CN114491664B - Method, device and equipment for detecting information security of server - Google Patents
Method, device and equipment for detecting information security of server Download PDFInfo
- Publication number
- CN114491664B CN114491664B CN202111644157.4A CN202111644157A CN114491664B CN 114491664 B CN114491664 B CN 114491664B CN 202111644157 A CN202111644157 A CN 202111644157A CN 114491664 B CN114491664 B CN 114491664B
- Authority
- CN
- China
- Prior art keywords
- signature
- detection
- steps
- verified
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000001514 detection method Methods 0.000 claims abstract description 65
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 46
- 238000012795 verification Methods 0.000 claims abstract description 23
- 238000012360 testing method Methods 0.000 claims abstract description 22
- 230000006870 function Effects 0.000 claims description 20
- 238000005070 sampling Methods 0.000 claims description 14
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 6
- 238000009826 distribution Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device and a device for detecting the information security of a server, which comprise the following steps: step S100, generating a test key according to a lattice signature algorithm; step 200, outputting a detection signature or a detection signature and a state according to the public key, the message, the original private key, the test key and the state of the lattice signature algorithm; step S300, sending a detection signature or a detection signature and a state to a server; step S400, a first collision message and a second collision message which are generated by a receiving server according to the detection signature or the detection signature and the state and a corresponding verification signature based on a lattice signature algorithm; step S500, calculating a private key to be verified according to the verification signature; step S600, outputting a signature to be verified or a signature to be verified and a state according to the private key to be verified by using the step S200; and if the signature to be verified is the same as the detection signature, outputting prompt information. The invention can detect the safety of the server, prompt the user to maintain the server in time, and avoid the condition of large-scale information leakage of the server.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method, a device and equipment for detecting information security of a server.
Background
With the large-scale application of technologies such as cloud computing and big data, the demand of a server is greatly improved, so that the safety and reliability of the server are more and more important, and the safety of the server is a basic stone of the safety of the whole information system. Authoritative data shows that about 80% of the data in the entire information system is processed by the server, and the information system will depend more and more on the server with the continuous development of the functions and performances of the server. In order to ensure the safety of information, the information can be encrypted by adopting an encryption technology in the process of digital transmission, and with the continuous development of quantum computing technology, a quantum security resistant cryptographic algorithm is focused, wherein a Fiat-Shamir type lattice signature is an important part of the quantum security resistant cryptographic algorithm. In the process of information transmission, if a server based on such a grid signature is attacked, privacy security of user information is seriously affected, and how to detect security of a server based on a Fiat-Shamir type grid signature is a problem to be solved.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a method for detecting the information security of a server. The technical problems to be solved by the invention are realized by the following technical scheme:
a first aspect of an embodiment of the present invention provides a method for detecting security of server information, which is applied to a detection device, including:
step S100, generating a test key subk= (F, κ) according to a lattice signature algorithm 1 ,κ 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein F represents a pseudo-random hash functionκ 1 ,κ 2 Represent random numbers and κ 1 ,κ 2 ∈{0,1} l ;/>Represents a polynomial ring and->x represents an independent variable, and n represents the power of x;
step S200, public key pk= (a, t), message μ, original private key (S 1 ,s 2 ) The test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ) output detection signatureOr detecting a signature and the statusWherein a polynomial is randomly selected +.>From polynomial ring->Subset of->Two polynomials are randomly selected +.>And->Polynomial t=as 1 +s 2 The method comprises the steps of carrying out a first treatment on the surface of the j represents the j-th signature, τ represents an intermediate variable; detect signature->First partial signature z 1 And a second partial signature z 2 Respectively denoted as z 1 =y 1 +cs 1 ,z 2 =y 2 +cs 2 ,y 1 ,y 2 Is a random number; calculating the intermediate value c=h (a, t, w, μ), w=ay by means of the hash function H 1 +y 2 ;
Step S300, the detection signature is sent to a serverOr the detection signature and status->
Step S400, receiving the signature according to the detection by the serverOr the detected signature and statusThe generated first collision message mu 1 =(μ 0 ,p 1 )∈{0,1} q And a second collision message mu 2 =(μ 0 ,p 2 )∈{0,1} q Corresponding verification signature sigma based on lattice signature algorithm 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein q is an integer and represents the length of the collision message;
step S500, according to the verification signature sigma 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a private key to be verified(s) 11 ,s 21 ) Wherein, the method comprises the steps of, wherein,
step S600, according to the private key (S) 11 ,s 21 ) Outputting a signature to be verified or a signature to be verified and a state by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
Further, the specific steps of the step S100 include:
receiving the security parameter l, and randomly generating a pseudo-random hash function according to a lattice signature algorithmRandom number kappa 1 ,κ 2 And kappa (K) 1 ,κ 2 ∈{0,1} l The method comprises the steps of carrying out a first treatment on the surface of the Then the test key subk= (F, k) 1 ,κ 2 )。
Further, the specific steps of the step S200 include:
step S201, receive the public key pk= (a, t), the message μ, the original private key (S) 1 ,s 2 ) The test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ);
steps S2021, j≡0, τ≡0, if j=0mod 2, randomly selecting the two-number first random number
Step S2022, calculating a first polynomial w=ay from the public key a 1 +y 2 ;
Step S2023, calculating a first intermediate value c=h (a, t, w, μ) by the hash function H;
step S2024, based on the original private key (S 1 ,s 2 ) And the first random number y 1 ,y 2 Computing a first partial signature z 1 And a second partial signature z 2 ,z 1 =y 1 +cs 1 ,z 2 =y 2 +cs 2 ;
Step S2024, execute the random sampling algorithm Rejectionsample (z 1 ,z 2 ,cs 1 ,cs 2 ) If return 1 to accept;
let τ=c and output the detected signature
Step S2031, if the random sampling algorithm returns 0 rejection, executing the following steps:
step S2032, based on the public key a and the second random number y' 1 ,y′ 2 Calculate the second polynomial w ' =ay ' ' 1 +y′ 2 ;
Step S2033, inputting a message μ, calculating a second intermediate value c ' =h (a, t, w ', μ) by a hash function H from the public key pk= (a, t) and the second polynomial w ';
step S2034, based on the original private key (S 1 ,s 2 ) And the second random number y' 1 ,y′ 2 Computing a third partial signature z 1 ' and fourth partial signature z 2 ',z′ 1 =y′ 1 +c′s 1 ,z′ 2 =y′ 2 +c′s 2 ;
Step S2035, execute random sampling algorithm reject sample (z' 1 ,z′ 2 ,c′s 1 ,c′s 2 ) And return 1 accepted;
returning to 0 refusal, let τ=c'j=j+1 and iota= (j, τ), return +.>
Further, the specific steps of the step S500 include:
based on a double authentication guard signature algorithm and the verification signature sigma 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a set of linear equationsObtaining the private key(s) to be verified 11 ,s 21 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>
Further, before the step S300, the method further includes: verification algorithmComprising the following steps:
step S204, checking equation w ' =az ' according to pk= (a, t) ' 1 +z′ 2 -whether c't is true;
step S205, accepting the detection signatureIf and only if the equation c ' =h (a, t, w ', μ) holds and the norm|| (z ' 1 ,z′ 2 ) The I is less than or equal to mn sigma k-sigma k; wherein the integer n is Fang Mi of 2, m and sigma are arbitrary integers, k is satisfied +.>
A second aspect of an embodiment of the present invention provides a server information security detection apparatus, including:
a generating module for generating a test key subk= (F, κ) according to a lattice signature algorithm 1 ,κ 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein F represents a pseudo-random hash functionκ 1 ,κ 2 Represent random numbers and κ 1 ,κ 2 ∈{0,1} l ;/>Representing a polynomial ring andx represents an independent variable, and n represents the power of x;
an output module for generating a public key pk= (a, t), a message μ, an original private key (s 1 ,s 2 ) The test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ) output detection signatureOr detecting a signature and said status +.>Wherein a polynomial is randomly selected +.>From polynomial ring->Subset of->Two polynomials are randomly selected +.>And->Polynomial t=as 1 +s 2 The method comprises the steps of carrying out a first treatment on the surface of the j represents the j-th signature, τ represents an intermediate variable; detect signature->First partial signature z 1 And a second partial signature z 2 Respectively representIs z 1 =y 1 +cs 1 ,z 2 =y 2 +cs 2 ,y 1 ,y 2 Is a random number; calculating the intermediate value c=h (a, t, w, μ), w=ay by means of the hash function H 1 +y 2 ;
A sending module, configured to send the detection signature to a serverOr the detection signature and status->
A receiving module for receiving the signature detected by the serverOr the detection signature and status->The generated first collision message mu 1 =(μ 0 ,p 1 )∈{0,1} q And a second collision message mu 2 =(μ 0 ,p 2 )∈{0,1} q Corresponding verification signature sigma based on lattice signature algorithm 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein q is an integer representing the length of the collision message;
a calculation module for verifying signature sigma according to the verification signature sigma 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a private key to be verified(s) 11 ,s 21 ) Wherein, the method comprises the steps of, wherein,
a judging module for judging whether the private key (s 11 ,s 21 ) Outputting a signature to be verified or a signature to be verified and a state by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
A third aspect of an embodiment of the present invention provides a server information security detection apparatus, including: a memory and a processor;
the memory stores a computer program;
the processor is configured to execute the steps of the server information security detection method according to any one of the preceding claims 1-5 when the computer program is run. .
The invention has the beneficial effects that:
according to the method, the signature to be verified generated by the server is verified through the detection signature generated by the detection equipment, if the signature to be verified is the same as the detection signature, the potential safety hazard exists in the server, so that prompt information is output for prompting.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but embodiments of the present invention are not limited thereto.
In the related art, the Fiat-Shamir type lattice signature is described as follows:
s1, a key generation algorithm:
s101, slave polynomial ringIs selected randomly by a polynomial +.>Wherein->
S102, slave polynomial ringSubset of->In (2) two polynomials are randomly selected +.>Wherein the method comprises the steps of
S103, calculating polynomial t=as 1 +s 2 。
S104, outputting public and private key pairs (a, t); (s) 1 ,s 2 ). Wherein the public key is (a, t); the private key is(s) 1 ,s 2 )。
S2, signature algorithm Sign (μ, a, S) of message μ 1 ,s 2 T) is described as follows:
s201, polynomial ringTwo polynomials are randomly selected +.>
S202, calculating a polynomial w=ay 1 +y 2 。
S203, calculate c=h (a, t, w, μ), where the cryptographic hash function H maps to a constant c.
S204, calculating polynomial z 1 =y 1 +cs 1 ,z 2 =y 2 +cs 2 。
S205, execute random sampling algorithm reject sample (z 1 ,z 2 ,cs 1 ,cs 2 ) Returning to 1 accept, otherwise returning to 0 reject.
S206, outputting signature pairs (c, z) 1 ,z 2 )。
S3, inputting a message and a signature pair, and verifying an algorithm Verify (mu, a, z) 1 ,z 2 T) is described as follows:
s301, check equation w=az 1 +z 2 -ct isAnd if not, the method is true.
S302, accept signature if and only if equation c=h (a, t, w, μ) holds and norm || (z) 1 ,z 2 ) The I is less than or equal to mn sigma k-sigma k; wherein the integer n is Fang Mi of 2, m and sigma are arbitrary integers, and k satisfies
The random sampling algorithm, reject sample, is described as follows:
assume thatHash function->Is a random distribution and variance +.>If a constant M is present such that the following two distributions are statistically indistinguishable and the statistical distance is +.>The first distribution is described as follows:
1) The hash value is taken as v+.h.
2) Random selection from a discrete distribution of variance sigma
3) With probabilityOutput (z, v).
Another distribution is described as follows:
1) The hash value is taken as v+.h.
2) Randomly selected from a discrete distribution of variance sigma and mean v
3) With probabilityOutput (z, v).
Example 1
A first aspect of an embodiment of the present invention provides a method for detecting security of server information, which is applied to a detection device, including:
step S100, generating a test key subk= (F, κ) according to a lattice signature algorithm 1 ,κ 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein F represents a pseudo-random hash functionκ 1 ,κ 2 Represent random numbers and κ 1 ,κ 2 ∈{0,1} l ;/>Represents a polynomial ring and->x represents an argument and n represents the power of x.
The specific steps of step S100 include:
receiving a security parameter I input by a user of the detection equipment, and randomly generating a pseudo-random hash function according to a lattice signature algorithmRandom number kappa 1 ,κ 2 And kappa (K) 1 ,κ 2 ∈{0,1} l The method comprises the steps of carrying out a first treatment on the surface of the Then the test key is subk= (F, κ) 1 ,κ 2 )。
Step S200, public key pk= (a, t), message μ, original private key (S 1 ,s 2 ) Test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ) output detection signatureOr detect signature and status->
The specific steps of step S200 include:
step S201, receive the public key pk= (a, t), the message μ, the original private key (S) 1 ,s 2 ) Test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ).
Wherein a polynomial is randomly selectedFrom polynomial ring->Subset of->Two polynomials are randomly selected +.>And->Polynomial t=as 1 +s 2 The method comprises the steps of carrying out a first treatment on the surface of the j represents the j-th signature and τ represents the intermediate variable.
Steps S2021, j≡0, τ≡0, if j=0mod 2, randomly selecting the two-number first random number
Step S2022, calculating the first polynomial w=ay from the public key a 1 +y 2 。
Step S2023, calculating a first intermediate value c=h (a, t, w, μ) by the hash function H.
Step S2024, based on the original private key (S 1 ,s 2 ) And a first random number y 1 ,y 2 Computing a first partial signature z 1 And a second partial signature z 2 ,z 1 =y 1 +cs 1 ,z 2 =y 2 +cs 2 。
Step S2024, execute the random sampling algorithm Rejectionsample (z 1 ,z 2 ,cs 1 ,cs 2 ) If return 1 to accept;
let τ=c and output the detected signature
Step S2031, if the random sampling algorithm returns 0 rejection, the following steps S2032-S2035 are executed:
step S2032, based on the public key a and the second random number y' 1 ,y′ 2 Calculate the second polynomial w ' =ay ' ' 1 +y′ 2 。
In step S2033, the message μ is input, the public key pk= (a, t) and the second polynomial w ', and the second intermediate value c ' =h (a, t, w ', μ) is calculated by the hash function H.
Step S2034, based on the original private key (S 1 ,s 2 ) And a second random number y' 1 ,y′ 2 Computing a third partial signature z 1 ' and fourth partial signature z 2 ',z′ 1 =y′ 1 +c′s 1 ,z′ 2 =y′ 2 +c′s 2 。
Step S2035, execute random sampling algorithm reject sample (z' 1 ,z′ 2 ,c′s 1 ,c′s 2 ) And return 1 accepted;
returning to 0 refusal, let τ=c'And j=j+1, iota= (j, τ), return +.>
Then executing the verification algorithmComprising the following steps: step S204-step S205.
Step S204, according to pk =(a, t) checking equation w '=az' 1 +z′ 2 -whether c't is true.
Step S205, accepting the detection signatureIf and only if the equation c ' =h (a, t, w ', μ) holds and the norm|| (z ' 1 ,z′ 2 ) The I is less than or equal to mn sigma k-sigma k; wherein the integer n is Fang Mi of 2, m and sigma are arbitrary integers, k is satisfied +.>
Step S300, sending the detection signature to the serverOr detect signature and status->
Step S400, the receiving server detects the signature according to the detectionOr detect signature and status->The generated first collision message mu 1 =(μ 0 ,p 1 )∈{0,1} q And a second collision message mu 2 =(μ 0 ,p 2 )∈{0,1} q Corresponding verification signature sigma based on lattice signature algorithm 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) The method comprises the steps of carrying out a first treatment on the surface of the Where q is an integer and represents the length of the collision message.
Step S500, according to the verification signature sigma 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a private key to be verified(s) 11 ,s 21 )。
The specific steps of step S500 include:
protecting signature algorithm and verifying signature sigma according to double authentication 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a set of linear equationsThe linear equation set is four +.>The above unknown quantity is y 1 ,y 2 ,s 1 ,s 2 Is calculated to obtain the private key to be verified (s 11 ,s 21 ). Wherein (1)>
Step S600, according to the private key (S) to be verified 11 ,s 21 ) The step S200 is used to output the signature to be verified or the signature to be verified and the status. Specifically, the original private key (S 1 ,s 2 ) Replaced by the private key to be verified (s 11 ,s 21 ) And outputting the signature to be verified or the signature and state to be verified.
And if the signature to be verified is the same as the detection signature, outputting prompt information. The prompt information is used for prompting the user that the server needs maintenance.
According to the method, the detection signature generated by the detection device is sent to the server, the server can output the verification signature according to the detection signature in the information transmission process and return the verification signature to the detection device, the detection device calculates the private key to be verified according to the verification signature, the detection device outputs the signature to be verified according to the private key to be verified and verifies the signature to be verified and the detection signature, if the signature to be verified is identical with the detection signature, the server does not recognize the detection signature, and therefore the server lacks a corresponding recognition mechanism, further maintenance and updating are needed to be carried out on the server, and the situation that information of a user in the server is acquired by other people is prevented. The method for detecting the information security of the server can detect the security of the server, prompt a user to maintain the server in time, and avoid the condition of large-scale information leakage of the server.
Example two
A second aspect of an embodiment of the present invention provides a server information security detection apparatus, including:
a generating module for generating a test key subk= (F, κ) according to a lattice signature algorithm 1 ,κ 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein F represents a pseudo-random hash functionκ 1 ,κ 2 Represent random numbers and κ 1 ,κ 2 ∈{0,1} l ;/>Representing a polynomial ring andx represents an argument and n represents the power of x.
The generating module is specifically used for:
receiving the security parameter l, and randomly generating a pseudo-random hash function according to a lattice signature algorithmRandom number kappa 1 ,κ 2 And kappa (K) 1 ,κ 2 ∈{0,1} l The method comprises the steps of carrying out a first treatment on the surface of the Then test key subk= (F, k) 1 ,κ 2 )。
An output module for generating a public key pk= (a, t), a message μ, an original private key (s 1 ,s 2 ) Test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ) output detection signatureOr detecting a signatureName and status->
The output module includes:
a receiving unit for receiving a public key pk= (a, t), a message μ, an original private key (s 1 ,s 2 ) Test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ);
a selecting unit for j+.0, τ+.0, if j=0mod 2, randomly selecting the two first random numbers
A first calculation unit for calculating a first polynomial w=ay from the public key a 1 +y 2 ;
A second calculation unit for calculating a first intermediate value c=h (a, t, w, μ) by a hash function H;
a third calculation unit for calculating a third value based on the original private key (s 1 ,s 2 ) And a first random number y 1 ,y 2 Computing a first partial signature z 1 And a second partial signature z 2 ,z 1 =y 1 +cs 1 ,z 2 =y 2 +cs 2 ;
A first execution unit for executing a random sampling algorithm, reject sample (z 1 ,z 2 ,cs 1 ,cs 2 ) If return 1 to accept;
let τ=c and output the detected signature
The second execution unit is used for executing the following steps if the random sampling algorithm returns 0 rejection:
step S2032, based on the public key a and the second random number y' 1 ,y′ 2 Calculate the second polynomial w ' =ay ' ' 1 +y′ 2 ;
Step S2033, inputting a message μ, a public key pk= (a, t) and a second polynomial w ', calculating a second intermediate value c ' =h (a, t, w ', μ) by a hash function H;
step S2034, based on the original private key (S 1 ,s 2 ) And a second random number y' 1 ,y′ 2 Computing a third partial signature z 1 ' and fourth partial signature z 2 ',z′ 1 =y′ 1 +c′s 1 ,z′ 2 =y′ 2 +c′s 2 ;
Step S2035, execute random sampling algorithm reject sample (z' 1 ,z′ 2 ,c′s 1 ,c′s 2 ) And return 1 accepted;
returning to 0 refusal, let τ=c'And j=j+1, iota= (j, τ), return +.>
A verification module for executing a verification algorithmComprising the following steps: a checking unit and an accepting unit;
a checking unit for checking the equation w ' =az ' according to pk= (a, t) ' 1 +z′ 2 -whether c't is true;
an accepting unit for accepting the detection signatureIf and only if the equation c ' =h (a, t, w ', μ) holds and the norm|| (z ' 1 ,z′ 2 ) The I is less than or equal to mn sigma k-sigma k; wherein the integer n is Fang Mi of 2, m and sigma are arbitrary integers, k is satisfied +.>
A sending module for sending the detection signature to the serverOr detect signature and status->
A receiving module for receiving the signature according to the detection by the serverOr detect signature and status->The generated first collision message mu 1 =(μ 0 ,p 1 )∈{0,1} q And a second collision message mu 2 =(μ 0 ,p 2 )∈{0,1} q Corresponding verification signature sigma based on lattice signature algorithm 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) The method comprises the steps of carrying out a first treatment on the surface of the Where q is an integer representing the length of the collision message.
A calculation module for verifying signature sigma 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a private key to be verified(s) 11 ,s 21 ) Wherein, the method comprises the steps of, wherein,
the computing module is specifically used for protecting signature algorithm and verifying signature sigma according to double authentication 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a set of linear equationsObtaining a private key(s) to be verified 11 ,s 21 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein,
a judging module forAccording to the private key(s) 11 ,s 21 ) Outputting the signature to be verified or the signature to be verified and the state by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
Example III
A third aspect of an embodiment of the present invention provides a server information security detection apparatus, including: a memory and a processor;
the memory stores a computer program;
the processor is configured to execute the steps of the server information security detection method in the first embodiment when executing the computer program.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Further, one skilled in the art can engage and combine the different embodiments or examples described in this specification.
The foregoing is a further detailed description of the invention in connection with the preferred embodiments, and it is not intended that the invention be limited to the specific embodiments described. It will be apparent to those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and these should be considered to be within the scope of the invention.
Claims (7)
1. A server information security detection method, applied to a detection device, comprising:
step S100, generating a test key subk= (F, κ) according to a lattice signature algorithm 1 ,κ 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein F represents a pseudo-random hash function F:κ 1 ,κ 2 represent random number and +.> Represents a polynomial ring and->x represents an independent variable, and n represents the power of x;
step S200, public key pk= (a, t), message μ, original private key (S 1 ,s 2 ) The test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ) output detection signatureOr detecting a signature and said status +.>Wherein a polynomial is randomly selected +.>From polynomial ring->Subset of->Two polynomials are randomly selectedAnd->Polynomial t=as 1 +s 2 The method comprises the steps of carrying out a first treatment on the surface of the j represents the j-th signature, τ represents an intermediate variable; detecting signaturesFirst partial signature z 1 And a second partial signature z 2 Respectively denoted as z 1 =y 1 +cs 1 ,z 2 =y 2 +cs 2 ,y 1 ,y 2 Is a random number; calculating the intermediate value c=h (a, t, w, μ), w=ay by means of the hash function H 1 +y 2 ;
Step S300, the detection signature is sent to a serverOr the detection signature and status->
Step S400, receiving the signature according to the detection by the serverOr the detection signature and status->The generated first collision message mu 1 =(μ 0 ,p 1 )∈{0,1} q And a second collision message mu 2 =(μ 0 ,p 2 )∈{0,1} q Corresponding verification signature sigma based on lattice signature algorithm 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein q is an integer and represents the length of the collision message;
step S500, according to the verification signature sigma 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a private key to be verified(s) 11 ,s 21 ) Wherein, the method comprises the steps of, wherein,
step S600, according to the private key (S) 11 ,s 21 ) Outputting a signature to be verified or a signature to be verified and a state by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
2. The method for detecting the security of server information according to claim 1, wherein the specific steps of step S100 include:
receiving security parametersRandomly generating a pseudo-random hash function F:, according to a lattice signature algorithm>Random number kappa 1 ,κ 2 And->Then the test key subk= (F, k) 1 ,κ 2 )。
3. The method for detecting the security of server information according to claim 1, wherein the specific steps of step S200 include:
step S201, receive the public key pk= (a, t), the message μ, the original private key (S) 1 ,s 2 ) The test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ);
steps S2021, j≡0, τ≡0, if j=0mod 2, randomly selecting the two-number first random number
Step S2022, calculating a first polynomial w=ay from the public key a 1 +y 2 ;
Step S2023, calculating a first intermediate value c=h (a, t, w, μ) by the hash function H;
step S2024, based on the original private key (S 1 ,s 2 ) And the first random number y 1 ,y 2 Computing a first partial signature z 1 And a second partial signature z 2 ,z 1 =y 1 +cs 1 ,z 2 =y 2 +cs 2 ;
Step S2024, execute the random sampling algorithm Rejectionsample (z 1 ,z 2 ,cs 1 ,cs 2 ) If return 1 to accept;
let τ=c and output the detected signature
Step S2031, if the random sampling algorithm returns 0 rejection, executing the following steps:
step S2032, based on the public key a and the second random number y' 1 ,y′ 2 Calculate the second polynomial w ' =ay ' ' 1 +y′ 2 ;
Step S2033, inputting a message μ, calculating a second intermediate value c ' =h (a, t, w ', μ) by a hash function H from the public key pk= (a, t) and the second polynomial w ';
step S2034, based on the original private key (S 1 ,s 2 ) And the second random number y' 1 ,y′ 2 Computing a third partial signature z 1 ' and fourth partial signature z 2 ',z′ 1 =y′ 1 +c′s 1 ,z′ 2 =y′ 2 +c′s 2 ;
Step S2035, execute random sampling algorithm reject sample (z' 1 ,z′ 2 ,c′s 1 ,c′s 2 ) And return 1 accepted;
if returning 0 refusal, let τ=c′、j=j+1 and iota= (j, τ), return +.>
4. A method for detecting security of server information according to claim 3, wherein the specific steps of step S500 include:
based on a double authentication guard signature algorithm and the verification signature sigma 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a set of linear equationsObtaining the private key(s) to be verified 11 ,s 21 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>
5. A method for detecting security of server information according to claim 3, further comprising, before said step S300: verification algorithmComprising the following steps:
step S204, checking equation w ' =az ' according to pk= (a, t) ' 1 +z′ 2 -whether c't is true;
step S205, accepting the detection signatureIf and only if the equation c ' =h (a, t, w ', μ) holds and the norm|| (z ' 1 ,z′ 2 ) The I is less than or equal to mn sigma k-sigma k; wherein the integer n is Fang Mi of 2 and m and sigma are arbitraryIs k satisfying->
6. A server information security detection apparatus, comprising:
a generating module for generating a test key subk= (F, κ) according to a lattice signature algorithm 1 ,κ 2 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein F represents a pseudo-random hash function F:κ 1 ,κ 2 represent random number and +.> Represents a polynomial ring and->x represents an independent variable, and n represents the power of x;
an output module for generating a public key pk= (a, t), a message μ, an original private key (s 1 ,s 2 ) The test key subk= (F, κ) 1 ,κ 2 ) And state iota= (j, τ) output detection signatureOr detecting a signature and the statusWherein a polynomial is randomly selected +.>From polynomial ring->Subset of->Two polynomials are randomly selected +.>And->Polynomial t=as 1 +s 2 The method comprises the steps of carrying out a first treatment on the surface of the j represents the j-th signature, τ represents an intermediate variable; detect signature->First partial signature z 1 And a second partial signature z 2 Respectively denoted as z 1 =y 1 +cs 1 ,z 2 =y 2 +cs 2 ,y 1 ,y 2 Is a random number; calculating the intermediate value c=h (a, t, w, μ), w=ay by means of the hash function H 1 +y 2 ;
A sending module, configured to send the detection signature to a serverOr the detection signature and status->
A receiving module for receiving the signature detected by the serverOr the detected signature and statusThe generated first collision message mu 1 =(μ 0 ,p 1 )∈{0,1} q And a second collision message mu 2 =(μ 0 ,p 2 )∈{0,1} q Corresponding verification signature sigma based on lattice signature algorithm 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein q is an integer representing the length of the collision message;
a calculation module for verifying signature sigma according to the verification signature sigma 1 =(c 1 ,z 11 ,z 12 ),σ 2 =(c 1 ,z 21 ,z 22 ) Calculating a private key to be verified(s) 11 ,s 21 ) Wherein, the method comprises the steps of, wherein,
a judging module for judging whether the private key (s 11 ,s 21 ) Outputting a signature to be verified or a signature to be verified and a state by using the step S200;
and if the signature to be verified is the same as the detection signature, outputting prompt information.
7. A server information security detection apparatus, characterized by comprising: a memory and a processor;
the memory stores a computer program;
the processor is configured to execute the steps of the server information security detection method according to any one of the preceding claims 1-5 when the computer program is run.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111644157.4A CN114491664B (en) | 2021-12-29 | 2021-12-29 | Method, device and equipment for detecting information security of server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111644157.4A CN114491664B (en) | 2021-12-29 | 2021-12-29 | Method, device and equipment for detecting information security of server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114491664A CN114491664A (en) | 2022-05-13 |
| CN114491664B true CN114491664B (en) | 2024-04-09 |
Family
ID=81508788
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111644157.4A Active CN114491664B (en) | 2021-12-29 | 2021-12-29 | Method, device and equipment for detecting information security of server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114491664B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101523053B1 (en) * | 2014-02-26 | 2015-05-27 | 고려대학교 산학협력단 | System and method for verifiably encrypted signatures from lattices |
| CN107592203A (en) * | 2017-09-25 | 2018-01-16 | 深圳技术大学筹备办公室 | A kind of aggregate signature method and its system based on lattice |
| CN109995509A (en) * | 2019-05-08 | 2019-07-09 | 西安电子科技大学 | Authentication key based on message recovery signature exchanges method |
| CN113676333A (en) * | 2021-08-23 | 2021-11-19 | 西安邮电大学 | Method for generating SM2 blind signature through cooperation of two parties |
-
2021
- 2021-12-29 CN CN202111644157.4A patent/CN114491664B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101523053B1 (en) * | 2014-02-26 | 2015-05-27 | 고려대학교 산학협력단 | System and method for verifiably encrypted signatures from lattices |
| CN107592203A (en) * | 2017-09-25 | 2018-01-16 | 深圳技术大学筹备办公室 | A kind of aggregate signature method and its system based on lattice |
| CN109995509A (en) * | 2019-05-08 | 2019-07-09 | 西安电子科技大学 | Authentication key based on message recovery signature exchanges method |
| CN113676333A (en) * | 2021-08-23 | 2021-11-19 | 西安邮电大学 | Method for generating SM2 blind signature through cooperation of two parties |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于格的可证明安全数字签名方案;牟雁飞;赵一鸣;;计算机工程;20141215(12);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114491664A (en) | 2022-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Linnartz et al. | New shielding functions to enhance privacy and prevent misuse of biometric templates | |
| WO2014192086A1 (en) | Biometric signature system, signature verification method, registration terminal, signature generation terminal, and signature verification device | |
| US20130276081A1 (en) | Stateless attestation system | |
| CN110505067B (en) | Block chain processing method, device, equipment and readable storage medium | |
| JP5707311B2 (en) | Biometric signature system | |
| EP1717724B1 (en) | Methods for generation and validation of isogeny-based signatures | |
| CN110494854A (en) | Use the Verification System of multi-party computations | |
| US20200019685A1 (en) | Computer system, verification method of confidential information, and computer | |
| CN110363509A (en) | A kind of information protecting method and device | |
| CN110990814A (en) | Trusted digital identity authentication method, system, equipment and medium | |
| CN110602190B (en) | Block chain consensus method, block chain node and storage device | |
| KR102407988B1 (en) | Method for preventing counterfeit and tampering of black box data and apparatus therof | |
| CN114491664B (en) | Method, device and equipment for detecting information security of server | |
| CN108833104A (en) | A kind of signature method, verification method and the device of file | |
| CN104751042A (en) | Credibility detection method based on password hash and biometric feature recognition | |
| JP5965090B2 (en) | Method and system for generating a sign code used to securely transfer money | |
| CN108011723B (en) | Inseparable digital signature method for intrusion resilience | |
| CN112837064B (en) | Signature method, signature verification method and signature verification device for alliance chain | |
| CN118381660B (en) | Regional cash center behavior zero trust system construction method and system | |
| Wang et al. | Template Protection based on Chaotic Map and DNA Encoding for Multimodal Biometrics at Feature Level Fusion. | |
| CN116455584B (en) | Downloading method and system based on software integrity | |
| CN116579774B (en) | Cross encryption-based payment platform system and method | |
| CN114710293B (en) | Digital signature method, device, electronic equipment and storage medium | |
| JP2015039106A (en) | Biometric signature system | |
| Fatima et al. | A Secure BlockChain Based Application For Health Records |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |