CN114710273A - Secret key generating method for communication system - Google Patents

Secret key generating method for communication system Download PDF

Info

Publication number
CN114710273A
CN114710273A CN202210297343.3A CN202210297343A CN114710273A CN 114710273 A CN114710273 A CN 114710273A CN 202210297343 A CN202210297343 A CN 202210297343A CN 114710273 A CN114710273 A CN 114710273A
Authority
CN
China
Prior art keywords
key
stage
selecting
mod
communication system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210297343.3A
Other languages
Chinese (zh)
Other versions
CN114710273B (en
Inventor
管明尧
成保刚
许小锋
魏林
皮慧斌
韩哲吉
柴晓娟
韩凤娇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rongzhitong Technology Beijing Co ltd
Original Assignee
Rongzhitong Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rongzhitong Technology Beijing Co ltd filed Critical Rongzhitong Technology Beijing Co ltd
Priority to CN202210297343.3A priority Critical patent/CN114710273B/en
Publication of CN114710273A publication Critical patent/CN114710273A/en
Application granted granted Critical
Publication of CN114710273B publication Critical patent/CN114710273B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The invention provides a key generation method of a communication system, which comprises four stages, wherein the first stage is a system initial stage, the second stage is a registration stage, the third stage is a verification stage, and the fourth stage is a key exchange stage. It is further proposed a key generation apparatus of a hardened communication system, the key generation apparatus comprising: a memory for storing computer-executed instructions; a processor for executing computer instructions stored in the memory to carry out the functional steps of the method as described above. By adopting the technical scheme of the invention, the safety between transmissions of the military communication system can be thoroughly solved, the local pretended identity is prevented from acquiring related information or being stolen during transmission, the communication efficiency can be improved, and the calculated amount is reduced.

Description

Secret key generating method for communication system
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a method for generating a secret key of a communication system.
Background
The electronic communication combat capability of the military is continuously improved year by year in recent years, all system constructions are developed towards the direction of comprehensive communication combat, the importance of the military in all communication transmission is examined, a safer data exchange mechanism is required to be built under the existing communication system architecture, and the basic safety requirement is improved.
For the key exchange mechanism, there have been many international documents providing different design architectures, but the requirement of the military communication system for emphasizing the special customization of multiple security certificates cannot be met. In view of the above situation, a key mechanism for enhancing military communication system is based on military communication, and utilizes the characteristics of short encryption key, fast processing speed, etc. of random packet cryptosystem and elliptic curve cryptosystem to design a key switch mechanism meeting the basic requirements for enhancing identity authentication security, so as to achieve the following advantages.
1. In order to make the data transmission process have a non-repudiation mechanism, an identity authentication mechanism is built in the system, so that the dependence on a third-party authentication center can be reduced, and registered users in the system can perform mutual identity authentication by utilizing public parameters in an off-line manner.
2. When both communication parties transmit information in an open environment, data can be transmitted in a ciphertext mode, and human tampering and stealing are prevented. A secret key mechanism of a reinforced military communication system utilizes a communication secret key exchange mechanism of a random knapsack cryptosystem, thereby improving the complexity and the cracking difficulty of the secret key and reinforcing the integrity and the safety of data transmission.
The method has the advantages that the elliptic curve cryptosystem is used, the characteristics of short secret key length and low calculation complexity are achieved, and compared with other asymmetric second-time algorithms, the method has the characteristics of higher safety and high running speed in the same secret key length, the benefit of personnel identity is improved, and the integrity and non-repudiation of data of both communication parties are strengthened.
Disclosure of Invention
The invention discloses a secret key generation method of a communication system, which belongs to a secret key generation mechanism of a reinforced communication system, and is based on an elliptic curve cryptosystem and a random backpack cryptosystem and combined with reinforced identity authentication, namely a secret key exchange transmission mechanism.
According to an aspect of the present invention, there is provided a key generation method of a communication system, the method comprising:
the first stage is the initial stage of the system:
setting various initial conditions of an AS (application server) of a data management certificate center, and selecting a safe elliptic curve in a limited domain;
the second stage is a registration stage:
each user sends its own identity information and private key (id)A,dA) Handling registration id using secure means or in person to data management credential center (AS)ASignature, id ofAFor user UAIdentity information of dAIs a private key;
data management credential center AS receives UASelecting a private key d according to the systemAData management credential center AS calculates U using knapsack cryptosystemAPublic key EA
AS authentication UAAnd idACorrectness of the relationship between;
the third stage is a verification stage:
user UAAnd UBMutually verifying identity information and a timestamp of the other party;
the fourth stage is a key exchange stage:
the users UA and UB calculate their communication keys SKA and SKB and exchange them with each other.
According to an aspect of the present invention, the method for generating a secret key of an enhanced communication system includes:
selecting a prime number q greater than 3;
selecting two positive integers a, b smaller than q, satisfying that y is x3+ ax + b (modq), where mod is the remainder of q by b, where x is greater than or equal to 0 and less than or equal to q;
let P be a point on the elliptic curve E and P be a point on the order α, where α is 4P1·p2+1,p1=2p3+1、p2=2p4+1, wherein p1、p2、p3、p4Are all large prime numbers; and p is1、p2、p3、p4Discarded after the calculation;
data management credential center AS computes public key QASThen Q isAS=sASP, wherein sASIs a private key.
According to an aspect of the present invention, the key generation method of the enhanced communication system specifically includes, in the registration stage:
data management credential center AS receives UASelecting private key d according to systemACalculating U by using knapsack password systemAPublic key (E)A);
1) Firstly, randomly selecting n-dimensional vector dAAnd d isAiAre all positive integers, and are not limited to the integer,
dA=(dA1,…,dAi,…,dAn)、dA1=max(dAi);
2) then randomly selecting two prime numbers yAAnd mA,∑Ai=1 ndAi<mA<2dA1
3) Computing vector JA=(jA1,…,jAi,…,jAn) Wherein j isAi≡yA*dAi(mod mA)、Ai=1,…,n;
4) Will jAiAsymmetric grouping is carried out, and the left part and the right part are distinguished at the h-th position from left to right to form pAiAnd zAi
5) Selecting a positive integer tASatisfy (p)A+tA+*zAi)<2h-1, i.e. represents pAiNo carry;
6) let uAi=pAi+tA*zAi、Ai=1,…,n;
7) Randomly selecting two prime numbers rAAnd fASatisfy rA>∑Ai=1 n uAi,fA>∑Ai=1 n zAiAnd calculating a formula by using a residue theorem:
EID(idA)=EA=(eA1,eA2,…,eAn) Wherein 0 is not more than eAi≤rAfA–1;
yAi≡uAi(mod rA)、yAi≡zAi(mod fA) Wherein A isi=1,…,n;
8) Secret key rA,fA,tA,yA -1,mAWherein y isA -1Is yAModulo element of (D), and publish EA
AS authentication UAAnd idAThe correctness of the relation between the u and the u is calculatedAi,pAi,jAi,dAi
1)uAi=c(mod rA)、zAi=c(mod fA);
2)pAi=uAi–tA·zAi
3)jAi=pAi·2n-h+zAi
4)dAi=yA -1·jAi(mod mA);
5) Using an initial superseding sequence sASAnd calculating and solving a plaintext x.
According to an aspect of the present invention, in the key generation method of the communication system, the verification stage specifically includes:
first, UASelecting a random binary vector XA=(XA1||…||XAi) And a random number bAAnd a time stamp tAAs a corresponding parameter, we can calculate the registration certificate YA,TAObtaining UASignature S ofA
1)YA=idA·dAP; p is a random prime number;
2)TA=(∑j=1 l xAi·hBj)·p,hBjis UBA verification value of (a);
UAusing time stamps tAAnd UBIdentity information idBExecution of operation f (Y) of the compact functionA||tA||TA||idB) Calculating SA=GA+f(YA||tA||TA||idB)·(∑j=1 l xAi·hBj) P, wherein GAIs a base point with the order of alpha on the elliptic curve, and p is a random prime number;
finally, UASending (id)A||YA||tA||SA||TA) To UB
Same, UBSelecting a random binary vector XB=(XB1||…||XBi) Time stamp tBAs a corresponding parameter, the public key is then derived from YB、TBObtaining a signature SBThe following were used:
1)YB=idB·dB·p;
2)TB=(∑j=1 l xBi·hAj)·p,hAjis UAA verification value of (a);
3)SB=GB+f(YB||tB||TB||idA)·(∑j=1 l xBi·hAj) P, wherein GBIs a base point with the order of alpha on the elliptic curve, and p is a random prime number;
information (id)B||YB||tB||SB||TB) Is sent to U in the same wayA
According to an aspect of the present invention, in the key generation method of the enhanced communication system, the key exchange stage specifically includes:
before generating session key, UAAnd UBAuthentication is required (id)A||YA||tA||SA||TA) And (id)B||YB||tB||SB||TB),UATo UBSending (id)A||YA||tA||SA||TA),UBTo UASending (id)B||YB||tB||SB||TB);
Verification was performed as follows:
1)SB+YB+idB·QAS≡f(YB||tB||TB||idA)·TB
2)SA+YA+idA·QAS≡f(YA||tA||TA||idB)·TA
thus U isAAnd UBComputing their communication key SKAAnd SKBThe formula is as follows:
3)SKA=(∑j=1 l xAi·hBj)·TB
4)SKB=(∑j=1 l xBi·hAj)·TA
and SK is demonstrated in the following equationAAnd SKBAre the same:
SKA=SKB=∑j=1l xAi·hBj)·(∑j=1l xBi·hAj)·P;
is UA and UB verify that SKB and SKA received from shared key are equal, respectively? If the two values are equal, the verification is successful, and if the two values are not equal, the current communication connection is abandoned.
According to another aspect of the present invention, there is also provided a key generation apparatus of a communication system, the key generation apparatus including: a memory for storing computer-executed instructions; a processor for executing computer instructions stored in the memory to carry out the functional steps of the method as described above.
By adopting the technical scheme of the invention, the safety between transmissions of the military communication system can be thoroughly solved, the local pretended identity is prevented from acquiring related information or being stolen during transmission, the communication efficiency can be improved, and the calculated amount is reduced.
Drawings
Fig. 1 is a schematic diagram of a key exchange protocol provided in an embodiment of the present application;
fig. 2 is a schematic diagram illustrating a registration phase of a key generation method according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram illustrating a verification phase of a key generation method according to an embodiment of the present disclosure;
fig. 4 is a diagram illustrating an example of a communication key exchange phase of a key generation method according to an embodiment of the present application;
fig. 5 is a schematic diagram of a key exchange protocol flow provided in an embodiment of the present application.
Fig. 6 is a block diagram of a key generation apparatus according to an embodiment of the present application.
Detailed Description
In the solutions provided in the embodiments of the present application, the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to better understand the technical solutions, the technical solutions of the present application are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features in the embodiments and examples of the present application are detailed descriptions of the technical solutions of the present application, and are not limitations of the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
The symbols used in this application and their physical meanings are shown in table 1.
TABLE 1
Sequence of (symbol) Description of the invention
1 AS Data management center
2 UA、UB User A and user B
3 E(Fq) Elliptic curve
4 α Order on elliptic curve (order)
5 G Order on the elliptic curve isBase point of alpha
6 QAS Data management credential center (AS) public key
7 SAS Data management credential center (AS) private key
8 idA、idB UA、UBIdentity information id of
9 mA,yA,rA,fA UARandom parameter of
10 mB,yB,rB,fB UBRandom parameter of
11 EA、EB UA、UBPublic key
12 hA、hB UA、UBVerification value
13 SKB、SKA UAAnd UBShared secret key
14 h>>n-h h number of bits is greater than n-h number of bits
Elliptic curve cryptography is an open encryption algorithm based on elliptic curve mathematics. Elliptic curve cryptography requires substantially fewer system parameters and key lengths than other public key encryption methods. There are many slight differences in form, but all rely on the widely recognized difficulty of having to solve elliptic curve dispersion versus mathematical problems, corresponding to a finite field elliptic curve group, which is prior art.
General formula y for elliptic curves2+a xy+by=x3+cx2+ dx + e, where a, b, c, d, e are prime numbers. In elliptic curves, the dot addition operation is particularly defined if q is a prime number greater than 3, as in Galois Field E (G)q) Wherein x is an x-axis coordinate, y is a y-axis coordinate, and the formula of the elliptic curve is as follows:
y2=x3+ ax + b (mod q), where x is greater than or equal to 0 and less than or equal to q, a, b are positive integers less than q and 4a3+27b2mod q is not equal to 0. In addition, an infinite origin O is also defined, and if a straight line intersects the elliptic curve at three points, the sum of the three points is an infinite point O. Suppose two points A (x)1,y1) And B (x)2,y2) In elliptic curve group E (F)q) The dot addition operation is as follows:
A+O=O+A=A
if x1=x2,y1=-y2,A=(x1,y1),B=(x2,y2)=(x1–y1) When the sum of A + B is O
If A is not equal to B, then A + B ═ x3,y3). Wherein (x)3,y3) The calculation is as follows:
x3is constantly equal to lambda2-x1–x2(mod q)
y is always equal to λ (x)1–x3)–y1(mod q)
The key exchange protocol was first proposed in 1976 by Diffie and Hellman, two scholars of public key cryptography. Through the key exchange protocol, the two parties can safely negotiate the conversation key, the privacy of the communication information at this time is ensured, and the safety property of the conversation key is based on the discrete pair mathematic problem. The algorithm is illustrated as follows: a
First, two public parameters are set, assuming a large prime number p and g is the original root of the modulus p, two parties of communication establish a session key.
A randomly selecting prime number X, and calculating X ═ gxmod p, then send to B.
B randomly selecting prime number Y, and calculating Y ═ gymod p, then send to A.
(II) A receives y sent by B, and calculates the key of conversation by using the selected prime number y
Kxy=(Y)xmod p=(gy)xmod p=g xymod p
After both parties finish the key agreement, the same conversation key K is obtained without knowing the prime number selected by the other party.
Even if an attacker steals X and Y, it is not feasible for the attacker to compute the session key K because of the split log-split problem (X and Y cannot be derived from X and Y), and the key exchange protocol flow chart is shown in fig. 5.
The random knapsack system cryptosystem means that given a natural number sequence B ═ B, …, B, …, B) and a number S, it has been proved that an NP-Complete problem can not be solved in polynomial time, but the problem of unpacking the knapsack in many specific number sequences is simple, so most of them are not NP-Complete problem, and we are called easy-to-solve knapsack number sequences.
Therefore, the scholars in the following propose a new knapsack cryptosystem, and firstly, the random cryptosystem proposed by the scholars applies addition and modular subtraction to solve the problem of the super-increment series, so as to resist the tool for directly solving the knapsack problem under the condition that the attacker can not master the private key, for example, means such as low-density attack and the like, and applies a technology instead of confusion to reduce the redundancy of the system.
The calculation method is as follows:
key generation phase
1. Randomly selecting n-dimensional vector B ═ (B)1,…,bi,…,bn) Wherein b is max (b)i)、biAre all positive integers and must not be repeated.
2. Randomly selecting two prime numbers m and w, wherein sigman i=1b<m<2b1
3. Calculating vector D ═ D1,…,di,…,dn) Wherein d isi=w·bi(mod m)、i=1,…,n。
4. Will diPerforming an asymmetric grouping, dividing the j-th bit into left and right parts from left to right to form eiAnd viRespectively having j bits and n-j bits, and j>>n–j,d=e+v。
5. Selecting a positive integer t satisfying (e)i+t·vi)<2j1, i.e. meaning e has no carry, let ui=ei+t·vi、i=1,…,n。
6. Randomly selecting two prime numbers p and q to satisfy p>∑n i=1ui,q>∑n i=1viUsing the remainder theorem formula:
(1)A=(a1,a2,…,an) Wherein 0 is not less than ai≤(p·q-1)。
(2)ai=ui(mod p)=vi(mod q), where i ═ 1.
(3) Privacy is p, q, t, w-1M, wherein w-1Is the negation element of w.
(II) encryption phase
1. Converting information x into binary n carry (x) ═ x1,x2,…,xn,xi∈(0,1)。
2. General information (x)2=x1,x2,…,xnWith public key a ═ a1,a2,…,an) And (5) encrypting.
3.c=a1x1+a2x2+…+anxn
(III) decryption stage
1. Calculate u ═ c (mod p), v ═ c (mod q).
2. And e-u-t.v is calculated.
3. Calculating d as e.2n-j+v。
4. Calculating y as w-1·d(mod m)。
5. And (5) calculating and solving the plaintext x by using the initial super-increment sequence B.
Fig. 1 shows a key mechanism of a hardened communication system according to the present invention. The method comprises the following four stages, wherein the first stage is a system initial stage, the second stage is a registration stage, the third stage is a verification stage, the fourth stage is a key exchange stage, and the symbol table is shown in table 1.
Stage 1, system initialization. Firstly, setting each initial condition of AS of data management certificate center, selecting a safe elliptic curve E (F) in a limited domainq) The method comprises the following steps:
1.a prime number q greater than 3 is selected.
2. Selecting two positive integers a, b smaller than q, satisfying that y is x3+ ax + b (mod q), where mod is the remainder of q by b. Wherein x is 0 or more and q or less.
3. Let P be a point on the elliptic curve E and P be a point on the order α, where α is 4P1·p2+1, where p1 ═ 2p3+1、p2=2p4+1, wherein p1、p2、p3、p4Are all large prime numbers.
4.p1、p2、p3、p4And discarded after the calculation.
5. Data management credential center AS computes public key QASThen Q isAS=sASP wherein sASIs a private key.
Stage 2, registration stage
The registration phase is shown in FIG. 2, with each user (U)A) The identity information and the private key (id) of the user are combinedA,dA) Handling registration id using secure means or in person to data management credential center (AS)AAnd each user (U)A) The public key of the data management certificate center AS is known, and only the data management certificate center AS knows the corresponding private key.
Data management credential center AS computing user (U)A) Private key program, as shown in FIG. 2 (user U)BThe same applies to the method).
1. Data management credential center AS receives UASelecting a private key d according to the systemAAnd will (id)A,dA) Transmitting to data management certificate center AS, which calculates U by using knapsack password systemAPublic key (E)A)。
1) First randomly selecting n-dimensional vectors, and dAiAre all positive integers.
dA=(dA1,…,dAi,…,dAn)、dA1=max(dAi)
2) Then randomly selecting two prime numbers yAAnd mA,∑Ai=1 ndAi<mA<2dA1
3) Computing a vector where jAi≡yA*dAi(mod mA) 1, …, n and JA=(jA1,…,jAi,…,jAn)
4) Will jAiAsymmetric grouping is carried out, and the left part and the right part are distinguished at the h-th position from left to right to form pAiAnd zAi
5) Selecting a positive integer tASatisfy (p)A+tA+*zAi)<2h-1, i.e. represents pAiThere is no carry.
6) Let uAi=pAi+tA*zAi、Ai=1,…,n
7) Randomly selecting two prime numbers rAAnd fASatisfy rA>∑Ai=1 n uAi,fA>∑Ai=1 n zAiAnd calculating a formula by using a residue theorem:
EID(idA)=EA=(eA1,eA2,…,eAn) Wherein 0 is not more than eAi≤rAfA–1
yAi≡uAi(modrA)、yAi≡zAi(mod fA) Wherein A isi=1,…,n
8) Secret key rA,fA,tA,yA -1,mAWherein y isA -1Is yAModulo element of (D), and publish EA
AS authentication UAAnd idAThe correctness of the relation between the u and the u is calculatedAi,pAi,jAi,kAi
1)uAi=c(mod rA)、zAi=c(mod fA)
2)pAi=uAi–tA·zAi
3)jAi=pAi·2n-h+zAi
4)kAi=yA -1·jAi(mod mA)
5) Using an initial superseding sequence sASAnd calculating and solving a plaintext x.
Stage 3, verification stage
Suppose UAAnd UBSecret communication needs to be established, as shown in fig. 3:
1. first, UASelecting a random binary vector XA=(XA1||…||XAi) And a random number bAAnd a time stamp tAAs corresponding parameters. We can compute the registration certificate YA,TAObtaining UASignature S ofA
5)YA=idA·dA·p
6)TA=(∑j=1 l xAi·hBj)·p
2.UAUsing time stamps tAAnd UBIdentity information idBOperation f (Y) of the executed compact functionA||tA||TA||idB) Calculating SA=GA+f(YA||tA||TA||idB)·(∑j=1 l xAi·hBj)·p
3. Finally, UASending (id)A||YA||tA||SA||TA) To UB
4. Same, UBSelecting a random binary vector XB=(XB1||…||XBi) Time stamp tBAs corresponding parameters. Then the public key is changed from YB、TBObtaining a signature SBThe following were used:
1)YB=idB·dB·p
2)TB=(∑j=1 l xBi·hAj)·p
3)SB=GB+f(YB||tB||TB||idA)·(∑j=1 l xBi·hAj)·p
5. thus, the information (id)B||YB||tB||SB||TB) And sent to U in the same mannerA
Phase 4, communication key exchange phase
Before generating session key, UAAnd UBRequires authentication (id)A||YA||tA||SA||TA) And (id)B||YB||tB||SB||TB) Are respectively driven from UAAnd UBAnd (5) sending. The verification equation is shown in FIG. 3
1. First, the following formula is used for verification:
1)SB+YB+idB·QAS≡f(YB||tB||TB||idA)·TB
2)SA+YA+idA·QAS≡f(YA||tA||TA||idB)·T
2. thus U isAAnd UBCalculate their communication key SKAAnd SKB. The formula is as follows:
5)SKA=(∑j=1 l xAi·hBj)·TB
6)SKB=(∑j=1 l xBi·hAj)·TA
3. and SK is demonstrated in the following equationAAnd SKBAre the same:
SKA=SKB=∑j=1 l xAi·hBj)·(∑j=1 l xBi·hAj)·P
UAterminal and UBThe terminals respectively verify the received shared secret key SKBAnd SKAIs it equal? If the two are equal, the verification is successful, and if the two are not equal, the current communication connection is abandoned.
Referring to fig. 6, an embodiment of the present application provides a key generation apparatus, including:
a memory 301 for storing instructions for execution by at least one processor;
the processor 302 is configured to execute the instructions stored in the memory to perform the above-mentioned method steps proposed by the present invention.
Further, an embodiment of the present application provides a computer-readable storage medium, which stores computer instructions, and when the computer instructions are executed on a computer, the computer instructions cause the computer to perform the above-mentioned method steps proposed by the present invention.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (7)

1.A method for key generation in a communication system, comprising:
the first stage is the initial stage of the system:
setting various initial conditions of an AS (application server) of a data management certificate center, and selecting a safe elliptic curve in a limited domain;
the second stage is a registration stage:
each user sends its own identity information and private key (id)A,dA) Handling registration id using secure means or in person to data management credential center (AS)ASignature, id ofAFor the user UAIdentity information of dAIs a private key;
data management credential center AS receives UASelecting a private key d according to the systemAData management credential center AS calculates U using knapsack cryptosystemAPublic key EA
AS authentication UAAnd idACorrectness of the relationship between;
the third stage is a verification stage:
user UAAnd UBMutually verifying identity information and a timestamp of the other party;
the fourth stage is a key exchange stage:
user UAAnd UBCalculate their communication key SKAAnd SKBAnd are interchanged with each other.
2.A key generation method of a communication system according to claim 1, characterized by:
the initial stage of the system specifically comprises:
selecting a prime number q greater than 3;
selecting two positive integers a, b smaller than q, satisfying that y is x3+ ax + b (mod q), where mod is the remainder of q by b, where x is greater than or equal to 0 and less than or equal to q;
let P be a point on the elliptic curve E and P be a point on the order α, where α is 4P1·p2+1,p1=2p3+1、p2=2p4+1, wherein p1、p2、p3、p4Are all large prime numbers; and p is1、p2、p3、p4Discarded after the calculation is finished;
data management credential center AS computes public key QASThen Q isAS=sASP, wherein sASIs a private key.
3. The key generation method of a communication system according to claim 2, characterized in that:
the registration stage specifically includes:
data management credential center AS receives UASelecting a private key d according to the systemACalculating U by using knapsack password systemAPublic key (E)A);
1) Firstly, randomly selecting n-dimensional vector dAAnd d is dAiAre all positive integers, and are not limited to the integer,
dA=(dA1,…,dAi,…,dAn)、dA1=max(dAi);
2) then randomly selecting two prime numbers yAAnd mA,∑Ai=1 ndAi<mA<2dA1
3) Calculating vector JA=(jA1,…,jAi,…,jAn) Wherein j isAi≡yA*dAi(mod mA)、Ai=1,…,n;
4) Will jAiPerforming asymmetric grouping, and distinguishing left and right parts at h-th position from left to right to form pAiAnd zAi
5) Selecting a positive integer tASatisfy (p)A+tA+*zAi)<2h-1, i.e. represents pAiNo carry;
6) let uAi=pAi+tA*zAi、Ai=1,…,n;
7) Randomly selecting two prime numbers rAAnd fASatisfy rA>∑Ai=1 nuAi,fA>∑Ai=1 nzAiAnd calculating a formula by using a residue theorem:
EID(idA)=EA=(eA1,eA2,…,eAn) Wherein 0 is not more than eAi≤rAfA–1;
yAi≡uAi(mod rA)、yAi≡zAi(mod fA) Wherein A isi=1,…,n;
8) Secret key rA,fA,tA,yA -1,mAWherein y isA -1Is yAModulo element of (D), and publish EA
AS authentication UAAnd idAThe correctness of the relation between the u and the u is calculatedAi,pAi,jAi,dAi
1)uAi=c(mod rA)、zAi=c(mod fA);
2)pAi=uAi–tA·zAi
3)jAi=pAi·2n-h+zAi
4)dAi=yA -1·jAi(mod mA);
5) Using an initial superseding sequence sASAnd calculating and solving a plaintext x.
4. A key generation method of a communication system according to claim 3, characterized by:
the verification stage specifically comprises:
first, UASelecting a random binary vector XA=(XA1||…||XAi) And a random number bAAnd a time stamp tAAs a corresponding parameter, we can compute the registration credential YA,TAObtaining UASignature S ofA
1)YA=idA·dAP; p is a random prime number;
2)TA=(∑j=1 lxAi·hBj)·p,hBjis UBA verification value of (a);
UAusing a time stamp tAAnd UBIdentity information idBExecution of operation f (Y) of the compact functionA||tA||TA||idB) Calculating SA=GA+f(YA||tA||TA||idB)·(∑j=1 lxAi·hBj) P, wherein GAIs a base point with the order of alpha on the elliptic curve, and p is a random prime number;
finally, UASending (id)A||YA||tA||SA||TA) To UB
Same, UBSelecting a random binary vector XB=(XB1||…||XBi) Time stamp tBAs a corresponding parameter, the public key is then derived from YB、TBObtaining a signature SBThe following were used:
1)YB=idB·dB·p;
2)TB=(∑j=1 lxBi·hAj)·p,hAjis UAA verification value of (a);
3)SB=GB+f(YB||tB||TB||idA)·(∑j=1 lxBi·hAj) P, wherein GBIs on an elliptic curveA base point with an order of alpha, and p is a random prime number;
information (id)B||YB||tB||SB||TB) Is sent to U in the same wayA
5. The key generation method of a communication system according to claim 4, wherein:
the key exchange phase specifically comprises:
before generating session key, UAAnd UBRequires authentication (id)A||YA||tA||SA||TA) And (id)B||YB||tB||SB||TB),UATo UBSending (id)A||YA||tA||SA||TA),UBTo UASending (id)B||YB||tB||SB||TB);
Verification was performed as follows:
1)SB+YB+idB·QAS≡f(YB||tB||TB||idA)·TB
2)SA+YA+idA·QAS≡f(YA||tA||TA||idB)·TA
thus U isAAnd UBCalculate their communication key SKAAnd SKBThe formula is as follows:
1)SKA=(∑j=1 lxAi·hBj)·TB
2)SKB=(∑j=1 lxBi·hAj)·TA
and SK is demonstrated in the following equationAAnd SKBAre the same:
SKA=SKB=∑j=1 lxAi·hBj)·(∑j=1 lxBi·hAj)·P
UAterminal and UBThe terminals respectively verify the received shared secret key SKBAnd SKAIs it equal? If the two are equal, the verification is successful, and if the two are not equal, the current communication connection is abandoned.
6. A key generation apparatus of a communication system, characterized by:
the key generation apparatus includes:
a memory for storing computer-executed instructions;
a processor for executing computer instructions stored in the memory to perform the method steps of any of claims 1-5.
7. A computer-readable storage medium characterized by:
the computer-readable storage medium stores computer instructions which, when executed on a computer, cause the computer to perform the method steps of any of claims 1-5.
CN202210297343.3A 2022-03-24 2022-03-24 Key generation method for communication system Active CN114710273B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210297343.3A CN114710273B (en) 2022-03-24 2022-03-24 Key generation method for communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210297343.3A CN114710273B (en) 2022-03-24 2022-03-24 Key generation method for communication system

Publications (2)

Publication Number Publication Date
CN114710273A true CN114710273A (en) 2022-07-05
CN114710273B CN114710273B (en) 2024-02-20

Family

ID=82170391

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210297343.3A Active CN114710273B (en) 2022-03-24 2022-03-24 Key generation method for communication system

Country Status (1)

Country Link
CN (1) CN114710273B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341232A (en) * 2016-09-18 2017-01-18 中国科学院软件研究所 Anonymous entity identification method based on password
CN113098838A (en) * 2021-02-21 2021-07-09 西安电子科技大学 Trusted distributed identity authentication method, system, storage medium and application

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341232A (en) * 2016-09-18 2017-01-18 中国科学院软件研究所 Anonymous entity identification method based on password
CN113098838A (en) * 2021-02-21 2021-07-09 西安电子科技大学 Trusted distributed identity authentication method, system, storage medium and application

Also Published As

Publication number Publication date
CN114710273B (en) 2024-02-20

Similar Documents

Publication Publication Date Title
CN108667625B (en) Digital signature method of cooperative SM2
Law et al. An efficient protocol for authenticated key agreement
US8464060B2 (en) Method and structure for self-sealed joint proof-of-knowledge and diffie-hellman key-exchange protocols
Fiore et al. Making the Diffie-Hellman protocol identity-based
WO2007071265A1 (en) Group signature scheme with improved efficiency, in particular in a join procedure
Subhashini et al. Mapreduce Methodology for Elliptical Curve Discrete Logarithmic Problems–Securing Telecom Networks
CN111159745B (en) Verification method and device suitable for block chain
WO2014205570A1 (en) Key agreement protocol
CN111447065B (en) Active and safe SM2 digital signature two-party generation method
Varma A study of the ecc, rsa and the diffie-hellman algorithms in network security
CN109698747A (en) A kind of identity base identity based on Bilinear map hides cryptographic key negotiation method
Battagliola et al. Threshold ecdsa with an offline recovery party
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
Vijayalakshmi et al. Performance analysis of RSA and ECC in identity-based authenticated new multiparty key agreement protocol
CN108964906B (en) Digital signature method for cooperation with ECC
WO2016187690A1 (en) Key agreement protocol
Ahirwal et al. Signcryption scheme that utilizes elliptic curve for both encryption and signature generation
CN114710273B (en) Key generation method for communication system
Youn et al. Signcryption with fast online signing and short signcryptext for secure and private mobile communication
Ahmedova et al. Generation and distribution secret encryption keys with parameter
Krzywiecki et al. Deniable key establishment resistance against eKCI attacks
CN109150545B (en) ECC-based (m, N) threshold group signature method
Vasundhara Elliptic curve cryptography and Diffie-hellman key exchange
Koupparis Non-commutative cryptography: Diffie-Hellman and CCA secure cryptosystems using matrices over group rings and digital signatures
WO2023052609A1 (en) Digital signatures with key-derivation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant