CN114491664A - Server information security detection method and device and detection equipment - Google Patents
Server information security detection method and device and detection equipment Download PDFInfo
- Publication number
- CN114491664A CN114491664A CN202111644157.4A CN202111644157A CN114491664A CN 114491664 A CN114491664 A CN 114491664A CN 202111644157 A CN202111644157 A CN 202111644157A CN 114491664 A CN114491664 A CN 114491664A
- Authority
- CN
- China
- Prior art keywords
- signature
- detection
- verified
- algorithm
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 72
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 55
- 238000012795 verification Methods 0.000 claims abstract description 25
- 238000012360 testing method Methods 0.000 claims abstract description 22
- 238000000034 method Methods 0.000 claims abstract description 16
- 230000006870 function Effects 0.000 claims description 20
- 238000005070 sampling Methods 0.000 claims description 14
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 6
- 239000000126 substance Substances 0.000 claims description 4
- 238000009826 distribution Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device and a device for detecting the information security of a server, comprising the following steps: s100, generating a test key according to a lattice signature algorithm; step S200, outputting a detection signature or a detection signature and a detection state according to a public key, a message, an original private key, a test key and a state of a lattice signature algorithm; step S300, sending a detection signature or a detection signature and a state to a server; step S400, receiving a first collision message and a second collision message generated by a server according to a detection signature or the detection signature and a state and a corresponding verification signature based on a lattice signature algorithm; step S500, calculating a private key to be verified according to the verification signature; step S600, outputting the signature to be verified or the signature and the state to be verified according to the private key to be verified by using the step S200; and if the signature to be verified is the same as the detection signature, outputting prompt information. The invention can detect the safety of the server, remind the user of maintaining the server in time and avoid large-scale information leakage of the server.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method, a device and a device for detecting information security of a server.
Background
With the large-scale application of technologies such as cloud computing and big data, the demand of the server is greatly improved, so that the safety and the reliability of the server are more and more important, and the safety of the server is a foundation stone of the safety of the whole information system. The authoritative data shows that about 80% of the data in the whole information system is processed by the server, and the dependence of the information system on the server is increased along with the continuous development of the functions and the performances of the server. In order to ensure the safety of information, the information can be encrypted by adopting an encryption technology in the process of digital transmission, and with the continuous development of a quantum computing technology, a quantum-security-resistant cryptographic algorithm is focused, wherein a Fiat-Shamir type lattice signature is an important part of the quantum-security-resistant cryptographic algorithm. In the process of information transmission, if a server based on such lattice signatures is attacked, the privacy security of user information is seriously influenced, and how to detect the security of the server based on the lattice signatures of the Fiat-Shamir type is an urgent problem to be solved.
Disclosure of Invention
In order to solve the above problems in the prior art, the present invention provides a method for detecting server information security. The technical problem to be solved by the invention is realized by the following technical scheme:
a first aspect of an embodiment of the present invention provides a method for detecting server information security, which is applied to a detection device, and includes:
step S100 generates a test key subk ═ (F, κ) according to the lattice signature algorithm1,κ2) (ii) a Wherein F represents a pseudo-random hash functionκ1,κ2Denotes a random number and k1,κ2∈{0,1}l;Represents a polynomial ring andx represents an independent variable, and n represents the power of x;
step S200, public key pk ═ a, t, message μ, original private key (S) according to lattice signature algorithm1,s2) The test key subk ═ F, κ1,κ2) And a state i ═ j, τ) output detection signatureOr detecting the signature and said stateWherein a polynomial is randomly selectedSlave polynomial ringA subset ofIn randomly selecting two polynomialsAnd isPolynomial t ═ as1+s2(ii) a j represents the jth signature, and τ represents an intermediate variable; detecting signaturesFirst partial signature z1And a second partial signature z2Are respectively represented by z1=y1+cs1,z2=y2+cs2,y1,y2Is a random number; the intermediate value c ═ H (a, t, w, μ), w ═ ay, is calculated by the hash function H1+y2;
Step S400, receiving the signature detected by the serverOr the detection signature and statusGenerated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer and represents the length of the collision message;
step S500, according to the verification signature sigma1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
step S600, according to the private key (S) to be verified11,s21) Outputting the signature to be verified or the signature and the state to be verified by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
Further, the specific steps of step S100 include:
receiving a security parameter l, and randomly generating a pseudo-random hash function according to a lattice signature algorithmRandom number k1,κ2And kappa1,κ2∈{0,1}l(ii) a Then the test key subk is (F, κ)1,κ2)。
Further, the specific steps of step S200 include:
step S201, receiving the public key pk ═ (a, t) of the lattice signature algorithm, and eliminatingMu, original private key(s)1,s2) The test key subk ═ F, κ1,κ2) And state ι ═ j, τ;
step S2021, j ← 0, τ ← 0, and if j ═ 0 mod 2, two numbers of first random numbers are randomly selected
Step S2022, calculating a first polynomial w ═ ay from the public key a1+y2;
Step S2023, calculating a first intermediate value c ═ H (a, t, w, μ) by the hash function H;
step S2024, based on the original private key (S)1,s2) And said first random number y1,y2Computing a first partial signature z1And a second partial signature z2,z1=y1+cs1,z2=y2+cs2;
Step S2024, execute the random sampling algorithm RejectionSample (z)1,z2,cs1,cs2) If the receiving returns to 1;
Step S2031, if the random sampling algorithm returns 0 rejection, executing the following steps:
step S2032, according to the public key a and the second random number y'1,y′2Calculating a second polynomial w '═ ay'1+y′2;
Step S2033 of inputting a message μ, where the public key pk ═ a, t and the second polynomial w ', and calculating a second intermediate value c ═ H (a, t, w', μ) by a hash function H;
step S2034, according to the original private key (S)1,s2) And the second random number y'1,y′2Computing a third partial signature z1' and fourth partial signature z2',z′1=y′1+c′s1,z′2=y′2+c′s2;
Step S2035, running a random sampling algorithm RejectionSample (z'1,z′2,c′s1,c′s2) And returns a 1 accept;
Further, the specific steps of step S500 include:
protecting a signature algorithm and the verification signature sigma according to a double authentication1=(c1,z11,z12),σ2=(c1,z21,z22) Calculating a system of linear equationsObtaining the private key(s) to be verified11,s21) (ii) a Wherein the content of the first and second substances,
further, before the step S300, the method further includes: verification algorithmThe method comprises the following steps:
step S204, checking equation w ' ═ az ' from pk ═ (a, t) '1+z′2-c't is true;
step S205, accepting the detection signatureIf and only if equation c ' holds true for H (a, t, w ', μ) and norm | | (z '1,z′2) Less than or equal to mn sigma k-sigma k; where n is a power of 2, m and σ are arbitrary integers, and k satisfies
A second aspect of the embodiments of the present invention provides a server information security detection apparatus, including:
a generating module for generating a test key (sub ═ F, k) according to a lattice signature algorithm1,κ2) (ii) a Wherein F represents a pseudo-random hash functionκ1,κ2Denotes a random number and k1,κ2∈{0,1}l;Represents a polynomial ring andx represents an independent variable, and n represents the power of x;
an output module for generating a message mu, an original private key(s) according to the public key pk ═ a, t of the lattice signature algorithm1,s2) The test key subk ═ F, κ1,κ2) And a state i ═ j, τ) output detection signatureOr detecting the signature and said stateWherein a polynomial is randomly selectedSlave polynomial ringA subset ofIn randomly selecting two polynomialsAnd isPolynomial t ═ as1+s2(ii) a j represents the jth signature, and τ represents an intermediate variable; detecting signaturesFirst partial signature z1And a second partial signature z2Are respectively represented as z1=y1+cs1,z2=y2+cs2,y1,y2Is a random number; the intermediate value c ═ H (a, t, w, μ), w ═ ay, is calculated by the hash function H1+y2;
A sending module for sending the detection signature to a serverOr the detection signature and status
A receiving module for receiving the signature of the server according to the detectionOr the detection signature and stateGenerated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer representing the length of the collision message;
a computing module for verifying the signatureName sigma1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
a judging module for judging the private key(s) to be verified11,s21) Outputting the signature to be verified or the signature and the state to be verified by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
A third aspect of an embodiment of the present invention provides a device for detecting server information security, including: a memory and a processor;
the memory stores a computer program;
the processor is configured to execute the steps of the server information security detection method according to any one of claims 1 to 5 when the computer program is executed. .
The invention has the beneficial effects that:
the server information security detection method can detect the security of the server, and remind a user to maintain the server in time, so that the server is prevented from large-scale information leakage.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.
In the related art, the Fiat-Shamir type lattice signature is described as follows:
s1, key generation algorithm:
S103, calculating the polynomial t ═ as1+s2。
S104, outputting a public and private key pair (a, t); (s)1,s2). Wherein the public key is (a, t); the private key is(s)1,s2)。
S2 signature algorithm Sign (mu, a, S) for message mu1,s2T) is described as follows:
S202, calculating polynomial w ═ ay1+y2。
S203, calculate c ═ H (a, t, w, μ), where the cryptographic hash function H maps to the constant c.
S204, calculating a polynomial z1=y1+cs1,z2=y2+cs2。
S205, running a random sampling algorithm RejectionSample (z)1,z2,cs1,cs2) Return 1 accept, otherwise return 0 reject.
S206, outputting the signature pair (c, z)1,z2)。
S3, input message and signature pair, verification algorithm Verify (mu, a, z)1,z2T) is described as follows:
s301, test equation w ═ az1+z2-whether ct holds.
S302, accept the signature if and only if equation c ═ H (a, t, w, μ) holds and norm | (z | | (z)1,z2) Less than or equal to mn sigma k-sigma k; where n is a power of 2, m and σ are arbitrary integers, and k satisfies
The random sampling algorithm RejectionSample is described as follows:
suppose thatHash functionThe hash values of (a) are randomly distributed and the variance of (b)Provided that there is a constant M such that the next two distributions are statistically indistinguishable and the statistical distance isThe first distribution is described as follows:
1) and taking the hash value as v ← h.
Another distribution is described below:
1) and taking the hash value as v ← h.
Example one
A first aspect of an embodiment of the present invention provides a method for detecting server information security, which is applied to a detection device, and includes:
step S100 generates a test key subk ═ (F, κ) according to the lattice signature algorithm1,κ2) (ii) a Wherein F represents a pseudo-random hash functionκ1,κ2Denotes a random number and k1,κ2∈{0,1}l;Represents a polynomial ring andx represents an independent variable, and n represents the power of x.
The specific steps of step S100 include:
receiving a security parameter l input by a user of the detection equipment, and randomly generating a pseudo-random hash function according to a lattice signature algorithmRandom number k1,κ2And kappa1,κ2∈{0,1}l(ii) a Then test the secretThe key is sub ═ F, k1,κ2)。
Step S200, public key pk ═ a, t, message μ, original private key (S) according to lattice signature algorithm1,s2) Test key sub ═ F, κ1,κ2) And a state i ═ j, τ) output detection signatureOr detecting signatures and states
The specific steps of step S200 include:
step S201, receiving public key pk ═ a, t of lattice signature algorithm, message μ, original private key (S)1,s2) Test key sub ═ F, κ1,κ2) And state ι ═ j, τ.
Wherein a polynomial is randomly selectedSlave polynomial ringA subset ofIn randomly selecting two polynomialsAnd isPolynomial t ═ as1+s2(ii) a j denotes the j-th signature and τ denotes the intermediate variable.
Step S2021, j ← 0, τ ← 0, and if j ═ 0 mod 2, two numbers of first random numbers are randomly selected
Step S2022. Calculating a first polynomial w ay from the public key a1+y2。
In step S2023, the hash function H calculates a first intermediate value c ═ H (a, t, w, μ).
Step S2024, based on the original private key (S)1,s2) And a first random number y1,y2Computing a first partial signature z1And a second partial signature z2,z1=y1+cs1,z2=y2+cs2。
Step S2024, execute the random sampling algorithm RejectionSample (z)1,z2,cs1,cs2) If the receiving returns to 1;
Step S2031, if the random sampling algorithm returns 0 rejection, executing the following steps S2032 to S2035:
step S2032, according to the public key a and the second random number y'1,y′2Calculating a second polynomial w '═ ay'1+y′2。
Step S2033 inputs the message μ, and the public key pk ═ a, t and the second polynomial w ', and calculates the second intermediate value c ═ H (a, t, w', μ) by the hash function H.
Step S2034, according to the original private key (S)1,s2) And a second random number y'1,y′2Computing a third partial signature z1' and fourth partial signature z2',z′1=y′1+c′s1,z′2=y′2+c′s2。
Step S2035, running a random sampling algorithm RejectionSample (z'1,z′2,c′s1,c′s2) And returns a 1 accept;
Then executing the verification algorithmThe method comprises the following steps: step S204-step S205.
Step S204, checking equation w ' ═ az ' from pk ═ (a, t) '1+z′2-c't is true.
Step S205, accepting the detection signatureIf and only if equation c 'is true and norm | | (z'1,z′2) Less than or equal to mn sigma k-sigma k; where n is a power of 2, m and σ are arbitrary integers, and k satisfies
Step S400, receiving the signature by the server according to the detectionOr detecting signatures and statesGenerated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Where q is an integer and represents the length of the collision message.
Step S500, according to the verification signature sigma1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21)。
The specific steps of step S500 include:
protection signature algorithm and verification signature sigma according to double authentication1=(c1,z11,z12),σ2=(c1,z21,z22) Calculating a system of linear equationsSystem of linear equations of fourThe last unknown quantity is y1,y2,s1,s2Calculating the linear equation to obtain the private key(s) to be verified11,s21). Wherein the content of the first and second substances,
step S600, according to the private key (S) to be verified11,s21) Step S200 is used to output the signature to be verified or the signature and status to be verified. Specifically, the original private key (S) in step S200 is used1,s2) Replacement with the private key(s) to be verified11,s21) And outputting the signature to be verified or the signature and the state to be verified.
And if the signature to be verified is the same as the detection signature, outputting prompt information. The prompt message is used for prompting the user that the server needs maintenance.
The detection signature generated by the detection equipment is sent to the server, the server can output the verification signature and return the verification signature to the detection equipment in the information transmission process according to the detection signature, the detection equipment calculates the private key to be verified according to the verification signature, the detection equipment outputs the signature to be verified according to the private key to be verified, verifies the signature to be verified and the detection signature, and if the signature to be verified is the same as the detection signature, the server does not recognize the detection signature, so the server lacks a corresponding recognition mechanism and needs to be further maintained and updated so as to prevent the situation that the information of a user in the server is acquired by others. The server information security detection method can detect the security of the server, and remind a user of maintaining the server in time, so that the server is prevented from large-scale information leakage.
Example two
A second aspect of the embodiments of the present invention provides a server information security detection apparatus, including:
a generating module for generating a test key (sub ═ F, k) according to a lattice signature algorithm1,κ2) (ii) a Wherein F represents a pseudo-random hash functionκ1,κ2Denotes a random number and κ1,κ2∈{0,1}l;Represents a polynomial ring andx represents an independent variable, and n represents the power of x.
The generation module is specifically configured to:
receiving a security parameter l, and randomly generating a pseudo-random hash function according to a lattice signature algorithmRandom number k1,κ2And κ1,κ2∈{0,1}l(ii) a Then testingKey subk ═ F, κ1,κ2)。
An output module for generating a message mu, an original private key(s) according to the public key pk ═ a, t of the lattice signature algorithm1,s2) Test key sub ═ F, κ1,κ2) And a state i ═ j, τ) output detection signatureOr detecting signatures and states
The output module includes:
a receiving unit for receiving a public key pk ═ a, t, a message mu, and an original private key(s) of a lattice signature algorithm1,s2) Test key sub ═ F, κ1,κ2) And state ι ═ j, τ;
a selecting unit for j ← 0, τ ← 0, and for randomly selecting two first random numbers if j ═ 0 mod 2
A first calculation unit for calculating a first polynomial w ═ ay from the public key a1+y2;
A second calculation unit configured to calculate a first intermediate value c ═ H (a, t, w, μ) by a hash function H;
a third calculation unit for calculating a third value from the original private key(s)1,s2) And a first random number y1,y2Computing a first partial signature z1And a second partial signature z2,z1=y1+cs1,z2=y2+cs2;
A first execution unit for executing a random sampling algorithm ReobjectSample (z)1,z2,cs1,cs2) If the receiving returns to 1;
A second execution unit, configured to execute the following steps if the random sampling algorithm returns a 0 rejection:
step S2032, according to the public key a and the second random number y'1,y′2Calculating a second polynomial w '═ ay'1+y′2;
Step S2033 of inputting a message μ, where the public key pk ═ a, t and a second polynomial w ', and calculating a second intermediate value c ═ H (a, t, w', μ) by a hash function H;
step S2034, according to the original private key (S)1,s2) And a second random number y'1,y′2Computing a third partial signature z1' and fourth partial signature z2',z′1=y′1+c′s1,z′2=y′2+c′s2;
Step S2035, run the random sampling algorithm RejectionSample (z'1,z′2,c′s1,c′s2) And returns a 1 accept;
A verification module for executing a verification algorithmThe method comprises the following steps: a checking unit and an accepting unit;
a verification unit for verifying the equation w ' ═ az ' according to pk ═ (a, t) '1+z′2-c't is true;
an acceptance unit for accepting the detection signatureIf and only if equation c ═ H (a, t, w', μ) holds andnorm | | (z'1,z′2) Less than or equal to mn sigma k-sigma k; where n is a power of 2, m and σ are arbitrary integers, and k satisfies
A sending module for sending the detection signature to the serverOr detecting signatures and states
A receiving module for receiving the signature from the serverOr detecting signatures and statesGenerated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer representing the length of the collision message.
A calculation module for calculating a signature σ from the verification1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
the calculation module is particularly adapted to protect the signature algorithm and to verify the signature sigma according to a double authentication1=(c1,z11,z12),σ2=(c1,z21,z22) Calculating a system of linear equationsObtaining the private key(s) to be verified11,s21) (ii) a Wherein the content of the first and second substances,
a judging module for judging the private key(s) to be verified11,s21) Using step S200 to output the signature to be verified or the signature and state to be verified;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
EXAMPLE III
A third aspect of an embodiment of the present invention provides a device for detecting information security of a server, including: a memory and a processor;
the memory stores a computer program;
the processor is configured to execute the steps of the server information security detection method in the first embodiment when running the computer program.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples described in this specification can be combined and combined by those skilled in the art.
The foregoing is a further detailed description of the invention in connection with specific preferred embodiments and it is not intended to limit the invention to the specific embodiments described. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (7)
1. A server information security detection method is applied to detection equipment and comprises the following steps:
step S100 generates a test key subk ═ (F, κ) according to the lattice signature algorithm1,κ2) (ii) a Wherein F represents a pseudorandom hash function F:κ1,κ2represents a random number and represents a polynomial ring andx represents an independent variable, and n represents the power of x;
step S200, public key pk ═ a, t, message μ, original private key (S) according to lattice signature algorithm1,s2) The test key subk ═ F, κ1,κ2) And a state i ═ j, τ) output detection signatureOr detecting the signature and said stateWherein a polynomial is randomly selectedSlave polynomial ringA subset ofIn randomly selecting two polynomialsAnd isPolynomial t ═ as1+s2(ii) a j represents the jth signature, and τ represents an intermediate variable; detecting signaturesFirst partial signature z1And a second partial signature z2Are respectively represented by z1=y1+cs1,z2=y2+cs2,y1,y2Is a random number; the intermediate value c ═ H (a, t, w, μ), w ═ ay, is calculated by the hash function H1+y2;
Step S400, receiving the signature detected by the serverOr the detection signature and statusGenerated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd corresponding label basedVerification signature sigma of name algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer and represents the length of the collision message;
step S500, according to the verification signature sigma1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
step S600, according to the private key (S) to be verified11,s21) Outputting the signature to be verified or the signature and the state to be verified by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
2. The method for detecting the security of the server information according to claim 1, wherein the specific steps of the step S100 include:
3. The method for detecting the security of the server information according to claim 1, wherein the specific steps of the step S200 include:
step S201, receiving grid signature algorithmPublic key pk ═ (a, t), message mu, original private key(s)1,s2) The test key subk ═ F, κ1,κ2) And state ι ═ j, τ;
Step S2022, calculating a first polynomial w ═ ay from the public key a1+y2;
Step S2023, calculating a first intermediate value c ═ H (a, t, w, μ) by the hash function H;
step S2024, based on the original private key (S)1,s2) And said first random number y1,y2Computing a first partial signature z1And a second partial signature z2,z1=y1+cs1,z2=y2+cs2;
Step S2024, execute the random sampling algorithm RejectionSample (z)1,z2,cs1,cs2) If the receiving returns to 1;
Step S2031, if the random sampling algorithm returns 0 rejection, executing the following steps:
step S2032, according to the public key a and the second random number y'1,y′2Calculating a second polynomial w '═ ay'1+y′2;
Step S2033 of inputting a message μ, where the public key pk ═ a, t and the second polynomial w ', and calculating a second intermediate value c ═ H (a, t, w', μ) by a hash function H;
step S2034, according to the original private key (S)1,s2) And the second random number y'1,y′2Computing a third partial signature z1' and fourth partial signature z2',z′1=y′1+c′s1,z′2=y′2+c′s2;
Step S2035, running a random sampling algorithm RejectionSample (z'1,z′2,c′s1,c′s2) And returns a 1 accept;
4. The method for detecting the security of the server information according to claim 3, wherein the specific steps of the step S500 include:
5. the method for detecting the security of the server information according to claim 3, further comprising, before the step S300: verification algorithmThe method comprises the following steps:
step S204, checking equation w ' ═ az ' from pk ═ (a, t) '1+z′2-c't is true;
6. A server information security detection apparatus, comprising:
a generating module for generating a test key (sub ═ F, k) according to a lattice signature algorithm1,κ2) (ii) a Wherein F represents a pseudorandom hash function F:κ1,κ2represents a random number and represents a polynomial ring andx represents an independent variable, and n represents the power of x;
an output module for generating a message mu, an original private key(s) according to the public key pk ═ a, t of the lattice signature algorithm1,s2) The test key subk ═ F, κ1,κ2) And a state i ═ j, τ) output detection signatureOr detecting the signature and said stateWherein a polynomial is randomly selectedSlave polynomial ringA subset ofIn randomly selecting two polynomialsAnd isPolynomial t ═ as1+s2(ii) a j represents the jth signature, and τ represents an intermediate variable; detecting signaturesFirst partial signature z1And a second partial signature z2Are respectively represented by z1=y1+cs1,z2=y2+cs2,y1,y2Is a random number; the intermediate value c ═ H (a, t, w, μ), w ═ ay, is calculated by the hash function H1+y2;
A sending module for sending the detection signature to a serverOr the detection signature and status
A receiving module for receiving the signature of the server according to the detectionOr the detection signature and statusGenerated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer representing the length of the collision message;
a calculation module for calculating a signature σ from the verification1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
a judging module for judging the private key(s) to be verified11,s21) Outputting the signature to be verified or the signature and the state to be verified by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
7. A server information security detection apparatus, comprising: a memory and a processor;
the memory stores a computer program;
the processor is configured to execute the steps of the server information security detection method according to any one of claims 1 to 5 when the computer program is executed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111644157.4A CN114491664B (en) | 2021-12-29 | 2021-12-29 | Method, device and equipment for detecting information security of server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111644157.4A CN114491664B (en) | 2021-12-29 | 2021-12-29 | Method, device and equipment for detecting information security of server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114491664A true CN114491664A (en) | 2022-05-13 |
CN114491664B CN114491664B (en) | 2024-04-09 |
Family
ID=81508788
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111644157.4A Active CN114491664B (en) | 2021-12-29 | 2021-12-29 | Method, device and equipment for detecting information security of server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114491664B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101523053B1 (en) * | 2014-02-26 | 2015-05-27 | 고려대학교 산학협력단 | System and method for verifiably encrypted signatures from lattices |
CN107592203A (en) * | 2017-09-25 | 2018-01-16 | 深圳技术大学筹备办公室 | A kind of aggregate signature method and its system based on lattice |
CN109995509A (en) * | 2019-05-08 | 2019-07-09 | 西安电子科技大学 | Authentication key based on message recovery signature exchanges method |
CN113676333A (en) * | 2021-08-23 | 2021-11-19 | 西安邮电大学 | Method for generating SM2 blind signature through cooperation of two parties |
-
2021
- 2021-12-29 CN CN202111644157.4A patent/CN114491664B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101523053B1 (en) * | 2014-02-26 | 2015-05-27 | 고려대학교 산학협력단 | System and method for verifiably encrypted signatures from lattices |
CN107592203A (en) * | 2017-09-25 | 2018-01-16 | 深圳技术大学筹备办公室 | A kind of aggregate signature method and its system based on lattice |
CN109995509A (en) * | 2019-05-08 | 2019-07-09 | 西安电子科技大学 | Authentication key based on message recovery signature exchanges method |
CN113676333A (en) * | 2021-08-23 | 2021-11-19 | 西安邮电大学 | Method for generating SM2 blind signature through cooperation of two parties |
Non-Patent Citations (1)
Title |
---|
牟雁飞;赵一鸣;: "一种基于格的可证明安全数字签名方案", 计算机工程, no. 12, 15 December 2014 (2014-12-15) * |
Also Published As
Publication number | Publication date |
---|---|
CN114491664B (en) | 2024-04-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3007383A1 (en) | Biometric signature system, signature verification method, registration terminal, signature generation terminal, and signature verification device | |
US11227037B2 (en) | Computer system, verification method of confidential information, and computer | |
CN110505067B (en) | Block chain processing method, device, equipment and readable storage medium | |
EP1717724B1 (en) | Methods for generation and validation of isogeny-based signatures | |
CN114257366B (en) | Information homomorphic processing method, device, equipment and computer readable storage medium | |
CN113722767B (en) | Data integrity verification method, system, storage medium and computing equipment | |
CN110602190A (en) | Block chain consensus method, block chain node and storage device | |
CN110995438A (en) | Non-interactive zero-knowledge proof method, system and storage medium | |
Liu et al. | A novel security key generation method for SRAM PUF based on Fourier analysis | |
JP2002244555A (en) | Method, device, and program for detecting data falsification, and storage medium with stored program therefor | |
CN114491664A (en) | Server information security detection method and device and detection equipment | |
Ding et al. | Balancing security and privacy in genomic range queries | |
CN112422294B (en) | Anonymous voting method and device based on ring signature, electronic equipment and storage medium | |
CN114629663A (en) | Block chain-based digital commodity transaction method and device | |
Kirci et al. | A digest-based method for efficiency improvement of security in biometrical cryptography authentication | |
Toapanta et al. | Analysis of HIPAA for adopt in the information security in the civil registry of the ecuador | |
CN111327423A (en) | Examination and approval device and method based on ordered multiple signatures and readable storage medium | |
WO2011033642A1 (en) | Signature generation device and signature verification device | |
CN113992326B (en) | Non-interactive image editing validity detection method based on aggregation algorithm | |
CN114710293B (en) | Digital signature method, device, electronic equipment and storage medium | |
CN112560070B (en) | Data sharing method with auditing function | |
CN116455584B (en) | Downloading method and system based on software integrity | |
CN112559456B (en) | Data sharing method with privacy protection auditing and deleting functions | |
Hu et al. | Lattice based ring signature scheme for secure cloud-based EMR sharing | |
CN117034357A (en) | Aggregation signature method for data compliance audit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |