CN114697029B - Method for exchanging keys in an untrusted communication environment - Google Patents
Method for exchanging keys in an untrusted communication environment Download PDFInfo
- Publication number
- CN114697029B CN114697029B CN202210450802.7A CN202210450802A CN114697029B CN 114697029 B CN114697029 B CN 114697029B CN 202210450802 A CN202210450802 A CN 202210450802A CN 114697029 B CN114697029 B CN 114697029B
- Authority
- CN
- China
- Prior art keywords
- communication
- cos
- fang
- key
- jia
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 68
- 238000000034 method Methods 0.000 title claims abstract description 19
- 230000000694 effects Effects 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000005336 cracking Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000007667 floating Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the field of information technology, in particular to a method for exchanging secret keys in an untrusted communication environment, which comprises the following steps: disclosing a positive integer n and a decimal s, wherein n is the key length; communication Fang Jia and communication Fang Yi generate a positive integer d and a positive integer e, respectively; communication Fang Jia calculates x1=cos (d×s), disclosing x 1; communication Fang Yi calculates x2=cos (e×s), disclosing x 2; communication Fang Jia calculates Key key=floor (10≡abs (cos (d×e×s))) from x 2; communication Fang Yi calculates Key key=floor (10≡abs (cos (e×d×s))) from x 1; the Key calculated by the communication Fang Jia and the communication party b will be the same, and the Key exchange is completed. The invention has the following substantial effects: the secure exchange of the secret key can be completed in an unsafe network environment, and the communication security is improved.
Description
Technical Field
The invention relates to the technical field of information, in particular to a method for exchanging secret keys in an untrusted communication environment.
Background
The internet technology has deeply affected people's life and work, has greatly improved people's quality of life and work efficiency. Today, large amounts of data are not being transmitted anytime over the internet. Data transmission security is also one of the always important research subjects in the field. The transmission of encrypted data over the internet is generally secure because the eavesdropper is not aware of the decrypted key. However, the data receiver is also unaware of the encrypted key, which results in the key being transmitted over an unsecured network, with a risk of leakage. For this reason, a scheme capable of establishing secure key exchange in an unsafe communication environment needs to be studied.
Disclosure of Invention
The invention aims to solve the technical problems that: there is currently a lack of technical problems with key exchange schemes in unsecure communication environments. A method for exchanging keys in an untrusted communication environment is provided, which is capable of completing secure exchange of keys.
In order to solve the technical problems, the invention adopts the following technical scheme: a method of exchanging keys in an untrusted communication environment, comprising: disclosing a positive integer n and a decimal s, wherein n is the key length; communication Fang Jia and communication Fang Yi generate a positive integer d and a positive integer e, respectively; communication Fang Jia calculates x1=cos (d×s), disclosing x 1; communication Fang Yi calculates x2=cos (e×s), disclosing x 2; communication Fang Jia calculates Key key=floor (10≡abs (cos (d×e×s))), floor () being a downward integer, abs () being an absolute value, from x 2; communication Fang Yi calculates Key key=floor (10≡abs (cos (e×d×s))) from x 1; the Key calculated by the communication Fang Jia and the communication party b will be the same, and the Key exchange is completed.
Preferably, the cos () function operation in the key exchange process is replaced by the sin () function operation, and the positive integers d and e generated by the communication party a and the communication Fang Yi are both odd numbers.
The invention has the following substantial effects: the method can complete the secure exchange of the secret key in an unsafe network environment, so that the secret key does not need to be directly transmitted in the network, and an eavesdropper cannot push the secret key through public information, thereby improving the communication security.
Drawings
Fig. 1 is a schematic diagram of a key exchange method according to an embodiment.
Detailed Description
The following description of the embodiments of the present invention will be made with reference to the accompanying drawings.
A method for exchanging keys in an untrusted communication environment, referring to fig. 1, comprising: step A01) discloses a positive integer n and a decimal s, wherein n is the key length; step a 02) communication Fang Jia and communication Fang Yi generate a positive integer d and a positive integer e, respectively; step a 03) communication Fang Jia calculates x1=cos (d×s), disclosing x 1; step a 04) communication Fang Yi calculates x2=cos (e×s), disclosing x 2; step a 05) the communication Fang Jia calculates Key key=floor (10≡abs (cos (d×e×s))) according to x2, floor () is rounded down, abs () is absolute; step a 06) communication Fang Yi calculates Key key=floor (10≡abs (cos (e×d×s))) from x 1; step a 07) the communication Fang Jia and the communication party b calculate the same Key, and the Key exchange is completed. n is the length of the key in decimal representation. In this embodiment, the communication Fang Jia generates n=10 and discloses to the communication Fang Yi that the length of the agreed Key is a 10-bit decimal value.
As shown in table 1, is a summary of the calculations performed during the key exchange process, and the information available to an eavesdropper.
TABLE 1 calculation and public information summary table during Key exchange
Communication Fang Jia | Eavesdropper(s) | Communication Fang Yi |
n=10,s=1.205 | n=10,s=1.205 | n=10,s=1.205 |
d=7,x1=cos(7*1.205) | - | - |
x1=-0.54887547761954 | ||
x1=-0.54887547761954 | x1=-0.54887547761954 | |
- | - | e=3,x2=cos(3*1.205) |
x2=-0.89001997516942 | ||
x2=-0.89001997516942 | x2=-0.89001997516942 | |
Key=floor(10^10*abs(cos(7*e*s))) | - | Key=floor(10^10*abs(cos(3*d*s))) |
Key=9852001087 | - | Key=9852001087 |
The communication Fang Jia generates a positive integer d=7 and is secure. Calculate x1=cos (7 x 1.205) = -0.54887547761954, send x1 to communication Fang Yi, and eavesdropper can eavesdrop on the value of x 1. In this embodiment, n is 10, and the number of significant digits of x1 exceeds 10, for example, the number of significant digits of x1 in table 1 is 14. Communication Fang Yi generates a positive integer e=3, calculates x2=cos (3×1.205) = -0.89001997516942, sends x2 to communication Fang Jia, and an eavesdropper can eavesdrop on the value of x 2.
The octave formula of the sine function is disclosed in the art as follows:
sin (mx) = Σ (-1) ≡k ≡m ((2k+1) ++1) +|m-2 k-1) ++cosx (m-2 k-1)/(sinx) ++2k+1), where m is an even number and k e 0, m/2-1].
sin (mx) = Σ (-1) ≡k ] m |/((2k+1) | (m-2 k-1) |) ((cosx)/(m-2 k-1) × (sinx)/(2k+1), where m is an odd number, k e [0, (m-1)/2 ].
The octave formula of the cosine function is:
cos (mx) = Σ (-1) ≡k ] m |/((2 k) | (m-2 k) |)/(cosx)/(m-2 k)/(sinx)/(2 k), where m is an even number and k e [0, m/2].
cos (mx) = Σ (-1) ≡k ] m |/((2 k) | (m-2 k) |)/(cosx)/(m-2 k)/(sinx)/(2 k), where m is an odd number and k e [0, (m-1)/2 ].
The cosine function is obtained by a sine equation of the cosine function, and the cosine value of the multiple angle can be obtained by calculating the cosine value of the single angle no matter the multiple is odd or even, and the sine value of the single angle is not involved, so that the two communication parties do not need to exchange the sine value.
The communication Fang Jia is obtained by multiplying the angle formula and replacing (sin (e×s)). Sup.2 with (1- (cos (e×s)). Sup.2), and the calculation equation for calculating cos (7×e×s) is: cos (7×es) = -7×cos (e×s) +56×cos (e×s)/(3-112×cos (e×s)/(5+64×cos (e×s)/(7). Namely: cos (7×e×s) = -7×x2+56×2×3-112×2×5+64×2×7= 0.9852001087539. Thus, the communication party a can calculate and obtain the Key key=floor (10 ζ abs (cos (7×e×s))) = 9852001087.
The communication Fang Yi is obtained by multiplying the angle formula and replacing (sin (d x s)). Sup.2 with (1- (cos (d x s)). Sup.2), and the calculated cos (3 x d x s) is obtained by: cos (3×d×s) = -3×cos (d×s) +4×cos (d×s)/(3×3= -3×x1+4×1++3= 0.9852001087539). Thus, key=floor (10≡10×abs (0.9852001087539))= 9852001087 is obtained. It can be seen that the Key obtained by communication Fang Jia and communication Fang Yi is the same.
The security of this embodiment is established by calculating the sine/cosine value of the integer quickly and accurately, and it is very difficult to calculate the integer reversely from the sine/cosine function value. There are two ways to calculate the sine/cosine function value in reverse: exhaustive cracking and inverse sine/cosine function computation.
Exhaustive cracking requires traversing each possible value one by one, i.e., attempting to generate a guess d ', calculating cos (d '), such that cos (d ') is exactly the same as x1 disclosed. The values of d and e are both small in this implementation. When d has a significant number of 6 bits, such as d= 702369, cos (d×s) = -0.98733143312097. And attempts to make in [0,999999] there is no other integer d 'such that cos (d' ×s) = -0.98733143312097. The reason for this is that the period of the cosine function cos () is 2pi, and 2pi is an irrational number. Resulting in theoretically the cosine value of the product of each integer and s being unique. However, in practical implementations, the accuracy employed is limited. Given the significant number length, it is possible to find integers with the same cosine value at a certain accuracy, but with very low probability.
When d has a significant number of 14 bits, such as d= 75682369021456, cos (d×s) = 0.9089600403717, an attempt is made to find a guess d 'so that the probability of cos (d') being exactly the same as the disclosed x1 is 1/10≡14. That is, in the case of a significant number of 14 bits, 10-14 sine function operations are theoretically required.
When d has 100 bits, 10-100 sine function operations are theoretically needed. At a calculation frequency of 1GHz, the required time is 10-91 seconds, about 3 x 10-82 years. When the peak value calculation force 537212.00 Ttflips of the current fastest supercomputer is used for calculation, ttflips is trillion times per second of floating point calculation, and the sine/cosine function calculation is considered to be the same as single floating point calculation in time, and the required time is still 2 x 10 x 82 seconds and about 6 x 10 x 73 years. It can be seen that by increasing the values of d and e, it is sufficient to cope with an exhaustive cracking. Given d, e and s, the speed of calculating cos (d, s), cos (e, s) and cos (d, e, s) is faster. The decimal retention number of the obtained sine/cosine function is more than n, and a large amount of data is not required to be transferred in the network.
When the values of d and e are larger, the key exchange method has higher security, but at the same time, the calculation of the octave formula of the sine/cosine function is caused, and more time is consumed. For this reason, the present embodiment provides a solution for simplifying the sine/cosine function octave formula calculation.
D is generated such that d% n=d1×d2× … ×d_s, s is a positive integer, and d% N is an odd number. That is, d=a×n+d1×d2× … ×d_s, and a is an integer. The cos ((d% N) × (e% N)) is calculated, i.e., the cos (d 1×d2× … ×d_s (e% N)) is calculated. The calculation can be performed in steps. First, the value of cos (d_s (e% N)) is calculated, denoted as x2_s=cos (d_s (e% N)), then, by using the value of x2_s, cos ((d_s-1) ×d_s (e% N)) is calculated, and by continuous recursion, the value of cos (d1×d2× … ×d_s (e% N)) is finally calculated.
For another cracking scheme, the inverse sine/cosine function is calculated:
since the value range of the arcsin is [ -pi/2, pi/2 ], correction is needed after the value of the arcsin is obtained. For example, when d=7, the sine function value sin (7) = 0.65698659871879, and the method in which the eavesdropper tries to use the arcsin back-push d includes:
calculate arcsin (0.65698659871879) = 0.71681469282041;
attempts were made to find a positive integer k such that (0.716804469282041+2 x k x pi) was an integer, or very close to an integer. After the attempt, when k=1, (0.716884689282041+2 pi) =7. Thereby back-deriving integer values from the sine function values.
However, when the value of d is large, for example, d=700, the sine function value sin (700) = 0.54397052336338, and the method of the eavesdropper attempting to back-push d is as follows:
calculate arcsin (0.54397052336338) = 0.5751617505239;
attempts were made to find a positive integer k such that (0.5751617505239+2 x k x pi) was an integer, or very close to an integer. After the trial it was found that when k e [0,20000] was calculated using a 14-bit significant number, there was no k value that was exactly such that (0.5751617505239+2 x k x pi) was an integer. And wherein the closest 700 values are 698.00873084746 and 704.29191615464, where k has values of 111 and 112, respectively. However, the eavesdropper had no reason to normalize 698.00873084746 to 700 and should normalize 698, nor had there been reason to normalize 704.29191615464 to 700 and should normalize 704. Therefore, when the values of d and e are slightly large, the integer value cannot be correctly extrapolated from the function value when the calculation is performed with the accuracy of the 14-bit significant number. It can be seen that this embodiment can effectively cope with attacks that break through an arcsine function.
In this embodiment, the cos () function operation in the key exchange process may be replaced by the sin () function operation, and the positive integers d and e generated by the communication party a and the communication Fang Yi respectively are both odd numbers. When the octave formula of the sine function is used, the right side of the formula contains only the single-angle sine value term when the multiples are odd, i.e., d% N and e% N are odd. That is, the even-numbered square terms of the single-angle cosine values are replaced with expressions of the single-angle sine values, and all the single-angle cosine values can be removed.
The beneficial technical effects of this embodiment are: the method can complete the secure exchange of the secret key in an unsafe network environment, so that the secret key does not need to be directly transmitted in the network, and an eavesdropper cannot push the secret key through public information, thereby improving the communication security.
The above-described embodiment is only a preferred embodiment of the present invention, and is not limited in any way, and other variations and modifications may be made without departing from the technical aspects set forth in the claims.
Claims (2)
1. A method of exchanging keys in an untrusted communication environment, characterized in that,
comprising the following steps:
disclosing a positive integer n and a decimal s, wherein n is the key length;
communication Fang Jia and communication Fang Yi generate a positive integer d and a positive integer e, respectively;
communication Fang Jia calculates x1=cos (d×s), disclosing x 1;
communication Fang Yi calculates x2=cos (e×s), disclosing x 2;
communication Fang Jia calculates Key key=floor (10≡abs (cos (d×e×s))), floor () being a downward integer, abs () being an absolute value, from x 2;
communication Fang Yi calculates Key key=floor (10≡abs (cos (e×d×s))) from x 1;
the secret Key calculated by the communication Fang Jia and the communication party B are the same, so that the secret Key exchange is completed;
the octave formula of the cosine function is:
cos (mx) = Σ (-1) ≡k ] m |/((2 k) | (m-2 k) |)/(cosx)/(m-2 k)/(sinx)/(2 k), where m is an even number and k e [0, m/2];
cos (mx) = Σ (-1) ≡k ] m |/((2 k) | (m-2 k) |)/(cosx)/(m-2 k)/(sinx)/(2 k), where m is an odd number and k e [0, (m-1)/2 ];
the communication Fang Jia is passed through the octave formula, and where (sin (e×s)) -2 is replaced by (1- (cos (e×s)) -2), d and x2 are substituted into the octave formula to obtain cos (d×e×s);
the communication Fang Yi passes through the octave formula and replaces (sin (d) s)). Sup.2 with (1- (cos (d) s)). Sup.2), substituting e and x1 into the octave formula to obtain cos (e.
2. The method for exchanging keys in an untrusted communication environment of claim 1,
the cos () function operation in the key exchange process is replaced by the sin () function operation, and the positive integers d and e generated by the communication party a and the communication Fang Yi are both odd numbers.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210450802.7A CN114697029B (en) | 2022-04-27 | 2022-04-27 | Method for exchanging keys in an untrusted communication environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210450802.7A CN114697029B (en) | 2022-04-27 | 2022-04-27 | Method for exchanging keys in an untrusted communication environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114697029A CN114697029A (en) | 2022-07-01 |
CN114697029B true CN114697029B (en) | 2024-03-19 |
Family
ID=82144819
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210450802.7A Active CN114697029B (en) | 2022-04-27 | 2022-04-27 | Method for exchanging keys in an untrusted communication environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114697029B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114880692A (en) * | 2022-07-05 | 2022-08-09 | 浙江数秦科技有限公司 | Loan contract evidence-saving method based on block chain |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108282327A (en) * | 2017-01-06 | 2018-07-13 | 重庆邮电大学 | A kind of OPC UA secret key exchange methods based on chaos rsa encryption |
CN113541918A (en) * | 2020-04-22 | 2021-10-22 | 三星电子株式会社 | Encryption method and device based on composite homomorphic encryption of use function |
-
2022
- 2022-04-27 CN CN202210450802.7A patent/CN114697029B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108282327A (en) * | 2017-01-06 | 2018-07-13 | 重庆邮电大学 | A kind of OPC UA secret key exchange methods based on chaos rsa encryption |
CN113541918A (en) * | 2020-04-22 | 2021-10-22 | 三星电子株式会社 | Encryption method and device based on composite homomorphic encryption of use function |
Also Published As
Publication number | Publication date |
---|---|
CN114697029A (en) | 2022-07-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Orman | The OAKLEY key determination protocol | |
CN109088726B (en) | SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties | |
CA2277633C (en) | Split-key key-agreement protocol | |
CN1350735A (en) | Indirect public-key encryption | |
US8032747B2 (en) | Comparison of documents possessed by two parties | |
CN114697029B (en) | Method for exchanging keys in an untrusted communication environment | |
CN110336657B (en) | Optical OFDM dynamic key generation method based on channel characteristics | |
CN115037439B (en) | Multiparty privacy set intersection method and system suitable for small set | |
CN117278324A (en) | Message encryption transmission method and system | |
US11575466B2 (en) | Error reconciliation method for LWE public key cryptography | |
Patel et al. | Towards making Luby-Rackoff ciphers optimal and practical | |
CN106789020B (en) | Decoy state quantum key distribution system and method | |
CN114745116B (en) | Method for safely exchanging secret key | |
CN114844649B (en) | Secret key distribution method containing trusted third party based on superlattice PUF | |
Zhang et al. | Design of compressed sensing fault-tolerant encryption scheme for key sharing in IoT Multi-cloudy environment (s) | |
CN114697028B (en) | Method for exchanging secret key on unsafe channel | |
Orman | RFC2412: The OAKLEY Key Determination Protocol | |
US8036383B2 (en) | Method and apparatus for secure communication between cryptographic systems using real time clock | |
Shao et al. | Pairwise and parallel: enhancing the key mismatch attacks on kyber and beyond | |
CN109905241A (en) | A kind of short encoding of chinese characters of curve public key, coding/decoding method | |
Chen | PQCMC: Post-Quantum Cryptography McEliece-Chen Implicit Certificate Scheme | |
KR930011649B1 (en) | Diffie-hellman type key distribute method of communications system | |
Sharma et al. | Study and analysis of key generation techniques in internet of things | |
JP2942395B2 (en) | Network system for secret communication | |
US8738914B2 (en) | Method and system for key exchange and method and apparatus for reducing parameter transmission bandwidth |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |