CN112968878A - One-round multi-party key exchange protocol based on multi-linear mapping - Google Patents

One-round multi-party key exchange protocol based on multi-linear mapping Download PDF

Info

Publication number
CN112968878A
CN112968878A CN202110135065.7A CN202110135065A CN112968878A CN 112968878 A CN112968878 A CN 112968878A CN 202110135065 A CN202110135065 A CN 202110135065A CN 112968878 A CN112968878 A CN 112968878A
Authority
CN
China
Prior art keywords
key
linear mapping
party
algorithm
round
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110135065.7A
Other languages
Chinese (zh)
Inventor
罗烨
于志敏
蔡秋茹
古春生
景征骏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu University of Technology
Original Assignee
Jiangsu University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu University of Technology filed Critical Jiangsu University of Technology
Priority to CN202110135065.7A priority Critical patent/CN112968878A/en
Publication of CN112968878A publication Critical patent/CN112968878A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key

Abstract

The invention provides a round of multi-party key exchange protocol based on multi-linear mapping, which comprises the following steps: each participant generates respective public parameters by using an initialization algorithm of the new randomized structure and issues the parameters; constructing and publishing a multi-linear mapping according to a new randomization method according to the public parameters; generating a key of each participant according to the multi-linear mapping; a shared key is generated from the key, such that the participants exchange information based on the shared key. The invention constructs the multi-linear mapping based on the randomization method and generates the key exchange protocol based on the multi-linear mapping, so that each participant can safely exchange information with high efficiency and safety.

Description

One-round multi-party key exchange protocol based on multi-linear mapping
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a round of multi-party key exchange protocol based on multi-linear mapping, a non-transitory computer readable storage medium and computer equipment.
Background
The multi-linear mapping is a popularization that cryptographic primitives are bilinear mappings, and can be used for constructing a non-interactive key exchange protocol, a three-way Diffie-Hellman key exchange protocol and various public key Encryption schemes, and also be widely used for evidence Encryption (WE: wireless Encryption), indistinguishable fuzzifier (IO: indifference Encryption), Function Encryption (FE: Function Encryption) and the like. As the application range of the multilinear mapping in cryptography is continuously expanded, a construction scheme serving as an application basis is more and more important.
In the latter quantum era, because a polynomial solving algorithm exists in the discrete logarithm problem or the large integer decomposition problem under quantum computation, a public key cryptosystem constructed based on the traditional number theory problem (such as the discrete logarithm problem, the large integer decomposition problem, and the like) is susceptible to quantum attack, the security of the public key cryptosystem is seriously threatened, and the research on a novel public key cryptosystem resisting the quantum attack (namely achieving the post-quantum security) has become a hotspot problem concerned by the industry. Meanwhile, as an important branch of the public Key cryptosystem, how to design an efficient and post-quantum security AKE (Authentication Key Exchange) protocol is also an important scientific problem to be urgently solved in the post-quantum era
Disclosure of Invention
The invention aims to solve the technical problems and provides a round of multi-party key exchange protocol based on multi-linear mapping.
The invention also proposes a non-transitory computer-readable storage medium.
The invention also provides computer equipment.
The technical scheme adopted by the invention is as follows:
the embodiment of the first aspect of the invention provides a round of multi-party key exchange protocol based on multi-linear mapping, which comprises the following steps: each participant generates respective public parameters by using an initialization algorithm of the new randomized structure and issues the parameters; constructing and releasing the multi-linear mapping according to the common parameters and a new randomization method; generating a key of each participant according to the multi-linear mapping; and generating a shared key according to the key so that the participants exchange information according to the shared key.
According to an embodiment of the present invention, constructing and publishing the multiple linear mappings according to the common parameters by a new randomization method includes: generating a level 1 code from the common parameters; constructing a code addition algorithm, a code multiplication algorithm, a '0' test algorithm and an extraction algorithm to construct the multi-linear mapping.
According to an embodiment of the present invention, the key includes a public key and a private key, and the generating of the key of each participant according to the multi-linear mapping includes: selection element of t-th square Gaussian sample dt,j}j∈[τ]And will { dt,j}j∈[τ]As a private key, it is kept secret, wherein,
Figure BDA0002924764970000021
τ is the number of k-level codes in the common parameter,
Figure BDA0002924764970000022
to generate the gaussian sampling parameters in the 1-level coding algorithm,
Figure BDA0002924764970000023
is an integer ring; the tth party issues the level 1 code as a public key.
According to one embodiment of the invention, generating a shared key from the key comprises:
the t-th side produces a k-level encoded u'tAnd, wherein,
Figure BDA0002924764970000024
urfor 1-level coding, q is integer modulo,
Figure BDA0002924764970000025
an enumeration set of all coding layer numbers; the tth square is according to the formula
Figure BDA0002924764970000026
Extracting the shared secret skt
A second aspect of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a round of multi-party key exchange protocol based on multi-linear mapping according to the first aspect of the present invention.
A third embodiment of the present invention provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements a round of multi-party key exchange protocol based on multi-linear mapping according to the first embodiment of the present invention when executing the program.
The invention has the beneficial effects that:
the invention constructs the multi-linear mapping based on the randomization method and generates the key exchange protocol based on the multi-linear mapping, so that each participant can safely exchange information with high efficiency and safety.
Drawings
Fig. 1 is a flow diagram of a round of multi-party key exchange protocol based on multi-linear mapping according to one embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the present invention, the symbol convention is as follows:
let λ be the safety parameter. Setting a symbol
Figure BDA0002924764970000031
Respectively representing an integer set, a rational number set and a real number set. Let q be a positive integer and,
Figure BDA0002924764970000032
is an integer ring. Setting symbolNumber [ q ]]Representing the set of elements 1, 2, K, q. Let the symbol | q | override the bit length representing q in addition to the absolute value of q.
Let n be 2kAnd k is a positive integer. Is provided with
Figure BDA0002924764970000033
And RqR/qR is a polynomial ring,
Figure BDA0002924764970000034
is a number domain.
The column vectors (e.g., a) are represented using lower case bold letters, and the matrices (e.g., a) are represented using upper case bold letters. Transposing of vectors or matrices is represented using the superscript symbol T (e.g. a)T,AT). The ith coordinate of the vector a is denoted as ai. Polynomial rings R and RqThe elements in (a) are also in lower case bold letters. Vector quantity
Figure BDA0002924764970000035
Euclidean norm of (also known as l)2Norm) as | | a | | non-woven phosphor2(abbreviated as a), its infinite norm is expressed as a pre-calculation
Is provided with
Figure BDA0002924764970000043
Is a matrix of a rank of n,
Figure BDA0002924764970000041
the minimum Singular Value (Least Singular Value) of A is σn(A)=inf(UA) The maximum Singular Value (Largest Singular Value) is σ1(A)=sup(UA)。
Symbol [ a ]]q(or a mod q) denotes the value of integer a modulo q, and [ a]q∈(-q/2,q/2]I.e. the absolute minimum residual system of the modulus used herein. Similarly, the symbol [ a ]]q(or a mod q) each component (or each coefficient) of the representation vector (or element in a polynomial ring) takes on the value [ ai]q,i∈[n]。
Given an arbitrary element a ∈ R, the symbol MSBl(a)∈{0,1}l×nIndicating that the i Most Significant Bits (MSB: Most Significant Bits) are extracted from each coefficient of a.
The standard asymptotic notation O (·), Ω (·), Θ (·), ω (·), O (·) is used herein.
An insignificant Amount (Negligible Amount) means that for an arbitrary normal number c, its asymptotic is less than λ-cCommonly denoted as neg1(λ). If for any of c > 0, then,
Figure BDA0002924764970000042
the function f (λ) is a negligible function on λ. By non-negligible amount is meant the presence of some normal number c, which asymptotically is no less than λ-c. A function is a small exponential function (or almost 0), meaning that it asymptotically approaches less than 2-Ω(λ)(ii) a A function is an exponential function close to 1 (or referred to as almost 1), meaning that it asymptotically approaches 1-2-Ω(λ)
Kappa: the number of times of the multi-linear mapping;
q: a modulus encoded in the construction;
n: polynomial ring R, RqThe vector dimension of the medium element;
σ: generating a Gaussian sampling parameter of a secret ideal element (such as g);
σ': generating Gaussian sampling parameters of k-level coding in the public parameters;
Figure BDA0002924764970000044
generating Gaussian sampling parameters in a k-level coding algorithm;
σ*: generating a Gaussian sampling parameter for the "0" test parameter;
τ: the number of k-level codes in the common parameters;
l-1: ideal element g sampling satisfies the condition | | | g | | | less than or equal to l-1
l: the i most significant bits are extracted from each coefficient from which the code is extracted.
Fig. 1 is a flow diagram of a round of multi-party key exchange protocol based on multi-linear mapping according to one embodiment of the present invention. As shown in fig. 1, the protocol includes the following steps:
s1, each participant generates respective common parameters using the initialization algorithm of the new randomized construct and issues.
Further, the common parameter generating algorithm par ← InstGen (1)λ,1κ) The method specifically comprises the following steps:
(1) selecting a sufficiently large prime number q;
(2) random sample z ← U (R)q) Satisfies the condition z-1∈Rq
(3) Sampling selectin ideal elements
Figure BDA0002924764970000051
Satisfies the conditions
Figure BDA0002924764970000052
Figure BDA0002924764970000053
And g is-1E.g. K and g-1||<l-1c, recording the generated main ideal lattice as
Figure BDA0002924764970000054
(4) Sampling selectin ideal elements
Figure BDA0002924764970000055
Satisfies the conditions
Figure BDA0002924764970000056
And f-1E.g. K and f-1||<l-1c;
(5) For j ∈ [ τ ]:
(5.1) sampling selection element
Figure BDA0002924764970000057
(5.2) calculation of ej=[xj]gAnd aj=(xj-ej)/g;
(5.3) calculation to generate the plaintext element ej1-level coding of yj=[xj/z]q
(6) For j ∈ [ τ ]:
(6.1) sampling selection element
Figure BDA0002924764970000058
(6.2) calculation of hj=ejf+bjg;
(6.3) generating a new "0" test parameter pzt,j=[hjzκ/g]q
//pzt,jNot only the "0" test parameter, but also the plaintext element ejWith y is a special code ofjPlaintext element e in (1)jAnd correspond to each other.
(7) Output common parameters par ═ { n, q, { yj,pzt,j}j∈[τ]}。
And S2, constructing and issuing the multi-linear mapping according to the common parameters and the new randomization method.
In one embodiment of the invention, the construction and release of the multi-linear mapping according to the new randomization method based on the common parameters comprises: generating a level 1 code from the common parameters; a code addition algorithm, a code multiplication algorithm, a '0' test algorithm and an extraction algorithm are constructed to construct the multi-linear mapping.
In particular, the multi-linear mapping algorithm is a multi-level encoding, the most basic starting from level 1 encoding. And then a multiplication operation of the low-level codes is carried out to generate higher-level codes.
Among them, Gaussian sampling CRT coding algorithm djAbout crtsamp (par) includes:
(1) selection of N elements using Gaussian sampling algorithm
Figure BDA0002924764970000061
(2) Generation of R using CRT calculationqUpper 0-level coding element dj=CRT(dj,1,L,dj,N)。
1-stage encoding algorithm u ← ENC (PAR, 1, { d)j}j∈[τ]) The method comprises the following steps:
(1) generation of d using a Gaussian sample CRT encoding algorithmj←CRTSamp(PAR),j∈[τ];
(2) Calculation to generate RqUpper 1-level coding u [ ∑j∈[τ]djyj]q
Additive encoding algorithm u ← ADD (PAR, k, u)1,L,um):
Given m k-level codes ulThen they are and
Figure BDA0002924764970000062
is a k-level code.
Multiplication encoding algorithm u ← MUL (PAR, 1, u)l,L,uk) The method comprises the following steps:
given k 1-level codes ulThen they are accumulated
Figure BDA0002924764970000071
Is a k-level code.
"0" test algorithm ISzero (PAR, { d)j}j∈[τ]And u) comprises:
(1) given dj←CRTSamp(PAR),j∈[τ]Calculating to generate a "0" test parameter
Figure BDA0002924764970000073
(2) Given a k-level code u, a "0" test function ISZero is calculated to determine if the plaintext element in u is "0", i.e., the
Figure BDA0002924764970000072
Wherein q ismin=min{qs,s∈[N]Q belowminThe same is true.
Extraction algorithm w ← EXT (PAR, { d)j}j∈[τ]And u) comprises:
(1) given dj←CRTSamp(PAR),j∈[τ]Calculated to produce a "0" test parameter pZI=[∑j∈[Z]djpzt,j]q
(2) Given a k-level code u, the extracted code v ═ u · p is calculatedzi]q
(3) Extracting l ═ (log q) from each coefficient of vmin) The 8-lambda most significant bits, the extracted bit string w is output, i.e.
w=EXT(PAR,{dj}j∈[τ],u)=MSBj(v)。
And S3, generating the key of each participant according to the multi-linear mapping.
According to one embodiment of the present invention, the key includes a public key and a private key, and the key of each participant is generated according to a multi-linear mapping, including:
selection element of t-th square Gaussian sample di,j}j∈[τ]And will { di,j}j∈[τ]As a private key, it is kept secret, wherein,
Figure BDA0002924764970000081
tau is the number of k-level codes in the common parameter,
Figure BDA0002924764970000082
to generate the gaussian sampling parameters in the 1-level coding algorithm,
Figure BDA0002924764970000083
is an integer ring; the tth party issues the level 1 code as a public key.
Specifically, according to the above-mentioned multi-linear mapping algorithm, a round of multi-party key exchange protocol (nr-MPKE) is constructed as follows:
installation phase setup (1)λ,1N):
Let κ be N-1 and
Figure BDA0002924764970000084
output par ← InstGen (1)λ,1κ) As a common parameter. Issue stage Publish (par, t):
(1) tth sample selection
Figure BDA0002924764970000085
And will { di,j}j∈[τ]As a secretKey with a key bodyAnd (4) keeping secret.
(2) Party t 1-level coding ui=Enc(par,1,{di,j}j∈[τ]) As a maleKey with a key bodyAnd (5) releasing.
S4, a shared key is generated based on the key, so that each participant exchanges information based on the shared key.
Further, a phase of generating a shared key
Figure BDA0002924764970000086
The method specifically comprises the following steps:
(1) the t-th side produces a k-level encoded u'tWherein, in the step (A),
Figure BDA0002924764970000087
urfor 1-level coding, q is integer modulo,
Figure BDA0002924764970000088
an enumeration set of all coding layer numbers;
(2) extraction of shared secret key by tth party
Figure BDA0002924764970000089
Where par is a common parameter, { di,j}j∈[τ]Is a private key, u'tIs kappa-level code.
In particular, the present invention utilizes NTL (a high-performance portable C + + library that provides data structures and algorithms for processing signed integers of arbitrary length and vectors, matrices, and polynomials over integer and finite fields) function library to implement multi-party key exchange protocol algorithms based on multi-linear mapping, and evaluates the spatial complexity and execution time complexity of the algorithms. The system mainly operates on an integer coefficient n-order polynomial, and the algorithm execution time is mostly used for multiplication and addition of the polynomial. In addition, in the process of public key initialization, certain time is also needed for randomly selecting vectors and sampling on gaussian distribution. Therefore, it is necessary to optimize both of these aspects. The system adopts C + + language and NTL self-contained function library to perform relevant mathematical operation. The computer hardware configuration is host quad-core 3.10GHZ, 4GB RAM.
In the calculation, the polynomial multiplication with the highest computational complexity adopts a Fast Fourier Transform (FFT) algorithm to improve the calculation speed. The NTL library function is optimized, so the running speed is high. When the values of the security parameter λ are different, the corresponding security levels, the time required for code addition, multiplication, and extraction algorithms are shown in table 1.
Table 1: various indexes of different safety parameters
Figure BDA0002924764970000091
The safety level unit of the scheme is calculated by using bits, and according to analysis, when different parameters are selected according to lambda, the safety level which can be achieved by the scheme is 2λThe currently recognized complexity of the attack is O (2)80) The system is considered to be safe. Therefore, the security parameter selection 80 can meet the system security requirements.
Table 2 shows that λ is taken to have a typical value of 80, with a large prime number q ≈ 240Time-common parameters and the size of the storage space (in KB) for the k-level coding.
Table 2: common parameters and the size of the memory space required for k-level coding per negotiating party
Figure BDA0002924764970000092
After multiple tests and establishment of public parameters, the running time of a negotiation and extraction algorithm for generating codes and sharing keys by each negotiation party is basically consistent with the complexity of theoretical analysis, along with the increase of polynomial orders and large prime numbers, the storage space required by the public parameters and the codes is continuously increased, and the corresponding coding and extraction time is correspondingly increased. In order to obtain a faster application speed and ensure the safety of the system, the practical requirement can be met by selecting λ 80.
For this encoding algorithm, the following security proof is given.
The correctness and security of the above-described nr-MPKE protocol is given below by theorems 1 and 2.
Theorem 1. N shared keys sk generated by the algorithm KeyGen in the above nr-MPKEtT ∈ § N may be approximately equal to 1.
Prove that for any t epsilon [ N ], the method has the following steps according to the extraction algorithm Ext
(1) Calculating the "0" test parameter that yields the t-th party
Figure BDA0002924764970000101
Wherein d is(t)=∑j∈[τ]di,jej,b(t)=∑j∈[τ]di,jbj
(2) Because of the fact that
Figure BDA0002924764970000102
Therefore, it is not only easy to use
Figure BDA0002924764970000103
Wherein x(r)=∑j∈[τ]dr,jxj
And is composed of xj=ej+ajg can be obtained
x(r)=d(r)+a(r)g,
Wherein d is(r)=∑j∈[τ]dr,jej,a(r)=∑j∈[τ]dr,jaj
Therefore, the calculation produces an extracted code v(t)Is composed of
Figure BDA0002924764970000111
Wherein
Figure BDA0002924764970000112
According to the parameter setting, | | h(t)||<q7/8. Thus, the code v is extracted(t)The most significant (log q)/8 bits of each coefficient in (d) depends only on the element
Figure BDA0002924764970000113
Therefore, the probability that all N-parties extract the l ═ (log q)/8- λ most significant bits from each coefficient of the respective extracted codes is the same is about 1-o (N2)) I.e. all sktT ∈ § N may be approximately equal to 1.
After the syndrome is confirmed.
Theorem 2. if the difficulty assumption of the ext-GCDH/ext-GDDH problem is true, nr-MPKE is a round of multi-party key exchange protocol.
It is demonstrated that we demonstrate only the nr-MPKE protocol based on the ext-GDDH difficulty assumption, while omitting the demonstration based on the ext-GCDH difficulty assumption because it is similar to the demonstration based on the ext-GDDH.
We need to prove that given the public parameter par and the public key u issued by the ownertT ∈ § N, the attacker cannot effectively distinguish the 1 st party shared key sk1(the same is true for the other parties, since all shared keys are the same) and a uniform random bit string sRand
The method of counterchecking. Given { par, u1,L,uNIt is assumed that an attacker can distinguish the shared key sk using a polynomial time algorithm a (the notation is simple in the following algorithm, and this is omitted)1And uniform random string sRandThe probability advantage of (a) is not negligible, i.e.: with some normal number c, algorithm A can take a non-negligible advantage of 1/λcDistinguishing sk1And sRand
|Pr[A(sk1)=1]-Pr[A(sRand)=1]|≥1/λc
If p is setzt_Rand=[∑j∈[τ]rjpzt,j]qWherein
Figure BDA0002924764970000122
Then randomly extract a bit string of
Figure BDA0002924764970000121
Wherein
Figure BDA0002924764970000123
By introduction, the element [ r ]j]gIs quotient ring R-<g>Middle random element, i.e. skRandIs beta ═ R-<g>The probability of any of the | extraction bit strings is 1/β. Therefore, any polynomial time algorithm B (including algorithm A) can distinguish skRandAnd sRandHas the advantage of at most O (1/beta), i.e.
|Pr[B(skRand)=1]-Pr[B(sRand)=1]|≤O(1/β)。
Therefore, we have
|Pr[A(sk1)=1]-Pr[A(skRand)=1]|≥|Pr[A(sk1)=1]-Pr[A(sRand)=1]|-|Pr[A(sRand)=1]-Pr[A(skRand)=1]|≥1/λc-O(1/β)>1/(2λc)。
At the same time, we can easily verify that,
Dext-GDDH={par,u1,L,uN,wD=sk1},
Dext-Rand={par,u1,L,uN,wRand=skRand},
the difficulty assumption problem ext-GDDH in definition 5 is satisfied.
Therefore, the polynomial time algorithm a can have a non-negligible probability dominance (at least 1/(2 λ)c) To determine the problem ext-GDDH, which contradicts hypothesis 2. After the syndrome is confirmed.
In summary, according to the round of multi-party key exchange protocol based on multi-linear mapping in the embodiment of the present invention, each party uses the initialization algorithm of the new randomized structure to generate and issue its own public parameters; constructing and publishing a multi-linear mapping according to a new randomization method according to the public parameters; generating a key of each participant according to the multi-linear mapping; a shared key is generated from the key, such that the participants exchange information based on the shared key. The invention constructs the multi-linear mapping based on the randomization method and generates the key exchange protocol based on the multi-linear mapping, so that each participant can safely exchange information with high efficiency and safety.
Furthermore, the present invention also proposes a non-transitory computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the above-mentioned one-round multi-party key exchange protocol based on multi-linear mapping.
According to the non-transitory computer readable storage medium of an embodiment of the present invention, when the computer program stored thereon is executed by the processor, each participant generates and issues respective common parameters using an initialization algorithm of a new randomization structure, then constructs and issues a multi-linear mapping according to the common parameters according to the new randomization method, then generates a key of each participant according to the multi-linear mapping, and finally generates a shared key according to the key, so that each participant exchanges information according to the shared key, thereby constructing the multi-linear mapping based on the randomization method and generating a key exchange protocol based on the multi-linear mapping, so that each participant can exchange information safely, efficiently and safely.
In addition, the invention also provides a computer device, when the processor runs the computer program stored in the memory, each participant uses the initialization algorithm of the new randomization structure to generate and distribute respective public parameters, then constructs and distributes a multi-linear mapping according to the public parameters and the new randomization method, then generates a secret key of each participant according to the multi-linear mapping, and finally generates a shared secret key according to the secret key, so that each participant can exchange information according to the shared secret key, thereby constructing the multi-linear mapping based on the randomization method and generating a secret key exchange protocol based on the multi-linear mapping, so that each participant can exchange information safely, efficiently and safely.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (6)

1. A round of multi-party key exchange protocol based on multi-linear mapping, comprising the steps of:
each participant generates respective public parameters by using an initialization algorithm of the new randomized structure and issues the parameters;
constructing and releasing the multi-linear mapping according to the common parameters and a new randomization method;
generating a key of each participant according to the multi-linear mapping;
and generating a shared key according to the key so that the participants exchange information according to the shared key.
2. A round of multi-party key exchange protocol based on multi-linear mapping according to claim 1, wherein constructing and publishing the multi-linear mapping according to the common parameters by a new randomization method comprises:
generating a level 1 code from the common parameters;
constructing a code addition algorithm, a code multiplication algorithm, a '0' test algorithm and an extraction algorithm to construct the multi-linear mapping.
3. A round of multi-party key exchange protocol based on multi-linear mapping as claimed in claim 1, wherein the secret key includes a public key and a private key, and the generation of the secret key of each party according to the multi-linear mapping includes:
selection element of t-th square Gaussian sample dt,j}j∈[τ]And will { dt,j}j∈[τ]As a private key, it is kept secret, wherein,
Figure FDA0002924764960000011
τ is the number of k-level codes in the common parameter,
Figure FDA0002924764960000014
to generate the gaussian sampling parameters in the 1-level coding algorithm,
Figure FDA0002924764960000012
is an integer ring;
the tth party issues the level 1 code as a public key.
4. A round of multi-party key exchange protocol based on multi-linear mapping according to claim 3, wherein generating a shared key according to the key comprises:
the t-th side produces a k-level encoded u'tWherein, in the step (A),
Figure FDA0002924764960000013
urfor 1-level coding, q is integer modulo,
Figure FDA0002924764960000022
an enumeration set of all coding layer numbers;
the tth square is according to the formula
Figure FDA0002924764960000021
Extracting the shared secret sktWhere par is the common parameter, { dt,j}j∈[τ]Is the private key, u'tEncoding the kappa-level.
5. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements a round of multi-party key exchange protocol based on multi-linear mapping according to any of claims 1-4.
6. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a round of multi-party key exchange protocol based on multi-linear mapping according to any of claims 1-4 when executing the program.
CN202110135065.7A 2021-01-29 2021-01-29 One-round multi-party key exchange protocol based on multi-linear mapping Pending CN112968878A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110135065.7A CN112968878A (en) 2021-01-29 2021-01-29 One-round multi-party key exchange protocol based on multi-linear mapping

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110135065.7A CN112968878A (en) 2021-01-29 2021-01-29 One-round multi-party key exchange protocol based on multi-linear mapping

Publications (1)

Publication Number Publication Date
CN112968878A true CN112968878A (en) 2021-06-15

Family

ID=76272691

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110135065.7A Pending CN112968878A (en) 2021-01-29 2021-01-29 One-round multi-party key exchange protocol based on multi-linear mapping

Country Status (1)

Country Link
CN (1) CN112968878A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363858A (en) * 2022-03-21 2022-04-15 苏州浪潮智能科技有限公司 Conversation and registration method, system and related components of cellular internet of vehicles cooperative communication

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090154711A1 (en) * 2007-12-18 2009-06-18 Jho Namsu Multi-party key agreement method using bilinear map and system therefor
US20120300930A1 (en) * 2011-05-25 2012-11-29 Charanjit Jutla Single-Round Password-Based Key Exchange Protocols
CN105024822A (en) * 2015-07-13 2015-11-04 西安理工大学 Identify-based encryption method from multilinear mapping
CN105162573A (en) * 2015-07-13 2015-12-16 西安理工大学 Attribute encryption method based on multi-linear mapping and achieving strategy of secret key revocation in an authority separating way

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090154711A1 (en) * 2007-12-18 2009-06-18 Jho Namsu Multi-party key agreement method using bilinear map and system therefor
US20120300930A1 (en) * 2011-05-25 2012-11-29 Charanjit Jutla Single-Round Password-Based Key Exchange Protocols
CN105024822A (en) * 2015-07-13 2015-11-04 西安理工大学 Identify-based encryption method from multilinear mapping
CN105162573A (en) * 2015-07-13 2015-12-16 西安理工大学 Attribute encryption method based on multi-linear mapping and achieving strategy of secret key revocation in an authority separating way

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
古春生等: "基于新"0"测试参数的理想格上多线性映射", 《计算机学报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114363858A (en) * 2022-03-21 2022-04-15 苏州浪潮智能科技有限公司 Conversation and registration method, system and related components of cellular internet of vehicles cooperative communication

Similar Documents

Publication Publication Date Title
Smart et al. Fully homomorphic SIMD operations
Rane et al. Privacy-preserving nearest neighbor methods: Comparing signals without revealing them
JP2007510947A (en) Method and apparatus for efficient multi-party multiplication
JP6974461B2 (en) Methods and systems for advanced data-centric cryptographic systems using geometric algebra
CN112769542B (en) Multiplication triple generation method, device, equipment and medium based on elliptic curve
CN115659409A (en) Financial asset transaction data safe storage method
Pilaram et al. A lattice-based changeable threshold multi-secret sharing scheme and its application to threshold cryptography
Reyad et al. Image encryption using koblitz’s encoding and new mapping method based on elliptic curve random number generator
Galbraith Space-efficient variants of cryptosystems based on learning with errors
CN112968878A (en) One-round multi-party key exchange protocol based on multi-linear mapping
CN110071796B (en) Computing method based on shared secret
CN112395636B (en) Power grid data encryption model training method, system, storage medium and equipment
Dowerah et al. Towards an efficient LWE‐based fully homomorphic encryption scheme
Mullan Some results in group-based cryptography
Jarin et al. Natural and medical image encryption using self-adaptive permutation and DNA encoding
CN112182610A (en) Image encryption method, device, equipment and storage medium
Kahrobaei et al. Public key exchange using extensions by endomorphisms and matrices over a Galois field
WO2016034912A1 (en) Method and apparatus for scalar multiplication secure against differential power attacks
CN104601323B (en) Solves the method for socialism millionaires&#39; problem based on BDD
Chum et al. The Latin squares and the secret sharing schemes
Shah et al. Prediction error expansion‐based reversible data hiding in encrypted images with public key cryptosystem
Patel et al. A novel verifiable multi-secret sharing scheme based on elliptic curve cryptography
WO2022172041A1 (en) Asymmetric cryptographic schemes
JP2005506585A (en) Cryptographic communication method with public key mainly composed of braid group
CN109409106B (en) Novel Shannon perfect secrecy method of infinite alphabet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210615

RJ01 Rejection of invention patent application after publication