CN112968878A - One-round multi-party key exchange protocol based on multi-linear mapping - Google Patents
One-round multi-party key exchange protocol based on multi-linear mapping Download PDFInfo
- Publication number
- CN112968878A CN112968878A CN202110135065.7A CN202110135065A CN112968878A CN 112968878 A CN112968878 A CN 112968878A CN 202110135065 A CN202110135065 A CN 202110135065A CN 112968878 A CN112968878 A CN 112968878A
- Authority
- CN
- China
- Prior art keywords
- key
- linear mapping
- party
- algorithm
- round
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
Abstract
The invention provides a round of multi-party key exchange protocol based on multi-linear mapping, which comprises the following steps: each participant generates respective public parameters by using an initialization algorithm of the new randomized structure and issues the parameters; constructing and publishing a multi-linear mapping according to a new randomization method according to the public parameters; generating a key of each participant according to the multi-linear mapping; a shared key is generated from the key, such that the participants exchange information based on the shared key. The invention constructs the multi-linear mapping based on the randomization method and generates the key exchange protocol based on the multi-linear mapping, so that each participant can safely exchange information with high efficiency and safety.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a round of multi-party key exchange protocol based on multi-linear mapping, a non-transitory computer readable storage medium and computer equipment.
Background
The multi-linear mapping is a popularization that cryptographic primitives are bilinear mappings, and can be used for constructing a non-interactive key exchange protocol, a three-way Diffie-Hellman key exchange protocol and various public key Encryption schemes, and also be widely used for evidence Encryption (WE: wireless Encryption), indistinguishable fuzzifier (IO: indifference Encryption), Function Encryption (FE: Function Encryption) and the like. As the application range of the multilinear mapping in cryptography is continuously expanded, a construction scheme serving as an application basis is more and more important.
In the latter quantum era, because a polynomial solving algorithm exists in the discrete logarithm problem or the large integer decomposition problem under quantum computation, a public key cryptosystem constructed based on the traditional number theory problem (such as the discrete logarithm problem, the large integer decomposition problem, and the like) is susceptible to quantum attack, the security of the public key cryptosystem is seriously threatened, and the research on a novel public key cryptosystem resisting the quantum attack (namely achieving the post-quantum security) has become a hotspot problem concerned by the industry. Meanwhile, as an important branch of the public Key cryptosystem, how to design an efficient and post-quantum security AKE (Authentication Key Exchange) protocol is also an important scientific problem to be urgently solved in the post-quantum era
Disclosure of Invention
The invention aims to solve the technical problems and provides a round of multi-party key exchange protocol based on multi-linear mapping.
The invention also proposes a non-transitory computer-readable storage medium.
The invention also provides computer equipment.
The technical scheme adopted by the invention is as follows:
the embodiment of the first aspect of the invention provides a round of multi-party key exchange protocol based on multi-linear mapping, which comprises the following steps: each participant generates respective public parameters by using an initialization algorithm of the new randomized structure and issues the parameters; constructing and releasing the multi-linear mapping according to the common parameters and a new randomization method; generating a key of each participant according to the multi-linear mapping; and generating a shared key according to the key so that the participants exchange information according to the shared key.
According to an embodiment of the present invention, constructing and publishing the multiple linear mappings according to the common parameters by a new randomization method includes: generating a level 1 code from the common parameters; constructing a code addition algorithm, a code multiplication algorithm, a '0' test algorithm and an extraction algorithm to construct the multi-linear mapping.
According to an embodiment of the present invention, the key includes a public key and a private key, and the generating of the key of each participant according to the multi-linear mapping includes: selection element of t-th square Gaussian sample dt,j}j∈[τ]And will { dt,j}j∈[τ]As a private key, it is kept secret, wherein,τ is the number of k-level codes in the common parameter,to generate the gaussian sampling parameters in the 1-level coding algorithm,is an integer ring; the tth party issues the level 1 code as a public key.
According to one embodiment of the invention, generating a shared key from the key comprises:
the t-th side produces a k-level encoded u'tAnd, wherein,urfor 1-level coding, q is integer modulo,an enumeration set of all coding layer numbers; the tth square is according to the formulaExtracting the shared secret skt。
A second aspect of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a round of multi-party key exchange protocol based on multi-linear mapping according to the first aspect of the present invention.
A third embodiment of the present invention provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements a round of multi-party key exchange protocol based on multi-linear mapping according to the first embodiment of the present invention when executing the program.
The invention has the beneficial effects that:
the invention constructs the multi-linear mapping based on the randomization method and generates the key exchange protocol based on the multi-linear mapping, so that each participant can safely exchange information with high efficiency and safety.
Drawings
Fig. 1 is a flow diagram of a round of multi-party key exchange protocol based on multi-linear mapping according to one embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the present invention, the symbol convention is as follows:
let λ be the safety parameter. Setting a symbolRespectively representing an integer set, a rational number set and a real number set. Let q be a positive integer and,is an integer ring. Setting symbolNumber [ q ]]Representing the set of elements 1, 2, K, q. Let the symbol | q | override the bit length representing q in addition to the absolute value of q.
Let n be 2kAnd k is a positive integer. Is provided withAnd RqR/qR is a polynomial ring,is a number domain.
The column vectors (e.g., a) are represented using lower case bold letters, and the matrices (e.g., a) are represented using upper case bold letters. Transposing of vectors or matrices is represented using the superscript symbol T (e.g. a)T,AT). The ith coordinate of the vector a is denoted as ai. Polynomial rings R and RqThe elements in (a) are also in lower case bold letters. Vector quantityEuclidean norm of (also known as l)2Norm) as | | a | | non-woven phosphor2(abbreviated as a), its infinite norm is expressed as a pre-calculation∞。
Is provided withIs a matrix of a rank of n,the minimum Singular Value (Least Singular Value) of A is σn(A)=inf(UA) The maximum Singular Value (Largest Singular Value) is σ1(A)=sup(UA)。
Symbol [ a ]]q(or a mod q) denotes the value of integer a modulo q, and [ a]q∈(-q/2,q/2]I.e. the absolute minimum residual system of the modulus used herein. Similarly, the symbol [ a ]]q(or a mod q) each component (or each coefficient) of the representation vector (or element in a polynomial ring) takes on the value [ ai]q,i∈[n]。
Given an arbitrary element a ∈ R, the symbol MSBl(a)∈{0,1}l×nIndicating that the i Most Significant Bits (MSB: Most Significant Bits) are extracted from each coefficient of a.
The standard asymptotic notation O (·), Ω (·), Θ (·), ω (·), O (·) is used herein.
An insignificant Amount (Negligible Amount) means that for an arbitrary normal number c, its asymptotic is less than λ-cCommonly denoted as neg1(λ). If for any of c > 0, then,the function f (λ) is a negligible function on λ. By non-negligible amount is meant the presence of some normal number c, which asymptotically is no less than λ-c. A function is a small exponential function (or almost 0), meaning that it asymptotically approaches less than 2-Ω(λ)(ii) a A function is an exponential function close to 1 (or referred to as almost 1), meaning that it asymptotically approaches 1-2-Ω(λ)。
Kappa: the number of times of the multi-linear mapping;
q: a modulus encoded in the construction;
n: polynomial ring R, RqThe vector dimension of the medium element;
σ: generating a Gaussian sampling parameter of a secret ideal element (such as g);
σ': generating Gaussian sampling parameters of k-level coding in the public parameters;
σ*: generating a Gaussian sampling parameter for the "0" test parameter;
τ: the number of k-level codes in the common parameters;
l-1: ideal element g sampling satisfies the condition | | | g | | | less than or equal to l-1;
l: the i most significant bits are extracted from each coefficient from which the code is extracted.
Fig. 1 is a flow diagram of a round of multi-party key exchange protocol based on multi-linear mapping according to one embodiment of the present invention. As shown in fig. 1, the protocol includes the following steps:
s1, each participant generates respective common parameters using the initialization algorithm of the new randomized construct and issues.
Further, the common parameter generating algorithm par ← InstGen (1)λ,1κ) The method specifically comprises the following steps:
(1) selecting a sufficiently large prime number q;
(2) random sample z ← U (R)q) Satisfies the condition z-1∈Rq;
(3) Sampling selectin ideal elementsSatisfies the conditions And g is-1E.g. K and g-1||<l-1c, recording the generated main ideal lattice as
(5) For j ∈ [ τ ]:
(5.2) calculation of ej=[xj]gAnd aj=(xj-ej)/g;
(5.3) calculation to generate the plaintext element ej1-level coding of yj=[xj/z]q;
(6) For j ∈ [ τ ]:
(6.2) calculation of hj=ejf+bjg;
(6.3) generating a new "0" test parameter pzt,j=[hjzκ/g]q;
//pzt,jNot only the "0" test parameter, but also the plaintext element ejWith y is a special code ofjPlaintext element e in (1)jAnd correspond to each other.
(7) Output common parameters par ═ { n, q, { yj,pzt,j}j∈[τ]}。
And S2, constructing and issuing the multi-linear mapping according to the common parameters and the new randomization method.
In one embodiment of the invention, the construction and release of the multi-linear mapping according to the new randomization method based on the common parameters comprises: generating a level 1 code from the common parameters; a code addition algorithm, a code multiplication algorithm, a '0' test algorithm and an extraction algorithm are constructed to construct the multi-linear mapping.
In particular, the multi-linear mapping algorithm is a multi-level encoding, the most basic starting from level 1 encoding. And then a multiplication operation of the low-level codes is carried out to generate higher-level codes.
Among them, Gaussian sampling CRT coding algorithm djAbout crtsamp (par) includes:
(2) Generation of R using CRT calculationqUpper 0-level coding element dj=CRT(dj,1,L,dj,N)。
1-stage encoding algorithm u ← ENC (PAR, 1, { d)j}j∈[τ]) The method comprises the following steps:
(1) generation of d using a Gaussian sample CRT encoding algorithmj←CRTSamp(PAR),j∈[τ];
(2) Calculation to generate RqUpper 1-level coding u [ ∑j∈[τ]djyj]q。
Additive encoding algorithm u ← ADD (PAR, k, u)1,L,um):
Multiplication encoding algorithm u ← MUL (PAR, 1, u)l,L,uk) The method comprises the following steps:
"0" test algorithm ISzero (PAR, { d)j}j∈[τ]And u) comprises:
(2) Given a k-level code u, a "0" test function ISZero is calculated to determine if the plaintext element in u is "0", i.e., the
Wherein q ismin=min{qs,s∈[N]Q belowminThe same is true.
Extraction algorithm w ← EXT (PAR, { d)j}j∈[τ]And u) comprises:
(1) given dj←CRTSamp(PAR),j∈[τ]Calculated to produce a "0" test parameter pZI=[∑j∈[Z]djpzt,j]q;
(2) Given a k-level code u, the extracted code v ═ u · p is calculatedzi]q;
(3) Extracting l ═ (log q) from each coefficient of vmin) The 8-lambda most significant bits, the extracted bit string w is output, i.e.
w=EXT(PAR,{dj}j∈[τ],u)=MSBj(v)。
And S3, generating the key of each participant according to the multi-linear mapping.
According to one embodiment of the present invention, the key includes a public key and a private key, and the key of each participant is generated according to a multi-linear mapping, including:
selection element of t-th square Gaussian sample di,j}j∈[τ]And will { di,j}j∈[τ]As a private key, it is kept secret, wherein,tau is the number of k-level codes in the common parameter,to generate the gaussian sampling parameters in the 1-level coding algorithm,is an integer ring; the tth party issues the level 1 code as a public key.
Specifically, according to the above-mentioned multi-linear mapping algorithm, a round of multi-party key exchange protocol (nr-MPKE) is constructed as follows:
installation phase setup (1)λ,1N):
(2) Party t 1-level coding ui=Enc(par,1,{di,j}j∈[τ]) As a maleKey with a key bodyAnd (5) releasing.
S4, a shared key is generated based on the key, so that each participant exchanges information based on the shared key.
(1) the t-th side produces a k-level encoded u'tWherein, in the step (A),urfor 1-level coding, q is integer modulo,an enumeration set of all coding layer numbers;
(2) extraction of shared secret key by tth partyWhere par is a common parameter, { di,j}j∈[τ]Is a private key, u'tIs kappa-level code.
In particular, the present invention utilizes NTL (a high-performance portable C + + library that provides data structures and algorithms for processing signed integers of arbitrary length and vectors, matrices, and polynomials over integer and finite fields) function library to implement multi-party key exchange protocol algorithms based on multi-linear mapping, and evaluates the spatial complexity and execution time complexity of the algorithms. The system mainly operates on an integer coefficient n-order polynomial, and the algorithm execution time is mostly used for multiplication and addition of the polynomial. In addition, in the process of public key initialization, certain time is also needed for randomly selecting vectors and sampling on gaussian distribution. Therefore, it is necessary to optimize both of these aspects. The system adopts C + + language and NTL self-contained function library to perform relevant mathematical operation. The computer hardware configuration is host quad-core 3.10GHZ, 4GB RAM.
In the calculation, the polynomial multiplication with the highest computational complexity adopts a Fast Fourier Transform (FFT) algorithm to improve the calculation speed. The NTL library function is optimized, so the running speed is high. When the values of the security parameter λ are different, the corresponding security levels, the time required for code addition, multiplication, and extraction algorithms are shown in table 1.
Table 1: various indexes of different safety parameters
The safety level unit of the scheme is calculated by using bits, and according to analysis, when different parameters are selected according to lambda, the safety level which can be achieved by the scheme is 2λThe currently recognized complexity of the attack is O (2)80) The system is considered to be safe. Therefore, the security parameter selection 80 can meet the system security requirements.
Table 2 shows that λ is taken to have a typical value of 80, with a large prime number q ≈ 240Time-common parameters and the size of the storage space (in KB) for the k-level coding.
Table 2: common parameters and the size of the memory space required for k-level coding per negotiating party
After multiple tests and establishment of public parameters, the running time of a negotiation and extraction algorithm for generating codes and sharing keys by each negotiation party is basically consistent with the complexity of theoretical analysis, along with the increase of polynomial orders and large prime numbers, the storage space required by the public parameters and the codes is continuously increased, and the corresponding coding and extraction time is correspondingly increased. In order to obtain a faster application speed and ensure the safety of the system, the practical requirement can be met by selecting λ 80.
For this encoding algorithm, the following security proof is given.
The correctness and security of the above-described nr-MPKE protocol is given below by theorems 1 and 2.
Theorem 1. N shared keys sk generated by the algorithm KeyGen in the above nr-MPKEtT ∈ § N may be approximately equal to 1.
Prove that for any t epsilon [ N ], the method has the following steps according to the extraction algorithm Ext
(1) Calculating the "0" test parameter that yields the t-th party
Wherein d is(t)=∑j∈[τ]di,jej,b(t)=∑j∈[τ]di,jbj。
Wherein x(r)=∑j∈[τ]dr,jxj。
And is composed of xj=ej+ajg can be obtained
x(r)=d(r)+a(r)g,
Wherein d is(r)=∑j∈[τ]dr,jej,a(r)=∑j∈[τ]dr,jaj。
Therefore, the calculation produces an extracted code v(t)Is composed of
According to the parameter setting, | | h(t)||∞<q7/8. Thus, the code v is extracted(t)The most significant (log q)/8 bits of each coefficient in (d) depends only on the element
Therefore, the probability that all N-parties extract the l ═ (log q)/8- λ most significant bits from each coefficient of the respective extracted codes is the same is about 1-o (N2)-λ) I.e. all sktT ∈ § N may be approximately equal to 1.
After the syndrome is confirmed.
Theorem 2. if the difficulty assumption of the ext-GCDH/ext-GDDH problem is true, nr-MPKE is a round of multi-party key exchange protocol.
It is demonstrated that we demonstrate only the nr-MPKE protocol based on the ext-GDDH difficulty assumption, while omitting the demonstration based on the ext-GCDH difficulty assumption because it is similar to the demonstration based on the ext-GDDH.
We need to prove that given the public parameter par and the public key u issued by the ownertT ∈ § N, the attacker cannot effectively distinguish the 1 st party shared key sk1(the same is true for the other parties, since all shared keys are the same) and a uniform random bit string sRand。
The method of counterchecking. Given { par, u1,L,uNIt is assumed that an attacker can distinguish the shared key sk using a polynomial time algorithm a (the notation is simple in the following algorithm, and this is omitted)1And uniform random string sRandThe probability advantage of (a) is not negligible, i.e.: with some normal number c, algorithm A can take a non-negligible advantage of 1/λcDistinguishing sk1And sRand,
|Pr[A(sk1)=1]-Pr[A(sRand)=1]|≥1/λc。
By introduction, the element [ r ]j]gIs quotient ring R-<g>Middle random element, i.e. skRandIs beta ═ R-<g>The probability of any of the | extraction bit strings is 1/β. Therefore, any polynomial time algorithm B (including algorithm A) can distinguish skRandAnd sRandHas the advantage of at most O (1/beta), i.e.
|Pr[B(skRand)=1]-Pr[B(sRand)=1]|≤O(1/β)。
Therefore, we have
|Pr[A(sk1)=1]-Pr[A(skRand)=1]|≥|Pr[A(sk1)=1]-Pr[A(sRand)=1]|-|Pr[A(sRand)=1]-Pr[A(skRand)=1]|≥1/λc-O(1/β)>1/(2λc)。
At the same time, we can easily verify that,
Dext-GDDH={par,u1,L,uN,wD=sk1},
Dext-Rand={par,u1,L,uN,wRand=skRand},
the difficulty assumption problem ext-GDDH in definition 5 is satisfied.
Therefore, the polynomial time algorithm a can have a non-negligible probability dominance (at least 1/(2 λ)c) To determine the problem ext-GDDH, which contradicts hypothesis 2. After the syndrome is confirmed.
In summary, according to the round of multi-party key exchange protocol based on multi-linear mapping in the embodiment of the present invention, each party uses the initialization algorithm of the new randomized structure to generate and issue its own public parameters; constructing and publishing a multi-linear mapping according to a new randomization method according to the public parameters; generating a key of each participant according to the multi-linear mapping; a shared key is generated from the key, such that the participants exchange information based on the shared key. The invention constructs the multi-linear mapping based on the randomization method and generates the key exchange protocol based on the multi-linear mapping, so that each participant can safely exchange information with high efficiency and safety.
Furthermore, the present invention also proposes a non-transitory computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the above-mentioned one-round multi-party key exchange protocol based on multi-linear mapping.
According to the non-transitory computer readable storage medium of an embodiment of the present invention, when the computer program stored thereon is executed by the processor, each participant generates and issues respective common parameters using an initialization algorithm of a new randomization structure, then constructs and issues a multi-linear mapping according to the common parameters according to the new randomization method, then generates a key of each participant according to the multi-linear mapping, and finally generates a shared key according to the key, so that each participant exchanges information according to the shared key, thereby constructing the multi-linear mapping based on the randomization method and generating a key exchange protocol based on the multi-linear mapping, so that each participant can exchange information safely, efficiently and safely.
In addition, the invention also provides a computer device, when the processor runs the computer program stored in the memory, each participant uses the initialization algorithm of the new randomization structure to generate and distribute respective public parameters, then constructs and distributes a multi-linear mapping according to the public parameters and the new randomization method, then generates a secret key of each participant according to the multi-linear mapping, and finally generates a shared secret key according to the secret key, so that each participant can exchange information according to the shared secret key, thereby constructing the multi-linear mapping based on the randomization method and generating a secret key exchange protocol based on the multi-linear mapping, so that each participant can exchange information safely, efficiently and safely.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (6)
1. A round of multi-party key exchange protocol based on multi-linear mapping, comprising the steps of:
each participant generates respective public parameters by using an initialization algorithm of the new randomized structure and issues the parameters;
constructing and releasing the multi-linear mapping according to the common parameters and a new randomization method;
generating a key of each participant according to the multi-linear mapping;
and generating a shared key according to the key so that the participants exchange information according to the shared key.
2. A round of multi-party key exchange protocol based on multi-linear mapping according to claim 1, wherein constructing and publishing the multi-linear mapping according to the common parameters by a new randomization method comprises:
generating a level 1 code from the common parameters;
constructing a code addition algorithm, a code multiplication algorithm, a '0' test algorithm and an extraction algorithm to construct the multi-linear mapping.
3. A round of multi-party key exchange protocol based on multi-linear mapping as claimed in claim 1, wherein the secret key includes a public key and a private key, and the generation of the secret key of each party according to the multi-linear mapping includes:
selection element of t-th square Gaussian sample dt,j}j∈[τ]And will { dt,j}j∈[τ]As a private key, it is kept secret, wherein,τ is the number of k-level codes in the common parameter,to generate the gaussian sampling parameters in the 1-level coding algorithm,is an integer ring;
the tth party issues the level 1 code as a public key.
4. A round of multi-party key exchange protocol based on multi-linear mapping according to claim 3, wherein generating a shared key according to the key comprises:
the t-th side produces a k-level encoded u'tWherein, in the step (A),urfor 1-level coding, q is integer modulo,an enumeration set of all coding layer numbers;
5. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements a round of multi-party key exchange protocol based on multi-linear mapping according to any of claims 1-4.
6. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a round of multi-party key exchange protocol based on multi-linear mapping according to any of claims 1-4 when executing the program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110135065.7A CN112968878A (en) | 2021-01-29 | 2021-01-29 | One-round multi-party key exchange protocol based on multi-linear mapping |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110135065.7A CN112968878A (en) | 2021-01-29 | 2021-01-29 | One-round multi-party key exchange protocol based on multi-linear mapping |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112968878A true CN112968878A (en) | 2021-06-15 |
Family
ID=76272691
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110135065.7A Pending CN112968878A (en) | 2021-01-29 | 2021-01-29 | One-round multi-party key exchange protocol based on multi-linear mapping |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112968878A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114363858A (en) * | 2022-03-21 | 2022-04-15 | 苏州浪潮智能科技有限公司 | Conversation and registration method, system and related components of cellular internet of vehicles cooperative communication |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090154711A1 (en) * | 2007-12-18 | 2009-06-18 | Jho Namsu | Multi-party key agreement method using bilinear map and system therefor |
US20120300930A1 (en) * | 2011-05-25 | 2012-11-29 | Charanjit Jutla | Single-Round Password-Based Key Exchange Protocols |
CN105024822A (en) * | 2015-07-13 | 2015-11-04 | 西安理工大学 | Identify-based encryption method from multilinear mapping |
CN105162573A (en) * | 2015-07-13 | 2015-12-16 | 西安理工大学 | Attribute encryption method based on multi-linear mapping and achieving strategy of secret key revocation in an authority separating way |
-
2021
- 2021-01-29 CN CN202110135065.7A patent/CN112968878A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090154711A1 (en) * | 2007-12-18 | 2009-06-18 | Jho Namsu | Multi-party key agreement method using bilinear map and system therefor |
US20120300930A1 (en) * | 2011-05-25 | 2012-11-29 | Charanjit Jutla | Single-Round Password-Based Key Exchange Protocols |
CN105024822A (en) * | 2015-07-13 | 2015-11-04 | 西安理工大学 | Identify-based encryption method from multilinear mapping |
CN105162573A (en) * | 2015-07-13 | 2015-12-16 | 西安理工大学 | Attribute encryption method based on multi-linear mapping and achieving strategy of secret key revocation in an authority separating way |
Non-Patent Citations (1)
Title |
---|
古春生等: "基于新"0"测试参数的理想格上多线性映射", 《计算机学报》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114363858A (en) * | 2022-03-21 | 2022-04-15 | 苏州浪潮智能科技有限公司 | Conversation and registration method, system and related components of cellular internet of vehicles cooperative communication |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Smart et al. | Fully homomorphic SIMD operations | |
Rane et al. | Privacy-preserving nearest neighbor methods: Comparing signals without revealing them | |
JP2007510947A (en) | Method and apparatus for efficient multi-party multiplication | |
JP6974461B2 (en) | Methods and systems for advanced data-centric cryptographic systems using geometric algebra | |
CN112769542B (en) | Multiplication triple generation method, device, equipment and medium based on elliptic curve | |
CN115659409A (en) | Financial asset transaction data safe storage method | |
Pilaram et al. | A lattice-based changeable threshold multi-secret sharing scheme and its application to threshold cryptography | |
Reyad et al. | Image encryption using koblitz’s encoding and new mapping method based on elliptic curve random number generator | |
Galbraith | Space-efficient variants of cryptosystems based on learning with errors | |
CN112968878A (en) | One-round multi-party key exchange protocol based on multi-linear mapping | |
CN110071796B (en) | Computing method based on shared secret | |
CN112395636B (en) | Power grid data encryption model training method, system, storage medium and equipment | |
Dowerah et al. | Towards an efficient LWE‐based fully homomorphic encryption scheme | |
Mullan | Some results in group-based cryptography | |
Jarin et al. | Natural and medical image encryption using self-adaptive permutation and DNA encoding | |
CN112182610A (en) | Image encryption method, device, equipment and storage medium | |
Kahrobaei et al. | Public key exchange using extensions by endomorphisms and matrices over a Galois field | |
WO2016034912A1 (en) | Method and apparatus for scalar multiplication secure against differential power attacks | |
CN104601323B (en) | Solves the method for socialism millionaires' problem based on BDD | |
Chum et al. | The Latin squares and the secret sharing schemes | |
Shah et al. | Prediction error expansion‐based reversible data hiding in encrypted images with public key cryptosystem | |
Patel et al. | A novel verifiable multi-secret sharing scheme based on elliptic curve cryptography | |
WO2022172041A1 (en) | Asymmetric cryptographic schemes | |
JP2005506585A (en) | Cryptographic communication method with public key mainly composed of braid group | |
CN109409106B (en) | Novel Shannon perfect secrecy method of infinite alphabet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210615 |
|
RJ01 | Rejection of invention patent application after publication |