CN113660083B - Symmetric key generation method based on shared knowledge - Google Patents

Symmetric key generation method based on shared knowledge Download PDF

Info

Publication number
CN113660083B
CN113660083B CN202110926170.2A CN202110926170A CN113660083B CN 113660083 B CN113660083 B CN 113660083B CN 202110926170 A CN202110926170 A CN 202110926170A CN 113660083 B CN113660083 B CN 113660083B
Authority
CN
China
Prior art keywords
message
communication
matching
matrix
prime
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110926170.2A
Other languages
Chinese (zh)
Other versions
CN113660083A (en
Inventor
陈何雄
吴佳平
张振红
罗震宇
郭威
谢林江
杭菲璐
毛正雄
何映军
韦云凯
杨宁
李良
许茂林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Center of Yunnan Power Grid Co Ltd
Original Assignee
Information Center of Yunnan Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Center of Yunnan Power Grid Co Ltd filed Critical Information Center of Yunnan Power Grid Co Ltd
Priority to CN202110926170.2A priority Critical patent/CN113660083B/en
Publication of CN113660083A publication Critical patent/CN113660083A/en
Application granted granted Critical
Publication of CN113660083B publication Critical patent/CN113660083B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention discloses a symmetric key generation method based on shared knowledge, which comprises three parts, namely an effective message matching mechanism, a shared knowledge generation mechanism and a prime number calculation and key negotiation mechanism. Aiming at the problem that a man-in-the-middle attack exists when a key negotiation protocol generates a symmetric key in a communication network, the invention designs a brand-new key generation and negotiation mechanism, avoids the defects of the prior method, and has important significance for ensuring the safe and reliable performance of various communication behaviors.

Description

Symmetric key generation method based on shared knowledge
Technical Field
The invention relates to the field of communication network security, in particular to a symmetric key generation method based on shared knowledge.
Background
In recent years, data encryption technology has been rapidly developed and widely used in communication data security. Among them, secure key agreement is one of the key directions of current research, which ensures the security of data when the communication network transmits by generating a symmetric key for data encryption using a key agreement protocol.
Currently, the main protocol of key agreement and exchange is the DHKE (Diffe-Hellman Key Exchange) protocol and its series of modified protocols, such as elliptic curve DHKE (Elliptic Curve Diffie-Hellman Key Exchange, EC-DHKE). In these protocols, because both communication parties rely on sharing large prime numbers to generate keys, after stealing the large prime numbers sent by one party, the intermediate party can impersonate the other party to continue key negotiation; at the same time, the middleman may send a new large prime number to the other party and the other party generates a new key. Currently, aiming at man-in-the-middle attack, an asymmetric encryption method is mainly adopted to encrypt or sign key information, so that the security of the key information in the transmission and exchange process is ensured. However, this approach requires a trusted third party authority for ensuring efficient operation of the public key infrastructure. Moreover, in the case that the private key also has a risk of leakage, the mechanism cannot guarantee the forward security of the key negotiation information transmission process, and encryption will bring a great amount of computational burden and time delay overhead. In addition, methods such as byte stream, cyclic redundancy check (Cylic Redundacy Check, CRC) verification and the like can be used for preventing the key negotiation information from being tampered, but both communication parties need to establish a secure channel or update verification parameters in real time.
Therefore, a brand new key generation and negotiation mechanism is designed for solving the problem of man-in-the-middle attack when a key negotiation protocol generates a symmetric key in a communication network, so that the defects of the existing method are avoided, and the method has important significance for ensuring the safe and reliable performance of various communication behaviors.
Disclosure of Invention
The present invention is directed to a symmetric key generation method based on shared knowledge, so as to solve the problems set forth in the background art.
In order to solve the technical problems, the whole technical scheme of the invention consists of three parts, namely an effective message matching mechanism, a common knowledge generating mechanism and a prime number calculation and key negotiation mechanism. The communication parties use the communication data of the MAC layer in the network protocol as the input data of the proposal, and the data frame of the MAC layer comprises static contents such as destination MAC address, source MAC address, frame type and the like, and dynamic contents such as data message, check code and the like. The MAC layer historical communication data frame is a data shared by both communication parties, and both parties can obtain the same knowledge, i.e. common knowledge, of the communication interaction process after calculating the data. Because the problems of loss, disorder and the like often exist in the transmission process of the MAC layer data frame, the same MAC layer message can be ensured when both communication parties calculate common knowledge; the communication process is divided into communication periods according to the number of the messages, and the two communication parties obtain effective messages required by generating common knowledge from the communication messages generated in the communication periods through an effective message matching mechanism. In the common knowledge generation mechanism, the communication parties can quickly calculate the common knowledge from the effective information, and can carry out consistency verification on the common knowledge without revealing the common knowledge. In prime number calculation and key negotiation mechanism, the communication parties generate large prime numbers by using common knowledge and use the large prime numbers as prime numbers required by key negotiation by using a DHKE protocol, so that man-in-the-middle attack caused by transmission of large prime numbers when the DHKE protocol is executed is resisted, and the safety of the symmetric key generation process is ensured.
The invention adopts the following specific scheme that the symmetric key generation method based on shared knowledge comprises the following steps:
s1: match "valid message":
s11: confirm entry into the "new communication cycle";
s12: when the historical communication information is accumulated to the number required by the communication period, ending the new communication period;
s13: matching the historical communication messages in the new communication period, and obtaining effective messages according to a matching result to enter common knowledge generation;
before each new communication period starts, the two communication parties perform interaction once, and confirm to enter the new communication period; then, the two parties start to send messages to each other, and when the history communication message of one party is accumulated to the number required by the communication period, the new communication period is ended; after carrying out full message hash matching or partial message hash matching on the messages in the communication cycle, the two parties obtain effective messages or start the next communication cycle.
S2: generating common knowledge:
s21: the method comprises the steps of (1) sorting effective messages obtained from historical communication messages;
s22: extracting attributes of the tidied effective message;
S23: calculating a common knowledge matrix by using the attribute data to obtain a characteristic value and a characteristic vector;
s24: carrying out consistency verification on the shared knowledge by using the feature vector to finish the generation of the shared knowledge;
the communication parties arrange the effective information into a sending information and a receiving information, and extract the attributes from the data frames of the sending information and the receiving information, so as to obtain a direct attribute matrix and an indirect attribute matrix of the sending information and the receiving information respectively; then calculating a sending message matrix and a receiving message matrix, fusing the two matrices to obtain a knowledge matrix, and then calculating a common knowledge matrix by the knowledge matrix; finally, the 'shared knowledge matrix' is a real symmetric matrix, which can be used for carrying out eigenvalue solving and eigenvector decomposition, and then carrying out consistency verification on shared knowledge of both parties by using eigenvectors.
S3: generating a symmetric key:
s31: primitizing the characteristic value to obtain a factor base;
s32: calculating the factor base to obtain prime factors required by large prime numbers G and P, and calculating the large prime numbers G and P;
s33: executing a DHKE protocol according to the big prime numbers G and P to generate a symmetric key;
the eigenvalues of the shared knowledge matrix are used for prime number calculation to complete key negotiation. Firstly, priming the characteristic value to obtain a factor base; then carrying out repeated iterative computation on the factor base according to a factor base updating algorithm to obtain prime factors required by computing big prime numbers G and P, and then computing the big prime numbers G and P meeting the requirements; and finally, the two communication parties execute the DHKE protocol to generate a symmetric key according to the large prime number obtained from the shared knowledge, and the message authentication code (Message verification code, mac) is used for ensuring that the message key negotiation is not tampered in the communication process.
Further, the effective message matching mechanism further includes a process of accumulating the number of the "communication messages" from zero to N as a communication period, each of the "communication messages" being M i (i∈[1,N]) The maximum 'partial message' matching number is T max The steps for performing the effective message matching are as follows:
when executing S11, the communication period is the number of the history communication messages is accumulated from zero to n 1 Each of the "history communication messages" is M i The matching of the history communication message is divided into a full message matching and a partial message matching, and the maximum partial message matching times are T max The steps for matching the effective message are as follows:
when executing S11, the communication both sides agree on a new communication period, the communication initiator sends a communication period starting request to the receiver, the receiver replies the request after receiving the request, and confirms to enter the new communication period, and the initiator starts to send a new message;
when executing S12, the two communication parties perform normal communication, accumulate 'history communication messages', and when the number of the 'history communication messages' of one party reaches N, the 'new communication period' is ended;
When executing S13, the communication party sends a matching request of 'full message' to the other party, and if the matching of 'full message' is successful, common knowledge generation is entered;
if the matching of the whole message is unsuccessful, selecting a part of message by using a sampling function F (x) to match, and if the matching is successful, taking the part of message as an effective message for generating common knowledge;
if T is performed max And if the partial message is unsuccessful after the matching, the data in the period is not used for common knowledge generation, and the next communication period starts to be entered.
Further, the "new communication cycle" protocol is as follows:
before entering a new communication period, the initiator sends a communication period start request to the receiver, and the request content contains the following elements: srcMAC, dstMAC, genSeq, msgNum and RetryCount, where SrcMAC is the MAC address of the "initiator", dstMAC is the MAC address of the "receiver", genSeq represents the shared knowledge generation sequence number, msgNum represents the messages shared by both parties entering the shared knowledge generation, msgNum is dynamically adjustable with the communication frequency during the communication, and RetryCount represents the number of times T of matching of the "partial message" at most when matching of the "full message" is unsuccessful entering the shared knowledge generation max After the receiving party receives the communication cycle starting request of the initiating party, the receiving party replies to the initiating party with a flag bit to indicate the confirmation start, so that the two communicating parties confirm the start of the new communication cycle.
Further, the matching request of the full message matching and the partial message matching comprises the following elements: srcMAC, dstMAC, matFlag, staAbs, endAbs, funPam and MatHash;
the MatFlag is a matching request flag for distinguishing a 'full message' matching request and a 'partial message' matching request, the stabbs is summary information of an initial message, the EndAbs is summary information of a termination message, the FunPam is a parameter of a sampling function F (x), the 'partial message' matching request is used for a receiver to sample a message from a history message thereof, and the design principle of the sampling function F (x) is that at T ma Reducing the probability of message overlapping of each sampling and single message occurrence in two hash comparison in the hash matching, wherein MatHash is' full messageHash value Hash (M 1 ,M 2 ,…,M N ) Or "partial message" HaSh value HaSh (F (M 1 ,M 2 ,…,M N ) For "full message" matching or "partial message" matching; when the two communication party messages are matched, a hash value Prvhash is obtained from the historical messages according to MatFlag, staAbs, endAbs and FunPam in a matching request, if the result of hash comparison between Prvhash and MatHash is true, the matching is successful, otherwise, the matching is failed.
Further, the process of generating the shared knowledge includes "effective message" sorting, attribute extraction, shared knowledge calculation and consistency verification, wherein the "effective message" is divided into "receiving message" and "sending message", the "receiving message" and the "sending message" generated in the communication process have R shares and s shares respectively, wherein R is more than or equal to 0 and is an integer, s is more than or equal to 0 and is an integer, the number of "direct attributes" and the number of "indirect attributes" extracted from the "receiving message" and the "sending message" are q and p respectively, q is more than 0 and is an integer, p is more than or equal to 0 and is an integer, the "direct attributes" is DA, the "indirect attributes" are IA, and the value R of the random code is included, wherein R is more than 0 and is an integer, the content D and the content length L in the data message are more than or equal to 0 and are integers.
Further, when attribute extraction is performed:
when extracting the direct attribute from each data frame of the sending message and the receiving message, the object is the data which can be directly obtained after the decryption and frame removal of the static content and the dynamic content by byte length and fixed field content of the static content and the dynamic content;
the data obtained after sampling the dynamic content is used as an indirect attribute, and in order to ensure the randomness of the data of the indirect attribute, the two communication parties can randomly sample the data message to obtain the indirect attribute;
The sampling mechanism is as follows:
when L is less than or equal to p, if i is less than or equal to L, IA i =D i Otherwise IA i When the number of bytes in the data packet is less than the number of samples, =0, allBytes are all used as attributes, and the rest parts are filled with zeros;
when L > p, grouping D and sampling data, wherein the number of bytes in each group isWherein->For the downward rounding operation, the random code has R=1 when ζ=1, and has +.>IA then i =D i Wherein imod ζ=r and i ζ++p, i.e. when the number of bytes in the data packet can support random sampling, the value of the random code can be readjusted according to the number of packets ζ, and data sampling is uniformly performed from the data packet.
Further, in performing the shared knowledge calculation:
the direct attribute data in the data frame corresponding to the "send message" and the "receive message" can form a direct attribute vectorIndirect attribute data may constitute an indirection attribute vector +.>And q < p, the direct attribute vector and the indirect attribute vector in m data frames can respectively form a direct attribute matrix U of m rows and q columns and an indirect attribute matrix V of m rows and p columns,
from U and V, a message matrix W is obtained q*p A message matrix W of q rows and p columns,
the communication double-side can obtain a receiving message matrix W from r receiving messages and s sending messages R And a transmission message matrix W S The corresponding elements in the two matrixes are weighted and summed to obtain a knowledge matrix K of q rows and p columns,
multiplying the knowledge matrix K with the transposed matrix to obtain a q-row q-column shared knowledge matrix K' which is a square matrix,
after solving the eigenvalue and eigenvector of the shared knowledge matrix K', a set lambda= [ lambda ] consisting of eigenvalues can be obtained 1 ,λ 2 ,…,λ q ]And corresponding feature vector sets
Further, when the common knowledge is subjected to consistency verification:
the K' is a real symmetric matrix, and one communication party sends a verification matrix eta composed of partial eigenvectors and a value H for carrying out hash on the rest eigenvectors to the other party to form common knowledge consistency verification information; the communication sender randomly selects n (n is not less than 1 and not more than q ', q' =q/2) eigenvectors from the eigenvector set gamma to form a matrix Is a feature vector randomly selected from gamma; and γ 'is the remaining q-n eigenvectors in γ arranged in the eigenvalue size, h=hash (γ'); the communication receiver receives eta 1 After that, gamma and eta are used 1 MultiplicationThe matrix p is then obtained and,
the eigenvectors corresponding to different eigenvalues have mutually orthogonal relations, so that only n values which are not zero are arranged in eta, each column only has one value which is not zero, if eta ij Not equal to 0, thenAnd->The "receiver" is based on n->The vector can obtain a matrix gamma ', the H is verified after the gamma' is hashed, and if the conditions are met, the receiver can determine that the common knowledge generated by the initiator is the same as the common knowledge of the receiver; the "receiver" will extract n '(1. Ltoreq. N'. Ltoreq.q-n) eigenvectors from the remaining q-n eigenvectors to form a verification matrix η 2 And obtaining the hash value H' to form consistency verification information, and after the consistency verification information is sent to the initiator, the initiator carries out consistency verification on the common knowledge calculated by the receiver according to the method.
Further, the symmetric key generation includes a eigenvalue set λ= { λ of a common knowledge matrix K 1 ,λ 2 ,…,λ q Factor b= { B } 1 ,b 2 ,…,b q The bit numbers of the big prime numbers G and P are respectivelyAnd->The random number required by the device to execute the DHKE protocol is R, the public number of the key negotiation process is X, and the DHKE algorithm is used for obtainingThe symmetric Key is a Key.
Further, the "eigenvalue" is primitized, and when the eigenvalue of the common knowledge matrix K' is not prime, the eigenvalue is lambda i Finding a distance eigenvalue lambda greater than and equal to a distance eigenvalue lambda using Miller-Rabin algorithm i The nearest prime number;
if lambda is i Odd and not prime, let lambda i =λ i +2, if lambda is detected i I+1 if the number is prime, otherwise, continuing searching;
if lambda is i Is even, let lambda i =λ i +1, then lambda is added i Processing according to an odd number;
when all the eigenvalues are replaced by prime numbers, the prime numbers are arranged in ascending order to obtain an initial factor base B 0 ={b 1 ,b 2 ,…,b q }。
Further, the ' factor base ' update utilizes Miller-Rabin algorithm to search and detect prime numbers, so that large prime numbers meeting requirements can be obtained when two communication parties perform key negotiation, and prime numbers in the factor base are updated to obtain b ' i Wherein i.epsilon.1, q]Calculate b' i The formula of (2) is:
if b 'is judged by Miller-Rabin algorithm' i Not prime, let b' i =b′ i +2, up to b' i Is prime; at b q After the calculation is completed, the updating of the factor base of the round is finished;
after each round of updating the factor base, judging whether the calculated prime number digit of the next round is larger than the digit of the large prime number, and ending the factor base updating when the digit in the factor base exceeds the large prime number digit; at the same time, b in the cause number base is reserved q For final large prime number calculation.
Further, after the factor base is updated, the prime number digit range in the factor base of the next round is calculated, and the digit of the integer is calculated The formula isWherein->Representing an upward rounding operation;
the number of bits of the new prime number isAnd->
If it isContinuously updating the factor base;
if it isWhen the prime number P is calculated, the prime number P is calculated by using the prime numbers generated in the process of updating the factor base;
using the last round factor base B e Updating the calculated prime numbers and the last big prime number b in each previous factor base updating process i,q Constructing a direct factor base B for calculating a large prime number P byCan obtain B e The prime factor of the intermediate energy used for calculating P is defined by +.>Can obtain theta i Each is b i,q The prime factor of (2) can be expressed as:
obtaining odd number P ', judging the primality of P' by using Miller-Rabin algorithm if the primality is notPrime numbers, let P ' =p ' +2 until P ' is prime; due toThe factor base B may be updated continuously as described above, and G may be calculated.
Further, when the two communication parties execute the DHKE protocol by using the big primes G and P, the two communication parties generate R 1 And R is R 2 Number of disclosures calculated by "initiatorAnd generates a message authentication code Mac by utilizing the data obtained by hashing the shared knowledge matrix K 1→2 Will disclose the number X 1 With Mac 1→2 Send to the "receiver";
the "receiver" receives and verifies Mac 1→2 After that, the disclosure number is calculatedAnd calculates the message authentication code Mac 2→1 And Mac is combined with 2→1 And X 2 Together to the "initiator";
after the receiver and the initiator verify that the Max value is true by using the shared knowledge matrix K', the receiver and the initiator are respectively composed ofAnd->And calculating a symmetric key to complete key negotiation.
The invention has the beneficial effects that: the method of the invention generates the common knowledge through the historical communication information and then generates the symmetric key through the DHKE protocol, thereby expanding the function of the historical communication information and improving the security when the DHKE protocol is used for generating the symmetric key negotiation. The method has a certain generalization capability and is suitable for different DHKE protocols, so that the application field of the method is expanded.
Drawings
FIG. 1 is a valid message matching flow diagram;
FIG. 2 is a shared knowledge generation flow diagram;
fig. 3 is a key agreement flow chart.
Detailed Description
The present invention will be further explained below with reference to the drawings in order to facilitate understanding of technical contents of the present invention to those skilled in the art.
Because the problem of man-in-the-middle attack can be suffered when large prime numbers are shared in the DHKE protocol exists, the invention designs a symmetric key generation method based on shared knowledge, communication parties firstly obtain effective information from a communication period, then generate shared knowledge based on the effective information, generate large prime numbers by using the shared knowledge after consistency verification, and finally generate a symmetric key by using the DHKE protocol, and the technical scheme is specifically described as follows:
Efficient message matching mechanism
The invention calculates by utilizing the message content accumulated in the communication process, and the communication parties can not obtain effective messages from the transmitted messages by means of retransmitting, reorganizing and the like of disordered and lost data frames, and can not cut in and change the mechanism and the process of communication. Therefore, it is necessary to ensure consistency of local messages on the basis of unreliable global data frames and to generate common knowledge of both parties based on such consistency. Assuming that the two parties performing communication are the device 1 and the device 2, the process of accumulating the number of the communication messages from zero to N is one communication period, and each communication message uses M i Representing that the maximum part of the message is matched with the number of times T max The process of matching the effective message is shown in fig. 1, and the steps are as follows:
step1: the equipment 1 and the equipment 2 agree on a new communication period, a communication initiator sends a communication period starting request to an opposite side, the opposite side replies the request after receiving the request, and then a sender starts to send a new message;
setp2: the device 1 and the device 2 perform normal communication, accumulate historical messages, and when the number of messages of one party reaches N, the communication period is ended;
setp3: the apparatus 1 or the arrangement The standby 2 sends a full message matching request to the opposite side, and if the full message matching is successful, common knowledge generation is entered; otherwise, selecting part of the information by using F (x) function to match, if the matching is successful, using the part of the information as effective information for generating common knowledge; if T is performed max And if the matching of the secondary part of the message is unsuccessful, the data in the period is not used for generating common knowledge, and the step1 is switched.
The following is a specific description of some of the content in the effective message matching mechanism:
(1) New communication cycle protocol
If the device 1 is a communication initiator, before entering a new communication period, the device 1 sends a communication period start request to the device 2, where the request content includes the following elements: srcMAC, dstMAC, genSeq, msgNum, retryCount the number of the individual pieces of the plastic,
where SrcMAC represents the MAC address of the device 1; dstMAC represents the MAC address of device 2; genSeq represents a shared knowledge generation sequence number and uniquely identifies the process and result of the current shared knowledge generation; msgNum represents that in the round of shared knowledge generation, the MsgNum needs to be based on the information shared by two parties, and can be dynamically adjusted along with the communication frequency in the communication process; the retryCount represents the maximum number T of partial message matching when the matching of the full message is unsuccessful in the generation process of the round of common knowledge max It may be adjusted in connection with a particular communication scenario. After receiving the request for starting the communication cycle of the device 1, the device 2 replies to the device 1 with a flag indicating that the communication cycle is started, so that both sides can confirm that the communication cycle is started.
(2) Message matching
When matching the messages in the communication period, the matching request is divided into a full message matching request and a partial message matching request, and the matching request comprises the following elements: srcMAC, dstMAC, matFlag, staAbs, endAbs, funPam, matHash the number of the individual pieces of the plastic,
wherein MatFla is a matching request flag for distinguishing a full message matching request from a partial message matching request, staabs is summary information of an initial message, endAbs is summary information of a terminating message, and the summary information is unique, such as composed of a random code and a checksum in the messageAn information pair; funPam is a parameter of a sampling function F (x), and is used for enabling a receiver to sample messages from accumulated messages in a part of message requests, and is null in a full message matching request; matHash is the Hash value Hash (M 1 ,M 2 ,…,M N ) Or Hash value Hash of a partial message (F (M 1 ,M 2 ,…,M N ) For full message matching or partial message matching.
When the messages of the equipment 1 and the equipment 2 are matched, a hash value Prvhash is obtained from the accumulated messages according to MatFlag, staAbs, endAbs and FunPam in the matching request, and if the hash comparison result of the Prvhash and the MatHash is true, the matching is successful; otherwise, the matching fails. The hash comparison is to compare whether the character content in Prvhash and MatHash are identical.
(3) Sampling function F (x)
The design principle of F (x) function is to ensure that the function is at the expected T max In the double hash control, the messages sampled each time are overlapped as little as possible, and the probability that a single message appears in the double hash control is as small as possible. The simple design of F (x) can be a step function, such as F (x) =a×i+1, a=2, 3,4, etc., where a is a value corresponding to M, T set in the communication cycle of the present round max Correlation; f (x) may also be other well-designed functions, depending on the actual requirements.
When T is performed max And when the hash comparison is not consistent, the group of communication messages are seriously lost and disordered, the establishment of common knowledge cannot be realized at lower cost, and the round of verification is ended. The subsequent communication process adopts the key generated in the previous round to communicate, and the new round of effective message matching process is restarted based on the subsequent communication messages of the two parties.
Shared knowledge generation mechanism
The invention has four processes of generating common knowledge from the historical communication information, namely, the arrangement of the historical communication information (effective information), the extraction of attributes, the calculation of the common knowledge and the consistency verification. It is assumed that R parts and s parts of messages received and sent by a device generated in the communication process are respectively provided, the number of direct attributes and the number of indirect attributes extracted from each part of messages are respectively q and p, the value of a random code is R, the content in a data message is D, the content length is l, the direct attribute is DA, and the indirect attribute is IA. The flow of shared knowledge generation is shown in fig. 2, and the steps are as follows:
step1: the device 1 and the device 2 sort the historical communication messages at the same time;
step2: device 1 and device 2 simultaneously perform attribute extraction from the historical communication message;
step3: the equipment 1 and the equipment 2 simultaneously use attribute data to calculate a common knowledge matrix, and obtain characteristic values and characteristic vectors;
step4: the device 1 and the device 2 randomly select some characteristic vectors from the characteristic vector set to form a verification matrix and send the verification matrix to each other;
stue 5: the device 1 and the device 2 judge whether the common knowledge is consistent and whether the message is tampered or not, and complete the generation of the common knowledge;
the specific steps of the shared knowledge generation mechanism are described as follows:
(1) Attribute extraction
When extracting the direct attribute from the data frame of each communication message, the object-oriented data can be obtained directly after the two parties of communication decrypt and frame-break, such as byte length and fixed field content in static content and dynamic content.
The data obtained after sampling the dynamic content is used as the indirect attribute, and in order to ensure the randomness of the indirect attribute data, the two communication parties can randomly sample the data message to obtain the indirect attribute. The sampling mechanism is as follows: when l is less than or equal to p, if i is less than or equal to l, IA i =D i Otherwise IA i When the number of bytes in the data packet is less than the number of samples, all bytes are used as attributes, and the rest is zero padding; when l > p, grouping D and sampling data, each group of bytes is as follows Wherein the method comprises the steps ofTo take the whole down operationThe random code has R=1 when ζ=1, and has +.>IA then i =D i Wherein imod ζ=r and i ζ++p, i.e. when the number of bytes in the data packet can support random sampling, the value of the random code is readjusted according to the number g of packets, so that data sampling can be uniformly performed from the data packet.
(2) Shared knowledge calculation
Assuming that the direct attribute data in the corresponding data frame of each message can form a direct attribute vectorIndirect attribute data may constitute an indirection attribute vector +.>And q < p, the direct attribute vector and the indirect attribute vector in m data frames can respectively form a direct attribute matrix U of m rows and q columns and an indirect attribute matrix V of m rows and p columns,
from U and V a message matrix W of q rows and p columns is obtained,
the meaning of the message matrix W is to project the indirect properties into the space corresponding to the direct properties. The device can obtain a receiving message matrix W from r receiving messages and s valid transmitting messages R And a transmission message matrix W S The corresponding elements in the two matrixes are weighted and summed to obtain a knowledge matrix K of q rows and p columns
The matrix K is not a square matrix, the eigenvalue cannot be directly obtained, the matrix K is multiplied by the transposed matrix of the matrix K to obtain a common knowledge matrix K' with q rows and q columns,
After the eigenvalue and eigenvector of the matrix K' are solved, a set lambda= [ lambda ] formed by the eigenvalues can be obtained 1 ,λ 2 ,…,λ q ]And corresponding feature vector setsλ and γ are used for large prime number generation and common knowledge consistency verification process.
(3) Consistency verification
As can be seen from the formula (4), if K' is a real symmetric matrix, the eigenvectors corresponding to different eigenvalues are mutually orthogonal, the eigenvectors do not participate in calculation of large prime numbers, and the eigenvalues cannot be reversely deduced by the eigenvectors, so that transmission of the eigenvectors in the communication network does not affect the security of the key negotiation process. If the device 1 firstly sends a verification matrix eta composed of partial feature vectors and a value H for hashing the rest feature vectors to the device 2, the shared knowledge consistency verification information is formed; the apparatus 1 randomly selects n from the feature vector set γ (1 n q ', q' =q2 feature vectors constitute a matrix η1=γ1'; γ2'; …; γn ', γi' are feature vectors randomly selected from γ, and γ 'is the feature vectors of which q-n are left in γ and are arranged in the size of the feature values, h=hash (γ').) the apparatus 2 receives η 1 After that, gamma and eta are used 1 The matrix p is obtained after multiplication,
the eigenvectors corresponding to different eigenvalues have mutually orthogonal relations, so that only n values which are not zero are arranged in eta, each column only has one value which is not zero, if eta ij Not equal to 0, thenAnd->Device 2 according to n->The vector may obtain a matrix γ ', and the verification of H is completed after hashing γ', and if the above condition is satisfied, the device 2 may determine that the common knowledge generated by the device 1 is the same as the common knowledge of itself. The device 2 then sets a verification matrix eta composed of n '(1. Ltoreq. N'. Ltoreq. Q-n) eigenvectors extracted from the remaining q-n eigenvectors 2 And the hash value H' is obtained to form consistency verification information, and after the consistency verification information is sent to the equipment 1, the equipment 1 carries out consistency verification on the shared knowledge calculated by the equipment 2 according to the method.
2. Big prime calculation and key negotiation mechanism
The large prime number calculation is divided into three parts of eigenvalue primitization, factor base update and large prime number calculation. Let the eigenvalues of the shared knowledge matrix K' be the set λ= { λ 1 ,λ 2 ,…,λ q The factor base is b= { B } 1 ,b 2 ,…,b q To calculate the big prime numbers G and P, the bit numbers of the big prime numbers G and P are respectivelyAnd->The random number required by the device executing the DHKE protocol is R, the public number of the Key negotiation process is X, and the symmetric Key is obtained by using the DHKE algorithm. The flow of big prime calculation and key negotiation is shown in fig. 3, and the steps are as follows:
step1: the device 1 and the device 2 prime the eigenvalue of the shared knowledge matrix K' to obtain an initial factor base which is all small prime numbers;
step2: the device 1 and the device 2 carry out iterative updating on the factor base, and large prime numbers P and G meeting the bit number requirement are calculated;
step3: the device 1 and the device 2 calculate key negotiation information and Mac in the DHKE protocol and send the key negotiation information and Mac to each other;
step4: if the equipment 1 and the equipment 2 verify Mac successfully, calculating a symmetric key, and finishing key negotiation; otherwise, the communication is terminated.
The specific steps of the large prime number calculation and key negotiation mechanism are described as follows:
(1) Prime primitization of eigenvalues
The eigenvalue of the shared knowledge matrix K' is not all prime numbers, prime numbers around the eigenvalue are needed to replace the eigenvalue generation factor base, and the eigenvalue lambda i Is a very small number relative to large primes G and P, and can be found to be larger than and at a distance lambda by using the Miller-Rabin algorithm i The nearest prime number. If lambda is i Odd and not prime, let lambda i =λ i +2, if lambda is detected i I+1 if the number is prime, otherwise, continuing searching; if lambda is i Is even, let lambda i =λ i +1, then lambda is added i Processed as an odd number. When all the eigenvalues are replaced by prime numbers, the prime numbers are arranged in ascending order to obtain an initial factor base B 0 ={b 1 ,b 2 ,…,b q }。
(2) Factor base update
The factor base updating algorithm of the invention utilizes the Miller-Rabin algorithm to search and detect prime numbers, so that large prime numbers meeting the requirements can be obtained when two communication parties carry out key negotiation. Updating prime numbers in the factor base to obtain b' i Wherein i.epsilon.1, q]Calculate b' i The formula of (2) is:
if b 'is judged by Miller-Rabin algorithm' i Not prime, let b' i =b′ i +2 up to b′ i Is prime; at b q After the calculation is completed, the update of the factor base of the round is finished. Because the nearest prime numbers with odd numbers are needed to be found from the formula (6), the subsequent prime numbers cannot be directly calculated by the initial factor base, and the safety of the calculation process of the large prime numbers can be improved. After each round of updating the factor base, judging whether the calculated prime number digit of the next round is larger than the digit of the large prime number, and ending the factor base updating when the digit in the factor base exceeds the large prime number digit; at the same time, b in the cause number base is reserved q For final large prime number calculation.
(3) Calculating large prime numbers
After the factor base is updated, the range of prime digits in the factor base of the next round can be calculated, and the digit calculation formula of the integer isWherein->Representing a rounding up operation. As can be seen from the prime number calculation formula (6), the number of bits of the new prime number is +. >And-> The prime number value after the factor base update depends on the prime factors, and the prime number bit number difference between each round of factor bases is huge. Since the number difference of the prime numbers in the initial coefficient base affects the number difference of the prime numbers in the coefficient base updated later, but the number difference between the prime numbers in the initial coefficient base is smaller, the number difference between the prime numbers calculated in each subsequent round of coefficient base updating is not large, if->In which f (b' q ) max For the next causeThe estimated value of the maximum prime number in the number base, delta is a bit error, is a small integer (such as 1,2, etc.), and indicates that the prime number calculated in the next round is far smaller than the large prime number P, and the factor base is continuously updated; if it isIndicating that the number of bits of P is less than b' q The update factor base is terminated and the prime number P is calculated using the prime number generated in the update factor base process.
Using the last round factor base B e Updating the calculated prime numbers and the last big prime number b in each previous factor base updating process i,q Can construct a direct factor base D for calculating a large prime number P, which is composed ofCan obtain B e The prime factor that can be used to calculate P is then calculated from +.>Can obtain theta i Each is b i,q The prime factor of (2) can be expressed as:
obtaining an odd number P ', and then judging the primality of the P ' by using a Miller-Rabin algorithm, and if the primality is not prime, making P ' =P ' +2 until the P ' is prime. Due to The factor base B may be updated continuously as described above, and G may be calculated.
(4) Key agreement
When two communication parties execute DHKE protocol by using big prime numbers G and P, firstly, both parties generate R 1 And R is R 2 Number of disclosures calculated by the apparatus 1And utilize common knowledge ofMatrix K' takes hashed data to generate message authentication code Mac 1→2 Then X is taken up 1 With Mac 1→2 To the device 2; the device 2 receives and verifies Mac 1→2 After that, the number of disclosures is calculated->Simultaneously calculating message authentication code Mac 2→1 And Mac is combined with 2→1 And X 2 Together to the device 1; after verifying that the Mac value is true by the device 2 and the device 1 using the shared knowledge matrix K', the two are respectively defined by +.>And->And calculating a symmetric key to complete key negotiation.
The foregoing describes the principles and embodiments of the present invention in detail using specific examples, which are only for aiding in understanding the core technical content of the present invention, and are not intended to limit the scope of the present invention, but the technical solutions of the present invention are not limited to the foregoing specific embodiments. Based on the above-mentioned embodiments of the present invention, any improvements and modifications made by those skilled in the art without departing from the principles of the present invention should fall within the scope of the present invention.

Claims (11)

1. The symmetric key generation method based on the shared knowledge is characterized by comprising the following steps:
s1: match "valid message":
s11: confirm entry into the "new communication cycle";
s12: when the historical communication information is accumulated to the number required by the communication period, ending the new communication period;
s13: matching the historical communication messages in the new communication period, and obtaining effective messages according to a matching result to enter common knowledge generation;
the communication period is the process of accumulating the number of the historical communication messages from zero to N, and each historical communication message is M i The matching of the history communication message is divided into a full message matching and a partial message matching, and the maximum partial message matching times are T max The steps for matching the effective message are as follows:
when executing S11, the communication both sides agree on a new communication period, the communication initiator sends a communication period starting request to the receiver, the receiver replies the request after receiving the request, and confirms to enter the new communication period, and the initiator starts to send a new message;
When executing S12, the two communication parties perform normal communication, accumulate 'history communication messages', and when the number of the 'history communication messages' of one party reaches N, the 'new communication period' is ended;
when executing S13, the communication party sends a matching request of 'full message' to the other party, and if the matching of 'full message' is successful, common knowledge generation is entered;
if the matching of the whole message is unsuccessful, selecting a part of message by using a sampling function F (x) to match, and if the matching is successful, taking the part of message as an effective message for generating common knowledge;
if T is performed max If the partial message is unsuccessful after matching, the data in the period is not used for generating common knowledge, and the next communication period is started;
the "new communication cycle" protocol is as follows:
before entering a new communication period, the initiator sends a communication period start request to the receiver, and the request content contains the following elements: srcMAC, dstMAC, genSeq, msgNum and RetryCount, the SrcMAC is the MAC address of the "initiator", the DstMAC is the MAC address of the "receiver", the GenSeq represents the shared knowledge generation sequence number, the MsgNum represents the message shared by both parties to enter the shared knowledge generation, and the MsgNum can follow the communication frequency in the communication process Dynamic adjustment, wherein the RetryCount represents the number T of partial message matching at most when the matching of the full message is unsuccessful in the common knowledge generation process max After receiving the communication cycle start request of the initiator, the receiver replies to the initiator with a flag bit to indicate the start of the confirmation, so that both communication parties confirm the start of the new communication cycle;
s2: generating common knowledge:
s21: the method comprises the steps of (1) sorting effective messages obtained from historical communication messages;
s22: extracting attributes of the tidied effective message;
s23: calculating a common knowledge matrix by using the attribute data to obtain a characteristic value and a characteristic vector;
s24: carrying out consistency verification on the shared knowledge by using the feature vector to finish the generation of the shared knowledge;
s3: generating a symmetric key:
s31: primitizing the characteristic value to obtain a factor base;
s32: calculating the factor base to obtain prime factors required by large prime numbers G and P, and calculating the large prime numbers G and P;
s33: the DHKE protocol is executed to generate symmetric keys from large primes G and P.
2. The method of claim 1, wherein the matching request for the "full message" match and the "partial message" match comprises the following elements: srcMAC, dstMAC, matFlag, staAbs, endAbs, funPam and MatHash;
The MatFlag is a matching request flag for distinguishing a 'full message' matching request and a 'partial message' matching request, the stabbs is summary information of an initial message, the EndAbs is summary information of a termination message, the FunPam is a parameter of a sampling function F (x), the 'partial message' matching request is used for a receiver to sample a message from a history message thereof, and the design principle of the sampling function F (x) is that at T max Secondary hashReducing the probability of message overlap per sample and single message occurrence in double Hash control in Hash matching, the MatHash being the Hash value Hash of "full message" (M 1 ,M 2 ,…,M N ) Or "partial message" (F (M) 1 ,M 2 ,…,M N ) For "full message" matching or "partial message" matching; when the two communication party messages are matched, a hash value Prvhash is obtained from the historical messages according to MatFlag, staAbs, endAbs and FunPam in a matching request, if the result of hash comparison between Prvhash and MatHash is true, the matching is successful, otherwise, the matching is failed.
3. The method of claim 1, wherein the generating the shared knowledge process includes "valid message" sorting, attribute extraction, shared knowledge calculation, and consistency verification, the "valid message" being divided into "received message" and "transmitted message", the "received message" and the "transmitted message" generated in the communication process having R shares and s shares, respectively, the number of "direct attributes" and the number of "indirect attributes" extracted from the "received message" and the "transmitted message" being q and p, respectively, the "direct attributes" being DA, the "indirect attributes" being IA, and further comprising a value R of a random code, a content D in the data message, and a content length L.
4. The method of claim 3, wherein the step of,
when extracting the attribute:
when extracting the direct attribute from each data frame of the sending message and the receiving message, the object is the data which can be directly obtained after the decryption and frame removal of the static content and the dynamic content by byte length and fixed field content of the static content and the dynamic content;
the data obtained after sampling the dynamic content is used as an indirect attribute, and in order to ensure the randomness of the data of the indirect attribute, the two communication parties can randomly sample the data message to obtain the indirect attribute;
the random sampling mechanism of the data message is as follows:
when L is less than or equal to p, if i is less than or equal to L, IA i =D i Otherwise IA i When the number of bytes in the data packet is less than the number of samples, all bytes are used as attributes, and the rest is zero padding;
when L > p, grouping D and sampling data, wherein the number of bytes in each group isWherein->For the downward rounding operation, the random code has R=1 when ζ=1, and has +.>IA then i =D i Where i mod ζ=r and i ζ+.p, i.e. when the number of bytes in the data packet can support random sampling, the value of the random code is readjusted according to the number of packets ζ, and data sampling is uniformly performed from the data packet.
5. The method of claim 4, wherein the step of determining the position of the first electrode is performed,
when performing the shared knowledge calculation:
the direct attribute data in the data frame corresponding to the "send message" and the "receive message" can form a direct attribute vectorIndirect attribute data may constitute an indirection attribute vector +.>And q < p, the direct attribute vector and the indirect attribute vector in m data frames can respectively form a direct attribute matrix U of m rows and q columns and an indirect attribute matrix V of m rows and p columns,
from U and V a matrix W of q rows and p columns is obtained,
the communication double-side can obtain a receiving message matrix W from r receiving messages and s sending messages R And a transmission message matrix W S The corresponding elements in the two matrixes are weighted and summed to obtain a knowledge matrix K of q rows and p columns,
multiplying the knowledge matrix K with the transposed matrix to obtain a q-row q-column shared knowledge matrix K' which is a square matrix,
after solving the eigenvalue and eigenvector of the shared knowledge matrix K', a set lambda= [ lambda ] consisting of eigenvalues can be obtained 1 ,λ 2 ,…,λ q ]And corresponding feature vector sets
6. The method of claim 5, wherein the step of determining the position of the probe is performed,
when the consistency verification is carried out on the shared knowledge:
the K' is a real symmetric matrix, and one communication party sends a verification matrix eta composed of partial eigenvectors and a value H for carrying out hash on the rest eigenvectors to the other party to form common knowledge consistency verification information; the communication sender randomly selects n (n is not less than 1 and not more than q ', q' =q/2) eigenvectors from the eigenvector set gamma to form a matrix Is a feature vector randomly selected from gamma; and γ 'is the remaining q-n eigenvectors in γ arranged in the eigenvalue size, h=hash (γ'); the communication receiver receives eta 1 After that, gamma and eta are used 1 The matrix p is obtained after multiplication,
the eigenvectors corresponding to different eigenvalues have mutually orthogonal relations, so that only n values which are not zero are arranged in eta, each column only has one value which is not zero, if eta ij Not equal toAnd->The "receiver" is based on n->The vector can obtain a matrix gamma ', the H is verified after the gamma' is hashed, and if the conditions are met, the receiver can determine that the common knowledge generated by the initiator is the same as the common knowledge of the receiver; the "receiver" will extract n '(1. Ltoreq. N'. Ltoreq.q-n) eigenvectors from the remaining q-n eigenvectors to form a verification matrix η 2 And obtaining the hash value H' to form consistency verification information, and after the consistency verification information is sent to the initiator, the initiator carries out consistency verification on the common knowledge calculated by the receiver according to the method.
7. The method according to claim 1, characterized in that the symmetric key generation comprises a set of eigenvalues λ= { λ of a common knowledge matrix K 1 ,λ 2 ,…,λ q Factor b= { B } 1 ,b 2 ,…,b q The bit numbers of the big prime numbers G and P are respectivelyAnd->The random number required by executing the DHKE protocol is R, the public number in the process of generating the symmetric Key is X, and the symmetric Key is Key obtained by a DHKE algorithm.
8. The method of claim 7, wherein "eigenvalues" are primed, and when the eigenvalues of the shared knowledge matrix K' are not all primes, let the eigenvalues be λ i Finding a distance eigenvalue lambda greater than and equal to a distance eigenvalue lambda using Miller-Rabin algorithm i The nearest prime number;
if lambda is i Odd and not prime, let lambda i =λ i +2, if lambda is detected i I+1 if the number is prime, otherwise, continuing searching;
if lambda is i Is even, let lambda i =λ i +1, then lambda is added i Processing according to an odd number;
when all the eigenvalues are replaced by prime numbers, the prime numbers are arranged in ascending order to obtain an initial factor base B 0 ={b 1 ,b 2 ,…,b q }。
9. The method according to claim 8, wherein: the ' factor base ' update utilizes Miller-Rabin algorithm to search and detect prime numbers, so that large prime numbers meeting requirements can be obtained when two communication parties carry out key negotiation, and prime numbers in the factor base are updated to obtain b ' i Wherein i.epsilon.1, q]Calculate b' i The formula of (2) is:
if b 'is judged by Miller-Rabin algorithm' i Not prime, let b' i =b′ i +2, up to b' i Is prime; at b q After the calculation is completed, the updating of the factor base of the round is finished;
after each round of updating the factor base, judging whether the calculated prime number digit of the next round is larger than the digit of the large prime number, and ending the factor base updating when the digit in the factor base exceeds the large prime number digit; at the same time, b in the cause number base is reserved q For final large prime number calculation.
10. The method according to claim 9, wherein after the factor base updating is completed, the range of prime numbers in the factor base of the next round is calculated, and the number of integers is calculated according to the formulaWherein->Representing an upward rounding operation;
the number of bits of the new prime number isAnd->
If it isContinuously updating the factor base;
if it isWhen the prime number P is calculated, the prime number P is calculated by using the prime numbers generated in the process of updating the factor base;
using the last round factor base B e Updating the calculated prime numbers and the last big prime number b in each previous factor base updating process i,q Constructing a direct factor base B for calculating a large prime number P byCan obtain B e The prime factor of the intermediate energy used for calculating P is defined by +.>Can obtain theta i Each is b i,q The prime factor of (2) can be expressed as:
obtaining an odd number P ', judging the primality of the P ' by using a Miller-Rabin algorithm, and if the primality is not prime, making P ' =P ' +2 until the P ' is prime; due to The factor base B may be updated continuously as described above, and G may be calculated.
11. The method according to claim 10, wherein: when the two communication parties execute the DHKE protocol by using big primes G and P, the two parties generate R 1 And R is R 2 Number of disclosures calculated by "initiatorAnd generates a message authentication code Mac by utilizing the data obtained by hashing the shared knowledge matrix K 1→2 Will disclose the number X 1 With Mac 1→2 Send to the "receiver";
the "receiver" receives and verifies Mac 1→2 After that, the disclosure number is calculatedAnd calculates the message authentication code Mac 2→1 And Mac is combined with 2→1 And X 2 Together to the "initiator";
after the common knowledge matrix K' is used for verifying Mac value as true by receiver and initiator, the two are respectively used for obtaining the true Mac valueAndand calculating a symmetric key to complete key negotiation.
CN202110926170.2A 2021-08-12 2021-08-12 Symmetric key generation method based on shared knowledge Active CN113660083B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110926170.2A CN113660083B (en) 2021-08-12 2021-08-12 Symmetric key generation method based on shared knowledge

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110926170.2A CN113660083B (en) 2021-08-12 2021-08-12 Symmetric key generation method based on shared knowledge

Publications (2)

Publication Number Publication Date
CN113660083A CN113660083A (en) 2021-11-16
CN113660083B true CN113660083B (en) 2023-08-04

Family

ID=78479582

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110926170.2A Active CN113660083B (en) 2021-08-12 2021-08-12 Symmetric key generation method based on shared knowledge

Country Status (1)

Country Link
CN (1) CN113660083B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007088514A (en) * 2005-09-16 2007-04-05 National Institute Of Information & Communication Technology Radio communication system and authentication method therein
CN108199850A (en) * 2018-01-19 2018-06-22 电子科技大学 A kind of Anonymous Secure certifiede-mail protocol method for NFC
CN111478911A (en) * 2020-04-10 2020-07-31 苏州极光无限信息技术有限公司 Instant messaging encryption method adopting lightweight key exchange algorithm
CN111682938A (en) * 2020-05-12 2020-09-18 东南大学 Three-party authenticatable key agreement method facing centralized mobile positioning system
CN112422276A (en) * 2020-11-04 2021-02-26 郑州信大捷安信息技术股份有限公司 Method and system for realizing multi-party key agreement

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4428036B2 (en) * 2003-12-02 2010-03-10 ソニー株式会社 Information processing apparatus and method, program, information processing system and method
WO2009056048A1 (en) * 2007-10-23 2009-05-07 Yao Andrew C Method and structure for self-sealed joint proof-of-knowledge and diffie-hellman key-exchange protocols
KR102042739B1 (en) * 2017-09-22 2019-11-08 서강대학교산학협력단 Apparatus and method for communication using message history-based security key using blockchain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007088514A (en) * 2005-09-16 2007-04-05 National Institute Of Information & Communication Technology Radio communication system and authentication method therein
CN108199850A (en) * 2018-01-19 2018-06-22 电子科技大学 A kind of Anonymous Secure certifiede-mail protocol method for NFC
CN111478911A (en) * 2020-04-10 2020-07-31 苏州极光无限信息技术有限公司 Instant messaging encryption method adopting lightweight key exchange algorithm
CN111682938A (en) * 2020-05-12 2020-09-18 东南大学 Three-party authenticatable key agreement method facing centralized mobile positioning system
CN112422276A (en) * 2020-11-04 2021-02-26 郑州信大捷安信息技术股份有限公司 Method and system for realizing multi-party key agreement

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
汪先锋."大数据的计算与分析".《生态环境大数据》.2019, *

Also Published As

Publication number Publication date
CN113660083A (en) 2021-11-16

Similar Documents

Publication Publication Date Title
US9189632B2 (en) Method for protecting security of data, network entity and communication terminal
CN108809637B (en) LTE-R vehicle-ground communication non-access stratum authentication key agreement method based on mixed password
CN109756893B (en) Chaos mapping-based crowd sensing Internet of things anonymous user authentication method
JP7105308B2 (en) Digital signature method, device and system
JP2008541568A (en) Cryptographic authentication method, computer system and data carrier
JP5224481B2 (en) Password authentication method
CN112235107B (en) Data transmission method, device, equipment and storage medium
WO2013127014A1 (en) System and method for connecting client devices to a network
CN113300836B (en) Vehicle-mounted network message authentication method and system based on block chain and ECC
US7752444B2 (en) System and method for providing identity hiding in a shared key authentication protocol
CN111416715B (en) Quantum secret communication identity authentication system and method based on secret sharing
CN110545175B (en) Security authentication method for communication protocol of charging pile and electric vehicle
CN108337092B (en) Method and system for performing collective authentication in a communication network
Xu et al. Provably secure three-party password authenticated key exchange protocol based on ring learning with error
CN116015807A (en) Lightweight terminal security access authentication method based on edge calculation
CN111698238A (en) Management method, system and storage medium for terminal layer equipment key of power internet of things
CN110912692A (en) Sensor network authentication key establishment method based on light certificate and implementation device thereof
CN113660083B (en) Symmetric key generation method based on shared knowledge
CN110912687A (en) Distributed identity authentication method
Zhang et al. Verifier-based anonymous password-authenticated key exchange protocol in the standard model
Chander et al. Secure authentication in IoT and cloud server: An ECC based practice
CN115913521A (en) Method for identity authentication based on quantum key
CN112988894A (en) Block chain consensus system and method based on distributed verifiable delay function
CN107171807B (en) Signature authentication method and system based on elliptic curve
KR101924138B1 (en) System and Method for authenticating simultaneous of tree based multiple Internet of Things devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant