept unchanged.

For the SM2 algorithm in autonomous mode, the improved s value of the embodiment of the present invention is calculated as follows:

firstly, each participant defines a linear independent system respectively, specifically as follows:

where a linearly independent system refers to a set of polynomials or vectors that are not linearly related.

Then, each participant calculates an interpolation coefficient according to a linear independent system defined by the participant, specifically as follows:

where E is the coefficient matrix consisting of 0/1 in the birkhoff interpolation.

Next, each participant cooperatively calculates a random number factor according to the calculated interpolation coefficient and the data related to the private key held by the participant, specifically as follows:

d1+d2+…+dn＝∑b¹ _jSS_1j+∑b² _jSS_2j+…+∑bⁿ _jSS_nj (9)

wherein,

finally, each participant cooperatively calculates the s value in the digital signature according to the calculation relationship in the digital signature and the cooperative calculation random number factor, which is as follows:

1+d_A＝1/(d1+d2+...+dn)，d_A＝1/(d1+d2+…+dn)-1 (10)

s＝(k+r)/(1+d_A)-r，s＝(k+r)*(∑∑bⁱ _j*ss_ij)-r (11)

wherein r ═ e + x₁mod n. In the embodiment of the present invention, i and j are reference numbers of participants, such as the 3 rd key fragment of the 1 st participant, where j is 1 and i is 3.

After the s value in the digital signature is calculated, the subsequent steps of the standard SM2 digital signature of the autonomous mode are continued according to the s value to complete the SM2 digital signature process of the autonomous mode.

For the SM2 algorithm of the proxy mode, the embodiment of the invention improves the SM2 digital signature process of the standard proxy mode, and the specific improvement is that the calculation of the s value in the original calculation process is changed into that each participant uses the data related to the private key held by the participant to calculate, and other processes are kept unchanged.

For the SM2 algorithm of the proxy mode, the improved s value of the embodiment of the present invention is calculated as follows:

first, each participant defines a linear independent system, as shown in the above equation (7). Each participant then calculates an interpolation coefficient according to its defined linear independent system, as shown in equation (8) above.

d0＝∑b_jf(r_j) (12)

wherein,

f(r_j) Data relating to the private key held by each participant.

1+d_A＝1/(d0)，d_A＝1/(d0)-1 (13)

s＝k/(1+d_A)-r，s＝k*(∑b_jf(rj)-r) (14)

wherein，r＝e+x₁ mod n。

After the s value in the digital signature is calculated, the subsequent steps of the standard SM2 digital signature of the proxy mode are continued according to the s value so as to complete the SM2 digital signature process of the proxy mode.

For the SM9 algorithm, the digital signature is a proxy mode, the embodiment of the invention improves the standard SM9 digital signature process, and the specific improvement is that the calculation of the s value in the original calculation process is changed into the calculation of each participant by using the data related to the private key held by the participant, and other processes are kept unchanged.

For the SM9 algorithm, the calculation of the improved s value of the embodiment of the present invention is as follows:

t2＝∑b¹ _jSS_1j (15)

wherein,

dA＝∑b¹ _j*SS_1j*P1，s＝[l]*dA＝[l]*∑b_j*SS_1j*P1 (16)

after the s-value in the digital signature is calculated, the subsequent steps of standard SM9 digital signature are continued according to the s-value to complete the SM9 digital signature process.

After the private key-related data is sent to the corresponding participants in step 106, the participants holding the private key-related data collectively execute the cooperative computing task, where the cooperative computing task may perform cooperative computing on the basis of the private key-related data held by each participant, and decrypt ciphertext data obtained by encrypting the ciphertext data using the public key. The decryption process in the embodiment of the present invention is described below with respect to the SM2 algorithm and the SM9 algorithm, respectively.

In an optional embodiment of the present invention, performing a collaborative computation on the basis of the data related to the private key held by each of the participants to decrypt the ciphertext data includes:

step S21, each participant defines a linear independent system;

step S22, calculating interpolation coefficients by each participant according to the linear independent system defined by each participant;

step S23, each participant cooperatively calculates a random number factor according to the calculated interpolation coefficient and the related data of the private key held by each participant;

step S24, the participators cooperatively calculate the coordinates of the elliptic curve points according to the cooperatively calculated random number factors;

and step S25, continuing the subsequent steps of standard decryption according to the elliptic curve point coordinates to finish the decryption of the ciphertext data.

It should be noted that, in the decryption process, the interpolation coefficients, the private key-related data, the random number factors, and the elliptic curve point coordinates generated in the above steps S21 to S25 may be different for the SM2 and SM9 algorithms.

For the SM2 algorithm, the SM2 decryption mode is proxy mode according to the standard definition specification of the SM2 algorithm. The embodiment of the invention improves the standard SM2 decryption process, and the specific improvement is that the calculation of elliptic curve point coordinates (x2 and y2) in the original calculation process is changed into the calculation of each participant by using the own private key related data, and other processes are kept unchanged.

For the SM2 algorithm, the calculation process of the modified elliptic curve point coordinates (x2, y2) of the embodiment of the present invention is as follows:

1+d_B＝1/(d1+d2+…+dn),d_B＝1/(d1+d2+...+dn)-1 (17)

in the embodiment of the present invention, for the SM2 algorithm, the signature private key is represented by dA, and the corresponding random number factor is d 0. The decryption private key is expressed in dB, and the corresponding random number factor is d_B。

Finally, each participant cooperatively calculates the coordinates (x2, y2) of the elliptic curve points according to the cooperatively calculated random number factors, which is as follows:

(x2,y2)＝C1*(∑b¹ _i*ss_i) (18)

wherein, C1 is the coordinates of elliptic curve points (x1, y 1).

After the elliptic curve point coordinates (x2, y2) are calculated, the subsequent steps of standard SM2 decryption are continued according to the elliptic curve point coordinates (x2, y2) to complete the SM2 decryption process.

For the SM9 algorithm, the embodiment of the present invention improves the standard SM9 decryption process, and the specific improvement is to change the calculation of the elliptic curve point coordinates w in the original calculation process into the calculation by each participant using the private key-related data held by the participant, and the other processes remain unchanged.

For the SM9 algorithm, the calculation process of the improved elliptic curve point coordinate w of the invention is as follows:

first, each participant defines a linear independent system, as shown in the above equation (7).

Each participant then calculates an interpolation coefficient according to its defined linear independent system, as shown in equation (8) above.

t2＝∑b_jSS_j (19)

wherein,

finally, each participant cooperatively calculates the point coordinate w of the elliptic curve according to the cooperatively calculated random number factor, which is as follows:

dB＝∑b_j*SS_j*P1，

w＝e(C1,dB)＝e(C1,∑b_j*SS_j*P1)＝∏e(C1,SS*P1)^bj (20)

wherein,

after the elliptic curve point coordinates w are obtained through calculation, the subsequent steps of standard SM9 decryption are continued according to the elliptic curve point coordinates w, so that the SM9 decryption process is completed.

In an optional embodiment of the present invention, after the sending the verification data to the verifier in step 106, the method may further include:

the participants perform collaborative calculation based on the private key related data held by the participants, and the verifying party verifies the private key related data corresponding to each participant participating in the digital signature and the calculation process of the digital signature based on the verification data in the process of performing the digital signature on the message to be signed;

and in the process of carrying out collaborative calculation on the basis of the private key related data held by each participant and decrypting the ciphertext data, the verifying party verifies the private key related data corresponding to each participant participating in decryption and the calculation process of decryption on the basis of the verification data.

With respect to the SM2 algorithm and the SM9 algorithm, in the digital signature process, after the S value in the digital signature is cooperatively calculated in step S14, the verifier may verify the private key related data corresponding to each party participating in the digital signature and the calculation process of the digital signature based on the acquired verification data, so as to ensure that each party performs correct calculation using the correct private key related data held by each party.

For the SM2 algorithm of the autonomous mode and the SM2 algorithm of the proxy mode, the digital signature is verified in such a way that the verifier calculates whether the following formula holds:

where k is the polynomial degree in the birkhoff interpolation.

For the SM9 algorithm, the verification of the digital signature is performed by calculating whether the following formula holds for the verifier:

where l is the quantity in the SM9 standard algorithm: l ═ r-h) modn.

With respect to the SM2 algorithm and the SM9 algorithm, in the decryption process, after the elliptic curve point coordinates are cooperatively calculated in step S24, the verifier may verify the private key related data corresponding to each participant participating in the decryption and the decryption calculation process based on the obtained verification data, so as to ensure that each participant performs correct calculation using the correct private key related data held by each participant.

For the SM2 algorithm, the SM2 decryption mode is proxy mode according to the standard definition specification of the SM2 algorithm. Therefore, after the coordinate calculation of the elliptic curve point (x2, y2) in step S24, the verifier may verify the private key related data corresponding to each party participating in the decryption and the calculation process of the decryption based on the acquired verification data. For the SM2 algorithm, the verification of the decryption is that the verifier calculates whether the following holds:

for the SM9 algorithm, after the coordinate w of the elliptic curve point is cooperatively calculated in step S24, the verifier may verify the private key related data corresponding to each participant participating in decryption and the calculation process of decryption based on the obtained verification data. For the SM9 algorithm, the verification of the decryption is that the verifier calculates whether the following holds:

in summary, the invention performs certain adaptation and modification to the flow of the secret sharing-based cryptographic algorithm based on burkhoff (birkhoff) interpolation, and can realize the following effects on the basis of the original cryptographic algorithm: firstly, a private key generated based on a random number factor or the random number factor is sliced through a birkhoff interpolation value to generate private key related data (also called as key slices) corresponding to each participant, so that each participant in n participants participating in a collaborative computing task only holds the private key related data, all participants holding the private key related data execute the collaborative computing task together, and the private key can be ensured not to be leaked. Secondly, the quantity and the grade of the private key related data participating in the collaborative computing task are limited, that is, the fact that a certain collaborative computing task needs to participate in computing by a plurality of private key related data (participant quantity threshold) meeting the preset participation permission level can be limited, so that the safety of the collaborative computing task is improved. And thirdly, a verification function is added to the private key related data, namely, in the process of the collaborative computing task, a verifier can verify whether each participant uses the correct private key related data held by the participant, so as to ensure the accuracy and reliability of the collaborative computing task.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

Referring to fig. 5, a block diagram of a key management device according to an embodiment of the present invention is shown, where the key management device may specifically include:

a participant determining module 501, configured to determine n participants participating in a collaborative computing task, where n is an integer greater than or equal to 2;

a random number factor generating module 502, configured to generate a random number factor according to a preset cryptographic algorithm;

a key generation module 503, configured to generate a private key and a public key based on the random number factor;

a private key fragmentation module 504, configured to fragment the private key or the random number factor through a burkhovin interpolation according to a preset participation permission level and a participant number threshold corresponding to each participation permission level, and generate private key related data corresponding to each participant;

a verification data generating module 505, configured to generate verification data according to an nth-order polynomial generated in the burkhovin interpolation process;

the data sending module 506 is configured to send the private key related data to corresponding parties, so that the parties holding the private key related data collectively execute the collaborative computing task, and send the verification data to a verifier, so that the verifier verifies the private key related data participating in the collaborative computing task by using the verification data.

Optionally, the apparatus further comprises:

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

An embodiment of the present invention provides an apparatus for key management, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs including instructions for: determining n participants participating in a collaborative computing task, wherein n is an integer greater than or equal to 2; generating a random number factor according to a preset cryptographic algorithm; generating a private key and a public key based on the random number factor; according to a preset participation authority level and a participant quantity threshold corresponding to each participation authority level, fragmenting the private key or the random number factor through Berchhoff interpolation to generate private key related data corresponding to each participant; generating verification data according to an nth-order polynomial generated in the Burkhovin interpolation process; and sending the private key related data to corresponding participants so that the participants holding the private key related data execute the collaborative computing task together, and sending the verification data to a verifier so that the verifier verifies the private key related data participating in the collaborative computing task by using the verification data.

Fig. 6 is a block diagram illustrating an apparatus 800 for key management according to an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.

Referring to fig. 6, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.

The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.

The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of the components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also detect a change in position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

Fig. 7 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.

The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.

A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform a key management method shown in fig. 1. A non-transitory computer readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform a key management method, the method comprising: determining n participants participating in a collaborative computing task, wherein n is an integer greater than or equal to 2; generating a random number factor according to a preset cryptographic algorithm; generating a private key and a public key based on the random number factor; according to a preset participation authority level and a participant quantity threshold corresponding to each participation authority level, fragmenting the private key or the random number factor through Berchhoff interpolation to generate private key related data corresponding to each participant; generating verification data according to an nth-order polynomial generated in the Burkhovin interpolation process; and sending the private key related data to corresponding participants so that the participants holding the private key related data execute the collaborative computing task together, and sending the verification data to a verifier so that the verifier verifies the private key related data participating in the collaborative computing task by using the verification data.

Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims. The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

The key management method, the key management device and the device for key management provided by the present invention are described in detail above, and specific examples are applied herein to illustrate the principle and the implementation of the present invention, and the description of the above embodiments is only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. A method of key management, the method comprising:

generating a private key and a public key based on the random number factor;

2. The method of claim 1, wherein the collaborative computing task comprises: and performing collaborative calculation on the basis of the data related to the private key held by each participant, and performing digital signature on the message to be signed, or performing collaborative calculation on the basis of the data related to the private key held by each participant, and decrypting ciphertext data, wherein the ciphertext data is obtained by encrypting by using the public key.

3. The method according to claim 1 or 2, wherein the preset cryptographic algorithm comprises an SM2 algorithm or an SM9 algorithm, and the SM2 algorithm comprises an SM2 algorithm in autonomous mode or an SM9 algorithm in proxy mode.

4. The method of claim 3, wherein the predetermined cryptographic algorithm is an autonomous mode SM2 algorithm, and wherein generating the random number factor according to the predetermined cryptographic algorithm comprises:

5. The method of claim 3, wherein the predetermined cryptographic algorithm is a SM2 algorithm in proxy mode, and wherein generating the random number factor according to the predetermined cryptographic algorithm comprises:

generating, by the first agent, a second random number factor;

6. The method of claim 3, wherein the predetermined cryptographic algorithm is the SM9 algorithm, and wherein generating the random number factor according to the predetermined cryptographic algorithm comprises:

generating, by the second agent, a third random number factor;

7. The method of claim 2, wherein the participating parties perform a collaborative computation based on the data related to the private key held by each participating party to digitally sign the message to be signed, the method comprising:

the participants respectively define a linear independent system;

8. A key management apparatus, characterized in that the apparatus comprises:

9. An apparatus for key management, the apparatus comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for:

generating a private key and a public key based on the random number factor;

10. A machine-readable medium having stored thereon instructions, which when executed by one or more processors, cause an apparatus to perform the key management method of any of claims 1 to 7.