CN113726517A - Information sharing method and device - Google Patents

Information sharing method and device Download PDF

Info

Publication number
CN113726517A
CN113726517A CN202110913525.4A CN202110913525A CN113726517A CN 113726517 A CN113726517 A CN 113726517A CN 202110913525 A CN202110913525 A CN 202110913525A CN 113726517 A CN113726517 A CN 113726517A
Authority
CN
China
Prior art keywords
secret
information
target
sub
recovery
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110913525.4A
Other languages
Chinese (zh)
Inventor
张宇
汪宗斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infosec Technologies Co Ltd
Original Assignee
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Infosec Technologies Co Ltd filed Critical Beijing Infosec Technologies Co Ltd
Priority to CN202110913525.4A priority Critical patent/CN113726517A/en
Publication of CN113726517A publication Critical patent/CN113726517A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3026Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to polynomials generation, e.g. generation of irreducible polynomials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/11Complex mathematical operations for solving equations, e.g. nonlinear equations, general mathematical optimization problems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/15Correlation function computation including computation of convolution operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses an information sharing method and device, aiming at the problem that secret sharing efficiency is low due to the fact that secret information on an elliptic curve domain cannot be directly segmented in the prior art, the method comprises the following steps: acquiring target secret information, a target share m and a recovery threshold k, wherein the target secret information meets a preset elliptic curve equation; constructing a k-1 th-order polynomial based on a group generated by a base point of an elliptic curve equation, and dividing target secret information into m sub-secrets based on the k-1 th-order polynomial; the m sub-secrets are sent to the m secret sharing devices, respectively. Therefore, the target secret information on the elliptic curve can be directly divided, and the secret dividing efficiency is improved.

Description

Information sharing method and device
Technical Field
The present invention relates to the field of network information technologies, and in particular, to an information sharing method and apparatus.
Background
Secret sharing is a common cryptographic technique, and the idea is to split a secret in an appropriate manner, each split share is managed by different participants, a single participant cannot recover secret information, and only a plurality of participants cooperate together can recover secret information.
However, in the prior art, a secret sharing algorithm is designed based on an integer domain, and cannot directly segment secret information on an elliptic curve domain, so that secret sharing efficiency is low, taking a private key in an SM9 algorithm as an example, a private key generated by an SM9 algorithm belongs to a point on an elliptic curve, and needs to be converted into the integer domain, and then split the converted private key.
Disclosure of Invention
The application provides an information sharing method and device, which are used for solving the problem that secret sharing efficiency is low due to the fact that secret information on an elliptic curve domain cannot be directly segmented in the prior art.
The embodiment of the application provides the following specific technical scheme:
an information sharing method applied to a secret splitting device includes:
acquiring target secret information, a target share m and a recovery threshold k, wherein the target secret information meets a preset elliptic curve equation;
determining a polynomial coefficient of a k-1 degree polynomial based on a base point of the elliptic curve equation, and dividing the target secret information into m sub-secrets based on the obtained k-1 degree polynomial, wherein any k sub-secrets in the m sub-secrets are used for recovering the target secret information;
and respectively sending the m sub-secrets to m secret sharing devices.
In the embodiment of the application, the polynomial coefficient of the polynomial is constructed through the base point of the elliptic curve equation, so that the corresponding m sub-secrets can be directly obtained based on the target secret information without converting the target secret information into an integer domain, the secret segmentation efficiency is improved, the secret sharing efficiency is improved, and the application range is expanded.
Optionally, the dividing the target secret information into m sub-secrets based on the k-1 th-order polynomial includes:
the m sub-secrets are obtained using the following formula:
Figure BDA0003204802390000021
wherein f (v) represents a child secret;
v is a value v1,v2,……,vm,v1,v2,……,
Figure BDA0003204802390000022
Figure BDA0003204802390000023
Representing a non-zero multiplicative group formed on the basis of a large prime number n;
G1,G2,……,Gk-1∈<G>,<G>denotes an addition cycle group generated from a base point G (x)G,yG) Representing the base point of the elliptic curve equation, the order of the base point being n, G0Representing the target secret information.
Optionally, the sending the m sub-secrets to m secret sharing devices respectively includes:
set of secret shares S { (v)i,f(vi) 1,2 … m } to the m secret sharing devices, respectively; wherein each secret share contains viAnd f (v)i),viA value, f (v), for characterizing v selected by the secret partitioning devicei) Representation based on viThe generated sub-secret.
An information sharing method applied to a secret recovery device comprises the following steps:
acquiring a recovery threshold k, and respectively receiving k pieces of recovery information from k secret sharing devices, wherein each piece of recovery information is used for representing one sub-secret, and the k sub-secrets are any k sub-secrets in m sub-secrets obtained by dividing the target secret information based on a base point of a preset elliptic curve equation after the secret dividing device acquires the target secret information, a target share m and the recovery threshold k;
and obtaining the target secret information by adopting a Lagrange interpolation algorithm based on the k recovery information.
Optionally, each recovery message includes a secret share, and the secret share includes vijAnd f (v)ij) Wherein j is 1,2 … k, (v)ij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
then, obtaining the target secret information by using a lagrangian interpolation algorithm based on the k pieces of recovery information, including:
the target secret information is calculated by the following formula:
Figure BDA0003204802390000031
wherein f' (0) represents the target secret information;
Figure BDA0003204802390000032
optionally, each piece of recovery information includes an intermediate value, and each intermediate value is a secret share (v) received by a corresponding secret sharing device of the k secret sharing devices according to the intermediate valueij,f(vij) Calculated using the following formula:
Figure BDA0003204802390000033
wherein p isj(0) Denotes the value of the median, S' { i1, i2, …, ik }, j ═ 1,2 … k, (v) isij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
then, obtaining the target secret information by using a lagrangian interpolation algorithm based on the k pieces of recovery information, including:
the target secret information is calculated by the following formula:
Figure BDA0003204802390000034
wherein f' (0) represents the target secret information.
A secret splitting apparatus comprising:
the device comprises an acquisition unit, a recovery unit and a recovery unit, wherein the acquisition unit is used for acquiring target secret information, a target share m and a recovery threshold k, and the target secret information meets a preset elliptic curve equation;
the dividing unit is used for determining a polynomial coefficient of a k-1 th-order polynomial based on a base point of the elliptic curve equation and dividing the target secret information into m sub-secrets based on the obtained k-1 th-order polynomial, wherein any k sub-secrets in the m sub-secrets are used for recovering the target secret information;
a transmitting unit that transmits the m sub-secrets to the m secret sharing devices, respectively.
Optionally, when the target secret information is divided into m sub-secrets based on the k-1 th-order polynomial, the dividing unit is specifically configured to:
the m sub-secrets are obtained using the following formula:
Figure BDA0003204802390000041
wherein f (v) represents a child secret;
v is a value v1,v2,……,vm,v1,v2,……,
Figure BDA0003204802390000042
Figure BDA0003204802390000043
Representing a non-zero multiplicative group formed on the basis of a large prime number n;
G1,G2,……,Gk-1∈<G>,<G>denotes an addition cycle group generated from a base point G (x)G,yG) Representing the base point of the elliptic curve equation, the order of the base point being n, G0Representing the target secret information.
Optionally, when the m sub-secrets are respectively sent to m secret sharing devices, the sending unit is specifically configured to:
set of secret shares S { (v)i,f(vi) 1,2 … m } to the m secret sharing devices, respectively; wherein each secret share contains viAnd f (v)i),viA value, f (v), for characterizing v selected by the secret partitioning devicei) Representation based on viThe generated sub-secret.
A secret recovery device comprising:
a receiving unit, configured to obtain a recovery threshold k, and respectively receive k pieces of recovery information from k pieces of secret sharing equipment, where each piece of recovery information is used to represent one sub-secret, and k pieces of sub-secrets are any k pieces of sub-secrets obtained by dividing target secret information based on a base point of a preset elliptic curve equation after the secret dividing equipment obtains the target secret information, a target share m, and the recovery threshold k, and the target secret information satisfies the elliptic curve equation;
and the recovery unit is used for obtaining the target secret information by adopting a Lagrange interpolation algorithm based on the k pieces of recovery information.
Optionally, each recovery message includes a secret share, and the secret share includes vijAnd f (v)ij) Wherein j is 1,2 … k, (v)ij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
when the target secret information is obtained by using a lagrangian interpolation algorithm based on the k pieces of recovery information, the recovery unit is specifically configured to:
the target secret information is calculated by the following formula:
Figure BDA0003204802390000051
wherein f' (0) represents the target secret information;
Figure BDA0003204802390000052
optionally, each piece of recovery information includes an intermediate value, and each intermediate value is a secret share (v) received by a corresponding secret sharing device of the k secret sharing devices according to the intermediate valueij,f(vij) Calculated using the following formula:
Figure BDA0003204802390000053
wherein p isj(0) Denotes the value of the median, S' { i1, i2, …, ik }, j ═ 1,2 … k, (v) isij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
when the target secret information is obtained by using a lagrangian interpolation algorithm based on the k pieces of recovery information, the recovery unit is specifically configured to:
the target secret information is calculated by the following formula:
Figure BDA0003204802390000061
wherein f' (0) represents the target secret information.
The embodiment of the application also provides electronic equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the information sharing method.
An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the information sharing method described in this application.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the invention. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of an information sharing method implemented by a secret partitioning apparatus according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of an information sharing method implemented by a secret recovery device according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a secret splitting apparatus according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a secret recovery device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Aiming at the problem that secret sharing efficiency is low due to the fact that secret information on an elliptic curve domain cannot be directly segmented in the prior art, in order to improve secret sharing efficiency, the embodiment of the application provides a solution for information sharing.
The scheme is as follows: acquiring target secret information, a target share m and a recovery threshold k, wherein the target secret information meets a preset elliptic curve equation; constructing a k-1 th-order polynomial equation based on an elliptic curve equation and a recovery threshold k, and dividing target secret information into m sub-secrets based on the k-1 th-order polynomial equation, wherein the k-1 th-order polynomial equation is constructed by a group generated from a base point of the elliptic curve equation, and any k sub-secrets in the m sub-secrets are used for recovering the target secret information; the m sub-secrets are sent to the m secret sharing devices, respectively.
The preferred embodiments of the present application will be described below with reference to the accompanying drawings of the specification, it should be understood that the preferred embodiments described herein are merely for illustrating and explaining the present application, and are not intended to limit the present application, and that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
As shown in fig. 1, which is a schematic diagram of an application scenario provided in the embodiment of the present application, the application scenario includes a secret splitting device 101, a secret recovering device 102, and m secret sharing devices 103. The secret dividing device 101, the secret recovering device 102, and the m secret sharing devices 103 may be connected directly or indirectly through wired or wireless communication, and the present application is not limited thereto.
The secret dividing device 101 is configured to, after obtaining the target secret information, divide the target secret information into m sub-secrets based on the division shares m, and then send the m sub-secrets to the m secret sharing devices 103, respectively.
The m secret sharing devices 103 are respectively used for storing the respectively acquired sub-secrets.
The secret recovery device 102 is configured to obtain recovery information from any k secret sharing devices 103 of the m secret sharing devices 103, and further obtain target secret information by using a lagrangian interpolation algorithm based on the recovery information. In some embodiments, the secret recovery device 102 may directly obtain the sub-secrets stored in any k secret sharing devices 103 of the m secret sharing devices 103, and obtain the target secret information by using a lagrangian interpolation algorithm based on the obtained k sub-secrets. In other embodiments, the secret recovery device 102 is further configured to obtain intermediate values calculated by any k secret sharing devices 103 in the m secret sharing devices 103 according to the respective stored sub-secrets, and obtain the target secret information by using a lagrangian interpolation algorithm based on the obtained k intermediate values.
In some embodiments, the secret dividing device 101 and the secret recovering device 102 may be configured in the same apparatus, or may be configured separately, which is not limited in this application and is not described herein again. The secret splitting device 101 may also be any one of the m secret sharing devices 103. The secret recovery device 102 may also be any one of the m secret sharing devices 103.
The secret splitting device 101, the secret recovering device 102, and the m secret sharing devices 103 may be electronic devices used by users, and the electronic devices may be, but are not limited to, smartphones, tablet computers, notebook computers, desktop computers, smart speakers, smart watches, and the like. The secret dividing device 101, the secret recovering device 102, and the m secret sharing devices 103 may also be servers, which may be independent physical servers, may also be a server cluster or distributed system formed by a plurality of physical servers, and may also be cloud servers that provide basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, and security services.
As shown in fig. 2, which is a schematic flow chart of an information sharing method implemented by a secret splitting device side according to an embodiment of the present application, specifically, the method may include the following steps:
s201, secret segmentation equipment obtains target secret information, a target share m and a recovery threshold value k, wherein the target secret information meets a preset elliptic curve equation.
It should be noted that, in the embodiment of the present application, the target secret information satisfies the preset elliptic curve equation, which may also be understood that the target secret information satisfies a point on the elliptic curve equation. The elliptic curve equation can be set according to a specific application scenario, and in the embodiment of the present application, the elliptic curve equation defined in the SM9 algorithm is only used as an example for description.
In some embodiments, the system parameters of the elliptic curve equation may be determined by the secret segmentation device by the following means, wherein the system parameters of the elliptic curve equation comprise the elliptic curve equation, a base point of the elliptic curve equation, a base point based on: the secret segmentation device selects a parameter q defining a finite field F containing q elementsqSelecting parameter a, b ∈ FqDefining an elliptic curve equation E (F) by the parameters a, bq) Selecting base point G ═ x on elliptic curve equationG,yG) Wherein (x)G,yG) I.e. the coordinates of the base point G, the order of which is n.
In other embodiments, the Generation of the system parameters of the elliptic curve equation may also be performed by a Key Generation Center (KGC), and since the Generation process of the system parameters in the KGC is similar to the Generation process of the system parameters in the secret partition device, details are not described here again. KGC discloses parameter information related to the selected elliptic curve equation, and base points on the selected elliptic curve equation, and multiple point information of the k-1 base point coordinates randomly selected from the multiple point set of the base point coordinates.
And the sending end discloses the selected parameter information related to the elliptic curve equation and the selected base point G on the elliptic curve equation.
S202, the secret dividing device determines a polynomial coefficient of a k-1 degree polynomial based on a base point of the elliptic curve equation and divides the target secret information into m sub-secrets based on the determined k-1 degree polynomial, wherein the k-1 degree polynomial equation is constructed by a group generated by the base point of the elliptic curve equation, and any k sub-secrets in the m sub-secrets are used for recovering the target secret information.
It should be noted that, in the embodiment of the present application, the values of k and m are both positive integers, and the value of k is less than or equal to the value of m.
Specifically, the formula of the k-1 degree polynomial is as follows:
Figure BDA0003204802390000091
wherein f (v) represents a child secret;
v is a value v1,v2,……,vm,v1,v2,……,
Figure BDA0003204802390000092
Figure BDA0003204802390000093
Representing a non-zero multiplicative group formed on the basis of a large prime number n;
G1,G2,……,Gk-1∈<G>,<G>denotes an addition cycle group generated from a base point G (x)G,yG) Representing base points of an elliptic curve equation, the order of said base points being n, G0Representing target secret information.
Secret splitting device randomly selects G1,G2,……,Gk-1∈<G>,<G>Representing the group of addition cycles generated from the base point G, e.g.,<G>={[1]G,[2]G,……,[n]g }, wherein [ n ]]G ═ n × G, that is, G1,G2,……,Gk-1For addition cyclic group generated from base point G { [ 1]]G,[2]G,……,[n]G } randomly selected k-1 points, defining a k-1 th order polynomial
Figure BDA0003204802390000101
Then, from
Figure BDA0003204802390000102
In the method, any m number is randomly selected as v1,v2,……,vmIs divided intoRespectively calculating to obtain f (v)1),f(v2),……,f(vk-1),……,f(vm)。
S203, the secret splitting device sends the m sub-secrets to the m secret sharing devices respectively.
In particular, the secret splitting device will (v)1,f(v1))、(v2,f(v2))、……、(vm,f(vm) As m secret shares, the set of secret shares S { (v)i,f(vi) 1,2 … m } to the m secret sharing devices, respectively; wherein each secret share contains viAnd f (v)i),viFor characterizing the value of v, f (v), selected by the secret partitioning devicei) Representation based on viThe generated sub-secret.
The following describes an information recovery procedure in information sharing, which may also be referred to as a secret recovery procedure.
As shown in fig. 3, which is a schematic flowchart of an information sharing method implemented by a secret recovery device side according to an embodiment of the present application, specifically, the method may include the following steps:
s301, the secret recovering device obtains a recovering threshold k and respectively receives k pieces of recovering information from k secret sharing devices, wherein each piece of recovering information is used for representing one sub-secret, the k sub-secrets are any k sub-secrets in m sub-secrets obtained by dividing the target secret information based on a base point of a preset elliptic curve equation after the secret dividing device obtains the target secret information, the target share m and the recovering threshold k, and the target secret information meets the elliptic curve equation.
In some embodiments, the secret recovery device may send a recovery information acquisition request to any k secret sharing devices of the m secret sharing devices and then receive k recovery information from the respective k secret sharing devices. In other embodiments, the secret recovery device may also send a recovery information acquisition request to each of the m secret sharing devices, and then arbitrarily select k pieces of recovery information from the m pieces of recovery information after acquiring the recovery information from the m secret sharing devices. The present application is not limited thereto, and details are not described herein.
S302, the secret recovery device obtains the target secret information by adopting a Lagrange interpolation algorithm based on the k pieces of recovery information.
As a possible implementation, each recovery message may contain a secret share containing vijAnd f (v)ij) Wherein j is 1,2 … k, (v)ij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated sub-secret. That is, when the secret recovery device acquires k pieces of recovery information, since one secret share of the secret share set S can be included in each piece of recovery information, the secret recovery device can acquire the secret share set S { (v) } { (v)ij,f(vij) 1,2 … k }, i.e., any k secret shares of the m secret shares are obtained.
Further, the secret recovery device may obtain the target secret information by using a lagrangian interpolation algorithm based on the obtained k secret shares, and specifically, the secret recovery device obtains the target secret information by calculating according to the following formula:
Figure BDA0003204802390000111
wherein f' (0) represents target secret information;
Figure BDA0003204802390000112
that is to say, in the embodiment of the present application, the secret recovering device acquires k sub-secrets from any k secret sharing devices among m secret sharing devices, (v) andi1,f(vi1))、(vi2,f(vi2))、……、(vik,f(vik) After that, the target secret information can be obtained by adopting the Lagrange interpolation algorithmAnd f' (0).
As another possible implementation, each recovery message contains an intermediate value, and each intermediate value is a secret share (v) received by a corresponding secret sharing device of the k secret sharing devices according to the intermediate valueij,f(vij) Calculated using the following formula:
Figure BDA0003204802390000113
wherein p isj(0) Denotes the value of the median, S' { i1, i2, …, ik }, j ═ 1,2 … k, (v) isij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated sub-secret.
That is, when the secret recovery device acquires k pieces of recovery information, each piece of recovery information contains an intermediate value pj(0) Thus, the secret recovery device can obtain k intermediate values p1(0)、p2(0)、……、pk(0) Rather than directly obtaining the intended k secret shares, thereby improving data security.
Correspondingly, the secret recovery device obtains K pieces of recovery information, i.e. K intermediate values p1(0)、p2(0)、……、pk(0) Then, a lagrangian interpolation algorithm is adopted to obtain target secret information, and specifically, the secret recovery device obtains the target secret information through the following formula:
Figure BDA0003204802390000121
wherein f' (0) represents the target secret information.
The following description will be given taking an example in which the application scenario is SM9 distributed encryption and decryption.
The application scene comprises KGC, equipment B and equipment B1… …, device BiEtc., wherein the KGC is used in a systemInitialization and maintenance (e.g., generating system parameters), generating and distributing private keys, user devices for signcryption, dessigncryption, and the like. Specifically, the method comprises the steps of generating system parameters, generating a user private key, generating a private key component, signing and deciphering, and the like.
Generating system parameters
KGC selects integer z as a safety parameter, and selects prime number N-order group G1、G2、GTWherein G is1、G2For additive cyclic groups, the generators are each P1、P2,GTIs a multiplicative cyclic group.
Define a bilinear pairwise map e: g1×G2→GTDefining a key derivation function KDF (), defining a hash function H1:{0,1}*×N→ZN
KGC randomly selects main private key ke E ZNCalculating the master public key Ppub-s=keP1
KGC selects and discloses the encryption private key generation function identifier hid represented in one byte.
In summary, KGC keeps secret ke, discloses { z, N, G1,G2,GT,e,KDF,H1,Ppub-s,hid}。
(II) generating private keys
Taking device B as the secret splitting device as an example, KGC inputs system parameters, a master private key and an identification ID of user device BBOutput private key de of user equipment BBSpecifically, the KGC performs the following operations:
1) KGC calculates t1=H1(IDB| hid, N) + ke mod N. If t is1When the key is equal to 0, KGC regenerates the encrypted master key pair, i.e. reselects the master private key ke, and calculates to obtain a new master public key Ppub-s(ii) a Otherwise, KGC calculation
Figure BDA0003204802390000131
2) KGC calculates B's private key deB=t2P2Then KGC isBThrough a secure channelAnd sending the data to the user equipment B.
And (III) generating a private key component, namely performing target secret information segmentation.
Assume that the secret share is m and the recovery threshold is k, i.e., deBThe method is divided into m sub-secrets, namely m private key components, and when other equipment obtains k private key components in the m private key components, de can be obtainedBAnd decrypting the ciphertext.
Specifically, the device B obtains the private key deBThen, the secret partition process in the above is performed, and the secret share set S { (v) is obtainedi,f(vi) 1,2 … m }. Since the process is the same, it is not described herein again. Device B then combines (v) contained in secret share set S1,f(v1)),(v2,f(v2)),……,(vm,f(vm) Respectively sent to device B via a secure channeli,i=1,2…m。
(IV) encryption
Device A sends plaintext M to device B, where mlen is the bit length of M and K1Len denotes key K1Bit length of (1), K2Len is the key K in the MAC () function2The bit length of (c). The device a specifically performs the following operations:
1) computing group G1Element Q of (5)B=H1(IDB||hid,N)P1+Ppub-e
2) A random number r ∈ [1, N-1] is generated.
3) Calculation of G1Element C in (1)1=rQBMixing C with1Is converted into a bit string.
4) Calculation of GTWherein the element g ═ e (P)pub-e,P2)。
5) Calculation of GTWherein w is grAnd converting w into a bit string.
6) According to the method of encrypting the plaintext, calculation is carried out according to classification:
case 6-1: if the method of encrypting the plaintext is a sequential cipher algorithm based on a key derivation function, first, device a calculates an integer klen + K2Len, calculate K ═ KDF (C)1||w||IDBKlen), let K1Representing the leftmost mlen bit of K, K2Is left over K2Len bit, if K1All 0 bit strings, then return 2). Then, device A calculates
Figure BDA0003204802390000132
Case 6-2: if the method of encrypting the plaintext is a block cipher algorithm incorporating a key derivation function, first, device a calculates klen-K1_len+K2Len, calculate K ═ KDF (C)1||w||IDBKlen), let K1The leftmost K of the group K1Len bit, K2Is left over K2Len bit, if K1All 0 bit strings, then return 2). Then, the apparatus A calculates C2=Enc(K1M), Enc () represents an encryption algorithm.
7) Calculating C3=MAC(K2,C2). The Message Authentication Code (MAC) is also called a Hash function with a key, and is used to ensure Message data integrity.
8) Outputting the ciphertext C ═ C1||C3||C2
(V) decryption
1) Device BiReceiving ciphertext C ═ C1||C2||C3Thereafter, w is calculatedi=e(C1,f(vi) And will decrypt the component (v)i,wi) And sending to the device D. Device D may be device B1… …, device BiRemoving equipment BiAnd (4) an external device.
2) The device D obtains k sets of decrypted components { (v)ij,wij) 1,2 … k, let S ═ i1, i2 … ik, and calculate
Figure BDA0003204802390000141
Calculating w ═ piij∈S′wij', convert w' to a bit string.
3) According to the method of encrypting the plaintext, calculation is carried out according to classification:
case 3-1: if the plaintext encryption method is a key derivation function-based sequential cipher algorithm, device D calculates an integer klen + K2Len, calculate K ═ KDF (C)1||w′||IDBKlen). Let K1'left-most mlen bit representing K', K2Is' as the rest of K2Len bit, if K1If the' is all 0 bit string, error is reported and exit is performed. Then, device D calculates
Figure BDA0003204802390000142
Case 3-2: if the method of encrypting the plaintext is a block cipher algorithm incorporating a key derivation function, device D calculates klen-K1_len+K2Len, calculate K ═ KDF (C)1||w′||IDBKlen). Let K1' leftmost K representing K1Len bit, K2Is' as the rest of K2A len bit. If K1If the' is all 0 bit string, error is reported and exit is performed. Then, the device D calculates M' ═ Dec (K)1′,C2)。
4) Device D calculates C3′=MAC(K′2,C2) Taking out C from C3If C is3′≠C3If so, an error is reported and the operation is exited.
5) The device D outputs a plaintext M'.
As shown in fig. 4, which is a schematic structural diagram of a secret splitting device provided in an embodiment of the present invention, the secret splitting device may include:
an obtaining unit 401, configured to obtain target secret information, a target share m, and a recovery threshold k, where the target secret information satisfies a preset elliptic curve equation;
a dividing unit 402, configured to determine a polynomial coefficient of a k-1 th-order polynomial based on a base point of the elliptic curve equation, and divide the target secret information into m sub-secrets based on the obtained k-1 th-order polynomial, where any k sub-secrets in the m sub-secrets are used to recover the target secret information;
a transmitting unit 403, which transmits the m sub-secrets to the m secret sharing devices, respectively.
Optionally, when the target secret information is divided into m sub-secrets based on the k-1 degree polynomial, the dividing unit 402 is specifically configured to:
the m sub-secrets are obtained using the following formula:
Figure BDA0003204802390000151
wherein f (v) represents a child secret;
v is a value v1,v2,……,vm,v1,v2,……,
Figure BDA0003204802390000152
Figure BDA0003204802390000153
Representing a non-zero multiplicative group formed on the basis of a large prime number n;
G1,G2,……,Gk-1∈<G>,<G>denotes an addition cycle group generated from a base point G (x)G,yG) Representing the base point of the elliptic curve equation, the order of the base point being n, G0Representing the target secret information.
Optionally, when the m sub-secrets are respectively sent to m secret sharing devices, the sending unit 403 is specifically configured to:
set of secret shares S { (v)i,f(vi) 1,2 … m } to the m secret sharing devices, respectively; wherein each secret share contains viAnd f (v)i),viA value, f (v), for characterizing v selected by the secret partitioning devicei) Representation based on viThe generated sub-secret.
As shown in fig. 5, which is a schematic structural diagram of a secret recovering device according to an embodiment of the present invention, the secret recovering device may include:
a receiving unit 501, configured to obtain a recovery threshold k, and respectively receive k pieces of recovery information from k pieces of secret sharing equipment, where each piece of recovery information is used to represent one sub-secret, and k pieces of sub-secrets are any k pieces of sub-secrets obtained by dividing the target secret information based on a base point of a preset elliptic curve equation after the secret dividing equipment obtains the target secret information, the target share m, and the recovery threshold k, and the target secret information satisfies the elliptic curve equation;
a recovery unit 502, configured to obtain the target secret information by using a lagrangian interpolation algorithm based on the k pieces of recovery information.
Optionally, each recovery message includes a secret share, and the secret share includes vijAnd f (v)ij) Wherein j is 1,2 … k, (v)ij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
when the target secret information is obtained by using a lagrangian interpolation algorithm based on the k pieces of recovery information, the recovery unit 502 is specifically configured to:
the target secret information is calculated by the following formula:
Figure BDA0003204802390000161
wherein f' (0) represents the target secret information;
Figure BDA0003204802390000162
optionally, each piece of recovery information includes an intermediate value, and each intermediate value is a secret share (v) received by a corresponding secret sharing device of the k secret sharing devices according to the intermediate valueij,f(vij) Using the following formula)And (3) calculating to obtain:
Figure BDA0003204802390000163
wherein p isj(0) Denotes the value of the median, S' { i1, i2, …, ik }, j ═ 1,2 … k, (v) isij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
when the target secret information is obtained by using a lagrangian interpolation algorithm based on the k pieces of recovery information, the recovery unit 502 is specifically configured to:
the target secret information is calculated by the following formula:
Figure BDA0003204802390000171
wherein f' (0) represents the target secret information.
Based on the same technical concept, an embodiment of the present application further provides an electronic device 600, and referring to fig. 6, the electronic device 600 is configured to implement the information sharing method described in the foregoing method embodiment, and the electronic device 600 of this embodiment may include: a memory 601, a processor 602, and a computer program stored in the memory and executable on the processor. The processor, when executing the computer program, implements the steps in the above-mentioned information sharing method embodiments, for example, step S202 shown in fig. 2. Alternatively, the processor implements the functions of the modules/units in the above device embodiments when executing the computer program.
The embodiment of the present application does not limit the specific connection medium between the memory 601 and the processor 602. In the embodiment of the present application, the memory 601 and the processor 602 are connected by a bus 603 in fig. 6, the bus 603 is represented by a thick line in fig. 6, and the connection manner between other components is merely illustrative and not limited thereto. The bus 603 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 6, but this is not intended to represent only one bus or type of bus.
The memory 601 may be a volatile memory (volatile memory), such as a raNdom-access memory (RAM); the memory 601 may also be a non-volatile memory (NoN-volatile memory) such as, but not limited to, a read-only memory (rom), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD), or any other medium which can be used to carry or store desired program code in the form of instructions or data structures and which can be accessed by a computer. The memory 601 may be a combination of the above memories.
The embodiment of the present application further provides a computer-readable storage medium, which stores computer-executable instructions required to be executed by the processor, and includes a program required to be executed by the processor.
For the system/apparatus embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for relevant points.
It is to be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or operation from another entity or operation without necessarily requiring or implying any actual such relationship or order between such entities or operations.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (14)

1. An information sharing method applied to a secret splitting device, the method comprising:
acquiring target secret information, a target share m and a recovery threshold k, wherein the target secret information meets a preset elliptic curve equation;
determining a polynomial coefficient of a k-1 degree polynomial based on a base point of the elliptic curve equation, and dividing the target secret information into m sub-secrets based on the obtained k-1 degree polynomial, wherein any k sub-secrets in the m sub-secrets are used for recovering the target secret information;
and respectively sending the m sub-secrets to m secret sharing devices.
2. The method of claim 1, wherein the partitioning the target secret information into m sub-secrets based on the k-1 th order polynomial comprises:
the m sub-secrets are obtained using the following formula:
Figure FDA0003204802380000011
wherein f (v) represents a child secret;
v is a value v1,v2,……,vm,v1,v2,……,
Figure FDA0003204802380000012
Figure FDA0003204802380000013
Representing a non-zero multiplicative group formed on the basis of a large prime number n;
G1,G2,……,Gk-1∈<G>,<G>representing by base pointsG (x) is generated as a cyclic group of additionG,yG) Representing the base point of the elliptic curve equation, the order of the base point being n, G0Representing the target secret information.
3. The method of claim 2, wherein the sending the m sub-secrets to m secret sharing devices, respectively, comprises:
set of secret shares S { (v)i,f(vi) 1,2 … m } to the m secret sharing devices, respectively; wherein each secret share contains viAnd f (v)i),viA value, f (v), for characterizing v selected by the secret partitioning devicei) Representation based on viThe generated sub-secret.
4. An information sharing method applied to a secret recovery device, the method comprising:
acquiring a recovery threshold k, and respectively receiving k pieces of recovery information from k secret sharing devices, wherein each piece of recovery information is used for representing one sub-secret, and the k sub-secrets are any k sub-secrets in m sub-secrets obtained by dividing the target secret information based on a base point of a preset elliptic curve equation after the secret dividing device acquires the target secret information, a target share m and the recovery threshold k;
and obtaining the target secret information by adopting a Lagrange interpolation algorithm based on the k recovery information.
5. The method of claim 4, wherein each recovery message includes a secret share, and wherein the secret share includes vijAnd f (v)ij) Wherein j is 1,2 … k, (v)ij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
then, obtaining the target secret information by using a lagrangian interpolation algorithm based on the k pieces of recovery information, including:
the target secret information is calculated by the following formula:
Figure FDA0003204802380000021
wherein f' (0) represents the target secret information;
Figure FDA0003204802380000022
S′={i1,i2,…,ik}。
6. a method as defined in claim 4, wherein each recovery message includes an intermediate value, each intermediate value being a secret share (v) received by a respective one of the k secret sharing devices based on itselfij,f(vij) Calculated using the following formula:
Figure FDA0003204802380000023
wherein p isj(0) Denotes the value of the median, S' { i1, i2, …, ik }, j ═ 1,2 … k, (v) isij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
then, obtaining the target secret information by using a lagrangian interpolation algorithm based on the k pieces of recovery information, including:
the target secret information is calculated by the following formula:
Figure FDA0003204802380000031
wherein f' (0) represents the target secret information.
7. A secret splitting apparatus, comprising:
the device comprises an acquisition unit, a recovery unit and a recovery unit, wherein the acquisition unit is used for acquiring target secret information, a target share m and a recovery threshold k, and the target secret information meets a preset elliptic curve equation;
the dividing unit is used for determining a polynomial coefficient of a k-1 th-order polynomial based on a base point of the elliptic curve equation and dividing the target secret information into m sub-secrets based on the obtained k-1 th-order polynomial, wherein any k sub-secrets in the m sub-secrets are used for recovering the target secret information;
a transmitting unit that transmits the m sub-secrets to the m secret sharing devices, respectively.
8. The device according to claim 7, wherein, when the target secret information is divided into m sub-secrets based on the k-1 th order polynomial, the dividing unit is specifically configured to:
the m sub-secrets are obtained using the following formula:
Figure FDA0003204802380000032
wherein f (v) represents a child secret;
v is a value v1,v2,……,vm,v1,v2,……,
Figure FDA0003204802380000033
Figure FDA0003204802380000034
Representing a non-zero multiplicative group formed on the basis of a large prime number n;
G1,G2,……,Gk-1∈<G>,<G>denotes an addition cycle group generated from a base point G (x)G,yG) Representing the base point of the elliptic curve equation, the order of the base point being n, G0Representing the target secret information.
9. The device according to claim 8, wherein, when the m sub-secrets are sent to m secret sharing devices, respectively, the sending unit is specifically configured to:
set of secret shares S { (v)i,f(vi) 1,2 … m } to the m secret sharing devices, respectively; wherein each secret share contains viAnd f (v)i),viA value, f (v), for characterizing v selected by the secret partitioning devicei) Representation based on viThe generated sub-secret.
10. A secret recovery device, comprising:
a receiving unit, configured to obtain a recovery threshold k, and respectively receive k pieces of recovery information from k pieces of secret sharing equipment, where each piece of recovery information is used to represent one sub-secret, and k pieces of sub-secrets are any k pieces of sub-secrets obtained by dividing target secret information based on a base point of a preset elliptic curve equation after the secret dividing equipment obtains the target secret information, a target share m, and the recovery threshold k, and the target secret information satisfies the elliptic curve equation;
and the recovery unit is used for obtaining the target secret information by adopting a Lagrange interpolation algorithm based on the k pieces of recovery information.
11. The apparatus of claim 10, wherein each recovery message includes a secret share, and wherein the secret share includes vijAnd f (v)ij) Wherein j is 1,2 … k, (v)ij,f(vij))∈S,S represents a secret share set { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
when the target secret information is obtained by using a lagrangian interpolation algorithm based on the k pieces of recovery information, the recovery unit is specifically configured to:
the target secret information is calculated by the following formula:
Figure FDA0003204802380000041
wherein f' (0) represents the target secret information;
Figure FDA0003204802380000042
S′={i1,i2,…,ik}。
12. the device of claim 10, wherein each recovery message includes an intermediate value, each intermediate value being a secret share (v) received by a respective one of the k secret sharing devices based on itselfij,f(vij) Calculated using the following formula:
Figure FDA0003204802380000051
wherein p isj(0) Denotes the value of the median, S' { i1, i2, …, ik }, j ═ 1,2 … k, (v) isij,f(vij) S, S represents a set of secret shares { (v)i,f(vi))|i=1,2…m},f(vi) Representation based on viThe generated child secret;
when the target secret information is obtained by using a lagrangian interpolation algorithm based on the k pieces of recovery information, the recovery unit is specifically configured to:
the target secret information is calculated by the following formula:
Figure FDA0003204802380000052
wherein f' (0) represents the target secret information.
13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the information sharing method according to any one of claims 1 to 3 or implements the information sharing method according to any one of claims 4 to 6 when executing the program.
14. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps in the information sharing method according to any one of claims 1 to 3, or carries out the steps in the information sharing method according to any one of claims 4 to 6.
CN202110913525.4A 2021-08-10 2021-08-10 Information sharing method and device Pending CN113726517A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110913525.4A CN113726517A (en) 2021-08-10 2021-08-10 Information sharing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110913525.4A CN113726517A (en) 2021-08-10 2021-08-10 Information sharing method and device

Publications (1)

Publication Number Publication Date
CN113726517A true CN113726517A (en) 2021-11-30

Family

ID=78675372

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110913525.4A Pending CN113726517A (en) 2021-08-10 2021-08-10 Information sharing method and device

Country Status (1)

Country Link
CN (1) CN113726517A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114091089A (en) * 2022-01-20 2022-02-25 北京信安世纪科技股份有限公司 Data processing method, device, system and computer readable storage medium
CN115277215A (en) * 2022-07-29 2022-11-01 中国银行股份有限公司 Network payment encryption method, network payment decryption method, device and equipment
CN117134911A (en) * 2023-10-25 2023-11-28 北京信安世纪科技股份有限公司 Secret sharing method, secret segmentation terminal, secret recovery terminal, system and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010096787A (en) * 2008-10-14 2010-04-30 Tokyo Metropolitan Univ Secret information dispersion device, secret information dispersion program, secret information dispersion method, secret information restoration device, secret information restoration program, secret information restoration method, and secret information dispersion/restoration system
CN110520881A (en) * 2017-04-07 2019-11-29 区块链控股有限公司 Method and system for secure data record distribution using blockchains
TW202032942A (en) * 2019-02-27 2020-09-01 財團法人工業技術研究院 Object sharing system and object sharing method
CN111788791A (en) * 2018-03-02 2020-10-16 区块链控股有限公司 Computer-implemented voting process and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010096787A (en) * 2008-10-14 2010-04-30 Tokyo Metropolitan Univ Secret information dispersion device, secret information dispersion program, secret information dispersion method, secret information restoration device, secret information restoration program, secret information restoration method, and secret information dispersion/restoration system
CN110520881A (en) * 2017-04-07 2019-11-29 区块链控股有限公司 Method and system for secure data record distribution using blockchains
CN111788791A (en) * 2018-03-02 2020-10-16 区块链控股有限公司 Computer-implemented voting process and system
TW202032942A (en) * 2019-02-27 2020-09-01 財團法人工業技術研究院 Object sharing system and object sharing method
CN111628861A (en) * 2019-02-27 2020-09-04 财团法人工业技术研究院 Object sharing system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吴春英: "可验证秘密共享及其应用研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》, pages 17 - 18 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114091089A (en) * 2022-01-20 2022-02-25 北京信安世纪科技股份有限公司 Data processing method, device, system and computer readable storage medium
CN115277215A (en) * 2022-07-29 2022-11-01 中国银行股份有限公司 Network payment encryption method, network payment decryption method, device and equipment
CN117134911A (en) * 2023-10-25 2023-11-28 北京信安世纪科技股份有限公司 Secret sharing method, secret segmentation terminal, secret recovery terminal, system and medium
CN117134911B (en) * 2023-10-25 2024-01-26 北京信安世纪科技股份有限公司 Secret sharing method, secret segmentation terminal, secret recovery terminal, system and medium

Similar Documents

Publication Publication Date Title
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
US11784801B2 (en) Key management method and related device
CN112822014B (en) Data processing method and device, electronic equipment and storage medium
CN108418686B (en) Multi-distributed SM9 decryption method and medium, and key generation method and medium
CN109660555B (en) Content secure sharing method and system based on proxy re-encryption
CN107196926B (en) Cloud outsourcing privacy set comparison method and device
US10050777B2 (en) Method of updating a file tree stored on a storage server
JP6067932B2 (en) Key sharing device and method
KR20190035835A (en) Data processing method and device
CN106487503B (en) Multi-element public key cryptosystem and method based on tailored Hopfield neural network
CN113726517A (en) Information sharing method and device
CN109962769B (en) Data security deduplication method based on threshold blind signature
KR20150037913A (en) Shared secret key generation device, encryption device, decryption device, shared secret key generation method, encryption method, decryption method, and program
JP6190470B2 (en) Key sharing network device and configuration thereof
CN108183791B (en) Intelligent terminal data security processing method and system applied to cloud environment
JP6328152B2 (en) Network device configured to derive a shared key
CN104158880A (en) User-end cloud data sharing solution
CN114584278A (en) Data homomorphic encryption method and device and data transmission method and device
CN115804061A (en) Generating a shared private key
CN112995215B (en) Decryption system, method, device, electronic equipment and storage medium
EP3213457A1 (en) Key splitting
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
JP7125857B2 (en) Encryption system, encryption device, decryption device, encryption method, decryption method, and program
US11165758B2 (en) Keystream generation using media data
CN114697001B (en) Information encryption transmission method, equipment and medium based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination