CN112926075A - SM9 key generation method, device, equipment and storage medium - Google Patents

SM9 key generation method, device, equipment and storage medium Download PDF

Info

Publication number
CN112926075A
CN112926075A CN202110326135.7A CN202110326135A CN112926075A CN 112926075 A CN112926075 A CN 112926075A CN 202110326135 A CN202110326135 A CN 202110326135A CN 112926075 A CN112926075 A CN 112926075A
Authority
CN
China
Prior art keywords
key
management
fragment
process data
matrix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110326135.7A
Other languages
Chinese (zh)
Other versions
CN112926075B (en
Inventor
王现方
涂彬彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronics Technology Network Security Technology Co ltd
Original Assignee
Chengdu Westone Information Industry Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Westone Information Industry Inc filed Critical Chengdu Westone Information Industry Inc
Priority to CN202110326135.7A priority Critical patent/CN112926075B/en
Publication of CN112926075A publication Critical patent/CN112926075A/en
Application granted granted Critical
Publication of CN112926075B publication Critical patent/CN112926075B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure discloses an SM9 key generation method, device, equipment and storage medium. The method is applied to a key using end and comprises the following steps: obtaining key fragment generation parameters; calculating a using end key fragment according to the key fragment generation parameters; acquiring a management terminal key fragment generated by a key management terminal; a resulting key satisfying the SM9 standard is generated based on the use side key fragment and the management side key fragment. The result key used by the key using end is generated by the key fragments of the key using end and the key management end, so the key management end can not recover the key of the key using end only through the key fragment of the management end, and the method relatively ensures the safety of the result key used by the key using end. In addition, the present disclosure also provides an SM9 key generation apparatus, device, and storage medium, which have the same advantageous effects as described above.

Description

SM9 key generation method, device, equipment and storage medium
Technical Field
The present disclosure relates to the field of cryptography, and in particular, to a method, an apparatus, a device, and a storage medium for generating an SM9 key.
Background
The design idea of modern cryptography generally attributes the security of data to the key used for encrypting the data, and cryptographic algorithms are often open, so how to generate the key safely and effectively is a key concern in the field of data security at present.
In the process of generating a key based on a cryptographic algorithm by the current cryptographic SM9, the key used by the key user is usually generated and distributed by the key management terminal, and therefore the key user cannot participate in the key generation process, and therefore cannot autonomously restrict the key generation, and it is difficult to ensure the security of the key. In the existing solutions, a key is often generated in a manner of combining two or more key management ends, but such solutions still may have a problem of generating a key through collusion between the key management ends, that is, a plurality of key management ends can recover a user's key through collusion, and it is still difficult to ensure the security of the key.
It can be seen that providing an SM9 key generation method to ensure the security of generated keys is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
An object of the present disclosure is to provide an SM9 key generation method, apparatus, device, and storage medium to ensure security of generated keys.
In order to solve the above technical problem, the present disclosure provides an SM9 key generation method, applied to a key using end, including:
obtaining key fragment generation parameters;
calculating a using end key fragment according to the key fragment generation parameters;
acquiring a management terminal key fragment generated by a key management terminal;
a resulting key satisfying the SM9 standard is generated based on the use side key fragment and the management side key fragment.
Preferably, obtaining the key fragment generation parameter includes:
acquiring a private key of a user end and a random number of the user end;
correspondingly, the method for calculating the using end key fragment according to the key fragment generation parameters comprises the following steps:
based on an accidental transmission protocol, using a private key of a user terminal and a random number of the user terminal to jointly generate process data of the user terminal, and transmitting the process data to a key management terminal;
acquiring management end process data which is transmitted by a key management end and generated based on a management end private key and a management end random number;
generating a using end key fragment based on using end process data, management end process data and using end random numbers;
correspondingly, acquiring the management terminal key fragment generated by the key management terminal comprises the following steps:
sending the key fragment of the user end to a key management end;
and acquiring a management terminal key fragment generated by the key management terminal based on the using terminal key fragment, the using terminal process data, the management terminal process data and the management terminal random number.
Preferably, based on the careless transmission protocol, the process data of the user terminal is jointly generated by using the private key of the user terminal and the random number of the user terminal, and is transmitted to the key management terminal, including:
randomly generating a first matrix;
generating a second matrix based on the first matrix, the private key of the using end and the random number of the using end;
taking the column vectors of the first matrix and the second matrix as input data of an inadvertent transmission protocol to obtain process data of a using end;
and transmitting the process data of the user end to the key management end.
Preferably, before randomly generating the first matrix, the method further comprises:
respectively converting a private key of a user end and a random number of the user end into binary forms;
accordingly, the first matrix comprises a first bit matrix and the second matrix comprises a second bit matrix.
Preferably, generating a result key satisfying the SM9 standard based on the using side key fragment and the managing side key fragment includes:
a resulting private key satisfying the SM9 standard is generated based on the use side key fragment and the management side key fragment.
In addition, the present disclosure also provides an SM9 key generation apparatus, applied to a key using end, including:
the parameter acquisition module is used for acquiring key fragment generation parameters;
the first segment acquisition module is used for calculating a using end key segment according to the key segment generation parameters;
the second fragment acquisition module is used for acquiring a management terminal key fragment generated by a key management terminal;
and the key generation module is used for generating a result key meeting the SM9 standard based on the using end key segment and the management end key segment.
Preferably, the parameter obtaining module includes:
the parameter acquisition submodule is used for acquiring a private key of a user terminal and a random number of the user terminal;
accordingly, a first segment acquisition module comprises:
the protocol transmission module is used for generating the process data of the using end by using the private key of the using end and the random number of the using end based on the careless transmission protocol and transmitting the process data to the key management end;
the process data acquisition module is used for acquiring management end process data which is transmitted by the key management end and generated based on a management end private key and a management end random number;
the using end segment generating module is used for generating using end key segments based on the using end process data, the management end process data and the using end random numbers;
accordingly, the second segment obtaining module comprises:
the using end fragment sending module is used for sending the using end key fragment to the key management end;
and the management terminal fragment acquisition module is used for acquiring a management terminal key fragment generated by the key management terminal based on the using terminal key fragment, the using terminal process data, the management terminal process data and the management terminal random number.
Preferably, the protocol transmission module includes:
the first matrix generation module is used for randomly generating a first matrix;
the second matrix generation module is used for generating a second matrix based on the first matrix, the private key of the using end and the random number of the using end;
the matrix processing module is used for taking the column vectors of the first matrix and the second matrix as input data of an inadvertent transmission protocol to obtain process data of a using end;
and the process data transmission module is used for transmitting the process data of the user end to the key management end.
In addition, the present disclosure also provides a key using end device, including:
a memory for storing a computer program;
a processor for implementing the steps of the SM9 key generation method as described above when executing the computer program.
Furthermore, the present disclosure also provides a computer-readable storage medium having stored thereon a computer program, which when executed by a processor implements the steps of the key generation method as described above.
The SM9 key generation method provided by the present disclosure is applied to a key using end, firstly, key segment generation parameters are obtained, a key segment of the using end is calculated according to the key segment generation parameters, further, a key segment of a management end generated by a key management end is obtained, and a result key meeting the SM9 standard is generated based on the key segment of the using end and the key segment of the management end. The result key used by the key using end is generated by the key fragments of the key using end and the key management end, so that the key management end can not recover the key of the key using end only through the key fragment of the management end, and the safety of the result key used by the key using end is relatively ensured. In addition, the present disclosure also provides an SM9 key generation apparatus, device, and storage medium, which have the same advantageous effects as described above.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure, the drawings needed for the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present disclosure, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of a SM9 key generation method disclosed in an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of an SM9 key generation apparatus disclosed in an embodiment of the present disclosure;
fig. 3 is a block diagram of a key consumer disclosed in an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present disclosure without any creative effort belong to the protection scope of the present disclosure.
In the process of generating a key based on a cryptographic algorithm by the current cryptographic SM9, the key used by the key user is usually generated and distributed by the key management terminal, and therefore the key user cannot participate in the key generation process, and therefore cannot autonomously restrict the key generation, and it is difficult to ensure the security of the key. In the existing solutions, a key is often generated in a manner of combining two or more key management ends, but such solutions still may have a problem of generating a key through collusion between the key management ends, that is, a plurality of key management ends can recover a user's key through collusion, and it is still difficult to ensure the security of the key.
To this end, the core of the present disclosure is to provide an SM9 key generation method to ensure the security of the generated keys.
The present disclosure is described in further detail below with reference to the accompanying drawings and detailed description, in order to enable those skilled in the art to better understand the disclosure.
Referring to fig. 1, an embodiment of the present disclosure discloses an SM9 key generation method applied to a key using end, including:
step S10: and acquiring key fragment generation parameters.
It should be noted that the key fragment generation parameters obtained in this step refer to parameters required for generating a key fragment corresponding to a key using end in a subsequent step, that is, a key fragment at the using end, and the key fragment generation parameters include, but are not limited to, a cyclic group, a generator parameter, a random number, and the like.
Step S11: and calculating the using end key fragment according to the key fragment generation parameters.
After the key fragment generation parameters are obtained, the user-side key fragment is further calculated according to the key fragment generation parameters, and the user-side key fragment is used for further generating a result key according to the user-side key fragment and the management-side key fragment transmitted by the key management side in the subsequent steps.
Step S12: and acquiring a management terminal key fragment generated by a key management terminal.
In the step, the generated management terminal key fragment is obtained in the key management terminal and is used for generating a result key based on the use terminal key fragment and the management terminal key fragment in the subsequent steps. The number of the key management terminals may be 1 or more, and is determined according to the actual situation, and is not specifically limited herein.
Step S13: a resulting key satisfying the SM9 standard is generated based on the use side key fragment and the management side key fragment.
It should be noted that SM9 (quotient password No. 9 algorithm) is an identification cryptographic standard, and in a commercial cryptosystem, SM9 is suitable for security guarantee of various emerging applications of internet applications. Such as password service based on cloud technology, e-mail security, intelligent terminal protection, internet of things security, cloud storage security, and the like. The embodiment further improves the security of generating the key based on the SM standard.
After the key segment of the user terminal is obtained by calculation according to the key segment generation parameters and the key segment of the management terminal generated by the key management terminal is obtained, the key segment of the user terminal and the key segment of the management terminal are further used to generate a result key meeting the SM9 standard, so that the purpose that the result key is generated by the key management terminal and the key user terminal together is achieved.
The SM9 key generation method provided by the present disclosure is applied to a key using end, firstly, key segment generation parameters are obtained, a key segment of the using end is calculated according to the key segment generation parameters, further, a key segment of a management end generated by a key management end is obtained, and a result key meeting the SM9 standard is generated based on the key segment of the using end and the key segment of the management end. The result key used by the key using end is generated by the key fragments of the key using end and the key management end, so that the key management end can not recover the key of the key using end only through the key fragment of the management end, and the safety of the result key used by the key using end is relatively ensured.
On the basis of the foregoing embodiment, as a preferred implementation, generating a result key satisfying the SM9 standard based on the use side key fragment and the management side key fragment includes:
a resulting private key satisfying the SM9 standard is generated based on the use side key fragment and the management side key fragment.
It should be noted that the key using end generates a result key meeting the SM9 standard based on the key fragment of the using end and the key fragment of the management end, specifically, the result key is a private key of the key using end, that is, a result private key, and the result private key is a key used by the key using end to decrypt or sign data. The embodiment further improves the reliability of the mechanism for encrypting and signing based on the sub-symmetric key.
On the basis of the foregoing embodiment, as a preferred implementation manner, obtaining the key fragment generation parameter includes:
acquiring a private key of a user end and a random number of the user end;
correspondingly, the method for calculating the using end key fragment according to the key fragment generation parameters comprises the following steps:
based on an accidental transmission protocol, using a private key of a user terminal and a random number of the user terminal to jointly generate process data of the user terminal, and transmitting the process data to a key management terminal;
acquiring management end process data which is transmitted by a key management end and generated based on a management end private key and a management end random number;
generating a using end key fragment based on using end process data, management end process data and using end random numbers;
correspondingly, acquiring the management terminal key fragment generated by the key management terminal comprises the following steps:
sending the key fragment of the user end to a key management end;
and acquiring a management terminal key fragment generated by the key management terminal based on the using terminal key fragment, the using terminal process data, the management terminal process data and the management terminal random number.
In this embodiment, the key fragment generation parameters acquired by the key using end are specifically a private key of the using end and a random number of the using end. The private key of the user end may be a private key generated by the key user end based on a specific logic in advance, and the identity of the key user end can be uniquely characterized.
When the user-side key fragment is calculated according to the key fragment generation parameters, specifically, based on an accidental transmission protocol, user-side process data is generated by using a user-side private key and a user-side random number together and transmitted to the key management side, so that management-side process data which is transmitted by the key management side and generated based on the management-side private key and the management-side random number is further obtained, and the user-side key fragment is generated based on the user-side process data, the management-side process data and the user-side random number. The inadvertent transmission protocol is a two-party communication protocol capable of protecting privacy, and enables two communication parties to transmit messages in a selective fuzzification mode. The inadvertent transmission protocol is a basic protocol of cryptography, which allows the recipient of the service to inadvertently obtain certain messages entered by the sender of the service, thus protecting the privacy of the recipient from the sender's knowledge. That is to say, in the present embodiment, the key user performs hidden transmission on the private key of the key user by using the random number of the key user based on the careless transmission protocol, so as to ensure that the key management user cannot learn the private key of the key user. In addition, the management-side process data is generated by the key management side based on the management-side private key and the management-side random number, and the meaning of generating the management-side process data is to hide the management-side private key based on the management-side random number, wherein the management-side private key can be a private key generated by the key management side based on specific logic in advance.
Furthermore, in this embodiment, when acquiring the management-side key fragment generated by the key management side, the use-side key fragment is specifically sent to the key management side, and then the management-side key fragment generated by the key management side based on the use-side key fragment, the use-side process data, the management-side process data, and the management-side random number is acquired.
The implementation manner is essentially that on the premise that the private key of the key using end cannot obtain the private key of the management end of the key management end, and the private key of the key using end cannot be obtained by the key management end, the key using end and the key management end commonly operate on the basis of the key fragment of the using end derived from the private key of the using end and the key fragment of the management end derived from the private key of the management end to obtain the result key. The reliability of the process of generating the resulting key is further improved.
On the basis of the above embodiment, as a preferred embodiment, based on an inadvertent transmission protocol, generating and transmitting using-side process data by using a using-side private key and a using-side random number together to a key management side includes:
randomly generating a first matrix;
generating a second matrix based on the first matrix, the private key of the using end and the random number of the using end;
taking the column vectors of the first matrix and the second matrix as input data of an inadvertent transmission protocol to obtain process data of a using end;
and transmitting the process data of the user end to the key management end.
It should be noted that, in the process of generating the using-side process data by using the using-side private key and the using-side random number together based on the oblivious transmission protocol and transmitting the using-side process data to the key management side, the key management side generates the first matrix in a random manner, that is, the value of each element in the first matrix is a random value, and further generates the second matrix based on the first matrix, the using-side private key and the using-side random number, so as to further establish the association relationship among the first matrix, the using-side private key and the using-side random number through the second matrix, further, the embodiment takes the column vectors of the first matrix and the second matrix as the input data of the oblivious transmission protocol to obtain the using-side process data, so as to relatively reduce the total amount of the input data, thereby reducing the number of calls for the oblivious transmission protocol, and the efficiency of the generation of the resulting key is improved.
On the basis of the foregoing embodiment, as a preferred embodiment, before randomly generating the first matrix, the method further includes:
respectively converting a private key of a user end and a random number of the user end into binary forms;
accordingly, the first matrix comprises a first bit matrix and the second matrix comprises a second bit matrix.
It should be noted that, in this embodiment, before the first matrix is randomly generated, the user-side private key and the user-side random number are respectively converted into binary forms, and then a first bit matrix whose elements are random binary numbers is generated, and then a second bit matrix is generated based on the first bit matrix, the user-side private key and the user-side random number, and column vectors of the first bit matrix and the second bit matrix are used as input data of an inadvertent transmission protocol to obtain user-side process data, and finally the user-side process data is transmitted to the key management side. In the present embodiment, the first matrix is a first bit matrix composed of binary number elements, and the second matrix is a second bit matrix composed of binary number elements, so that it is possible to ensure that the column vectors of the first bit matrix and the second bit matrix are used as input data of an inadvertent transmission protocol, and the overall operation efficiency and operation result reliability of the process data process of the user terminal are obtained. Thereby ensuring the reliability of the resulting key generated.
In order to further improve understanding of some of the above embodiments, the present disclosure further provides a scenario embodiment in a specific application scenario for further explanation.
The idea of the technical scheme is that the generation of the private key of the key using end is generated by the joint calculation of the key using end and the key management end, and the finally generated private key is only mastered by the key using end through interactive communication and meets the standard format of the SM9 private key.
In the SM9 standard, the key usage side private key is generated as follows: g1 and G2 are both N-order cyclic groups, and N is a prime number; p1 and P2 are producers of G1 and G2, respectively. The key management end generates a random number ks E [1, N-1 ∈]As the system master private key, Ppub=[ks]P2As the master public key. hid denotes a private key generating function identifier, H is a cryptographic function derived from a hash function, and the image set is [1, N-1 ]]Let the ID be the ID of the key user endAThe key management side calculates t1=H(IDA||hid,N)+ks,t2=ks t1 -1mod N, the private key at the key using end is dsA=[t2]P1
Order to
Figure BDA0002994733850000091
Representing a modulo-2 addition of bits in a bit vector. In the process of jointly generating the private key by the key using end and the key management end, the private key of the key using end is assumed to be ks1∈[1,N-1]The main private key of the key management end is ks2∈[1,N-1]The specific process is as follows:
1. key user IDAGenerating a random number R1∈[1,N-1]The key management end generates a random number R2∈[1,N-1];
2. Key management end generates random number ai,bi∈[1,N-1]I is more than or equal to 0 and less than or equal to 255, such that
Figure BDA0002994733850000092
Order to
Figure BDA0002994733850000093
3. Ks of key user1Is denoted as alpha0α1...α255,R1Is denoted as beta0β1...β255(ii) a Let r be (r)1,r2,......r512)=(α0α1...α255β0β1...β255);
4. The key using end generates two bit matrixes T512×k=(tij),U512×k=(uij) Let us order
Figure BDA0002994733850000094
Respectively, the ith row of the matrix is represented,
Figure BDA0002994733850000095
representing the jth column of the matrix. These two matrices have the following properties if riWhen the value is equal to 0, then
Figure BDA0002994733850000096
Figure BDA0002994733850000097
If ri1, then
Figure BDA0002994733850000098
Wherein 1 iskRepresenting a full 1 column vector of k length. k is a positive integer, and is related to the safety level, and the selectable range is 128-256.
5. The key using end will
Figure BDA0002994733850000099
As message inputs for k inadvertent transport protocols; generating a k-long random bit vector s by a key management end, and taking the s as the selection input of an accidental transmission protocol; the final key management end obtains a matrix Q ═ Q (Q)ij) When Q has the following properties:if riWhen being equal to 0, then there is
Figure BDA0002994733850000101
If riWhen 1, then there are
Figure BDA0002994733850000102
The k protocols can be performed in parallel;
6. the key management end is to
Figure BDA0002994733850000103
Sending the key to a key using end, wherein i is more than or equal to 0 and less than or equal to 511;
7. key consumer computation H (q)i) If r isiCalculate when 0
Figure BDA0002994733850000104
If riCalculate 1 ═ then
Figure BDA0002994733850000105
The final effect is thus: key using end from
Figure BDA0002994733850000106
In selection
Figure BDA0002994733850000107
From
Figure BDA0002994733850000108
In selection
Figure BDA0002994733850000109
Key using end note
Figure BDA00029947338500001010
Figure BDA00029947338500001011
Key management terminal note
Figure BDA00029947338500001012
In fact, x1+x2=ks1R2,y1+y2=(ks2+H(IDA||hid,N))R1
8. Key using end delta1=ks1R1+x1+y1Sending the data to a key management end, and sending delta to the key management end2=(ks2+H(IDA||hid,N))R2+x2+y2Sending the key to a key using end;
9. secret key using end calculating T1=(δ12)-1R1Will [ T ]1]P2Sending the key to a key management end;
10. key management side calculates T2=(δ12)-1R2Will [ T ]2]P2And ks2([T1]P2+[T2]P2) Sending to the key user
11. Key usage ds calculationA=ks1([T1]P2+[T2]P2)+ks2([T1]P2+[T2]P2) The final calculated private key of the key using end after the process is used as the private key is as follows:
dsA=ks1([T1]P2+[T2]P2)+ks2([T1]P2+[T2]P2)=[(ks1+ks2)(ks1+ks2+H(IDA||hid,N))-1]P2
this is consistent with the private key format of SM9, where the public key corresponding to the private key of the key user is Ppub=[ks1]P1+[ks2]P2
Referring to fig. 2, an embodiment of the present disclosure provides an SM9 key generation apparatus 200, applied to a key using end, including:
a parameter obtaining module 210, configured to obtain a key fragment generation parameter;
a first segment obtaining module 220, configured to calculate a user-side key segment according to the key segment generation parameter;
a second fragment obtaining module 230, configured to obtain a management-side key fragment generated by a key management side;
a key generation module 240, configured to generate a result key that satisfies the SM9 standard based on the use-side key fragment and the management-side key fragment.
As a preferred embodiment, the parameter obtaining module 210 includes:
the parameter acquisition submodule is used for acquiring a private key of a user terminal and a random number of the user terminal;
accordingly, the first segment obtaining module 220 includes:
the protocol transmission module is used for generating the process data of the using end by using the private key of the using end and the random number of the using end based on the careless transmission protocol and transmitting the process data to the key management end;
the process data acquisition module is used for acquiring management end process data which is transmitted by the key management end and generated based on a management end private key and a management end random number;
the using end segment generating module is used for generating using end key segments based on the using end process data, the management end process data and the using end random numbers;
accordingly, the second segment obtaining module 230 includes:
the using end fragment sending module is used for sending the using end key fragment to the key management end;
and the management terminal fragment acquisition module is used for acquiring a management terminal key fragment generated by the key management terminal based on the using terminal key fragment, the using terminal process data, the management terminal process data and the management terminal random number.
As a preferred embodiment, the protocol transmission module includes:
the first matrix generation module is used for randomly generating a first matrix;
the second matrix generation module is used for generating a second matrix based on the first matrix, the private key of the using end and the random number of the using end;
the matrix processing module is used for taking the column vectors of the first matrix and the second matrix as input data of an inadvertent transmission protocol to obtain process data of a using end;
and the process data transmission module is used for transmitting the process data of the user end to the key management end.
The SM9 key generation device provided by the disclosure is applied to a key using end, firstly, key fragment generation parameters are obtained, a key fragment of the using end is calculated according to the key fragment generation parameters, further, a key fragment of a management end generated by a key management end is obtained, and a result key meeting the SM9 standard is generated based on the key fragment of the using end and the key fragment of the management end. The result key used by the key using end is generated by the key fragments of the key using end and the key management end, so that the key management end can not recover the key of the key using end only through the key fragment of the management end, and the safety of the result key used by the key using end is relatively ensured.
Fig. 3 is a block diagram illustrating a key consumer 300 according to an example embodiment. As shown in fig. 3, the key consumer 300 may include: a processor 301 and a memory 302. The key consumer 300 may further comprise one or more of a multimedia component 303, an input/output (I/O) interface 304, and a communication component 305.
The processor 301 is configured to control the overall operation of the key client 300, so as to complete all or part of the steps in the SM9 key generation method. The memory 302 is used to store various types of data to support the operation of the key consumer 300, such data may include, for example, instructions for any application or method operating on the key consumer 300, as well as application-related data, such as contact data, messaging, pictures, audio, video, and so forth. The Memory 302 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia components 303 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 302 or transmitted through the communication component 305. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 304 provides an interface between the processor 301 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 305 is used for wired or wireless communication between the key consumer 300 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G or 4G, or a combination of one or more of them, so that the corresponding Communication component 305 may include: Wi-Fi module, bluetooth module, NFC module.
In an exemplary embodiment, the key usage Device 300 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components, for executing the SM9 key generation method.
In another exemplary embodiment, there is also provided a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the SM9 key generation method described above. For example, the computer readable storage medium may be the above-mentioned memory 302 including program instructions executable by the processor 301 of the key client device 300 to perform the above-mentioned SM9 key generation method.
Furthermore, the present disclosure also provides a computer-readable storage medium having stored thereon a computer program, which when executed by a processor implements the steps of the key generation method as described above.
The computer-readable storage medium provided by the present disclosure is applied to a key using end, and first obtains a key fragment generation parameter, and calculates a key fragment of the using end according to the key fragment generation parameter, and further obtains a key fragment of a management end generated by a key management end, and generates a result key satisfying the SM9 standard based on the key fragment of the using end and the key fragment of the management end. The result key used by the key using end is generated by the key fragments of the key using end and the key management end, so that the key management end can not recover the key of the key using end only through the key fragment of the management end, and the safety of the result key used by the key using end is relatively ensured.
The SM9 key generation method, apparatus, device and storage medium provided by the present disclosure are described in detail above. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present disclosure without departing from the principle of the present disclosure, and such improvements and modifications also fall within the scope of the claims of the present disclosure.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.

Claims (10)

1. An SM9 key generation method applied to a key using end comprises the following steps:
obtaining key fragment generation parameters;
calculating a using end key fragment according to the key fragment generation parameters;
acquiring a management terminal key fragment generated by a key management terminal;
and generating a result key meeting the SM9 standard based on the using end key segment and the management end key segment.
2. The SM9 key generation method of claim 1, wherein the obtaining key fragment generation parameters comprises:
acquiring a private key of a user end and a random number of the user end;
correspondingly, the calculating a using-end key fragment according to the key fragment generation parameter includes:
based on an accidental transmission protocol, using the private key of the user terminal and the random number of the user terminal to jointly generate process data of the user terminal, and transmitting the process data to the key management terminal;
acquiring management end process data which is transmitted by the key management end and generated based on a management end private key and a management end random number;
generating the using-side key fragment based on the using-side process data, the management-side process data and the using-side random number;
correspondingly, the acquiring the management-side key fragment generated by the key management side includes:
sending the key fragment of the using end to the key management end;
and acquiring the management terminal key fragment generated by the key management terminal based on the using terminal key fragment, the using terminal process data, the management terminal process data and the management terminal random number.
3. The SM9 key generation method of claim 2, wherein the jointly generating and transmitting consumer process data to the key management end using the consumer private key and the consumer random number based on an oblivious transmission protocol comprises:
randomly generating a first matrix;
generating a second matrix based on the first matrix, the using-side private key and the using-side random number;
taking the column vectors of the first matrix and the second matrix as input data of the protocol which is transmitted carelessly, and obtaining process data of the using end;
and transmitting the process data of the user end to the key management end.
4. The SM9 key generation method of claim 3, wherein, prior to the randomly generating the first matrix, the method further comprises:
respectively converting the private key of the using end and the random number of the using end into binary forms;
correspondingly, the first matrix comprises a first bit matrix and the second matrix comprises a second bit matrix.
5. The SM9 key generation method of any of claims 1 to 4, wherein the generating a result key that meets SM9 criteria based on the using side key fragment and the managing side key fragment comprises:
and generating a result private key meeting the SM9 standard based on the using end key segment and the management end key segment.
6. An SM9 key generation device, applied to a key using end, comprising:
the parameter acquisition module is used for acquiring key fragment generation parameters;
the first segment acquisition module is used for calculating a using end key segment according to the key segment generation parameters;
the second fragment acquisition module is used for acquiring a management terminal key fragment generated by a key management terminal;
a key generation module, configured to generate a result key that satisfies the SM9 standard based on the using-side key segment and the managing-side key segment.
7. The SM9 key generation device of claim 6, wherein the parameter acquisition module comprises:
the parameter acquisition submodule is used for acquiring a private key of a user terminal and a random number of the user terminal;
correspondingly, the first segment obtaining module includes:
the protocol transmission module is used for generating using end process data by using the using end private key and the using end random number together based on an accidental transmission protocol and transmitting the using end process data to the key management end;
the process data acquisition module is used for acquiring management end process data which is transmitted by the key management end and generated based on a management end private key and a management end random number;
a using end segment generating module, configured to generate the using end key segment based on the using end process data, the managing end process data, and the using end random number;
correspondingly, the second segment obtaining module includes:
a using end segment sending module, configured to send the using end key segment to the key management end;
a management side segment obtaining module, configured to obtain the management side key segment generated by the key management side based on the user side key segment, the user side process data, the management side process data, and the management side random number.
8. The SM9 key generation device of claim 7, wherein the protocol transport module comprises:
the first matrix generation module is used for randomly generating a first matrix;
a second matrix generation module, configured to generate a second matrix based on the first matrix, the user-side private key, and the user-side random number;
the matrix processing module is used for taking the column vectors of the first matrix and the second matrix as input data of the inadvertent transmission protocol to obtain process data of the using end;
and the process data transmission module is used for transmitting the process data of the user end to the key management end.
9. A key consumer device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the SM9 key generation method of any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the key generation method according to any one of claims 1 to 5.
CN202110326135.7A 2021-03-26 2021-03-26 SM9 key generation method, device, equipment and storage medium Active CN112926075B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110326135.7A CN112926075B (en) 2021-03-26 2021-03-26 SM9 key generation method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110326135.7A CN112926075B (en) 2021-03-26 2021-03-26 SM9 key generation method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112926075A true CN112926075A (en) 2021-06-08
CN112926075B CN112926075B (en) 2023-01-24

Family

ID=76176164

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110326135.7A Active CN112926075B (en) 2021-03-26 2021-03-26 SM9 key generation method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112926075B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113297608A (en) * 2021-07-27 2021-08-24 北京理工大学 Identity anonymous searchable encryption method, device and equipment based on commercial password
CN113329386A (en) * 2021-06-11 2021-08-31 北京智芯微电子科技有限公司 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070067588A (en) * 2005-12-24 2007-06-28 중앙대학교 산학협력단 Authenticated identity-based key agreement protocols in a multiple independent pkg environment
CN101340282A (en) * 2008-05-28 2009-01-07 北京易恒信认证科技有限公司 Generation method of composite public key
JP2010272899A (en) * 2009-05-19 2010-12-02 Mitsubishi Electric Corp Key generating system, key generating method, blind server device, and program
CN103812650A (en) * 2012-11-12 2014-05-21 华为技术有限公司 Information processing method, user device and encryption device
US20160127128A1 (en) * 2014-10-31 2016-05-05 Hewlett-Packard Development Company, L.P. Management of cryptographic keys
CN108418686A (en) * 2017-11-23 2018-08-17 矩阵元技术(深圳)有限公司 A kind of how distributed SM9 decryption methods and medium and key generation method
CN109067545A (en) * 2018-08-10 2018-12-21 航天信息股份有限公司 Key management method, device and storage medium
CN109698745A (en) * 2018-12-25 2019-04-30 歌尔科技有限公司 A kind of key management method, system and earphone and storage medium
CN110166239A (en) * 2019-06-04 2019-08-23 成都卫士通信息产业股份有限公司 Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment
CN111010276A (en) * 2019-10-25 2020-04-14 武汉大学 Multi-party combined SM9 key generation and ciphertext decryption method and medium
CN111740828A (en) * 2020-07-29 2020-10-02 北京信安世纪科技股份有限公司 Key generation method, device and equipment and encryption method
CN111901111A (en) * 2020-08-06 2020-11-06 成都卫士通信息产业股份有限公司 SM9 key generation method, device and system and readable storage medium
CN112003696A (en) * 2020-08-25 2020-11-27 成都卫士通信息产业股份有限公司 SM9 key generation method, system, electronic equipment, device and storage medium
CN112241527A (en) * 2020-12-15 2021-01-19 杭州海康威视数字技术股份有限公司 Key generation method and system and electronic equipment
CN112511566A (en) * 2021-02-02 2021-03-16 北京信安世纪科技股份有限公司 SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070067588A (en) * 2005-12-24 2007-06-28 중앙대학교 산학협력단 Authenticated identity-based key agreement protocols in a multiple independent pkg environment
CN101340282A (en) * 2008-05-28 2009-01-07 北京易恒信认证科技有限公司 Generation method of composite public key
JP2010272899A (en) * 2009-05-19 2010-12-02 Mitsubishi Electric Corp Key generating system, key generating method, blind server device, and program
CN103812650A (en) * 2012-11-12 2014-05-21 华为技术有限公司 Information processing method, user device and encryption device
US20160127128A1 (en) * 2014-10-31 2016-05-05 Hewlett-Packard Development Company, L.P. Management of cryptographic keys
CN108418686A (en) * 2017-11-23 2018-08-17 矩阵元技术(深圳)有限公司 A kind of how distributed SM9 decryption methods and medium and key generation method
CN109067545A (en) * 2018-08-10 2018-12-21 航天信息股份有限公司 Key management method, device and storage medium
CN109698745A (en) * 2018-12-25 2019-04-30 歌尔科技有限公司 A kind of key management method, system and earphone and storage medium
CN110166239A (en) * 2019-06-04 2019-08-23 成都卫士通信息产业股份有限公司 Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment
CN111010276A (en) * 2019-10-25 2020-04-14 武汉大学 Multi-party combined SM9 key generation and ciphertext decryption method and medium
CN111740828A (en) * 2020-07-29 2020-10-02 北京信安世纪科技股份有限公司 Key generation method, device and equipment and encryption method
CN111901111A (en) * 2020-08-06 2020-11-06 成都卫士通信息产业股份有限公司 SM9 key generation method, device and system and readable storage medium
CN112003696A (en) * 2020-08-25 2020-11-27 成都卫士通信息产业股份有限公司 SM9 key generation method, system, electronic equipment, device and storage medium
CN112241527A (en) * 2020-12-15 2021-01-19 杭州海康威视数字技术股份有限公司 Key generation method and system and electronic equipment
CN112511566A (en) * 2021-02-02 2021-03-16 北京信安世纪科技股份有限公司 SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
YIHONG LONG 等: "Collaborative Generations Of Sm9 Private Key And Digital Signature Using Homomorphic Encryption", 《2020 5TH INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION SYSTEMS (ICCCS)》 *
涂彬彬 等: "两种分布式SM2/9算法应用", 《密码学报》 *
胡杰: "SM9密钥管理机制研究", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113329386A (en) * 2021-06-11 2021-08-31 北京智芯微电子科技有限公司 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module
CN113329386B (en) * 2021-06-11 2023-03-31 北京智芯微电子科技有限公司 Bluetooth pairing method supporting identity authentication, security chip and Bluetooth module
CN113297608A (en) * 2021-07-27 2021-08-24 北京理工大学 Identity anonymous searchable encryption method, device and equipment based on commercial password
CN113297608B (en) * 2021-07-27 2021-11-02 北京理工大学 Identity anonymous searchable encryption method, device and equipment based on commercial password

Also Published As

Publication number Publication date
CN112926075B (en) 2023-01-24

Similar Documents

Publication Publication Date Title
KR102116877B1 (en) New cryptographic systems using pairing with errors
KR20200036727A (en) Post-quantum asymmetric key cryptosystem with one-to-many distributed key management based on prime modulo double encapsulation
CN112003696B (en) SM9 key generation method, system, electronic equipment, device and storage medium
US10511581B2 (en) Parallelizable encryption using keyless random permutations and authentication using same
CN110011995B (en) Encryption and decryption method and device in multicast communication
US8681986B2 (en) Single-round password-based key exchange protocols
CN112906038B (en) Thresholding processing method, device and equipment based on SM9 key and storage medium
CN109450640B (en) SM 2-based two-party signature method and system
CN112906039B (en) Certificateless distributed signature method, certificateless distributed signature device, certificateless distributed signature medium and electronic equipment
US20220006615A1 (en) Computer-implemented system and method for distributing shares of digitally signed data
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
Sengupta et al. Message mapping and reverse mapping in elliptic curve cryptosystem
CN112926075B (en) SM9 key generation method, device, equipment and storage medium
US20180302220A1 (en) User attribute matching method and terminal
KR20120013415A (en) A method of efficient secure function evaluation using resettable tamper-resistant hardware tokens
CN113300999B (en) Information processing method, electronic device, and readable storage medium
CN113806795B (en) Two-party privacy set union calculation method and device
CN112398646B (en) Identity-based encryption method and system with short public parameters on ideal lattice
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
CN112926074B (en) SM9 key thresholding generation method, device, equipment and storage medium
CN114050897B (en) SM 9-based asynchronous key negotiation method and device
Zhang et al. A new construction of threshold cryptosystems based on RSA
Tang et al. Two-party signing for ISO/IEC digital signature standards
Shin et al. A verifier-based password-authenticated key exchange using tamper-proof hardware
CN117118618B (en) Data sharing method and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041

Patentee after: China Electronics Technology Network Security Technology Co.,Ltd.

Address before: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041

Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc.