CN115314192A - Public key encryption method and system with two independent monitoring parties, and public key decryption method and system - Google Patents
Public key encryption method and system with two independent monitoring parties, and public key decryption method and system Download PDFInfo
- Publication number
- CN115314192A CN115314192A CN202210908536.8A CN202210908536A CN115314192A CN 115314192 A CN115314192 A CN 115314192A CN 202210908536 A CN202210908536 A CN 202210908536A CN 115314192 A CN115314192 A CN 115314192A
- Authority
- CN
- China
- Prior art keywords
- supervisor
- public key
- ciphertext
- public
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012544 monitoring process Methods 0.000 title abstract description 11
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 42
- 238000004364 calculation method Methods 0.000 claims description 33
- 238000004458 analytical method Methods 0.000 claims description 18
- 238000012795 verification Methods 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 13
- 238000009795 derivation Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 2
- 101150043283 ccdA gene Proteins 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The invention discloses a public key encryption method, a public key decryption method and a public key encryption system with two independent monitoring parties, wherein the method comprises the following steps: the method comprises the steps that a sender adopts an encryption algorithm, and data to be sent are encrypted by using a private key of the sender, a public key of a receiver, a public key of a first supervisor and a public key of a second supervisor to generate a ciphertext; the sender sends the ciphertext to a public system; the receiving party obtains the ciphertext from the public system, and decrypts the received ciphertext by adopting a decryption algorithm according to a private key of the receiving party, a public key of the sending party, a public key of a first supervisor and a public key of a second supervisor to generate decrypted data; the first supervisor obtains the ciphertext from the public system, and decrypts the received ciphertext according to the first supervisor private key and the second supervisor public key by adopting a supervision algorithm to generate decrypted data; and the second supervisor acquires the ciphertext from the public system, decrypts the received ciphertext according to the second supervisor private key and the first supervisor public key by adopting a supervision algorithm, and generates decrypted data.
Description
Technical Field
The invention relates to the technical field of public key encryption, in particular to a public key encryption method, a public key decryption method and a public key encryption system with two independent monitoring parties.
Background
To ensure data confidentiality, data is usually encrypted and then transmitted. However, only the receiving party is able to decrypt the ciphertext, while the supervisor is not able to decrypt the ciphertext. In an application scenario requiring supervision, a supervisor needs to decrypt a ciphertext. Therefore, in order to solve the problem that only the receiving party can decrypt and the monitoring party cannot decrypt in the current public key encryption scheme, a technology that not only the receiving party can decrypt but also the monitoring party can decrypt and monitor the data content is needed.
Disclosure of Invention
Therefore, it is necessary to provide a public key encryption method, a public key decryption method and a public key encryption system with two independent supervisors for solving the problem of the existing encryption method mentioned in the conventional technology that has a large limitation.
In a first aspect, an embodiment of the present invention provides a public key encryption method with two independent supervisors, including:
acquiring a public key of a receiver, a public key of a first supervisor and a public key of a second supervisor;
encrypting data to be transmitted by using a private key of a sender, the public key of the receiver, the public key of the first supervisor and the public key of the second supervisor by adopting an encryption algorithm to generate a ciphertext;
and sending the ciphertext to a public system, so that the receiving party, the first supervisor and the second supervisor can obtain the ciphertext by accessing the public system.
Preferably, the obtaining the receiver public key, the first supervisor public key and the second supervisor public key comprises:
Wherein G is a groupThe generation element(s) of (a),as bilinear groupsA generator of (2); group ofThe order of (a) is a prime number n;
hash using two hash functions 1 ,hash 2 Mapping any length data {0,1, n-1} into integer and length n data respectively, i.e. mappinghash 2 :{0,1} * →{0,1} n ;
Wherein the hash function hash 1 The input of (1) is 0 or 1 of any length, and the output range is a natural number between 0 and n-1; hash function hash 2 The input of (1) is 0 or 1 with any length, and the output length is 0 or 1 random character string with n bits; * The number represents 0/1bit of arbitrary length; {0,1} * Represents 0/1bit data of any length; {0,1} n Represents 0/1bit data of fixed length;is a natural number between 0 and n-1;
the random number with fixed length n is mapped into random number KDF with arbitrary length output by using key derivation function KDF: {0,1} n →{0,1} * ;
2 random numbers a ranging from 0 to n-1 are selected on behalf of the sender 1 ,a 2 And a private keySplitting into 2 parts;
2 random numbers b are selected in the range of 0 to n-1 on behalf of the receiver 1 ,b 2 (ii) a And to use the private keySplitting into 2 parts;
selecting 2 random numbers c in the range of 0 to n-1 on behalf of the first supervisor 1 ,c 2 (ii) a And to use the private keySplitting into 2 parts;
selecting 2 random numbers d in the range of 0 to n-1 on behalf of the second supervisor 1 ,d 2 (ii) a And to use the private keySplitting into 2 parts;
g is a base point G on the elliptic curve and is a public system parameter;
the representative sender is based on the base point G and the random number a 1 ,a 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the sender, and the public key is usedSplitting into 2 parts;
the representative receiver is based on the base point G and the random number b 1 ,b 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the receiving party, and the public key is usedSplitting into 2 parts;
representing a first supervisor based on a base point G and a random number c 1 ,c 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the first supervisor, and the public key is usedSplitting into 2 parts;
representing the second supervisor based on the base point G and the random number d 1 ,d 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the second supervisor, and the public key is usedSplit into 2 parts.
Preferably, the encrypting, by using an encryption algorithm, data to be transmitted by using a private key of a sender, the public key of a receiver, the public key of the first supervisor, and the public key of the second supervisor includes:
using sender private keyData to be transmittedIs arbitrarily long, m is e {0,1} * An optional elementAnd the receiver public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
C 1 :=γ,C 2 :=r·G,
generate ciphertext C = (C) 1 ,C 2 ,C 3 ) The method comprises the following steps of I, splicing two data into a whole as the input of a hash function;
hash function hash 1 A natural number between 0 and n-1 of the output;
alternatively, the sender private key is utilizedData to be transmittedAny long message m e {0,1} in (1) } * An optional elementAnd the receiver public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
generate ciphertext C = (C) 1 ,C 2 ,C 3 ,C 4 ,C 5), wherein ,the method comprises the steps that a private key is used as a random number to carry out point doubling operation on elliptic curve points, wherein the elliptic curve points are public keys of a receiving party;
= denotes assignment, assigning the value of the parameter on the right of the symbol to the parameter on the left of the symbol;
the corner mark r in the upper right corner refers to bilinear mappingAnd after the calculation is finished, calculating the power of r.
In another aspect, the present invention further provides a decryption method with two independent supervisors, including: the ciphertext in the public system is encrypted by the method;
the receiving party obtains the ciphertext from the public system, and decrypts the received ciphertext by adopting a decryption algorithm according to a private key of the receiving party, a public key of the sending party, a public key of a first supervisor and a public key of a second supervisor to generate decrypted data;
the first supervisor obtains the ciphertext from the public system, and decrypts the received ciphertext according to the first supervisor private key and the second supervisor public key by adopting a supervision algorithm to generate decrypted data;
and the second supervisor acquires the ciphertext from the public system, decrypts the received ciphertext according to the second supervisor private key and the first supervisor public key by adopting a supervision algorithm, and generates decrypted data.
Preferably, the method further comprises:
and the receiving party, the first supervisor and the second supervisor respectively carry out decryption consistency verification on the obtained decrypted data.
Preferably, the receiving party adopts a decryption algorithm, and decrypting the received ciphertext according to the receiving party private key, the sending party public key, the first supervisor public key and the second supervisor public key comprises:
the receiving party obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ) Carrying out analysis; using the private key of the receiving partyLocal ciphertext C 1 ,C 3 The sender public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
where r' is the hash function hash 1 A natural number between 0 and n-1 of the output;
alternatively, the receiving party is public to the publicObtaining ciphertext C = (C) in co-system 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Carrying out analysis; using the private key of the receiving partyLocal ciphertext C 1 ,C 3 ,C 4 ,C 5 The sender public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
preferably, the first supervisor adopts a supervision algorithm, and decrypting the received ciphertext according to the first supervisor private key and the second supervisor public key includes:
the first supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ) Carrying out analysis; using a first supervisor private keyAnd a second supervisor public keyThe following calculations were performed:
or, the first supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Carrying out analysis; using a first supervisor private keyLocal ciphertext C 2 ,C 3 ,C 4 ,C 5 And a second supervisor public keyThe following calculations were performed:
preferably, the second supervisor adopts a supervision algorithm, and decrypting the received ciphertext according to the second supervisor private key and the first supervisor public key includes:
the second supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ) Carrying out analysis; using a second supervisor private keyAnd a first supervisor public keyThe following calculations were performed:
or, the second supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Carrying out analysis; using a second supervisor private keyLocal ciphertext C 2 ,C 3 ,C 4 ,C 5 And a first supervisor public keyThe following calculations were performed:
preferably, the receiving party, the first supervisor and the second supervisor respectively perform decryption consistency verification on the obtained decrypted data, including:
the decryption consistency verification process of the receiving party is as follows:
or ,
the first supervisor decryption consistency verification process comprises the following steps:
or ,
the second supervisor decryption consistency verification process comprises the following steps:
or ,
in another aspect, the present invention further provides a public key encryption and decryption system with two independent supervisors, including: the system comprises a sender, a receiver, a first supervisor and a second supervisor;
a sender acquires a receiver public key, a first supervisor public key and a second supervisor public key;
the sender adopts an encryption algorithm, and encrypts data to be sent by using a private key of the sender, the public key of the receiver, the public key of the first supervisor and the public key of the second supervisor to generate a ciphertext;
the sender sends the ciphertext to a public system, so that the receiver, the first supervisor and the second supervisor acquire the ciphertext by accessing the public system;
the receiving party obtains the ciphertext from the public system, and decrypts the received ciphertext by adopting a decryption algorithm according to a private key of the receiving party, a public key of the sending party, a public key of a first supervisor and a public key of a second supervisor to generate decrypted data;
the first supervisor obtains the ciphertext from the public system, and decrypts the received ciphertext according to the first supervisor private key and the second supervisor public key by adopting a supervisory algorithm to generate decrypted data;
and the second supervisor acquires the ciphertext from the public system, decrypts the received ciphertext according to the second supervisor private key and the first supervisor public key by adopting a supervision algorithm, and generates decrypted data.
The invention provides a public key encryption method, a public key decryption method and a public key encryption system with two independent supervisors. The scheme has greater requirements in the block chain and military application scenes of the supervisors.
Drawings
FIG. 1 is a flow chart illustrating a public key encryption method with two independent supervisors according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a public key decryption method with two independent supervisors according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Fig. 1 is a flowchart illustrating a public key encryption method with two independent supervisors in one embodiment. The method specifically comprises the following steps:
step S101, acquiring a receiver public key, a first supervisor public key and a second supervisor public key;
step S102, encrypting data to be transmitted by using a private key of a sender, the public key of the receiver, the public key of the first supervisor and the public key of the second supervisor by adopting an encryption algorithm to generate a ciphertext;
and step S103, sending the ciphertext to a public system, so that the receiving party, the first monitoring party and the second monitoring party acquire the ciphertext by accessing the public system.
In the embodiment of the present invention, in step S101, the obtaining of the public key of the receiver, the public key of the first supervisor, and the public key of the second supervisor includes:
Wherein, the first and the second end of the pipe are connected with each other,g is a groupThe generation element of (a) is generated,as bilinear groupsThe generator of (2); group(s)The order of (a) is a prime number n;
hash using two hash functions 1 ,hash 2 Mapping any length data {0, n-1} into integer and data with length n, respectively, i.e. mapping data with length nhash 2 :{0,1} * →{0,1} n ;
Wherein the hash function hash 1 The input of (1) is 0 or 1 with any length, and the output range is a natural number between 0 and n-1; hash function hash 2 The input of (1) is 0 or 1 with any length, and the output length is 0 or 1 random character string with n bits; * The number represents 0/1bit of arbitrary length; {0,1} * Represents 0/1bit data of any length; {0,1} n Represents 0/1bit data of fixed length;is a natural number between 0 and n-1;
the random number with fixed length n is mapped into random number KDF with arbitrary length output by using key derivation function KDF: {0,1} n →{0,1} * ;
2 random numbers a ranging from 0 to n-1 are selected on behalf of the sender 1 ,a 2 And a private keySplitting into 2 parts;
2 random numbers b are selected in the range of 0 to n-1 on behalf of the receiver 1 ,b 2 (ii) a And to use the private keySplitting into 2 parts;
selecting 2 random numbers c in the range of 0 to n-1 on behalf of the first supervisor 1 ,c 2 (ii) a And to use the private keySplitting into 2 parts;
selecting 2 random numbers d in the range of 0 to n-1 on behalf of the second supervisor 1 ,d 2 (ii) a And to use the private keySplitting into 2 parts;
g is a base point G on the elliptic curve and is a public system parameter;
the representative sender is based on the base point G and the random number a 1 ,a 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the sender, and the public key is usedSplitting into 2 parts;
the representative receiver is based on the base point G and the random number b 1 ,b 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the receiving party, and the public key is usedSplitting into 2 parts;
representing a first supervisor based on a base point G and a random number c 1 ,c 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the first supervisor, and the public key is usedSplitting into 2 parts;
representing the second supervisor based on the base point G and the random number d 1 ,d 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the second supervisor, and the public key is usedSplit into 2 parts.
In the embodiment of the present invention, in step S102, an encryption algorithm is adopted, and encrypting data to be transmitted by using a private key of a sender, the public key of a receiver, the public key of a first supervisor, and the public key of a second supervisor includes:
using sender private keyData to be transmittedMessage m of arbitrary length∈{0,1} * An optional elementAnd the receiver public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
C 1 :=γ,C 2 :=r·G,
generate ciphertext C = (C) 1 ,C 2 ,C 3 ) The method comprises the following steps of I, splicing two data into a whole as the input of a hash function;
hash function hash 1 A natural number between 0 and n-1 of the output;
alternatively, the sender private key is utilizedData to be transmittedIs arbitrarily long, m is e {0,1} * An optional elementAnd the receiver public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
generate ciphertext C = (C) 1 ,C 2 ,C 3 ,C 4 ,C 5), wherein ,the method comprises the steps that a private key is used as a random number to carry out point doubling operation on an elliptic curve point, wherein the elliptic curve point is a public key of a receiving party;
= denotes assignment, assigning the value of the parameter on the right of the symbol to the parameter on the left of the symbol;
the corner mark r in the upper right corner refers to bilinear mappingAnd after the calculation is finished, calculating the power of r.
As shown in fig. 2, an embodiment of the present invention further provides a decryption method with two independent monitoring parties, where a ciphertext in a public system is encrypted by the above method;
step S201, the receiver obtains the ciphertext from the public system, and decrypts the received ciphertext by adopting a decryption algorithm according to a private key of the receiver, a public key of the sender, a public key of a first supervisor and a public key of a second supervisor to generate decrypted data;
step S202, the first supervisor obtains a ciphertext from the public system, and decrypts the received ciphertext according to the first supervisor private key and the second supervisor public key by adopting a supervision algorithm to generate decrypted data;
and S203, the second supervisor obtains the ciphertext from the public system, decrypts the received ciphertext according to the second supervisor private key and the first supervisor public key by adopting a supervision algorithm, and generates decrypted data.
In the embodiment of the present invention, the method further includes:
step S204, the receiving party, the first supervisor and the second supervisor respectively carry out decryption consistency verification on the obtained decrypted data.
Step S201 of the embodiment of the present invention is that the receiving party decrypts, by using a decryption algorithm, the received ciphertext according to the private key of the receiving party, the public key of the sending party, the public key of the first supervisor, and the public key of the second supervisor, and includes:
the receiving party obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ) Carrying out analysis; using the private key of the receiving partyLocal ciphertext C 1 ,C 3 The sender public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
wherein r' is a hash function hash 1 A natural number between 0 and n-1 of the output;
alternatively, the receiving party pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Carrying out analysis; using the private key of the receiving partyLocal ciphertext C 1 ,C 3 ,C 4 ,C 5 Said sender public key, said first supervisor public key and said second supervisor public keyThe following calculations were performed:
in step S202 of the embodiment of the present invention, the decrypting, by the first supervisor using the supervision algorithm, the received ciphertext according to the first supervisor private key and the second supervisor public key includes:
the first supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ) Carrying out analysis; using a first supervisor private keyAnd a second supervisor public keyThe following calculations were performed:
or, the first supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Carrying out analysis; using a first supervisor private keyLocal ciphertext C 2 ,C 3 ,C 4 ,C 5 And a second supervisor public keyThe following calculations were performed:
in step S203 of the embodiment of the present invention, the decrypting, by the second monitor according to the second monitor private key and the first monitor public key, the received ciphertext by using the monitoring algorithm includes:
the second supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ) Carrying out analysis; using a second supervisor private keyAnd a first supervisor public keyThe following calculations were performed:
or, the second supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Carrying out analysis; using a second supervisor private keyLocal ciphertext C 2 ,C 3 ,C 4 ,C 5 And a first supervisor public keyThe following calculations were performed:
in step S204 of the embodiment of the present invention, the verifying the decryption consistency of the obtained decrypted data by the receiving party, the first supervising party, and the second supervising party respectively includes:
the decryption consistency verification process of the receiving party is as follows:
or ,
the first supervisor decryption consistency verification process comprises the following steps:
or ,
the second supervisor decryption consistency verification process comprises the following steps:
or ,
the embodiment of the invention provides a public key encryption and decryption system with two independent monitoring parties, which comprises: the system comprises a sender, a receiver, a first supervisor and a second supervisor;
a sender acquires a receiver public key, a first supervisor public key and a second supervisor public key;
the sender adopts an encryption algorithm, and encrypts data to be sent by using a private key of the sender, the public key of the receiver, the public key of the first supervisor and the public key of the second supervisor to generate a ciphertext;
the sender sends the ciphertext to a public system, so that the receiver, the first supervisor and the second supervisor acquire the ciphertext by accessing the public system;
the receiving party obtains the ciphertext from the public system, and decrypts the received ciphertext by adopting a decryption algorithm according to a private key of the receiving party, a public key of the sending party, a public key of a first supervisor and a public key of a second supervisor to generate decrypted data;
the first supervisor obtains the ciphertext from the public system, and decrypts the received ciphertext according to the first supervisor private key and the second supervisor public key by adopting a supervision algorithm to generate decrypted data;
and the second supervisor acquires the ciphertext from the public system, decrypts the received ciphertext according to the second supervisor private key and the first supervisor public key by adopting a supervision algorithm, and generates decrypted data.
In the embodiment of the invention, letAs a symmetric bilinear mapG is a groupThe generation element of (a) is generated,as bilinear groupsThe generator of (2); group ofThe order of (a) is a prime number n; two hash functions hash 1 ,hash 2 Mapping any length data (0, 0.. Multidata, n-1) into integer and data with length n respectively,hash 2 :{0,1} * →{0,1} n . Inputting random number with fixed length n by Key Derivation Function (KDF), outputting random number KDF with arbitrary length: {0,1} n →{0,1} * 。
The private keys and the public keys of the sender, the receiver, the first supervisor and the second supervisor in the embodiment of the invention are expressed as follows:
the sender inputs its private key during encryptionMessage spaceIs arbitrarily long, m is e {0,1} * An optional elementAnd public keys of the receiving party, the first supervisor and the second supervisorThe calculation is as follows:
C 1 :=γ,C 2 :=r·G,
ciphertext is C = (C) 1 ,C 2 ,C 3 ). And the sender sends the ciphertext to the receiver, the first supervisor and the second supervisor. The receiver, the first and second supervisors, and the sender can use their private keys to decrypt independently without any interaction protocol.
When the receiving side decrypts the encrypted text C = (C) 1 ,C 2 ,C 3 ) Analyzing and inputting its private keyLocal ciphertext C 1 ,C 3 Public key of sender, first supervisor and second supervisorThe following calculations were made:
the decryption consistency process is as follows:
decryption calculated r 'and m' are equal to r and m used for encryption, respectively, indicating that the decryption algorithm is correct. The encryption is to encrypt the data m and decrypt the data m 'to obtain the data m'; and m = m', the data decryption is successful, and correct data is obtained. Otherwise, the encryption algorithm is wrong and cannot decrypt to obtain correct data.
When the first supervisor decrypts, the ciphertext C = (C) 1 ,C 2 ,C 3 ) Analyze it and input its private key c 1 ,c 2 And a second supervisor public keyThe calculation is as follows:
the decryption consistency process is as follows:
when the second supervisor decrypts, the ciphertext C = (C) 1 ,C 2 ,C 3 ) Analyze it and input its private key d 1 ,d 2 And a first supervisor public keyThe calculation is as follows:
the decryption consistency process is as follows:
in the embodiment of the invention, the security of public key encryption is higher by adding the Hash check code.
The initialization process is the same as above, and only the differences are described below:
the sender inputs its private key during encryptionMessage spaceIs arbitrarily long, m is e {0,1} * An optional elementAnd public keys of the receiving party, the first supervisor and the second supervisorThe following calculations were made:
ciphertext is C = (C) 1 ,C 2 ,C 3 ,C 4 ,C 5), wherein ,C5 For consistency checking. The sender sends the ciphertext to a public system (such as a block chain system cloud service system), and both the receiver and 2 supervisors can access the ciphertext in the system.
When the receiving side decrypts the encrypted text C = (C) 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Analyzing and inputting its private keyLocal ciphertext C 1 ,C 3 ,C 4 ,C 5 And the public keys of the sender, the first supervisor and the second supervisorIs calculated as follows
Such as C 5 =C 5 ', the message m' is accepted, otherwise rejected.
The decryption consistency process is as follows:
when the first supervisor decrypts, ciphertext C = (C) 1 ,C 2 ,C 3 ,C 4 ,C 5 Analyzing and inputting its private keyLocal ciphertext C 2 ,C 3 ,C 4 ,C 5 And a second supervisor public keyIs calculated as follows
Such as C 5 =C 5 ', the message m' is accepted, otherwise rejected.
The decryption consistency process is as follows:
when the second supervisor decrypts, the ciphertext C = (C) 1 ,C 2 ,C 3 ,C 4 ,C 5 Analyzing and inputting its private keyLocal ciphertext C 2 ,C 3 ,C 4 ,C 5 And a first supervisor public keyThe following calculations were made:
such as C 5 =C 5 ', the message m' is accepted, otherwise rejected.
The decryption consistency process is as follows:
all possible combinations of the technical features of the above embodiments may not be described for the sake of brevity, but should be considered as within the scope of the present disclosure as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A public key encryption method with two independent supervisors comprises the following steps:
acquiring a public key of a receiver, a public key of a first supervisor and a public key of a second supervisor;
encrypting data to be transmitted by using a private key of a sender, the public key of the receiver, the public key of the first supervisor and the public key of the second supervisor by adopting an encryption algorithm to generate a ciphertext;
and sending the ciphertext to a public system, so that the receiving party, the first supervisor and the second supervisor acquire the ciphertext by accessing the public system.
2. The method of claim 1, obtaining a receiver public key, a first supervisor public key, and a second supervisor public key comprising:
Wherein G is a groupThe generation element(s) of (a),as bilinear groupsThe generator of (2); group(s)The order of (a) is a prime number n;
hash using two hash functions 1 ,hash 2 Mapping any length data {0,1, n-1} into integer and length n data respectively, i.e. mappinghash 2 :{0,1} * →{0,1} n ;
Wherein the hash function hash 1 The input of (1) is 0 or 1 with any length, and the output range is a natural number between 0 and n-1; hash function hash 2 The input of (1) is 0 or 1 with any length, and the output length is 0 or 1 random character string with n bits; * The number represents 0/1bit of arbitrary length; {0,1} * Represents 0/1bit data of any length; {0,1} n Represents the number of 0/1bit of fixed lengthAccordingly;is a natural number between 0 and n-1;
the random number with fixed length n is mapped into random number KDF with arbitrary length output by using key derivation function KDF: {0,1} n →{0,1} * ;
2 random numbers a are selected in the range of 0 to n-1 on behalf of the sender 1 ,a 2 And a private key is combinedSplitting into 2 parts;
2 random numbers b are selected in the range of 0 to n-1 on behalf of the receiver 1 ,b 2 (ii) a And to use the private keySplitting into 2 parts;
selecting 2 random numbers c in the range of 0 to n-1 on behalf of the first supervisor 1 ,c 2 (ii) a And to use the private keySplitting into 2 parts;
selecting 2 random numbers d in the range of 0 to n-1 on behalf of the second supervisor 1 ,d 2 (ii) a And to use the private keySplitting into 2 parts;
g is a base point G on the elliptic curve and is a public system parameter;
the representative sender is based on the base point G and the random number a 1 ,a 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the sender, and the public key is usedSplitting into 2 parts;
the representative receiver is based on the base point G and the random number b 1 ,b 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the receiving party, and the public key is usedSplitting into 2 parts;
representing a first supervisor based on a base point G and a random number c 1 ,c 2 2 elliptic curve points are calculated, the 2 elliptic curve points are the public key of the first supervisor, and the public key is usedSplitting into 2 parts;
3. The method of claim 2, wherein the employing an encryption algorithm to encrypt data to be transmitted using a sender's private key, the receiver's public key, the first supervisor public key, and the second supervisor public key comprises:
using sender private keyData to be transmittedIs arbitrarily long, m is e {0,1} * An optional elementAnd the receiver public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
C 1 :=γ,C 2 :=r·G,
generate ciphertext C = (C) 1 ,C 2 ,C 3 ) Wherein, | | represents that two data are spliced together to form a whole as the input of a hash function;
hash function hash 1 A natural number between 0 and n-1 of the output;
alternatively, the sender private key is utilizedData to be transmittedIs arbitrarily long, m is e {0,1} * An optional elementAnd the receiver public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
generate ciphertext C = (C) 1 ,C 2 ,C 3 ,C 4 ,C 5), wherein ,the method comprises the steps that a private key is used as a random number to carry out point doubling operation on elliptic curve points, wherein the elliptic curve points are public keys of a receiving party;
= denotes assignment, assigning the value of the parameter on the right of the symbol to the parameter on the left of the symbol;
4. A decryption method with two independent supervisors comprising: a ciphertext in the public system is encrypted by the method of any one of claims 1 to 3;
the receiving party obtains the ciphertext from the public system, and decrypts the received ciphertext by adopting a decryption algorithm according to a private key of the receiving party, a public key of the sending party, a public key of a first supervisor and a public key of a second supervisor to generate decrypted data;
the first supervisor obtains the ciphertext from the public system, and decrypts the received ciphertext according to the first supervisor private key and the second supervisor public key by adopting a supervision algorithm to generate decrypted data;
and the second supervisor acquires the ciphertext from the public system, decrypts the received ciphertext according to the second supervisor private key and the first supervisor public key by adopting a supervision algorithm, and generates decrypted data.
5. The method of claim 4, further comprising:
and the receiving party, the first supervisor and the second supervisor respectively carry out decryption consistency verification on the obtained decrypted data.
6. The method of claim 4, wherein the receiving party employs a decryption algorithm, and decrypting the received ciphertext according to the receiving party private key, the sending party public key, the first supervisor public key, and the second supervisor public key comprises:
the receiving party obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ) Carrying out analysis; using the private key of the receiving partyLocal ciphertext C 1 ,C 3 Said sender public key, said first supervisor public key and said second supervisor public keyThe following calculations were performed:
where r' is the hash function hash 1 A natural number between 0 and n-1 of the output;
alternatively, the receiving party pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Carrying out analysis; using the private key of the receiving partyLocal ciphertext C 1 ,C 3 ,C 4 ,C 5 The sender public key, the first supervisor public key and the second supervisor public keyThe following calculations were performed:
7. the method of claim 4, the first supervisor employing a supervisory algorithm, the decrypting the received ciphertext according to the first supervisor private key and the second supervisor public key comprising:
the first supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ) Carrying out analysis; using a first supervisor private keyAnd a second supervisor public keyThe following calculations were performed:
or, the first supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Carrying out analysis; using a first supervisor private keyLocal ciphertext C 2 ,C 3 ,C 4 ,C 5 And a second supervisor public keyThe following calculations were performed:
8. the method of claim 4, the second supervisor employing a supervisory algorithm, the decrypting the received ciphertext according to the second supervisor private key and the first supervisor public key comprising:
the second supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ) Carrying out analysis; using a second supervisor private keyAnd a first supervisor public keyThe following calculations were performed:
or, the second supervisor pair obtains the ciphertext C = (C) from the public system 1 ,C 2 ,C 3 ,C 4 ,C 5 ) Carrying out analysis; using a second supervisor private keyLocal ciphertext C 2 ,C 3 ,C 4 ,C 5 And a first supervisor public keyThe following calculations were performed:
9. the method of claim 5, the receiver, the first supervisor and the second supervisor respectively performing decryption consistency verification on the obtained decrypted data comprising:
the decryption consistency verification process of the receiving party is as follows:
or ,
the first supervisor decryption consistency verification process comprises the following steps:
or ,
the second supervisor decryption consistency verification process comprises the following steps:
or ,
10. a public key encryption and decryption system having two independent supervisors, comprising: the system comprises a sender, a receiver, a first supervisor and a second supervisor;
a sender acquires a public key of a receiver, a public key of a first supervisor and a public key of a second supervisor;
the sender adopts an encryption algorithm, and encrypts data to be sent by using a private key of the sender, the public key of the receiver, the public key of the first supervisor and the public key of the second supervisor to generate a ciphertext;
the sender sends the ciphertext to a public system, so that the receiver, the first supervisor and the second supervisor acquire the ciphertext by accessing the public system;
the receiving party obtains the ciphertext from the public system, and decrypts the received ciphertext by adopting a decryption algorithm according to a private key of the receiving party, a public key of the sending party, a public key of a first supervisor and a public key of a second supervisor to generate decrypted data;
the first supervisor obtains the ciphertext from the public system, and decrypts the received ciphertext according to the first supervisor private key and the second supervisor public key by adopting a supervision algorithm to generate decrypted data;
and the second supervisor acquires the ciphertext from the public system, decrypts the received ciphertext according to the second supervisor private key and the first supervisor public key by adopting a supervision algorithm, and generates decrypted data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210908536.8A CN115314192A (en) | 2022-07-29 | 2022-07-29 | Public key encryption method and system with two independent monitoring parties, and public key decryption method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210908536.8A CN115314192A (en) | 2022-07-29 | 2022-07-29 | Public key encryption method and system with two independent monitoring parties, and public key decryption method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115314192A true CN115314192A (en) | 2022-11-08 |
Family
ID=83858981
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210908536.8A Pending CN115314192A (en) | 2022-07-29 | 2022-07-29 | Public key encryption method and system with two independent monitoring parties, and public key decryption method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115314192A (en) |
-
2022
- 2022-07-29 CN CN202210908536.8A patent/CN115314192A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111740828B (en) | Key generation method, device and equipment and encryption and decryption method | |
CN111079128B (en) | Data processing method and device, electronic equipment and storage medium | |
CN101340279B (en) | Method, system and apparatus for data ciphering and deciphering | |
CN107135080B (en) | SM9 decryption method and device | |
EP3020158B1 (en) | Key agreement device and method | |
CN106712946B (en) | Data safety transmission method | |
CN110138739B (en) | Data information encryption method and device, computer equipment and storage medium | |
CN108632296B (en) | Dynamic encryption and decryption method for network communication | |
US11616641B2 (en) | Computer implemented system and method for sharing a common secret | |
CN113711564A (en) | Computer-implemented method and system for encrypting data | |
CN104158880A (en) | User-end cloud data sharing solution | |
CN112564906A (en) | Block chain-based data security interaction method and system | |
CN105100085A (en) | Information encryption and decryption methods and devices | |
CN114448641A (en) | Privacy encryption method, electronic equipment, storage medium and chip | |
CN107249002B (en) | Method, system and device for improving safety of intelligent electric energy meter | |
Reshma et al. | Pairing-free CP-ABE based cryptography combined with steganography for multimedia applications | |
KR101899130B1 (en) | Methods for encrypting data, decrypting data and apparatus using the same | |
CN107104788A (en) | The ciphering signature method and apparatus of terminal and its non-repudiation | |
BAYKARA et al. | A novel symmetric encryption algorithm and its implementation | |
CN115883212A (en) | Information processing method, device, electronic equipment and storage medium | |
KR101793528B1 (en) | Certificateless public key encryption system and receiving terminal | |
KR102304831B1 (en) | Encryption systems and method using permutaion group based cryptographic techniques | |
JPH08204701A (en) | Electronic mail cipher communication system and cipher communication method | |
CN115314192A (en) | Public key encryption method and system with two independent monitoring parties, and public key decryption method and system | |
CN112954388A (en) | Data file acquisition method and device, terminal equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |