CN114362952B - Anti-quantum computing transaction method and system for digital currency of sender offline - Google Patents
Anti-quantum computing transaction method and system for digital currency of sender offline Download PDFInfo
- Publication number
- CN114362952B CN114362952B CN202011091591.XA CN202011091591A CN114362952B CN 114362952 B CN114362952 B CN 114362952B CN 202011091591 A CN202011091591 A CN 202011091591A CN 114362952 B CN114362952 B CN 114362952B
- Authority
- CN
- China
- Prior art keywords
- certificate
- digital currency
- user side
- commercial bank
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004891 communication Methods 0.000 claims abstract description 50
- 230000007246 mechanism Effects 0.000 claims abstract description 32
- 238000012795 verification Methods 0.000 claims description 38
- 230000008520 organization Effects 0.000 claims description 7
- 230000003993 interaction Effects 0.000 claims description 6
- 230000006872 improvement Effects 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000004364 calculation method Methods 0.000 description 18
- GPUADMRJQVPIAS-QCVDVZFFSA-M cerivastatin sodium Chemical compound [Na+].COCC1=C(C(C)C)N=C(C(C)C)C(\C=C\[C@@H](O)C[C@@H](O)CC([O-])=O)=C1C1=CC=C(F)C=C1 GPUADMRJQVPIAS-QCVDVZFFSA-M 0.000 description 14
- 230000008859 change Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 230000008033 biological extinction Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a sender offline digital currency quantum-resistant computing transaction method and a system, wherein the method comprises the following steps: s1, utilizing a key management server to issue quantum resistant computing devices for a user side and a commercial bank digital currency system respectively; s2, using a certificate issuing mechanism to issue a root certificate for the user side and the commercial bank digital currency system according to a root certificate issuing method, and storing the root certificate into the corresponding anti-quantum computing device; s3, issuing certificates for the user side and the commercial bank digital currency system by using the certificate issuing mechanism through a certificate issuing method, and storing the certificates into the corresponding anti-quantum computing device; s4, using a currency transaction method to realize the offline digital currency transaction of the sender user side. The beneficial effects are that: not only can the digital money communication system based on the offline digital certificate sender for quantum computation be realized, but also the cost of system improvement is considered.
Description
Technical Field
The invention relates to the field of digital certificates, in particular to a digital currency quantum-resistant computing transaction method and system for offline sender.
Background
The core elements of the digital currency D-RMB system of the China people's bank are a currency, two kinds of libraries and three centers. A coin, namely "D-RMB" (DC/EP), abbreviated as D coin, refers to a string of encrypted digital strings signed by a central row representing a specific amount. Two classes of libraries: the issuer and bank databases of the D-RMB (central bank digital currency database, commercial bank digital currency database), respectively. Digital currency represents a central row of digital currency funds in the issuer; digital currency is represented in a bank vault as commercial banks' stock digital cash. Three centers: firstly, a registration center (recording the whole process of currency generation, circulation, checking and extinction); the other two are authentication centers, CA authentication centers (based on PKI architecture, central management of institutions and user certificates, such as CFCA) and IBC authentication centers [ i.e. authentication centers established based on identification cryptography (Identity-Based Cryptograph) ]. Two tables can be designed in the registration center, one is a digital currency right registration table, the attribution of the digital currency is recorded, and the other is a transaction flow meter.
The D-RMB system is a hierarchical system, i.e. the central bank is co-built with all commercial banks, the central bank digital currency system is a computer system which is operated and maintained by the central bank or the central bank appointed mechanism and is used for processing information about digital currency, the main functions of the system comprise issuing and verification monitoring of digital currency, the commercial bank digital currency system is a computer system which is operated and maintained by the commercial bank or the commercial bank appointed mechanism and is used for processing information about digital currency, the system executes various functions of the related currency of the existing bank, namely, the bank function, mainly comprises that after the digital currency is applied from the central bank, the system is directly oriented to society, and various requirements of providing digital currency circulation service are met.
In order to enable the digital signature system to resist quantum computation, an anti-quantum computation digital signature system is proposed in the industry, for example, patent CN109861813a proposes an anti-quantum computation HTTPS communication method and system based on an asymmetric key pool, and specifically discloses a communication method, wherein the parties of the method include a server, a certificate authority center and a client, the client configures a key fob, and the asymmetric key pool is stored in the key fob; the anti-quantum computing HTTPS communication method comprises the following steps: the method comprises the steps that a server side obtains a digital certificate issued by a certificate authority center and sends the digital certificate to a client side, wherein the digital certificate records a public key pointer random number of the server; the client acquires a root digital certificate which is issued by a certificate authority and matched with the digital certificate, verifies the digital certificate sent by the server according to the root digital certificate, and acquires a server public key from the asymmetric key pool according to the public key pointer random number of the server recorded in the verified digital certificate; encrypting the randomly generated shared key by using the public key of the server, and sending an encryption result to the server to carry out key negotiation; and carrying out HTTPS communication with the server by using the shared key.
The solution proposed by patent CN109861813a, although capable of implementing anti-quantum computation based on quantum secret communication, has the following drawbacks:
1. In the technical scheme proposed by the patent CN109861813a, the client needs to configure a quantum key fob storing public keys of all members, so that the storage cost and the operation workload of the client key fob are increased, and the key management work of the client is complex;
2. In the technical solution proposed in CN109861813a, the overall flow and data structure of the conventional CA and digital signature system based on digital certificates are changed, for example, the format and usage of the digital certificates are changed, resulting in excessive cost for switching the CA and the user application system to the quantum-resistant computing solution.
Disclosure of Invention
Aiming at the problems in the related art, the invention provides a method and a system for offline digital currency quantum-resistant computing transaction of a sender, which are used for overcoming the technical problems existing in the related art.
For this purpose, the invention adopts the following specific technical scheme:
According to one aspect of the present invention, there is provided a digital currency anti-quantum computing transaction method for a sender offline, the method comprising the steps of:
S1, utilizing a key management server to issue quantum resistant computing devices for a user side and a commercial bank digital currency system respectively;
When the key management server issues a system public and private key for the user side, a message authentication code is calculated to obtain a corresponding system private key, then a system public key is calculated according to the system private key, the system private key is stored in an anti-quantum computing device of the key management server, and the system public key is stored in the anti-quantum computing device corresponding to the user side;
When the key management server issues a system public and private key for the commercial bank digital currency system, calculating a message authentication code to obtain a corresponding system private key, calculating according to the system private key to obtain a system public key, storing the system private key in an anti-quantum computing device of the key management server, and storing the system public key in an anti-quantum computing device of the commercial bank digital currency system;
When the key management server issues a public and private key for the user side, calling a hash function to calculate to obtain a public key, calculating to obtain a corresponding private key according to the public key, and storing the ID of the user side and the public and private key into an anti-quantum computing device of the user side;
When the key management server issues a public and private key for the commercial bank digital currency system, a hash function is called to calculate to obtain a public key, a corresponding private key is obtained according to the public key, and the ID of the commercial bank digital currency system and the public and private key are stored in an anti-quantum computing device of the commercial bank digital currency system;
S2, using a certificate issuing mechanism to issue a root certificate for the user side and the commercial bank digital currency system according to a root certificate issuing method, and storing the root certificate into the corresponding anti-quantum computing device;
s3, issuing certificates for the user side and the commercial bank digital currency system by using the certificate issuing mechanism through a certificate issuing method, and storing the certificates into the corresponding anti-quantum computing device;
s4, realizing off-line digital currency transaction of the sender user side by using a currency transaction method;
the step S4 of realizing the offline digital currency transaction of the sender user side by using the currency transaction method specifically comprises the following steps:
S41, the sender user side signs to obtain a signature transaction, and the signature transaction is sent to a receiver user side;
s42, the receiving party user receives the signature transaction and verifies the validity of the sender user side certificate to the certificate issuing mechanism;
S43, the certificate issuing mechanism receives the verification message and verifies the certificate of the sender user;
s44, the receiver user negotiates with the corresponding commercial bank to obtain a session key;
S45, the receiving party user side receives the verification result, verifies the signature transaction, and reports the verification result to the corresponding commercial bank by using the session key after the verification is passed;
s46, the corresponding commercial bank receives transaction information and verifies the transaction information through a central bank;
S47, the central bank sends the transaction verification result to a commercial bank corresponding to the receiver user side and a commercial bank corresponding to the sender user side respectively;
S48, the business banking corresponding to the receiver user terminal sends the transaction verification result to the receiver user terminal;
And S49, the receiver user sends the transaction verification result to the sender user.
Further, the step S2 of using a certificate issuing mechanism to issue a root certificate for the user side and the commercial bank digital currency system according to a root certificate issuing method, and storing the root certificate in the corresponding anti-quantum computing device specifically includes the following steps:
s21, using the certificate issuing mechanism to issue a root certificate for the user side and storing the root certificate into an anti-quantum computing device of the user side;
S22, the certificate issuing organization is used for issuing a root certificate for the commercial bank digital currency system and storing the root certificate into an anti-quantum computing device of the commercial bank digital currency system.
Further, the step of using the certificate authority to issue a root certificate for the client in S21 includes the following steps:
s211, the user sends identity information to the certificate authority;
S212, the certificate authority returns a root certificate of the certificate authority to the user terminal;
s213, the user receives the root certificate of the certificate authority.
Further, the issuing of the root certificate for the commercial bank digital money system using the certificate issuing authority in S22 includes the steps of:
s221, the commercial bank digital currency system sends identity information to the certificate authority;
S222, the certificate authority returns a root certificate of the certificate authority to the commercial bank digital currency system;
S223, the commercial bank digital currency system receives a root certificate of the certificate authority.
Further, the step S3 of issuing certificates for the user side and the commercial bank digital currency system respectively by using the certificate issuing mechanism through a certificate issuing method, and storing the certificates in the corresponding anti-quantum computing device specifically comprises the following steps:
S31, issuing a certificate for the user side by using the certificate issuing mechanism, and storing the certificate into an anti-quantum computing device of the user side;
S32, utilizing the certificate issuing organization to issue certificates for the commercial bank digital currency system, and storing the certificates into an anti-quantum computing device of the commercial bank digital currency system.
Further, the step of issuing a certificate to the client by the certificate issuing authority in S31 includes the following steps:
s311, the user sends the identity information and the public certificate key to the certificate authority;
s312, the certificate issuing mechanism returns a certificate to the user terminal;
s313, the user side receives the certificate.
Further, the issuing of the certificate for the digital money system of the commercial bank by the certificate issuing organization in S32 includes the steps of:
S321, the commercial bank digital currency system sends identity information and a public certificate key to the certificate authority;
s322, the certificate issuing organization returns a certificate to the commercial bank digital currency system;
S323, the commercial bank digital currency system receives the certificate.
Further, in S44, the negotiation between the receiving user side and the corresponding commercial bank is performed to obtain the session key, which specifically includes the following steps:
S441, the receiver user sends a signature session key to the corresponding commercial bank;
S442, the corresponding commercial bank verifies the validity of the user-side certificate of the receiver to the certificate issuing mechanism;
S443, the certificate issuing mechanism verifies the validity of the certificate of the receiver user side and sends the verification result to the corresponding commercial bank;
And S444, the corresponding commercial bank transmits the verification result to the receiver user side.
According to another aspect of the present invention, there is provided an anti-quantum computing digital money system comprising a central banking digital money system, a commercial banking digital money system, a user and an authentication system, the central banking digital money system being in identity authentication and in secure communication with the commercial banking digital money system, the commercial banking digital money system being in identity authentication and in secure communication with the user;
Wherein the central bank digital currency system is used for producing and issuing digital currency and also used for registering rights of the digital currency;
the commercial bank digital currency system is used for executing a bank function for digital currency;
The user is a main body for using the digital currency;
The authentication system is used for authenticating interaction between the commercial bank digital currency system and the user terminal equipment of the digital currency, and is also used for authenticating interaction between the central bank digital currency system and the commercial bank digital currency system.
Further, the system further comprises a certificate issuing mechanism, wherein an anti-quantum computing device is arranged in the certificate issuing mechanism, a key management server based on ID cryptography is deployed in the anti-quantum computing device, the central bank digital currency system comprises a central bank, the commercial bank digital currency system comprises a commercial bank corresponding to a sender user side and a commercial bank corresponding to a receiver user side, the user comprises the sender user side and the receiver user side, and the sender user side and the receiver user side are in close range communication.
The beneficial effects of the invention are as follows:
1) The invention can realize the anti-quantum computation digital currency communication system based on the offline of the digital certificate sender;
2) The symmetric keys used in the invention are all generated based on ID cryptography real-time calculation, and symmetric keys do not need to be stored in advance, so that the cost is low for users, and the problems of symmetric key management and storage do not exist;
3) The invention does not change the whole flow and data structure of the traditional CA and the digital signature system based on the digital certificate, so the cost for switching the CA and the user application system to the quantum-resistant calculation scheme is not high;
4) In the invention, the key issuing server based on ID cryptography is different for the public and private keys of the system of each different user, and even if the public key of the system of a certain user is lost, the public and private keys of the system of the CA and other users are not endangered because the public and private keys of the system are cracked by the quantum computer;
5) The communication mode of the invention meets the requirements of safety and cost under two different conditions, namely: for communication between a central bank and a commercial bank with extremely high confidentiality requirement and relatively small scheme change influence range, the quantum secret communication with higher cost and higher safety is adopted, so that the communication with higher safety is realized; for the communication between commercial banks and users with extremely high confidentiality requirements and relatively large scheme change influence range, the anti-quantum computing communication based on the digital certificate is adopted, so that the communication with higher security and cost is realized. Therefore, the invention improves the existing digital currency communication system into an anti-quantum computing digital currency communication system, and gives consideration to the cost of system improvement.
Drawings
FIG. 1 is a flow chart of a transaction method according to an embodiment of the invention;
FIG. 2 is a flow chart of a transaction method according to an embodiment of the present invention;
FIG. 3 is a flowchart of a client and commercial bank negotiating a key according to an embodiment of the present invention;
fig. 4 is a basic structural diagram of a digital money system for a central bank in an embodiment of the present invention.
Detailed Description
The invention will be further described with reference to the drawings and the specific examples. It is to be understood that the invention may be embodied in various forms and that the exemplary and non-limiting embodiments shown in the drawings and described below are not intended to limit the invention to the specific embodiments described.
It is to be understood that the technical features listed above for the different embodiments may be combined with each other where technically feasible to form further embodiments within the scope of the invention. Furthermore, the particular examples and embodiments described herein are not limiting and corresponding modifications may be made to the structures, steps, and sequences set forth above without departing from the scope of the invention.
According to the embodiment of the invention, a digital currency quantum-resistant computing transaction method and a system for offline of a sender are provided.
The invention will now be further described with reference to the accompanying drawings and detailed description, as shown in fig. 1-3, according to one embodiment of the invention, there is provided a sender offline digital currency quantum resistant computing transaction method, comprising the steps of:
S1, a key management server KMS is utilized to issue quantum resistant computing devices for a user side (comprising a sender user side A and a receiver user side B) and a commercial bank digital currency system (comprising a commercial bank A 0 corresponding to the sender user side and a commercial bank B 0 corresponding to the receiver user side) respectively;
When the key management server KMS issues a system public and private key for the user side, a message authentication code is calculated to obtain a corresponding system private key, then a system public key is calculated according to the system private key, the system private key is stored in an anti-quantum computing device of the key management server KMS, and the system public key is stored in the anti-quantum computing device corresponding to the user side;
specifically, the key management server KMS is different for system public and private keys of each different user, for the user side a, the KMS generates a unique code as ID A, the system private key of a is SK MSA, the system private key may be a true random number or obtained by calculation, for example SK MSA=MAC(IDA,SKMS) [ MAC (m, k) is to calculate a message authentication code for the message m using the key k, and the system public key of a is PK MSA=SKMSA ×p; for the user terminal B, the KMS generates a unique code as ID B, the system private key of B is SK MSB, the system private key may be a true random number or may be obtained by calculation, for example SK MSB=MAC(IDB,SKMS), and the system public key of B is PK MSB=SKMSB ×p; the system private key is stored in the anti-quantum computing device of the KMS, the system public key is stored in the anti-quantum computing device of the corresponding user side, namely PK MSA is stored in T A, and PK MSB is stored in T B;
When the key management server KMS issues a system public and private key for the commercial bank digital currency system, a message authentication code is calculated to obtain a corresponding system private key, then a system public key is calculated according to the system private key, the system private key is stored in an anti-quantum computing device of the key management server KMS, and the system public key is stored in an anti-quantum computing device of the commercial bank digital currency system;
when the key management server KMS issues a public and private key for the user side, a hash function is called to calculate to obtain a public key, a corresponding private key is obtained according to the public key, and the ID of the user side and the public and private key are stored in an anti-quantum computing device of the user side;
Specifically, taking a user terminal a as an example, when the KMS issues a public and private key for the user terminal a, the KMS invokes the hash function H 1 to calculate the public key PK A=H1(IDA, calculates the private key SK A=SKMSA*PKA according to the public key PK A, and stores the ID of a and the public and private key, i.e. ID A、PKA、SKA, in the quantum resistant calculation device T A of a;
When the key management server KMS issues a public and private key for the commercial bank digital currency system, a hash function is called to calculate to obtain a public key, a corresponding private key is obtained according to the public key, and the ID of the commercial bank digital currency system and the public and private key are stored in an anti-quantum computing device of the commercial bank digital currency system;
Specifically, taking commercial bank a 0 as an example, when the KMS issues a public key and a private key for commercial bank a 0, the KMS invokes the hash function H 1 to calculate the public key Based on public key/>Calculate private key/>ID and public private key of A 0, namely/>Anti-quantum computing device/>, stored in a 0
S2, the CA issues root certificates for the user side and the commercial bank digital currency system (a certificate issuing mechanism is used for respectively issuing root certificates for the user side and the commercial bank digital currency system according to a root certificate issuing method and storing the root certificates into the corresponding quantum resistant computing device);
Wherein, the S2 includes the CA institution issuing root certificates for all the user terminals and the digital money system of the commercial bank, and the issuing process is described in detail here by taking the user terminal a as an example:
(1) A→ca (the user terminal a sends identity information to the certificate authority CA);
The user side A calculates PK CA=H1(IDCA according to the ID CA) and further calculates a symmetric key K A-CA=e(SKA,PKCA with the CA. The time stamp T 1 is obtained, and T 1 is encrypted using K A-CA to obtain the final key K 1=MAC(T1,KA-CA).
Encryption of a's identity information AINFO using K 1 yields { AINFO } K 1, calculation of message authentication codes using K 1 for T 1 and AINFO yields MAC (T 1||AINFO,K1), which is sent to CA along with ID A、IDCA and T 1, the message sent may be represented as ID A||IDCA||T1||{AINFO}K1||MAC(T1||AINFO,K1.
(2) Ca→a (the certificate authority CA returns the certificate authority root certificate to the user side a);
KMS in CA calculates the system private key of a as SK MSA=MAC(IDA,SKMS), obtains SK CAA=SKMSA*PKCA from PK CA=H1(IDCA). Further deriving a symmetric key K CA-A=e(SKCAA,PKA between CA and a). K' 1=MAC(T1,KCA-A is calculated for T 1 using K CA-A according to ID cryptography :KA-CA=e(SKA,PKCA)=e(SKMSA*PKA,PKCA)=e(PKA,SKMSA*PKCA)=e(PKA,SKCAA)=e(SKCAA,PKA)=KCA-A.). The message authentication code is decrypted and verified using K' 1 to obtain identity information AINFO for a.
CA takes out CA root certificate CERT CA, obtains timestamp T 2, and calculates final key K 2=MAC(T2,KCA-A by encrypting T 2 using K CA-A). Encryption of CERT CA using K 2 to obtain { CERT CA}K2, calculation of message authentication code using K 2 to T 2 and CERT CA to obtain MAC (T 2||CERTCA,K2), transmission to a along with ID CA、IDA and T 2, the transmitted message may be expressed as IDCA||IDA||T2||{CERTCA}K2||MAC(T2||CERTCA,K2).
(3) A receives a CA root certificate (the user a receives a root certificate of the certificate authority CA);
A receives the message and calculates the final key K' 2=MAC(T2,KA-CA by encrypting T 2 using K A-CA). And decrypting and verifying the message authentication code by using the K' 2 to obtain a CA root certificate CERT CA, and storing the CA root certificate CERT CA in a local anti-quantum computing device T A after verification by A.
S3, the CA issues certificates for the user side and the commercial bank digital currency system (the certificate issuing mechanism is used for respectively issuing certificates for the user side and the commercial bank digital currency system through a certificate issuing method and storing the certificates into the corresponding anti-quantum computing device);
wherein, the step S3 includes the CA mechanism issuing certificates for all the clients and the digital money system of the commercial bank, and the issuing process is described in detail here by taking the client a as an example:
(1) A→ca (the user a sends identity information and a certificate public key to the certificate authority CA);
The user side a calculates a symmetric key K A-CA=e(SKA,PKCA with CA). The time stamp T 3 is obtained and the final key K 3=MAC(T3,KA-CA is calculated by encrypting T 3 using K A-CA).
A generates a certificate public-private key pair PK CERTA、SKCERTA, which can be based on various asymmetric cryptographic algorithms such as RSA, ECC, discrete logarithm, ID cryptography and the like. Encryption of A's identity information AINFO and A's certificate public key PK CERTA using K 3 yields { AINFO ||PK CERTA}K3, calculation of message authentication codes using K 3 for T 3, AINFO and PK CERTA yields MAC (T 3||AINFO||PKA,K3), and transmission to CA along with ID A、IDCA and T 3, the transmitted message may be expressed as IDA||IDCA||T3||{AINFO||PKCERTA}K3||MAC(T3||AINFO||PKCERTA,K3).
(2) Ca→a (the certificate authority CA returns a certificate to the user side a);
KMS in CA calculates the system private key of a as SK MSA=MAC(IDA,SKMS), obtains SK CAA=SKMSA*PKCA from PK CA=H1(IDCA). Further deriving a symmetric key K CA-A=e(SKCAA,PKA between CA and a). The final key K' 3=MAC(T3,KCA-A is calculated using K CA-A for T 3 encryption according to ID cryptography :KA-CA=e(SKA,PKCA)=e(SKMSA*PKA,PKCA)=e(PKA,SKMSA*PKCA)=e(PKA,SKCAA)=e(SKCAA,PKA)=KCA-A.). The message authentication code is decrypted and verified using K' 3, resulting in identity information AINFO for a and PK CERTA for computing CERT A.
CA makes certificate CERT A of A. The CA then obtains a time stamp T 4, and calculates the final key K 4=MAC(T4,KCA-A using K CA-A to encrypt T 4). Encryption of CERT A using K 4 to obtain { CERT A}K4, calculation of message authentication code using K 4 to T 4 and CERT A to obtain MAC (T 4||CERTA,K4), transmission to a along with ID CA、IDA and T 4, the transmitted message may be expressed as IDCA||IDA||T4||{CERTA}K4||MAC(T4||CERTA,K4).
(3) A receives a CA certificate (the user side a receives a certificate of the certificate authority CA);
After receiving the message, a uses K A-CA to encrypt T 4 to obtain K' 4=MAC(T4,KA-CA). The message authentication code is decrypted and verified by using the K' 4, the certificate CERT A of the user is obtained, and the certificate A is stored in the local anti-quantum computing device T A after verification.
In addition, for the client B in this embodiment, the client B generates the public-private key pair PK CERTB、SKCERTB, and performs the same steps as those described above with CA to obtain its own certificate CERT B. B verifies CERT B and stores the verification result in a local anti-quantum computing device T B.
Commercial bank B 0 generates certificate public-private key pairThe same procedure as above is also performed with CA to obtain its own certificate/>B 0 pair/>After verification, the local anti-quantum computing device/>, is storedAnd (3) inner part.
S4, the sender A takes the digital currency transaction offline (the sender user side A takes the digital currency transaction offline is realized by using a currency transaction method);
S41, signing A to obtain signature transaction (the user side A signs to obtain signature transaction and sends the signature transaction to the user side B);
The user side a calculates a symmetric key K A-CA=e(SKA,PKCA with CA). The final key K T=MAC(T,KA-CA is calculated using K A-CA for the signature time T encryption). The message to be signed is TX, which comprises sender information, receiver information, digital currency and other transaction information.
Signature is calculated for T and TX using certificate private key SK CERTA for a to get SIG A=SIGN(T||TX,SKCERTA). The TX SIG A and CERT A are encrypted using K T to obtain { TX SIG A}KT and { CERT A}KT, respectively. Together with IDs A and T as MSG A, can be denoted as MSG A=IDA||T||{TX||SIGA}KT||{CERTA}KT. The message authentication code is calculated for MSG A using K T to obtain the MAC (MSG A,KT). A sends MSG A||MAC(MSGA,KT) to B via near field communication.
S42, B receives a signature transaction (the receiving user terminal B receives the signature transaction and verifies the validity of the certificate of the sending user terminal A with the certificate authority CA);
And B, after receiving the certificate, confirming the validity of the certificate of A to the CA. B calculates a symmetric key K B-CA=e(SKB,PKCA with CA). The time stamp T 5 is obtained, and K 5=MAC(T5,KB-CA is calculated by encrypting T 5 using K B-CA). Combining ID B、IDCA、T5、IDA, T { CERT A}KT gives MSG 5=IDB||IDCA||T5||IDA||T||{CERTA}KT, and calculating the message authentication code for MSG 5 using K 5 gives MAC (MSG 5,K5). The message sent by B to CA is MSG 5||MAC(MSG5,K5).
S43, the CA verifies the certificate of A (the certificate authority CA receives the verification message and verifies the certificate of the user side A);
After the CA receives, the KMS in the CA calculates the system private key of B as SK MSB=MAC(IDB,SKMS), and SK CAB=SKMSB*PKCA is calculated according to PK CA=H1(IDCA). Further from PK B=H1(IDB) to derive a symmetric key K CA-B=e(SKCAB,PKB between CA and B). K' 5=MAC(T5,KCA-B is calculated using K CA-B for T 5 encryption according to ID cryptography :KB-CA=e(SKB,PKCA)=e(SKMSB*PKB,PKCA)=e(PKB,SKMSB*PKCA)=e(PKB,SKCAB)=e(SKCAB,PKB)=KCA-B.CA). The MSG 5 is decrypted using K' 5 and the message authentication code is verified, confirming that the message is from B.
KMS in CA calculates a system private key of a as SK MSA=MAC(IDA,SKMS), and calculates SK CAA=SKMSA*PKCA. Further from PK A=H1(IDA) to obtain a symmetric key K CA-A=e(SKCAA,PKA between CA and a). Available according to ID cryptography :KA-CA=e(SKA,PKCA)=e(SKMSA*PKA,PKCA)=e(PKA,SKMSA*PKCA)=e(PKA,SKCAA)=e(SKCAA,PKA)=KCA-A.
CA calculated K' T=MAC(T,KCA-A using K CA-A for T encryption). Decryption of { CERT A}KT using K' T gives CERT A. The validity of CERT A and whether it is in the certificate revocation list are judged, and the judgment result is referred to as RET A.
CA obtains a time stamp T 6, and K 6=MAC(T6,KCA-B is calculated by encrypting T 6 using K CA-B). Encryption of RET A and K' T using K 6 gives { RET A||K′T}K6, combination of ID CA、IDB、T6 and { RET A||K′T}K6 gives MSG 6=IDCA||IDB||T6||{RETA||K′T}K6, and calculation of message authentication code for MSG 6 using K 6 gives MAC (MSG 6,K6). The message sent by CA to B is MSG 6||MAC(MSG6,K6).
S44, negotiating a session key with the commercial bank (the user terminal B negotiates with the corresponding commercial bank B 0 to obtain the session key);
specifically, the step S44 specifically includes the following steps:
s441, B sends a signature session key to a commercial bank (the user side B sends the signature session key to the corresponding commercial bank B 0);
B generates the session key KSB, obtains the timestamp T 7, and encrypts T 7 using K B-CA to obtain K 7=MAC(T7,KB-CA). Signature is calculated for T 7 and KSB using the certificate private key SK CERTB of B to yield SIG B=SIGN(T7||KSB,SKCERTB). The KSB SIG B and CERT B are encrypted using K 7 to obtain { KSB SIG B}K7 and { CERT B}K7, respectively. Together with T 7 as MSG 7, this can be denoted as MSG 7=T7||{KSB||SIGB}K7||{CERTB}K7. The message authentication code is calculated for MSG 7 using K 7 to obtain the MAC (MSG 7,K7). B sends MSG 7||MAC(MSG7,K7) to B 0.
S442, the commercial bank seeks verification from the CA (the corresponding commercial bank B 0 verifies the validity of the user side B certificate from the certificate authority CA);
After B 0 receives, the validity of the certificate of B is confirmed to the CA. B 0 computing a symmetric key with CA Obtain timestamp T 8, use/>Encryption calculation of T 8 to obtain/> Will/>T 8、IDB、T7 and { CERT B}K7 combination to give/> Calculating the message authentication code for MSG 8 using K 8 results in the message sent by MAC (MSG 8,K8) B to CA being MSG 8||MAC(MSG8,K8.
S443, the CA returns a verification result (the certificate authority CA verifies the validity of the user side B certificate and sends the verification result to the corresponding commercial bank B 0);
After the CA receives the system private key of B 0 calculated by the KMS in the CA as Calculated according to PK CA=H1(IDCA)/>Further according to/>Obtain a symmetric key/>, between CA and B 0 Available according to ID cryptography: /(I) CA usage/>Encryption calculation is carried out on T 8 to obtainThe MSG 8 was decrypted using K' 8 and the message authentication code was verified, confirming that the message was from B 0.
KMS in CA calculates B's system private key as SK MSB=MAC(IDB,SKMS), calculating SK CAB=SKMSB*PKCA. Further from PK B=H1(IDB) to derive a symmetric key K CA-B=e(SKCAB,PKB between CA and B). K' 7=MAC(T7,KCA-B is calculated using K CA-B for T 7 encryption according to ID cryptography :KB-CA=e(SKB,PKCA)=e(SKMSB*PKB,PKCA)=e(PKB,SKMSB*PKCA)=e(PKB,SKCAB)=e(SKCAB,PKB)=KCA-B.CA). Decryption of { CERT B}K7 using K' 7 gives CERT B. The validity of CERT B and whether it is in the certificate revocation list are judged, and the judgment result is referred to as RET B.
CA obtains a timestamp T 9, usingEncryption calculation of T 9 yields K 9=MAC(T9,KCA-B). Encryption of RET B and K' 7 using K 9 gives { RET B||K′7}K9, ID CA,/>T 9, and { RET B||K′7}K9 }, combinedThe message authentication code is calculated for MSG 9 using K 9 to obtain the MAC (MSG 9,K9). The message sent by CA to B 0 is MSG 9||MAC(MSG9,K9).
S444, the commercial bank notifies B of the result (the corresponding commercial bank B 0 sends the verification result to the user terminal B);
B 0, after receiving the CA message, calculates K' 9=MAC(T9,KB-CA by encrypting T 9 using K B-CA). Decryption of { RET B||K′7}K9 using K '9 yields RET B and K' 7. If RET B is failure, the key negotiation fails, and the process is ended; otherwise, continuing. Decryption of { CERT B}K7 and { KSB||SIG B}K7 in MSG 7 using K' 7 yields CERT B、SIGA and KSB. Certificate CERT B of B is authenticated using PK CERTCA in CERT CA, after authentication is passed, SIG B is authenticated using PK CERTB, after authentication is passed, KSB is trusted to be a session key with B.
B 0 encrypts RET B using KSB to obtain { RET B } KSB, which is sent to B. B receives and decrypts RET B using KSB, trusting that KSB is the session key with B 0.
S45, reporting to a commercial bank (the user terminal B receives the verification result and verifies the signature transaction, and reporting B 0 to the corresponding commercial bank by using the session key after the verification is passed);
B after receiving the message in step 3.3, K' 6=MAC(T6,KB-CA is calculated by encrypting T 6 by using K B-CA). Decryption of { RET A||K′T}K6 using K '6 yields RET A and K' T. If RET A is failure, the transaction signature verification fails, and the process is ended; otherwise, continuing. Decrypting the encrypted portion of MSG A using K' T yields CERT A, TX, and SIG A. Certificate CERT A of a is verified using PK CERTCA in CERT CA, after verification is passed, SIG A is verified using PK CERTA, after verification is passed, TX is trusted to be the transaction from a.
B combines T, TX, CERT A and SIG A to give MSG B=T||TX||CERTA||SIGA. B encrypts MSG B using session key KSB with B 0 to obtain { MSG B } KSB, which is sent to commercial bank B 0 to which B belongs.
S46, reporting to a central office by the commercial bank (the corresponding commercial bank B 0 receives the transaction information and verifies the transaction information through the central bank);
B 0, having received { MSG B } KSB, decrypts to obtain MSG B using KSB, and forwards MSG B encryption to the central row via QKD key K Q. After receipt by the juxtarow, the transaction is then validated using K Q, the certificate of a CERT A is validated using PK CERTCA in CERT CA, SIG A is validated using PK CERTA after the validation is passed, and TX is trusted to be the transaction from a. The verification result is recorded as RET TX.
S47, notifying a commercial bank by a central bank (the central bank respectively sends the transaction verification result to a commercial bank A 0 corresponding to the receiver user side and a commercial bank B 0 corresponding to the sender user side);
The central office records the attribution change of the digital currency after the transaction is successful, and sends T TX RET TX to the business banks A 0.A0 and B 0 of B 0 and A through QKD key encryption to decrypt the information of the verification central office, and records T TX RET TX.
S48, B 0 informs B of the result (the business bank B 0 corresponding to the user end of the receiver sends the transaction verification result to the user end B);
B 0 sends T TX RET TX to B using KSB encryption to get { T TX RET TX } KSB. B uses KSB decryption, after confirming RET TX, if successful, store the received digital currency.
S49, B informs A of the result (the user terminal B sends the transaction verification result to the user terminal A);
After confirmation is successful, B encrypts T TX RET TX to { T TX RET TX}K′T using K' T and sends to a through close range communication.
After receiving a, the RET TX is decrypted and confirmed by using the K T, and the transaction is ended after confirmation.
In order to facilitate understanding of the above technical solutions of the present invention, a method for establishing a set of system parameters based on ID key science in the actual process of the present invention will be described in detail below.
When the KMS issues a public key and a private key for a member, a set of system parameters based on ID key science needs to be established first, and the steps are as follows:
(1) G 1,G2 is a GDH (Diffie-Hellman group) group of order q, q is a large prime number, G 1 is an additive cyclic group consisting of points on an elliptic curve, and P is the generator of group G 1; g 2 is a multiplicative cycle group; bilinear mapping e: g 1×G1→G2.
(2) SK MS∈Zp * is randomly taken as a system private key of CA, SK MS is stored only in the anti-quantum computing device of KMS, and a system public key PK MS=SKMS*P,PKMS for computing CA is stored in an anti-quantum computing device T CA of CA. The KMS is different for the public and private keys of the system of each different user, and for the user side a, the KMS generates a unique code as ID A, the private key of a is SK MSA, the private key of a may be a true random number or may be obtained by calculation, for example SK MSA=MAC(IDA,SKMS (MAC (m, k) is to calculate a message authentication code for message m using key k), and the public key of a is PK MSA=SKMSA ×p; for the user terminal B, the KMS generates a unique code as ID B, the system private key of B is SK MSB, the system private key may be a true random number or may be obtained by calculation, for example SK MSB=MAC(IDB,SKMS), and the system public key of B is PK MSB=SKMSB ×p; the system private key is stored in the anti-quantum computing device of the KMS, the system public key is stored in the anti-quantum computing device of the corresponding user side, that is, PK MSA is stored in T A, and PK MSB is stored in T B. Commercial bank a 0、B0 is similar. If the system private key is a true random number, the KMS stores the system private key and the corresponding user ID in a database, and the system private key and the corresponding user ID are directly taken when needed; if the system private key is obtained by calculation, the KMS calculates and generates in real time when needed, and storage is not needed; the following embodiments take the system private key as an example.
(3) A hash function H 1:{0,1}*→G1,H2:G2→{0,1}* is selected.
(4) The system parameter is { q, G 1,G2,e,n,P,H1,H2 }.
When the KMS issues a public and private key for the CA, a unique code is generated as an ID CA, a hash function H 1 is called to calculate a public key PK CA=H1(IDCA, then a private key SK CA=SKMS*PKCA is calculated according to the public key PK CA, the ID of the CA and the public key, i.e., ID CA、PKCA、SKCA, are stored in an anti-quantum computing device T CA.TCA of the CA, and a CA root certificate CERT CA,CERTCA includes a version number, a serial number, a validity period of the certificate, and a certificate public key PK CERTCA and a certificate signature of the CA, wherein the certificate public key and the certificate signature can be based on a plurality of asymmetric cryptographic algorithms such as RSA, ECC, discrete logarithm, ID cryptography, and the like.
When the KMS issues a public and private key for the user terminal a, the KMS invokes the hash function H 1 to calculate the public key PK A=H1(IDA, calculates the private key SK A=SKMSA*PKA according to the public key PK A, and stores the ID of a and the public and private key, i.e. ID A、PKA、SKA, in the quantum resistant computing device T A of a.
When KMS issues public and private keys for A 0, a hash function H 1 is called to calculate the public keysBased on public key/>Calculate private key/>ID and public private key of A 0, namely/>Anti-quantum computing device/>, stored in a 0
According to another aspect of the present invention, there is provided an anti-quantum computing digital money system, in which, as shown in fig. 4, the digital money system basic structure mainly includes a central bank digital money system, a commercial bank digital money system (in practice, a plurality of commercial bank digital money systems) and a user, and a system for authenticating the three. A QKD network is built between the central bank and each commercial bank. The central bank performs identity authentication and secret communication with each commercial bank, and each commercial bank performs identity authentication and secret communication with each user.
Wherein the central bank digital currency system is used for generating and issuing digital currency and registering the right of the digital currency; the commercial bank digital currency system is used for executing a bank function on digital currency; the user is the main body for using the digital currency; the authentication system includes providing authentication for interaction between the commercial bank digital money system and a terminal device used by a user of the digital money system, and providing authentication for interaction between the central bank digital money system and the commercial bank digital money system. The identity authentication is performed between the central bank digital currency system and the commercial bank digital currency system through QKD (quantum key distribution) communication: the two parties of the central bank digital currency system and the commercial bank digital currency system are respectively provided with a QKD device, and the two party devices carry out quantum secret communication through the QKD line and negotiate to obtain a session key.
In addition, the user comprises a sender user end A and a receiver user end B. The commercial bank corresponding to the user side a is denoted as a 0, and the commercial bank corresponding to the user side B is denoted as B 0. A is an offline member and performs close-range communication with B, so that digital currency transaction is performed. B is an online member and generates a session key KSB after authentication with commercial bank B 0 through a CA institution. A and B exchange information between two parties through near field communication. The sender information includes sender ID, wallet ID, contact means, hardware device code, etc. The receiver information is similar.
The system of the present embodiment further includes a certificate authority CA. CA has an anti-quantum computing device T CA,TCA with an ID cryptography-based key management server KMS disposed therein.
KMS issues an anti-quantum computing device T A、TB for a and B, and an anti-quantum computing device for a 0 and B 0
The anti-quantum computing device can be a key fob, a mobile terminal, a cipher machine, a gateway and the like, can respectively carry out mainboard interface communication, short-distance wireless communication, controllable intranet communication and the like with a CA mechanism or each user side, can ensure that information cannot be stolen by a quantum computer in a communication range, for example, the anti-quantum computing device can be a key fob which is inserted on a host mainboard of the CA mechanism, or the anti-quantum computing device can carry out NFC communication between the mobile terminal and both sides of the mobile terminal, or the anti-quantum computing device is a cipher machine or gateway and both sides of a PC host of the same intranet carry out safe intranet communication.
In summary, by means of the above technical solution of the present invention, the present invention can implement an offline digital money communication system based on a digital certificate sender for quantum computation; in addition, the symmetric keys used in the invention are all generated based on ID cryptography real-time calculation, and symmetric keys do not need to be stored in advance, so that the cost is low for users, and the problems of symmetric key management and storage are avoided;
In addition, the invention does not change the whole flow and data structure of the traditional CA and the digital signature system based on the digital certificate, so the cost of switching the CA and the user application system to the quantum-resistant calculation scheme is not high; in addition, in the invention, the key issuing server based on ID cryptography is different for the public and private keys of the system of each different user, and even if the public key of the system of a certain user is lost to cause the private key of the system to be cracked by a quantum computer, the public and private keys of the system of CA and other users can not be endangered;
Furthermore, the communication mode of the present invention meets the requirements for security and cost in two different situations, namely: for communication between a central bank and a commercial bank with extremely high confidentiality requirement and relatively small scheme change influence range, the quantum secret communication with higher cost and higher safety is adopted, so that the communication with higher safety is realized; for the communication between commercial banks and users with extremely high confidentiality requirements and relatively large scheme change influence range, the anti-quantum computing communication based on the digital certificate is adopted, so that the communication with higher security and cost is realized. Therefore, the invention improves the existing digital currency communication system into an anti-quantum computing digital currency communication system, and gives consideration to the cost of system improvement.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the invention, which are described in detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
Claims (10)
1. A sender offline digital currency quantum resistant computing transaction method, comprising the steps of:
S1, utilizing a key management server to issue quantum resistant computing devices for a user side and a commercial bank digital currency system respectively;
When the key management server issues a system public and private key for the user side, a message authentication code is calculated to obtain a corresponding system private key, then a system public key is calculated according to the system private key, the system private key is stored in an anti-quantum computing device of the key management server, and the system public key is stored in the anti-quantum computing device corresponding to the user side;
When the key management server issues a system public and private key for the commercial bank digital currency system, calculating a message authentication code to obtain a corresponding system private key, calculating according to the system private key to obtain a system public key, storing the system private key in an anti-quantum computing device of the key management server, and storing the system public key in an anti-quantum computing device of the commercial bank digital currency system;
When the key management server issues a public and private key for the user side, calling a hash function to calculate to obtain a public key, calculating to obtain a corresponding private key according to the public key, and storing the ID of the user side and the public and private key into an anti-quantum computing device of the user side;
When the key management server issues a public and private key for the commercial bank digital currency system, a hash function is called to calculate to obtain a public key, a corresponding private key is obtained according to the public key, and the ID of the commercial bank digital currency system and the public and private key are stored in an anti-quantum computing device of the commercial bank digital currency system;
The quantum-resistant computing device comprises at least one of a key fob, a mobile terminal, a cipher machine or a gateway, and can respectively carry out main board interface communication, short-range wireless communication and controllable intranet communication with a CA mechanism or each user side, so that information cannot be stolen by a quantum computer in a communication range;
S2, using a certificate issuing mechanism to issue a root certificate for the user side and the commercial bank digital currency system according to a root certificate issuing method, and storing the root certificate into the corresponding anti-quantum computing device;
s3, issuing certificates for the user side and the commercial bank digital currency system by using the certificate issuing mechanism through a certificate issuing method, and storing the certificates into the corresponding anti-quantum computing device;
s4, realizing off-line digital currency transaction of the sender user side by using a currency transaction method;
the step S4 of realizing the offline digital currency transaction of the sender user side by using the currency transaction method specifically comprises the following steps:
S41, the sender user side signs to obtain a signature transaction, and the signature transaction is sent to a receiver user side;
s42, the receiving party user receives the signature transaction and verifies the validity of the sender user side certificate to the certificate issuing mechanism;
S43, the certificate issuing mechanism receives the verification message and verifies the certificate of the sender user;
s44, the receiver user negotiates with the corresponding commercial bank to obtain a session key;
S45, the receiving party user side receives the verification result, verifies the signature transaction, and reports the verification result to the corresponding commercial bank by using the session key after the verification is passed;
s46, the corresponding commercial bank receives transaction information and verifies the transaction information through a central bank;
S47, the central bank sends the transaction verification result to a commercial bank corresponding to the receiver user side and a commercial bank corresponding to the sender user side respectively;
S48, the business banking corresponding to the receiver user terminal sends the transaction verification result to the receiver user terminal;
And S49, the receiver user sends the transaction verification result to the sender user.
2. The method for offline digital currency anti-quantum computing transaction according to claim 1, wherein S2 issues root certificates for the user side and the commercial bank digital currency system respectively according to a root certificate issuing method using a certificate issuing authority, and stores the root certificates in the corresponding anti-quantum computing device specifically comprises the following steps:
s21, using the certificate issuing mechanism to issue a root certificate for the user side and storing the root certificate into an anti-quantum computing device of the user side;
S22, the certificate issuing organization is used for issuing a root certificate for the commercial bank digital currency system and storing the root certificate into an anti-quantum computing device of the commercial bank digital currency system.
3. The method for offline digital currency quantum resistant computing transaction according to claim 2, wherein said issuing a root certificate to said client using said certificate authority in S21 comprises the steps of:
s211, the user sends identity information to the certificate authority;
S212, the certificate authority returns a root certificate of the certificate authority to the user terminal;
s213, the user receives the root certificate of the certificate authority.
4. The sender offline digital currency anti-quantum computing transaction method according to claim 2, wherein said issuing a root certificate for the commercial bank digital currency system using the certificate issuing authority in S22 comprises the steps of:
s221, the commercial bank digital currency system sends identity information to the certificate authority;
S222, the certificate authority returns a root certificate of the certificate authority to the commercial bank digital currency system;
S223, the commercial bank digital currency system receives a root certificate of the certificate authority.
5. The method for offline digital currency anti-quantum computing transaction according to claim 1, wherein said S3 issues certificates to said user side and said commercial bank digital currency system respectively by means of a certificate issuing method using said certificate issuing institution, and stores the certificates in the corresponding anti-quantum computing device, comprising the steps of:
S31, issuing a certificate for the user side by using the certificate issuing mechanism, and storing the certificate into an anti-quantum computing device of the user side;
S32, utilizing the certificate issuing organization to issue certificates for the commercial bank digital currency system, and storing the certificates into an anti-quantum computing device of the commercial bank digital currency system.
6. The method for offline digital currency quantum resistant computing transaction according to claim 5, wherein said issuing a certificate to said client using said certificate issuing authority in S31 comprises the steps of:
s311, the user sends the identity information and the public certificate key to the certificate authority;
s312, the certificate issuing mechanism returns a certificate to the user terminal;
s313, the user side receives the certificate.
7. The sender offline digital currency anti-quantum computing transaction method according to claim 5, wherein said issuing a certificate for the commercial bank digital currency system using the certificate issuing authority in S32 comprises the steps of:
S321, the commercial bank digital currency system sends identity information and a public certificate key to the certificate authority;
s322, the certificate issuing organization returns a certificate to the commercial bank digital currency system;
S323, the commercial bank digital currency system receives the certificate.
8. The method for offline digital currency quantum-resistant computing transaction according to claim 1, wherein the step of negotiating the receiver user side with the corresponding commercial bank to obtain the session key in S44 specifically comprises the steps of:
S441, the receiver user sends a signature session key to the corresponding commercial bank;
S442, the corresponding commercial bank verifies the validity of the user-side certificate of the receiver to the certificate issuing mechanism;
S443, the certificate issuing mechanism verifies the validity of the certificate of the receiver user side and sends the verification result to the corresponding commercial bank;
And S444, the corresponding commercial bank transmits the verification result to the receiver user side.
9. An anti-quantum computing digital money system for implementing the steps of the sender offline digital money anti-quantum computing transaction method of any one of claims 1 to 8, characterized in that the system comprises a central banking digital money system, a commercial banking digital money system, a user and an authentication system, the central banking digital money system performs identity authentication and secret communication with the commercial banking digital money system, the commercial banking digital money system performs identity authentication and secret communication with the user;
Wherein the central bank digital currency system is used for producing and issuing digital currency and also used for registering rights of the digital currency;
the commercial bank digital currency system is used for executing a bank function for digital currency;
The user is a main body for using the digital currency;
The authentication system is used for authenticating interaction between the commercial bank digital currency system and the user terminal equipment of the digital currency, and is also used for authenticating interaction between the central bank digital currency system and the commercial bank digital currency system.
10. The quantum resistant computing digital money system of claim 9, further comprising a certificate authority, wherein an quantum resistant computing device is disposed in the certificate authority, and wherein a key management server based on ID cryptography is disposed in the quantum resistant computing device, the central banking digital money system comprises a central bank, the commercial banking digital money system comprises a commercial bank corresponding to a sender user side and a commercial bank corresponding to a receiver user side, the user comprises a sender user side and a receiver user side, and the sender user side and the receiver user side are in close range communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011091591.XA CN114362952B (en) | 2020-10-13 | 2020-10-13 | Anti-quantum computing transaction method and system for digital currency of sender offline |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011091591.XA CN114362952B (en) | 2020-10-13 | 2020-10-13 | Anti-quantum computing transaction method and system for digital currency of sender offline |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114362952A CN114362952A (en) | 2022-04-15 |
| CN114362952B true CN114362952B (en) | 2024-05-14 |
Family
ID=81089922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011091591.XA Active CN114362952B (en) | 2020-10-13 | 2020-10-13 | Anti-quantum computing transaction method and system for digital currency of sender offline |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114362952B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010109271A1 (en) * | 2009-03-25 | 2010-09-30 | Nokia Corporation | Systems, methods, apparatuses, and computer program products for generation and exchange of digital currency |
| CN109687963A (en) * | 2019-01-15 | 2019-04-26 | 如般量子科技有限公司 | Anti- quantum calculation alliance chain method of commerce and system based on public key pond |
| CN109756500A (en) * | 2019-01-11 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation https traffic method and system based on multiple unsymmetrical key ponds |
| CN109861813A (en) * | 2019-01-11 | 2019-06-07 | 如般量子科技有限公司 | Anti- quantum calculation https traffic method and system based on unsymmetrical key pond |
| CN109978515A (en) * | 2019-03-14 | 2019-07-05 | 重庆邮电大学 | A kind of Third Party Payment System method based on quantum multiple delegate Proxy Signature |
| CN110098925A (en) * | 2019-04-22 | 2019-08-06 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system |
| CN110213044A (en) * | 2019-05-15 | 2019-09-06 | 如般量子科技有限公司 | Anti- quantum calculation HTTPS based on multiple unsymmetrical key ponds signs close communication means and system |
| CN111211910A (en) * | 2019-12-30 | 2020-05-29 | 南京如般量子科技有限公司 | Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof |
| CN111698095A (en) * | 2020-06-17 | 2020-09-22 | 南京如般量子科技有限公司 | Data chain quantum computation resistant communication method and system based on ID cryptography and symmetric key pool |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105245343B (en) * | 2015-09-22 | 2018-09-14 | 华南理工大学 | A kind of online static signature system and method based on multivariable cryptographic technique |
| CN108009917B (en) * | 2017-10-13 | 2021-12-07 | 中国银联股份有限公司 | Transaction verification and registration method and system for digital currency |
-
2020
- 2020-10-13 CN CN202011091591.XA patent/CN114362952B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010109271A1 (en) * | 2009-03-25 | 2010-09-30 | Nokia Corporation | Systems, methods, apparatuses, and computer program products for generation and exchange of digital currency |
| CN109756500A (en) * | 2019-01-11 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation https traffic method and system based on multiple unsymmetrical key ponds |
| CN109861813A (en) * | 2019-01-11 | 2019-06-07 | 如般量子科技有限公司 | Anti- quantum calculation https traffic method and system based on unsymmetrical key pond |
| CN109687963A (en) * | 2019-01-15 | 2019-04-26 | 如般量子科技有限公司 | Anti- quantum calculation alliance chain method of commerce and system based on public key pond |
| CN109978515A (en) * | 2019-03-14 | 2019-07-05 | 重庆邮电大学 | A kind of Third Party Payment System method based on quantum multiple delegate Proxy Signature |
| CN110098925A (en) * | 2019-04-22 | 2019-08-06 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system |
| CN110213044A (en) * | 2019-05-15 | 2019-09-06 | 如般量子科技有限公司 | Anti- quantum calculation HTTPS based on multiple unsymmetrical key ponds signs close communication means and system |
| CN111211910A (en) * | 2019-12-30 | 2020-05-29 | 南京如般量子科技有限公司 | Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof |
| CN111698095A (en) * | 2020-06-17 | 2020-09-22 | 南京如般量子科技有限公司 | Data chain quantum computation resistant communication method and system based on ID cryptography and symmetric key pool |
Non-Patent Citations (4)
| Title |
|---|
| An inter-bank E-payment protocol based on quantum proxy blind signature;Xiaojun Wen等;Quantum Inf Process(第12期);全文 * |
| 一类抗量子计算的公钥密码算法研究;游伟青;陈小明;齐健;;信息网络安全(04);全文 * |
| 基于NTRUSign的新型公钥基础设施的设计;李子臣;梁斓;孙亚飞;杨亚涛;;计算机应用研究(08);全文 * |
| 抗量子计算攻击密码体制发展分析;刘文瑞;通信技术;第50卷(第5期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114362952A (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10903991B1 (en) | Systems and methods for generating signatures | |
| US10313110B2 (en) | Efficient methods for protecting identity in authenticated transmissions | |
| CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
| US20130191632A1 (en) | System and method for securing private keys issued from distributed private key generator (d-pkg) nodes | |
| CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
| US11870891B2 (en) | Certificateless public key encryption using pairings | |
| US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
| CN112104453B (en) | Anti-quantum computation digital signature system and signature method based on digital certificate | |
| CN113630248B (en) | Session key negotiation method | |
| CN112087428B (en) | Anti-quantum computing identity authentication system and method based on digital certificate | |
| CN113225302A (en) | Data sharing system and method based on proxy re-encryption | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| GB2421410A (en) | Generating and Identifier-Based Public / Private key Pair from a Multi-Component Signature | |
| CN111526131B (en) | Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station | |
| CN110266483B (en) | Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD | |
| CN114448636B (en) | Quantum-resistant computing digital currency system based on digital certificate and anonymous communication method | |
| CN116599659A (en) | Certificate-free identity authentication and key negotiation method and system | |
| CN114362952B (en) | Anti-quantum computing transaction method and system for digital currency of sender offline | |
| CN113014376B (en) | Method for safety authentication between user and server | |
| CN114529272A (en) | Anti-quantum computing transaction method and system for digital currency with offline receiver | |
| US10608826B2 (en) | Method for authenticating attributes in a non-traceable manner and without connection to a server | |
| CN114529274A (en) | Sender offline quantum computation resistant transaction method and system based on digital currency | |
| CN114529273A (en) | Anti-quantum computing digital currency anonymous communication method and system based on ID cryptography | |
| CN114422158B (en) | Anti-quantum computing digital currency communication method and system based on ID cryptography | |
| CN114529276A (en) | Sender offline anonymous transaction method and system based on quantum computation resistance |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |