CN112422276A - Method and system for realizing multi-party key agreement - Google Patents

Abstract

The invention provides a method and a system for realizing multi-party key agreement. The method comprises the following steps: member A₁Generating key parameters

Then through

Generating key negotiation information with member information

And sent to member A₂(ii) a Member A₂Generating random numbers

Computing

By passing

Generating key negotiation information with member information

And sent to member A₃(ii) a So continuing, member A_mGenerating random numbers

Calculating to obtain a secret key; computing

By passing

Generating key negotiation information with member information

And sent to member A_m‑1(ii) a So continuing, the key negotiation information is transmitted in sequence, and finally the member A₁And calculating to obtain the key. The invention can effectively realize the key agreement of multi-party members, and selects a safe elliptic curve, and the difficulty of discrete logarithm on the elliptic curve can effectively ensure the security of the key parameter in the communication process on the basis of the safe elliptic curve.

Description

Method and system for realizing multi-party key agreement

Technical Field

The invention relates to the technical field of network communication security, in particular to a method and a system for realizing multi-party key agreement.

Background

With the global informatization, the emergence and development of digital communication systems, the human society has changed greatly. Before data interaction is needed between two devices of a digital communication system, in order to ensure the security of the data interaction, a secure communication mechanism needs to be established between the two devices, and the secure communication between the two devices is usually realized by encrypting and decrypting content to be communicated by using session keys of the two parties.

At present, DH (Diffie-Hellman) key agreement is implemented to let two communicating parties exchange mutual information on communication to jointly calculate the same session key, even if a part of the transmitted information is intercepted, the session key cannot be calculated according to the information, because another part of the information for calculating the session key is at the receiving party, and the receiving party does not disclose the part of the information, the intermediate party does not have enough information to obtain the session key, and further, the communication ciphertext after the decryption.

However, when the number of communication members exceeds two, the complexity of key agreement is greatly increased, more information needs to be exchanged between the members, so the security of the information exchange and key agreement process is crucial, once the exchange information is leaked, the key is cracked, therefore, how to design a multi-party key agreement method can effectively ensure the security of the information exchange between the key agreement members, and safely and efficiently realize the key agreement between a plurality of members is a problem which is urgently needed to be solved at present.

Disclosure of Invention

The invention provides a method and a system for realizing multi-party key agreement, aiming at the problem that the current key agreement method can not effectively ensure the safety of information exchange of key agreement members when the communication members exceed two parties.

In a first aspect, the present invention provides a method for implementing multi-party key agreement, which includes m key agreement members { A }₁,A₂,…,A_m-said method comprising: a forward transmission process and a reverse transmission process;

the forward transmission process comprises the following steps:

key agreement member A₁Generating random numbers

Then generating key parameters

By passing

Generating key negotiation information with member information

And sends to the key agreement member A₂(ii) a G is a base point with a prime number n of an order on the elliptic curve;

key agreement member A₂Generating random numbers

Calculating key parameters

By passing

Generating key negotiation information with member information

And sends to the key agreement member A₃；

Continuing so, key agreement member A_iGenerating random numbers

Negotiating Member A based on a Key_i-1Key parameter of

Calculating its key parameters

Key parameter of the member negotiating with its previous (i-1) keys, key parameter of itself

Generating key negotiation information with member information

And sends to the next key negotiation member A_i+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;

key agreement member A_mGenerating random numbers

Calculating a secret key

Computing

The reverse transmission process comprises:

key agreement member A_mBy passing

Generating key negotiation information with member information

And sends to the key agreement member A_m-1；

Key agreement member A_m-1Calculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the key agreement member A_m-2；

Continuing so, key agreement member A_jCalculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the next key negotiation member A_j-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;

key agreement member A₂Calculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the key agreement member A₁；

Key agreement member A₁Calculating a secret key

Further, still include:

before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member, performing digest, signature and encryption processing on the key negotiation information;

correspondingly, after each key negotiation member receives the ciphertext, the received ciphertext is decrypted, signed and integrity verified, and then the key or the key parameter is calculated.

Further, the digest, signature, and encryption processing on the key agreement information specifically includes: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;

the decrypting, signature verification and integrity verification of the received ciphertext specifically comprises: the method comprises the steps of firstly decrypting a received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then using public keys of all key negotiation members to verify the signature information, carrying out hash operation on the key negotiation information through a hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.

Further, the key agreement information also includes a timestamp when the sender sends the information to the receiver;

correspondingly, after receiving the timestamp, the receiver first verifies the timestamp and then calculates the key or key parameters.

Further, the member information refers to ID information of a key agreement member as both communication parties.

Further, each key agreement member does not save each result of the intermediate calculation in the key agreement process, and only saves the generated random number.

In a second aspect, the present invention provides a system for implementing multi-party key agreement, including:

a first random number generation module for key negotiation member A₁Generating random numbers

A first calculation module for generating key parameters

G is a base point with a prime number n of an order on the elliptic curve; a first key negotiation information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A₂；

A second random number generation module for key negotiation member A₂Generating random numbers

A second calculation module for calculating key parameters

A second key agreement information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A₃；

The ith random number generation module is used for the key negotiation member A_iGenerating random numbers

An ith calculation module for negotiating the member A according to the key_i-1Key parameter of

Calculating its key parameters

An ith key agreement information generation module for passing the key parameters of its previous (i-1) key agreement members, its own key parameters

Generating key negotiation information with member information

And sends to the next key negotiation member A_i+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;

the mth random number generation module is used for the key negotiation member A_mGenerating random numbers

An mth calculation module for calculating the obtained key

Computing

The mth key negotiation information generation module is used for the key negotiation member A_mBy passing

Generating key negotiation information with member information

And sends to the key agreement member A_m-1；

M-1 th calculation module for key agreement member A_m-1Calculating a secret key

Computing

M-1 key agreement information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A_m-2；

A jth calculation module for key negotiation member A_jCalculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the next key negotiation member A_j-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;

a second calculation module for key agreement member A₂Calculating a secret key

Computing

A second key agreement information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A₁；

A first calculation module for key agreement member A₁Calculating a secret key

Further, still include: the first security module is used for performing digest, signature and encryption processing on the key negotiation information before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member; and after each key negotiation member receives the ciphertext, decrypting, checking the signature and verifying the integrity of the received ciphertext.

Further, the first security module is specifically configured to:

performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;

and the encryption and decryption module is specifically configured to decrypt the received ciphertext through an encryption and decryption algorithm to obtain signature information and key agreement information, then verify the signature information using the public key of each key agreement member, perform hash operation on the key agreement information through the hash algorithm to generate a second hash operation result, and compare the first hash operation result with the second hash operation result to verify the integrity of the key agreement information.

Further, the key agreement information also includes a timestamp when the sender sends the information to the receiver; correspondingly, the system further comprises:

and the second safety module is used for verifying the time stamp after the receiving party receives the time stamp.

The invention has the beneficial effects that:

(1) the invention can divide the process of the key agreement of many parties into two processes of forward and backward, transmit the information that the member of subsequent key agreement needs sequentially, thus realize the key agreement of many parties effectively, and choose a safe elliptic curve, on the basis of the safe elliptic curve, the difficulty of the discrete logarithm on the elliptic curve can guarantee the security of the key parameter in the communication process effectively;

(2) in the process of multi-party key agreement, a fresh factor timestamp is added into each key agreement message of communication, so that each message interaction in the key agreement communication is ensured to be a fresh message, and replay attack of an old message is prevented;

(3) in the interactive process of key agreement, the invention adopts the signature technology for the key agreement information sent each time, so that an intermediate attacker cannot generate an effective signature of the message sent by a real communication main body, and cannot falsely succeed;

(4) the invention adopts a hash function technology and an encryption technology, in the interactive process of key agreement, for the key agreement information sent each time, a sender sends the information and simultaneously sends summary information of the information, and encrypts the information, and a receiver also generates the summary information of the information after receiving the information and compares the summary information with the received summary information to ensure that the key agreement information is not falsified by an attacker in the communication process;

(5) the invention provides a key negotiation process that the identity of a sender is in the first place and the information of a receiver is in the last place in the key negotiation information, so as to ensure that an information receiver can distinguish whether the information is the reflection of the message sent by the receiver.

Drawings

Fig. 1 is a flow chart of forward transmission in a method for implementing multi-party key agreement according to an embodiment of the present invention;

fig. 2 is a reverse transmission flow chart in a method for implementing multi-party key agreement according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Example 1:

the embodiment of the invention provides a method for realizing multi-party key agreement, which comprises m key agreement members { A }₁,A₂,…,A_mThe method comprises a forward transmission process and a reverse transmission process; wherein:

the forward transmission process comprises the following steps:

key agreement member A₁Generating random numbers

Then generating key parameters

By passing

Generating key negotiation information with member information

And sends to the key agreement member A₂(ii) a G is a base point with a prime number n of an order on the elliptic curve; random number

Key agreement member A₂Generating random numbers

Calculating key parameters

By passing

Generating key negotiation information with member information

And sends to the key agreement member A₃(ii) a Random number

Continuing so, key agreement member A_iGenerating random numbers

Negotiating Member A based on a Key_i-1Key parameter of

Calculating its key parameters

Key parameter of the member negotiating with its previous (i-1) keys, key parameter of itself

Generating key negotiation information with member information

And sends to the next key negotiation member A_i+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer; random number

Key agreement member A_mGenerating random numbers

Calculating a secret key

Computing

The reverse transmission process comprises:

key agreement member A_mBy passing

Generating key negotiation information with member information

And sends to the key agreement member A_m-1；

Key agreement member A_m-1Calculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the key agreement member A_m-2；

Continuing so, key agreement member A_jCalculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the next key negotiation member A_j-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;

key agreement member A₂Calculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the key agreement member A₁；

Key agreement member A₁Calculating a secret key

The method for realizing the multi-party key agreement provided by the embodiment of the invention can divide the process of the multi-party key agreement into a forward process and a reverse process, and sequentially transmit information required by subsequent key agreement members, thereby effectively realizing the key agreement of the multi-party members; and by selecting a safe elliptic curve, on the basis of the safe elliptic curve, the difficulty of discrete logarithm on the elliptic curve can effectively ensure the security of the key parameter in the communication process.

Example 2:

on the basis of the foregoing embodiment 1, an embodiment of the present invention provides another implementation method for multi-party key agreement, which is different from the foregoing embodiment 1 in that the method further includes the following steps:

before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member, performing digest, signature and encryption processing on the key negotiation information;

specifically, the digest, signature, and encryption processing on the key agreement information specifically includes: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;

for example, negotiate Member A with a Key_iNegotiating a Key with Member A_jTransmitted key agreement information

For example, the process specifically comprises: negotiating information on a key by a hashing algorithm H (m)

After Hash operation, generate

Then passing through a signature algorithm

Negotiating Member A Using a Key_iPrivate key of

Signature generation for hash operation result

Sign information

And key agreement information

By encryption or decryption algorithms

Performing encryption processing to generate ciphertext

Correspondingly, after each key negotiation member receives the ciphertext, the received ciphertext is decrypted, signed and integrity verified, and then the key or the key parameter is calculated.

Specifically, the decrypting, signature verification, and integrity verification of the received ciphertext specifically includes: the method comprises the steps of firstly decrypting a received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then using public keys of all key negotiation members to verify the signature information, carrying out hash operation on the key negotiation information through a hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.

For example, negotiate Member A with a Key_jReceiving the key negotiation member A_iCiphertext of transmission

For example, the process specifically comprises: firstly, through an encryption and decryption algorithm

For received cipher text

Obtain signature information after decryption

And key agreement messageInformation processing device

Then negotiate member A using the key_iOf (2) a public key

For signature information

Checking the signature and negotiating information about the key by means of a hash algorithm H (m)

Also after Hash operation, generate

And the obtained result of the hash operation

Comparing and verifying the key agreement information

The integrity of (c).

In the method for implementing multi-party key agreement provided by the embodiment of the invention, in the interactive process of key agreement, for the key agreement information sent each time, a middle attacker cannot generate an effective signature of the message sent by a real communication main body by adopting a signature technology, so that the secret key agreement information cannot be pretended to be successful. And by adopting a hash function technology and an encryption technology, in the interactive process of key agreement, for the key agreement information sent each time, the sender sends the information and simultaneously sends the summary information of the information, and encrypts the information, and after the receiver receives the information, the receiver also generates the summary information of the information and compares the summary information with the received summary information, so that the key agreement information can be ensured not to be falsified by an attacker in the communication process.

Example 3:

on the basis of the foregoing embodiment 1 or embodiment 2, an embodiment of the present invention further provides a method for implementing multi-party key agreement, which is different from the foregoing embodiment 1 or embodiment 2 in that:

the key negotiation information also comprises a timestamp when the sender sends information to the receiver;

for example, negotiate Member A with a Key_iNegotiating a Key with Member A_jTransmitted key agreement information

For example, at this time, the key negotiates member A_iAs the sender, the key agreement member A_jAs the receiver, the key agreement information

Comprising a key agreement member A_iNegotiating a Key with Member A_jTime stamp for sending information

Correspondingly, after receiving the timestamp, the receiver first verifies the timestamp and then calculates the key or key parameters.

For example, negotiate Member A with a Key_jReceiving the key negotiation member A_iTimestamp of transmission

For example, at this time, the key negotiates member A_jReceipt time stamp

Then, the authentication timestamp is obtained

Whether the freshness of (d) meets the requirements.

In the method for implementing multi-party key agreement provided by the embodiment of the invention, in the process of multi-party key agreement, a fresh factor timestamp is added into each key agreement message in communication, so that each message interaction in the key agreement communication can be ensured to be a fresh message, and the replay attack of an old message is prevented.

In the foregoing embodiments, as an implementable manner, the member information is specifically ID information of a key agreement member as both communication parties; for example, negotiate Member A with a Key_iNegotiating a Key with Member A_jTransmitted key agreement information

For example, in generating key agreement information

The member information according to the time is a member A for key negotiation_iID information of (2) and Key Agreement Member A_jID information of (2).

As an implementation manner, in the key agreement information, the ID information of the appointed sender is before, and the ID information of the receiver is after; thus, it can be ensured that the information receiver can distinguish whether the information is a reflection of the message sent by the receiver.

As an implementable manner, each key agreement member does not save each result of the intermediate calculation in the key agreement process, and only saves the generated random number. For example, for key agreement member A_iKeeping only random numbers

Is not preserved

Its previous (i-1) key agreement members' key parameters.

Example 4:

when the members of the key agreement are four parties A, B, C and D, the scheme flow of the key agreement is as follows:

1.1A → B: a generating a random number r_aCalculating

K_A＝r_aG，m_AB＝ID_A||ID_B||K_A||T_AB；

Then the message is sent

Sending the data to B;

1.2B → C: b receives the message

Decrypting messages, verifying signatures, verifying messages m_ABIntegrity of, verifying timestamp T_ABThe freshness of (1). B generating a random number r_bCalculating

K′_B＝r_bK_A＝r_br_aG，m_BC＝ID_B||ID_C||K_A||K′_B||T_BC

Then the message is sent

Sending the data to C;

1.3C → D: c receiving the message

Decrypting messages, verifying signatures, verifying messages m_BCIntegrity of, verifying timestamp T_BCThe freshness of (1). C generating a random number r_cCalculating

K′_C＝r_cK′_B＝r_cr_br_aG，m_CD＝ID_C||ID_D||K_A||K′_B||K′_C||T_CD

Then the message is sent

Sending the data to D;

2.1D → C: d receiving the message

Decrypting messages, verifying signatures, verifying messages m_CDIntegrity of, verifying timestamp T_CDThe freshness of (1). D generating a random number r_dCalculating

K_ABCD＝r_dK′_C＝[r_ar_br_cr_d]G，K_D＝r_dG，

Then the message is sent

Sending the data to C;

2.2C → B: c receiving the message

Decrypting messages, verifying signatures, verifying messages m_DCIntegrity of, verifying timestamp T_DCThe freshness of (1). Computing

Then the message is sent

Sending the data to B;

2.3B → A: b receives the message

Decrypting messages, verifying signatures, verifying messages m_CBIntegrity of, verifying timestamp T_CBThe freshness of (1). Computing

Then the message is sent

Sending the signal to A;

2.4A receive message

Decrypting messages, verifying signatures, verifying messages m_BAIntegrity of, verifying timestamp T_BAThe freshness of (1). Computing

Wherein, ID_A、ID_B、ID_C、ID_DThe IDs of members A, B, C, D, respectively; g is a base point with prime number n on the order of the elliptic curve E; r is_a、r_b、r_c、r_dIs a random number, r_a、r_b、r_c、

For cryptographic algorithms, here K_ijFor encryption and decryption keys, i can be member A, B, C, D, and j can also be member A, B, C, D; t is_ijFor time stamp, i can be member A, B, C, D, j can also be member A, B, C, D; h (m) is a secure hash function. Sig_i(m) elliptic curve-based signature algorithm for member i, which may be member A, B, C, D; k_ABCDConference key negotiated for member A, B, C, D.

The key agreement process of the embodiment of the invention stipulates that the identity of the sender is prior and the information of the receiver is later in the key agreement information, so as to ensure that an information receiver can distinguish whether the information is the reflection of the message sent by the receiver.

Example 5:

as shown in fig. 1 and 2, when the member performing key agreement is a₁、A₂、……A_m-1、A_mThe specific implementation process is as follows:

A₁→A₂：A₁generating random numbers

Computing

Then the message is sent

Is sent to A₂；

A₂→A₃：A₂Receiving a message

Decrypting messages, verifying signatures, verifying messages

Integrity of, verifying the timestamp

The freshness of (1). A. the₂Generating random numbers

Computing

Then the message is sent

SendingTo A₃；

A₃→A₄：A₃Receiving a message

Decrypting messages, verifying signatures, verifying messages

Integrity of, verifying the timestamp

The freshness of (1). A. the₃Generating random numbers

Computing

Then the message is sent

Is sent to A₄；

A₄→A₅：A₄Receiving a message

Decrypting messages, verifying signatures, verifying messages

Integrity of, verifying the timestamp

The freshness of (1). A. the₄Generating random numbers

Computing

Then the message is sent

Is sent to A₅；

…………

A_m-1→A_m：A_m-1Receiving a message

Decrypting messages, verifying signatures, verifying messages

Integrity of, verifying the timestamp

The freshness of (1). A. the_m-1Generating random numbers

Computing

Then the message is sent

Is sent to A_m；

A_m→A_m-1：A_mReceiving a message

Decrypting messages, verifying signatures, verifying messages

The integrity of,Verifying a timestamp

The freshness of (1). A. the_mGenerating random numbers

Computing

Then the message is sent

Is sent to A_m-1；

A_m-1→A_m-2：A_m-1Receiving a message

Decrypting messages, verifying signatures, verifying messages

Integrity of, verifying the timestamp

The freshness of (1). Computing

Then the message is sent

Is sent to A_m-2；

…………

A₃→A₂：A₃Receiving a message

Decrypting messages, verifying signatures, verifying messages

Integrity of, verifying the timestamp

The freshness of (1). Computing

Then the message is sent

Is sent to A₂；

A₂→A₁：A₂Receiving a message

Decrypting messages, verifying signatures, verifying messages

Integrity of, verifying the timestamp

The freshness of (1). Computing

Then the message is sent

Is sent to A₁；

A₁Receiving a message

Decrypting messages, verifying signatures, verifying messages

Integrity of, verifying the timestamp

The freshness of (1). Computing

It should be noted that, in the key agreement process, each key agreement member does not need to store the intermediate variables of the calculation, but only stores the generated random numbers

And (4) finishing.

Example 6:

when the group member is taken as a unit to carry out key negotiation, the conditions of two parties, three parties and multiple parties also exist, the three-party member key negotiation scheme based on the elliptic curve is used for establishing the three-party group member key exchange scheme based on the elliptic curve, and the conditions of the two parties and the multiple parties can be established according to the reference.

Assuming that the group members are { a1, a2, A3, a4, a5, B1, B2, B3, C1, C2}, grouping the members according to the relevant attributes of the group members, assuming that the members can be divided into A, B, C three groups, a ═ { a1, a2, A3, a4, a5}, B ═ { B1, B2, B3}, C ═ C1, C2}, and selecting A, B, C three groups as a1, B1, C1, respectively.

The three-party group member key exchange scheme based on the elliptic curve is established according to the following process.

Step1：

1.1 for group a, since group a has 5 bit members, a key between the 5 bit members in group a can be established according to the elliptic curve-based multi-party member key agreement scheme in embodiment 5, and is denoted as a _ CK;

1.2 for group B, because group B has 3-bit members, a key between 3-bit members in group B can be established according to the elliptic curve-based three-party member key agreement scheme in embodiment 5, and is denoted as B _ CK;

1.3 for group C, since group C has 2-bit members, a key between 2-bit members in group C can be established according to the elliptic curve-based two-party member key agreement scheme in embodiment 5, and is denoted as C _ CK;

Step2：

2.1, representing three group members of A1, B1 and C1 by A, B, C groups, and establishing keys among A1, B1 and C1, which are denoted as ABC _ CK, according to the elliptic curve-based three-party member key agreement scheme in embodiment 5;

2.2 remember m_A＝ID_A1||ABC_CK||T_AHere ID_A1ID of A1, T_AFor time stamping, A1 is in the form of a broadcastForm message

Sending the ABC _ CK to the members of the group A, and obtaining ABC _ CK through respective calculation of the members;

2.3 note m_B＝ID_B1||ABC_CK||T_BHere ID_B1ID of B1, T_BFor time stamping, B1 plays the message in a streaming form

Sending the ABC _ CK to the members of the group B, and obtaining ABC _ CK through respective calculation of the members;

2.4 note m_C＝ID_C1||ABC_CK||T_CHere ID_C1ID of C1, T_CFor time stamping, C1 broadcasts the message in a form of a broadcast

And sending the ABC _ CK to the members of the group C, and obtaining ABC _ CK by the respective calculation of the members.

Example 7:

corresponding to the above method for implementing multi-party key agreement, an embodiment of the present invention further provides a system for implementing multi-party key agreement, including: the device comprises a plurality of random number generation modules, a plurality of calculation modules and a plurality of key negotiation information generation modules;

a first random number generation module for key negotiation member A₁Generating random numbers

A first calculation module for generating key parameters

G is a base point with a prime number n of an order on the elliptic curve; a first key negotiation information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A₂；

A second random number generation module for key negotiation member A₂Generating random numbers

A second calculation module for calculating key parameters

A second key agreement information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A₃；

The ith random number generation module is used for the key negotiation member A_iGenerating random numbers

An ith calculation module for negotiating the member A according to the key_i-1Key parameter of

Calculating its key parameters

An ith key agreement information generation module for passing the key parameters of its previous (i-1) key agreement members, its own key parameters

Generating key negotiation information with member information

And sends to the next key negotiation member A_i+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;

the mth random number generation module is used for the key negotiation member A_mGenerating random numbers

An mth calculation module for calculating the obtained key

Computing

The mth key negotiation information generation module is used for the key negotiation member A_mBy passing

Generating key negotiation information with member information

And sends to the key agreement member A_m-1；

M-1 th calculation module for key agreement member A_m-1Calculating a secret key

M-1 key agreement information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A_m-2；

A jth calculation module for key negotiation member A_jCalculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the next key negotiation member A_j-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;

a second calculation module for key agreement member A₂Calculating a secret key

Computing

A second key agreement information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A₁；

A first calculation module for key agreement member A₁Calculating a secret key

The system for realizing the multi-party key agreement provided by the embodiment of the invention can divide the process of the multi-party key agreement into a forward process and a reverse process, and sequentially transmit information required by subsequent key agreement members, thereby effectively realizing the key agreement of the multi-party members; and by selecting a safe elliptic curve, on the basis of the safe elliptic curve, the difficulty of discrete logarithm on the elliptic curve can effectively ensure the security of the key parameter in the communication process.

Example 8:

on the basis of the foregoing embodiment 7, an embodiment of the present invention further provides a system for implementing multi-party key agreement, which is different from the foregoing embodiment 7 in that the system further includes a first security module and a second security module; wherein:

the first security module is used for performing digest, signature and encryption processing on the key negotiation information before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member; and the system is used for decrypting, checking and verifying the integrity of the received ciphertext after each key negotiation member receives the ciphertext.

Specifically, the digest, signature, and encryption processing are performed on the key agreement information, specifically: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; and encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext.

Decrypting, checking and integrity verifying the received ciphertext, specifically comprising: decrypting the received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then verifying the signature information by using the public key of each key negotiation member, performing hash operation on the key negotiation information through the hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.

In order to prevent replay attack of the old message, the key negotiation information also comprises a time stamp when the sender sends the information to the receiver; thus, the second security module is configured to verify the timestamp after the receiving party receives the timestamp.

It should be noted that the system for implementing multi-party key agreement provided by the present invention is for implementing the above method embodiments, and the functions thereof may specifically refer to the above method embodiments, and are not described herein again.

Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A method for realizing multi-party key agreement is characterized in that m key agreement members { A }₁,A₂,…,A_m-said method comprising: a forward transmission process and a reverse transmission process;

the forward transmission process comprises the following steps:

key agreement member A₁Generating random numbers

Then generating key parameters

By passing

Generating key negotiation information with member information

And sends to the key agreement member A₂(ii) a G is a base point with a prime number n of an order on the elliptic curve;

key agreement member A₂Generating random numbers

Calculating key parameters

By passing

Generating key negotiation information with member information

And sends to the key agreement member A₃；

Continuing so, key agreement member A_iGenerating random numbers

Negotiating Member A based on a Key_i-1Key parameter of

Calculating its key parameters

Key parameter of the member negotiating with its previous (i-1) keys, key parameter of itself

Generating key negotiation information with member information

And sends to the next key negotiation member A_i+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;

key agreement member A_mGenerating random numbers

Calculating a secret key

Computing

The reverse transmission process comprises:

key agreement member A_mBy passing

Generating key negotiation information with member information

And sends to the key agreement member A_m-1；

Key agreement member A_m-1Calculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the key agreement member A_m-2；

Continuing so, key agreement member A_jCalculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the next key negotiation member A_j-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;

key agreement member A₂Calculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the key agreement member A₁；

Key agreement member A₁Calculating a secret key

2. The method of claim 1, further comprising:

before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member, performing digest, signature and encryption processing on the key negotiation information;

correspondingly, after each key negotiation member receives the ciphertext, the received ciphertext is decrypted, signed and integrity verified, and then the key or the key parameter is calculated.

3. The method of claim 2,

the digest, signature and encryption processing of the key negotiation information specifically includes: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;

the decrypting, signature verification and integrity verification of the received ciphertext specifically comprises: the method comprises the steps of firstly decrypting a received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then using public keys of all key negotiation members to verify the signature information, carrying out hash operation on the key negotiation information through a hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.

4. The method according to any one of claims 1-3, wherein the key agreement information further includes a timestamp when the sender sends the information to the receiver;

correspondingly, after receiving the timestamp, the receiver first verifies the timestamp and then calculates the key or key parameters.

5. The method according to claim 1, wherein the member information refers to ID information of a key agreement member as both parties of communication.

6. The method of claim 1, wherein each key agreement member does not save each result of the intermediate calculation during the key agreement process, but only saves the generated random number.

7. A system for implementing multi-party key agreement is characterized by comprising:

a first random number generation module for key negotiation member A₁Generating random numbers

A first calculation module for generating key parameters

G is a base point with a prime number n of an order on the elliptic curve; a first key negotiation information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A₂；

A second random number generation module for key negotiation member A₂Generating random numbers

A second calculation module for calculating key parameters

A second key agreement information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A₃；

The ith random number generation module is used for the key negotiation member A_iGenerating random numbers

An ith calculation module for negotiating the member A according to the key_i-1Key parameter of

Calculating its key parameters

An ith key agreement information generation module for passing the key parameters of its previous (i-1) key agreement members, its own key parameters

Generating key negotiation information with member information

And sends to the next key negotiation member A_i+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;

the mth random number generation module is used for the key negotiation member A_mGenerating random numbers

An mth calculation module for calculating the obtained key

Computing

Mth key agreement information generationA module for key agreement member A_mBy passing

Generating key negotiation information with member information

And sends to the key agreement member A_m-1；

M-1 th calculation module for key agreement member A_m-1Calculating a secret key

Computing

M-1 key agreement information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A_m-2；

A jth calculation module for key negotiation member A_jCalculating a secret key

Computing

By passing

Generating key negotiation information with member information

And sends to the next key negotiation member A_j-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;

a second calculation module for key agreement member A₂Calculating a secret key

Computing

A second key agreement information generation module for passing through

Generating key negotiation information with member information

And sends to the key agreement member A₁；

A first calculation module for key agreement member A₁Calculating a secret key

8. The system of claim 7, further comprising:

the first security module is used for performing digest, signature and encryption processing on the key negotiation information before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member; and after each key negotiation member receives the ciphertext, decrypting, checking the signature and verifying the integrity of the received ciphertext.

9. The system of claim 8, wherein the first security module is specifically configured to:

performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;

and the encryption and decryption module is specifically configured to decrypt the received ciphertext through an encryption and decryption algorithm to obtain signature information and key agreement information, then verify the signature information using the public key of each key agreement member, perform hash operation on the key agreement information through the hash algorithm to generate a second hash operation result, and compare the first hash operation result with the second hash operation result to verify the integrity of the key agreement information.

10. The system according to any one of claims 7-9, wherein the key agreement information further includes a time stamp of when the sender sends information to the receiver; correspondingly, the system further comprises:

and the second safety module is used for verifying the time stamp after the receiving party receives the time stamp.

Images