CN114491664A - Server information security detection method and device and detection equipment - Google Patents

Server information security detection method and device and detection equipment Download PDF

Info

Publication number
CN114491664A
CN114491664A CN202111644157.4A CN202111644157A CN114491664A CN 114491664 A CN114491664 A CN 114491664A CN 202111644157 A CN202111644157 A CN 202111644157A CN 114491664 A CN114491664 A CN 114491664A
Authority
CN
China
Prior art keywords
signature
detection
verified
algorithm
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111644157.4A
Other languages
Chinese (zh)
Other versions
CN114491664B (en
Inventor
刘金会
慕德俊
胡伟
邰瑜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northwestern Polytechnical University
Original Assignee
Northwestern Polytechnical University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northwestern Polytechnical University filed Critical Northwestern Polytechnical University
Priority to CN202111644157.4A priority Critical patent/CN114491664B/en
Publication of CN114491664A publication Critical patent/CN114491664A/en
Application granted granted Critical
Publication of CN114491664B publication Critical patent/CN114491664B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method, a device and a device for detecting the information security of a server, comprising the following steps: s100, generating a test key according to a lattice signature algorithm; step S200, outputting a detection signature or a detection signature and a detection state according to a public key, a message, an original private key, a test key and a state of a lattice signature algorithm; step S300, sending a detection signature or a detection signature and a state to a server; step S400, receiving a first collision message and a second collision message generated by a server according to a detection signature or the detection signature and a state and a corresponding verification signature based on a lattice signature algorithm; step S500, calculating a private key to be verified according to the verification signature; step S600, outputting the signature to be verified or the signature and the state to be verified according to the private key to be verified by using the step S200; and if the signature to be verified is the same as the detection signature, outputting prompt information. The invention can detect the safety of the server, remind the user of maintaining the server in time and avoid large-scale information leakage of the server.

Description

Server information security detection method and device and detection equipment
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method, a device and a device for detecting information security of a server.
Background
With the large-scale application of technologies such as cloud computing and big data, the demand of the server is greatly improved, so that the safety and the reliability of the server are more and more important, and the safety of the server is a foundation stone of the safety of the whole information system. The authoritative data shows that about 80% of the data in the whole information system is processed by the server, and the dependence of the information system on the server is increased along with the continuous development of the functions and the performances of the server. In order to ensure the safety of information, the information can be encrypted by adopting an encryption technology in the process of digital transmission, and with the continuous development of a quantum computing technology, a quantum-security-resistant cryptographic algorithm is focused, wherein a Fiat-Shamir type lattice signature is an important part of the quantum-security-resistant cryptographic algorithm. In the process of information transmission, if a server based on such lattice signatures is attacked, the privacy security of user information is seriously influenced, and how to detect the security of the server based on the lattice signatures of the Fiat-Shamir type is an urgent problem to be solved.
Disclosure of Invention
In order to solve the above problems in the prior art, the present invention provides a method for detecting server information security. The technical problem to be solved by the invention is realized by the following technical scheme:
a first aspect of an embodiment of the present invention provides a method for detecting server information security, which is applied to a detection device, and includes:
step S100 generates a test key subk ═ (F, κ) according to the lattice signature algorithm12) (ii) a Wherein F represents a pseudo-random hash function
Figure BDA0003443159430000021
κ12Denotes a random number and k12∈{0,1}l
Figure BDA0003443159430000022
Represents a polynomial ring and
Figure BDA0003443159430000023
x represents an independent variable, and n represents the power of x;
step S200, public key pk ═ a, t, message μ, original private key (S) according to lattice signature algorithm1,s2) The test key subk ═ F, κ12) And a state i ═ j, τ) output detection signature
Figure BDA0003443159430000024
Or detecting the signature and said state
Figure BDA0003443159430000025
Wherein a polynomial is randomly selected
Figure BDA0003443159430000026
Slave polynomial ring
Figure BDA0003443159430000027
A subset of
Figure BDA0003443159430000028
In randomly selecting two polynomials
Figure BDA0003443159430000029
And is
Figure BDA00034431594300000210
Polynomial t ═ as1+s2(ii) a j represents the jth signature, and τ represents an intermediate variable; detecting signatures
Figure BDA00034431594300000211
First partial signature z1And a second partial signature z2Are respectively represented by z1=y1+cs1,z2=y2+cs2,y1,y2Is a random number; the intermediate value c ═ H (a, t, w, μ), w ═ ay, is calculated by the hash function H1+y2
Step S300, sending the detection signature to a server
Figure BDA00034431594300000212
Or the detection signature and status
Figure BDA00034431594300000213
Step S400, receiving the signature detected by the server
Figure BDA00034431594300000214
Or the detection signature and status
Figure BDA00034431594300000215
Generated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer and represents the length of the collision message;
step S500, according to the verification signature sigma1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
Figure BDA00034431594300000216
step S600, according to the private key (S) to be verified11,s21) Outputting the signature to be verified or the signature and the state to be verified by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
Further, the specific steps of step S100 include:
receiving a security parameter l, and randomly generating a pseudo-random hash function according to a lattice signature algorithm
Figure BDA0003443159430000031
Random number k12And kappa12∈{0,1}l(ii) a Then the test key subk is (F, κ)12)。
Further, the specific steps of step S200 include:
step S201, receiving the public key pk ═ (a, t) of the lattice signature algorithm, and eliminatingMu, original private key(s)1,s2) The test key subk ═ F, κ12) And state ι ═ j, τ;
step S2021, j ← 0, τ ← 0, and if j ═ 0 mod 2, two numbers of first random numbers are randomly selected
Figure BDA0003443159430000032
Step S2022, calculating a first polynomial w ═ ay from the public key a1+y2
Step S2023, calculating a first intermediate value c ═ H (a, t, w, μ) by the hash function H;
step S2024, based on the original private key (S)1,s2) And said first random number y1,y2Computing a first partial signature z1And a second partial signature z2,z1=y1+cs1,z2=y2+cs2
Step S2024, execute the random sampling algorithm RejectionSample (z)1,z2,cs1,cs2) If the receiving returns to 1;
let τ be c and output the detection signature
Figure BDA0003443159430000033
Step S2031, if the random sampling algorithm returns 0 rejection, executing the following steps:
step S2032, according to the public key a and the second random number y'1,y′2Calculating a second polynomial w '═ ay'1+y′2
Step S2033 of inputting a message μ, where the public key pk ═ a, t and the second polynomial w ', and calculating a second intermediate value c ═ H (a, t, w', μ) by a hash function H;
step S2034, according to the original private key (S)1,s2) And the second random number y'1,y′2Computing a third partial signature z1' and fourth partial signature z2',z′1=y′1+c′s1,z′2=y′2+c′s2
Step S2035, running a random sampling algorithm RejectionSample (z'1,z′2,c′s1,c′s2) And returns a 1 accept;
if returning 0 and rejecting, let tau be c ═ c
Figure BDA0003443159430000034
j +1 and iota (j, τ), and returning
Figure BDA0003443159430000035
Further, the specific steps of step S500 include:
protecting a signature algorithm and the verification signature sigma according to a double authentication1=(c1,z11,z12),σ2=(c1,z21,z22) Calculating a system of linear equations
Figure BDA0003443159430000041
Obtaining the private key(s) to be verified11,s21) (ii) a Wherein the content of the first and second substances,
Figure BDA0003443159430000042
further, before the step S300, the method further includes: verification algorithm
Figure BDA0003443159430000043
The method comprises the following steps:
step S204, checking equation w ' ═ az ' from pk ═ (a, t) '1+z′2-c't is true;
step S205, accepting the detection signature
Figure BDA0003443159430000044
If and only if equation c ' holds true for H (a, t, w ', μ) and norm | | (z '1,z′2) Less than or equal to mn sigma k-sigma k; where n is a power of 2, m and σ are arbitrary integers, and k satisfies
Figure BDA00034431594300000418
A second aspect of the embodiments of the present invention provides a server information security detection apparatus, including:
a generating module for generating a test key (sub ═ F, k) according to a lattice signature algorithm12) (ii) a Wherein F represents a pseudo-random hash function
Figure BDA0003443159430000045
κ12Denotes a random number and k12∈{0,1}l
Figure BDA0003443159430000046
Represents a polynomial ring and
Figure BDA0003443159430000047
x represents an independent variable, and n represents the power of x;
an output module for generating a message mu, an original private key(s) according to the public key pk ═ a, t of the lattice signature algorithm1,s2) The test key subk ═ F, κ12) And a state i ═ j, τ) output detection signature
Figure BDA0003443159430000048
Or detecting the signature and said state
Figure BDA0003443159430000049
Wherein a polynomial is randomly selected
Figure BDA00034431594300000410
Slave polynomial ring
Figure BDA00034431594300000411
A subset of
Figure BDA00034431594300000412
In randomly selecting two polynomials
Figure BDA00034431594300000413
And is
Figure BDA00034431594300000414
Polynomial t ═ as1+s2(ii) a j represents the jth signature, and τ represents an intermediate variable; detecting signatures
Figure BDA00034431594300000415
First partial signature z1And a second partial signature z2Are respectively represented as z1=y1+cs1,z2=y2+cs2,y1,y2Is a random number; the intermediate value c ═ H (a, t, w, μ), w ═ ay, is calculated by the hash function H1+y2
A sending module for sending the detection signature to a server
Figure BDA00034431594300000416
Or the detection signature and status
Figure BDA00034431594300000417
A receiving module for receiving the signature of the server according to the detection
Figure BDA0003443159430000051
Or the detection signature and state
Figure BDA0003443159430000052
Generated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer representing the length of the collision message;
a computing module for verifying the signatureName sigma1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
Figure BDA0003443159430000053
a judging module for judging the private key(s) to be verified11,s21) Outputting the signature to be verified or the signature and the state to be verified by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
A third aspect of an embodiment of the present invention provides a device for detecting server information security, including: a memory and a processor;
the memory stores a computer program;
the processor is configured to execute the steps of the server information security detection method according to any one of claims 1 to 5 when the computer program is executed. .
The invention has the beneficial effects that:
the server information security detection method can detect the security of the server, and remind a user to maintain the server in time, so that the server is prevented from large-scale information leakage.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but the embodiments of the present invention are not limited thereto.
In the related art, the Fiat-Shamir type lattice signature is described as follows:
s1, key generation algorithm:
s101, slave polynomial ring
Figure BDA0003443159430000061
In randomly selecting a polynomial
Figure BDA0003443159430000062
Wherein
Figure BDA0003443159430000063
S102, a slave polynomial ring
Figure BDA0003443159430000064
A subset of
Figure BDA0003443159430000065
In (1), two polynomials are randomly selected
Figure BDA0003443159430000066
Wherein
Figure BDA0003443159430000067
S103, calculating the polynomial t ═ as1+s2
S104, outputting a public and private key pair (a, t); (s)1,s2). Wherein the public key is (a, t); the private key is(s)1,s2)。
S2 signature algorithm Sign (mu, a, S) for message mu1,s2T) is described as follows:
s201, polynomial ring
Figure BDA0003443159430000068
In randomly selecting two polynomials
Figure BDA0003443159430000069
S202, calculating polynomial w ═ ay1+y2
S203, calculate c ═ H (a, t, w, μ), where the cryptographic hash function H maps to the constant c.
S204, calculating a polynomial z1=y1+cs1,z2=y2+cs2
S205, running a random sampling algorithm RejectionSample (z)1,z2,cs1,cs2) Return 1 accept, otherwise return 0 reject.
S206, outputting the signature pair (c, z)1,z2)。
S3, input message and signature pair, verification algorithm Verify (mu, a, z)1,z2T) is described as follows:
s301, test equation w ═ az1+z2-whether ct holds.
S302, accept the signature if and only if equation c ═ H (a, t, w, μ) holds and norm | (z | | (z)1,z2) Less than or equal to mn sigma k-sigma k; where n is a power of 2, m and σ are arbitrary integers, and k satisfies
Figure BDA00034431594300000610
The random sampling algorithm RejectionSample is described as follows:
suppose that
Figure BDA00034431594300000611
Hash function
Figure BDA00034431594300000612
The hash values of (a) are randomly distributed and the variance of (b)
Figure BDA0003443159430000071
Provided that there is a constant M such that the next two distributions are statistically indistinguishable and the statistical distance is
Figure BDA0003443159430000072
The first distribution is described as follows:
1) and taking the hash value as v ← h.
2) Randomly selected from a discrete distribution with variance σ
Figure BDA0003443159430000073
3) By probability
Figure BDA0003443159430000074
And (z, v) is output.
Another distribution is described below:
1) and taking the hash value as v ← h.
2) Randomly selected from a discrete distribution with variance σ and mean v
Figure BDA0003443159430000075
3) By probability
Figure BDA0003443159430000076
And (z, v) is output.
Example one
A first aspect of an embodiment of the present invention provides a method for detecting server information security, which is applied to a detection device, and includes:
step S100 generates a test key subk ═ (F, κ) according to the lattice signature algorithm12) (ii) a Wherein F represents a pseudo-random hash function
Figure BDA0003443159430000077
κ12Denotes a random number and k12∈{0,1}l
Figure BDA0003443159430000078
Represents a polynomial ring and
Figure BDA0003443159430000079
x represents an independent variable, and n represents the power of x.
The specific steps of step S100 include:
receiving a security parameter l input by a user of the detection equipment, and randomly generating a pseudo-random hash function according to a lattice signature algorithm
Figure BDA00034431594300000710
Random number k12And kappa12∈{0,1}l(ii) a Then test the secretThe key is sub ═ F, k12)。
Step S200, public key pk ═ a, t, message μ, original private key (S) according to lattice signature algorithm1,s2) Test key sub ═ F, κ12) And a state i ═ j, τ) output detection signature
Figure BDA00034431594300000711
Or detecting signatures and states
Figure BDA00034431594300000712
The specific steps of step S200 include:
step S201, receiving public key pk ═ a, t of lattice signature algorithm, message μ, original private key (S)1,s2) Test key sub ═ F, κ12) And state ι ═ j, τ.
Wherein a polynomial is randomly selected
Figure BDA0003443159430000081
Slave polynomial ring
Figure BDA0003443159430000082
A subset of
Figure BDA0003443159430000083
In randomly selecting two polynomials
Figure BDA0003443159430000084
And is
Figure BDA0003443159430000085
Polynomial t ═ as1+s2(ii) a j denotes the j-th signature and τ denotes the intermediate variable.
Step S2021, j ← 0, τ ← 0, and if j ═ 0 mod 2, two numbers of first random numbers are randomly selected
Figure BDA0003443159430000086
Step S2022. Calculating a first polynomial w ay from the public key a1+y2
In step S2023, the hash function H calculates a first intermediate value c ═ H (a, t, w, μ).
Step S2024, based on the original private key (S)1,s2) And a first random number y1,y2Computing a first partial signature z1And a second partial signature z2,z1=y1+cs1,z2=y2+cs2
Step S2024, execute the random sampling algorithm RejectionSample (z)1,z2,cs1,cs2) If the receiving returns to 1;
let τ be c and output the detection signature
Figure BDA0003443159430000087
Step S2031, if the random sampling algorithm returns 0 rejection, executing the following steps S2032 to S2035:
step S2032, according to the public key a and the second random number y'1,y′2Calculating a second polynomial w '═ ay'1+y′2
Step S2033 inputs the message μ, and the public key pk ═ a, t and the second polynomial w ', and calculates the second intermediate value c ═ H (a, t, w', μ) by the hash function H.
Step S2034, according to the original private key (S)1,s2) And a second random number y'1,y′2Computing a third partial signature z1' and fourth partial signature z2',z′1=y′1+c′s1,z′2=y′2+c′s2
Step S2035, running a random sampling algorithm RejectionSample (z'1,z′2,c′s1,c′s2) And returns a 1 accept;
if returning 0 and rejecting, let tau be c ═ c
Figure BDA0003443159430000091
J +1, iota (j, τ), and return
Figure BDA0003443159430000092
Then executing the verification algorithm
Figure BDA0003443159430000093
The method comprises the following steps: step S204-step S205.
Step S204, checking equation w ' ═ az ' from pk ═ (a, t) '1+z′2-c't is true.
Step S205, accepting the detection signature
Figure BDA0003443159430000094
If and only if equation c 'is true and norm | | (z'1,z′2) Less than or equal to mn sigma k-sigma k; where n is a power of 2, m and σ are arbitrary integers, and k satisfies
Figure BDA0003443159430000095
Step S300, sending detection signature to server
Figure BDA0003443159430000096
Or detecting signatures and states
Figure BDA0003443159430000097
Step S400, receiving the signature by the server according to the detection
Figure BDA0003443159430000098
Or detecting signatures and states
Figure BDA0003443159430000099
Generated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Where q is an integer and represents the length of the collision message.
Step S500, according to the verification signature sigma1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21)。
The specific steps of step S500 include:
protection signature algorithm and verification signature sigma according to double authentication1=(c1,z11,z12),σ2=(c1,z21,z22) Calculating a system of linear equations
Figure BDA00034431594300000910
System of linear equations of four
Figure BDA00034431594300000913
The last unknown quantity is y1,y2,s1,s2Calculating the linear equation to obtain the private key(s) to be verified11,s21). Wherein the content of the first and second substances,
Figure BDA00034431594300000911
Figure BDA00034431594300000912
step S600, according to the private key (S) to be verified11,s21) Step S200 is used to output the signature to be verified or the signature and status to be verified. Specifically, the original private key (S) in step S200 is used1,s2) Replacement with the private key(s) to be verified11,s21) And outputting the signature to be verified or the signature and the state to be verified.
And if the signature to be verified is the same as the detection signature, outputting prompt information. The prompt message is used for prompting the user that the server needs maintenance.
The detection signature generated by the detection equipment is sent to the server, the server can output the verification signature and return the verification signature to the detection equipment in the information transmission process according to the detection signature, the detection equipment calculates the private key to be verified according to the verification signature, the detection equipment outputs the signature to be verified according to the private key to be verified, verifies the signature to be verified and the detection signature, and if the signature to be verified is the same as the detection signature, the server does not recognize the detection signature, so the server lacks a corresponding recognition mechanism and needs to be further maintained and updated so as to prevent the situation that the information of a user in the server is acquired by others. The server information security detection method can detect the security of the server, and remind a user of maintaining the server in time, so that the server is prevented from large-scale information leakage.
Example two
A second aspect of the embodiments of the present invention provides a server information security detection apparatus, including:
a generating module for generating a test key (sub ═ F, k) according to a lattice signature algorithm12) (ii) a Wherein F represents a pseudo-random hash function
Figure BDA0003443159430000101
κ12Denotes a random number and κ12∈{0,1}l
Figure BDA0003443159430000102
Represents a polynomial ring and
Figure BDA0003443159430000103
x represents an independent variable, and n represents the power of x.
The generation module is specifically configured to:
receiving a security parameter l, and randomly generating a pseudo-random hash function according to a lattice signature algorithm
Figure BDA0003443159430000104
Random number k12And κ12∈{0,1}l(ii) a Then testingKey subk ═ F, κ12)。
An output module for generating a message mu, an original private key(s) according to the public key pk ═ a, t of the lattice signature algorithm1,s2) Test key sub ═ F, κ12) And a state i ═ j, τ) output detection signature
Figure BDA0003443159430000105
Or detecting signatures and states
Figure BDA0003443159430000111
The output module includes:
a receiving unit for receiving a public key pk ═ a, t, a message mu, and an original private key(s) of a lattice signature algorithm1,s2) Test key sub ═ F, κ12) And state ι ═ j, τ;
a selecting unit for j ← 0, τ ← 0, and for randomly selecting two first random numbers if j ═ 0 mod 2
Figure BDA0003443159430000112
A first calculation unit for calculating a first polynomial w ═ ay from the public key a1+y2
A second calculation unit configured to calculate a first intermediate value c ═ H (a, t, w, μ) by a hash function H;
a third calculation unit for calculating a third value from the original private key(s)1,s2) And a first random number y1,y2Computing a first partial signature z1And a second partial signature z2,z1=y1+cs1,z2=y2+cs2
A first execution unit for executing a random sampling algorithm ReobjectSample (z)1,z2,cs1,cs2) If the receiving returns to 1;
let τ be c and output the detection signature
Figure BDA0003443159430000113
A second execution unit, configured to execute the following steps if the random sampling algorithm returns a 0 rejection:
step S2032, according to the public key a and the second random number y'1,y′2Calculating a second polynomial w '═ ay'1+y′2
Step S2033 of inputting a message μ, where the public key pk ═ a, t and a second polynomial w ', and calculating a second intermediate value c ═ H (a, t, w', μ) by a hash function H;
step S2034, according to the original private key (S)1,s2) And a second random number y'1,y′2Computing a third partial signature z1' and fourth partial signature z2',z′1=y′1+c′s1,z′2=y′2+c′s2
Step S2035, run the random sampling algorithm RejectionSample (z'1,z′2,c′s1,c′s2) And returns a 1 accept;
if returning 0 and rejecting, let tau be c ═ c
Figure BDA0003443159430000114
J +1, iota (j, τ), and return
Figure BDA0003443159430000115
A verification module for executing a verification algorithm
Figure BDA0003443159430000116
The method comprises the following steps: a checking unit and an accepting unit;
a verification unit for verifying the equation w ' ═ az ' according to pk ═ (a, t) '1+z′2-c't is true;
an acceptance unit for accepting the detection signature
Figure BDA0003443159430000121
If and only if equation c ═ H (a, t, w', μ) holds andnorm | | (z'1,z′2) Less than or equal to mn sigma k-sigma k; where n is a power of 2, m and σ are arbitrary integers, and k satisfies
Figure BDA0003443159430000122
A sending module for sending the detection signature to the server
Figure BDA0003443159430000123
Or detecting signatures and states
Figure BDA0003443159430000124
A receiving module for receiving the signature from the server
Figure BDA0003443159430000125
Or detecting signatures and states
Figure BDA0003443159430000126
Generated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer representing the length of the collision message.
A calculation module for calculating a signature σ from the verification1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
Figure BDA0003443159430000127
the calculation module is particularly adapted to protect the signature algorithm and to verify the signature sigma according to a double authentication1=(c1,z11,z12),σ2=(c1,z21,z22) Calculating a system of linear equations
Figure BDA0003443159430000128
Obtaining the private key(s) to be verified11,s21) (ii) a Wherein the content of the first and second substances,
Figure BDA0003443159430000129
a judging module for judging the private key(s) to be verified11,s21) Using step S200 to output the signature to be verified or the signature and state to be verified;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
EXAMPLE III
A third aspect of an embodiment of the present invention provides a device for detecting information security of a server, including: a memory and a processor;
the memory stores a computer program;
the processor is configured to execute the steps of the server information security detection method in the first embodiment when running the computer program.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples described in this specification can be combined and combined by those skilled in the art.
The foregoing is a further detailed description of the invention in connection with specific preferred embodiments and it is not intended to limit the invention to the specific embodiments described. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (7)

1. A server information security detection method is applied to detection equipment and comprises the following steps:
step S100 generates a test key subk ═ (F, κ) according to the lattice signature algorithm12) (ii) a Wherein F represents a pseudorandom hash function F:
Figure FDA0003443159420000011
κ12represents a random number and
Figure FDA0003443159420000012
Figure FDA0003443159420000013
represents a polynomial ring and
Figure FDA0003443159420000014
x represents an independent variable, and n represents the power of x;
step S200, public key pk ═ a, t, message μ, original private key (S) according to lattice signature algorithm1,s2) The test key subk ═ F, κ12) And a state i ═ j, τ) output detection signature
Figure FDA0003443159420000015
Or detecting the signature and said state
Figure FDA0003443159420000016
Wherein a polynomial is randomly selected
Figure FDA0003443159420000017
Slave polynomial ring
Figure FDA0003443159420000018
A subset of
Figure FDA0003443159420000019
In randomly selecting two polynomials
Figure FDA00034431594200000110
And is
Figure FDA00034431594200000111
Polynomial t ═ as1+s2(ii) a j represents the jth signature, and τ represents an intermediate variable; detecting signatures
Figure FDA00034431594200000112
First partial signature z1And a second partial signature z2Are respectively represented by z1=y1+cs1,z2=y2+cs2,y1,y2Is a random number; the intermediate value c ═ H (a, t, w, μ), w ═ ay, is calculated by the hash function H1+y2
Step S300, sending the detection signature to a server
Figure FDA00034431594200000113
Or the detection signature and status
Figure FDA00034431594200000114
Step S400, receiving the signature detected by the server
Figure FDA00034431594200000115
Or the detection signature and status
Figure FDA00034431594200000116
Generated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd corresponding label basedVerification signature sigma of name algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer and represents the length of the collision message;
step S500, according to the verification signature sigma1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
Figure FDA00034431594200000117
step S600, according to the private key (S) to be verified11,s21) Outputting the signature to be verified or the signature and the state to be verified by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
2. The method for detecting the security of the server information according to claim 1, wherein the specific steps of the step S100 include:
receiving security parameters
Figure FDA0003443159420000021
Randomly generating a pseudo-random hash function F according to a lattice signature algorithm:
Figure FDA0003443159420000022
random number k12And is
Figure FDA0003443159420000023
Then the test key subk is (F, κ)12)。
3. The method for detecting the security of the server information according to claim 1, wherein the specific steps of the step S200 include:
step S201, receiving grid signature algorithmPublic key pk ═ (a, t), message mu, original private key(s)1,s2) The test key subk ═ F, κ12) And state ι ═ j, τ;
step S2021, j ← 0, τ ← 0, and if j ═ 0 mod 2, two first random numbers are randomly selected
Figure FDA0003443159420000024
Step S2022, calculating a first polynomial w ═ ay from the public key a1+y2
Step S2023, calculating a first intermediate value c ═ H (a, t, w, μ) by the hash function H;
step S2024, based on the original private key (S)1,s2) And said first random number y1,y2Computing a first partial signature z1And a second partial signature z2,z1=y1+cs1,z2=y2+cs2
Step S2024, execute the random sampling algorithm RejectionSample (z)1,z2,cs1,cs2) If the receiving returns to 1;
let τ be c and output the detection signature
Figure FDA0003443159420000025
Step S2031, if the random sampling algorithm returns 0 rejection, executing the following steps:
step S2032, according to the public key a and the second random number y'1,y′2Calculating a second polynomial w '═ ay'1+y′2
Step S2033 of inputting a message μ, where the public key pk ═ a, t and the second polynomial w ', and calculating a second intermediate value c ═ H (a, t, w', μ) by a hash function H;
step S2034, according to the original private key (S)1,s2) And the second random number y'1,y′2Computing a third partial signature z1' and fourth partial signature z2',z′1=y′1+c′s1,z′2=y′2+c′s2
Step S2035, running a random sampling algorithm RejectionSample (z'1,z′2,c′s1,c′s2) And returns a 1 accept;
if returning 0 and rejecting, let tau be c ═ c
Figure FDA0003443159420000031
j +1 and iota (j, τ), and returning
Figure FDA0003443159420000032
4. The method for detecting the security of the server information according to claim 3, wherein the specific steps of the step S500 include:
protecting a signature algorithm and the verification signature sigma according to a double authentication1=(c1,z11,z12),σ2=(c1,z21,z22) Calculating a system of linear equations
Figure FDA0003443159420000033
Obtaining the private key(s) to be verified11,s21) (ii) a Wherein the content of the first and second substances,
Figure FDA0003443159420000034
5. the method for detecting the security of the server information according to claim 3, further comprising, before the step S300: verification algorithm
Figure FDA0003443159420000035
The method comprises the following steps:
step S204, checking equation w ' ═ az ' from pk ═ (a, t) '1+z′2-c't is true;
step S205, accepting the detection signature
Figure FDA0003443159420000036
If and only if equation c ' holds true for H (a, t, w ', μ) and norm | | (z '1,z′2) Less than or equal to mn sigma k-sigma k; where n is a power of 2, m and σ are arbitrary integers, and k satisfies
Figure FDA0003443159420000037
6. A server information security detection apparatus, comprising:
a generating module for generating a test key (sub ═ F, k) according to a lattice signature algorithm12) (ii) a Wherein F represents a pseudorandom hash function F:
Figure FDA0003443159420000038
κ12represents a random number and
Figure FDA0003443159420000039
Figure FDA00034431594200000310
represents a polynomial ring and
Figure FDA00034431594200000311
x represents an independent variable, and n represents the power of x;
an output module for generating a message mu, an original private key(s) according to the public key pk ═ a, t of the lattice signature algorithm1,s2) The test key subk ═ F, κ12) And a state i ═ j, τ) output detection signature
Figure FDA00034431594200000312
Or detecting the signature and said state
Figure FDA0003443159420000041
Wherein a polynomial is randomly selected
Figure FDA0003443159420000042
Slave polynomial ring
Figure FDA0003443159420000043
A subset of
Figure FDA0003443159420000044
In randomly selecting two polynomials
Figure FDA0003443159420000045
And is
Figure FDA0003443159420000046
Polynomial t ═ as1+s2(ii) a j represents the jth signature, and τ represents an intermediate variable; detecting signatures
Figure FDA0003443159420000047
First partial signature z1And a second partial signature z2Are respectively represented by z1=y1+cs1,z2=y2+cs2,y1,y2Is a random number; the intermediate value c ═ H (a, t, w, μ), w ═ ay, is calculated by the hash function H1+y2
A sending module for sending the detection signature to a server
Figure FDA0003443159420000048
Or the detection signature and status
Figure FDA0003443159420000049
A receiving module for receiving the signature of the server according to the detection
Figure FDA00034431594200000410
Or the detection signature and status
Figure FDA00034431594200000411
Generated first collision message mu1=(μ0,p1)∈{0,1}qAnd a second collision message mu2=(μ0,p2)∈{0,1}qAnd a corresponding verification signature sigma based on a lattice signature algorithm1=(c1,z11,z12),σ2=(c1,z21,z22) (ii) a Wherein q is an integer representing the length of the collision message;
a calculation module for calculating a signature σ from the verification1=(c1,z11,z12),σ2=(c1,z21,z22) Computing a private key(s) to be authenticated11,s21) Wherein, in the step (A),
Figure FDA00034431594200000412
a judging module for judging the private key(s) to be verified11,s21) Outputting the signature to be verified or the signature and the state to be verified by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
7. A server information security detection apparatus, comprising: a memory and a processor;
the memory stores a computer program;
the processor is configured to execute the steps of the server information security detection method according to any one of claims 1 to 5 when the computer program is executed.
CN202111644157.4A 2021-12-29 2021-12-29 Method, device and equipment for detecting information security of server Active CN114491664B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111644157.4A CN114491664B (en) 2021-12-29 2021-12-29 Method, device and equipment for detecting information security of server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111644157.4A CN114491664B (en) 2021-12-29 2021-12-29 Method, device and equipment for detecting information security of server

Publications (2)

Publication Number Publication Date
CN114491664A true CN114491664A (en) 2022-05-13
CN114491664B CN114491664B (en) 2024-04-09

Family

ID=81508788

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111644157.4A Active CN114491664B (en) 2021-12-29 2021-12-29 Method, device and equipment for detecting information security of server

Country Status (1)

Country Link
CN (1) CN114491664B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101523053B1 (en) * 2014-02-26 2015-05-27 고려대학교 산학협력단 System and method for verifiably encrypted signatures from lattices
CN107592203A (en) * 2017-09-25 2018-01-16 深圳技术大学筹备办公室 A kind of aggregate signature method and its system based on lattice
CN109995509A (en) * 2019-05-08 2019-07-09 西安电子科技大学 Authentication key based on message recovery signature exchanges method
CN113676333A (en) * 2021-08-23 2021-11-19 西安邮电大学 Method for generating SM2 blind signature through cooperation of two parties

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101523053B1 (en) * 2014-02-26 2015-05-27 고려대학교 산학협력단 System and method for verifiably encrypted signatures from lattices
CN107592203A (en) * 2017-09-25 2018-01-16 深圳技术大学筹备办公室 A kind of aggregate signature method and its system based on lattice
CN109995509A (en) * 2019-05-08 2019-07-09 西安电子科技大学 Authentication key based on message recovery signature exchanges method
CN113676333A (en) * 2021-08-23 2021-11-19 西安邮电大学 Method for generating SM2 blind signature through cooperation of two parties

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
牟雁飞;赵一鸣;: "一种基于格的可证明安全数字签名方案", 计算机工程, no. 12, 15 December 2014 (2014-12-15) *

Also Published As

Publication number Publication date
CN114491664B (en) 2024-04-09

Similar Documents

Publication Publication Date Title
EP3007383A1 (en) Biometric signature system, signature verification method, registration terminal, signature generation terminal, and signature verification device
US11227037B2 (en) Computer system, verification method of confidential information, and computer
CN110505067B (en) Block chain processing method, device, equipment and readable storage medium
EP1717724B1 (en) Methods for generation and validation of isogeny-based signatures
CN114257366B (en) Information homomorphic processing method, device, equipment and computer readable storage medium
CN113722767B (en) Data integrity verification method, system, storage medium and computing equipment
CN110602190A (en) Block chain consensus method, block chain node and storage device
CN110995438A (en) Non-interactive zero-knowledge proof method, system and storage medium
Liu et al. A novel security key generation method for SRAM PUF based on Fourier analysis
JP2002244555A (en) Method, device, and program for detecting data falsification, and storage medium with stored program therefor
CN114491664A (en) Server information security detection method and device and detection equipment
Ding et al. Balancing security and privacy in genomic range queries
CN112422294B (en) Anonymous voting method and device based on ring signature, electronic equipment and storage medium
CN114629663A (en) Block chain-based digital commodity transaction method and device
Kirci et al. A digest-based method for efficiency improvement of security in biometrical cryptography authentication
Toapanta et al. Analysis of HIPAA for adopt in the information security in the civil registry of the ecuador
CN111327423A (en) Examination and approval device and method based on ordered multiple signatures and readable storage medium
WO2011033642A1 (en) Signature generation device and signature verification device
CN113992326B (en) Non-interactive image editing validity detection method based on aggregation algorithm
CN114710293B (en) Digital signature method, device, electronic equipment and storage medium
CN112560070B (en) Data sharing method with auditing function
CN116455584B (en) Downloading method and system based on software integrity
CN112559456B (en) Data sharing method with privacy protection auditing and deleting functions
Hu et al. Lattice based ring signature scheme for secure cloud-based EMR sharing
CN117034357A (en) Aggregation signature method for data compliance audit

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant