CN116015976A - Data encryption transmission method and device - Google Patents

Data encryption transmission method and device Download PDF

Info

Publication number
CN116015976A
CN116015976A CN202310096976.2A CN202310096976A CN116015976A CN 116015976 A CN116015976 A CN 116015976A CN 202310096976 A CN202310096976 A CN 202310096976A CN 116015976 A CN116015976 A CN 116015976A
Authority
CN
China
Prior art keywords
value
ciphertext
random number
data
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310096976.2A
Other languages
Chinese (zh)
Inventor
吴爽
余启明
苏卓
李洋洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Safety Technology Co Ltd
Original Assignee
Tianyi Safety Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Safety Technology Co Ltd filed Critical Tianyi Safety Technology Co Ltd
Priority to CN202310096976.2A priority Critical patent/CN116015976A/en
Publication of CN116015976A publication Critical patent/CN116015976A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a data encryption transmission method and a device, wherein the method comprises the steps that a first device receives a first ciphertext and a first numerical value from a second device, wherein the second device is encryption equipment for encrypting first data into the first ciphertext, and the first numerical value comprises at least one of a first group power value, a first challenge value and a first response value; the first device determines a second group power value according to the first ciphertext, the first challenge value, and the first response value; if the first group power value is the same as the second group power value, the first device sends the first ciphertext to a third device, wherein the third device is a decryption device for decrypting the first ciphertext into the first data. The method can be used for verifying whether the ciphertext is the correct ciphertext or not, decrypting the ciphertext if the ciphertext is the correct ciphertext, improving the security of data encryption transmission, and meanwhile, avoiding decrypting the wrong ciphertext and avoiding unnecessary computing resource occupation.

Description

Data encryption transmission method and device
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a data encryption transmission method and device.
Background
With the development of network security technology, data transmission through a network is more and more convenient. In order to ensure the security of transmitting the private data, generally, a data sending party encrypts the private data into a ciphertext for transmission, and a data receiving party decrypts the ciphertext after receiving the ciphertext to obtain the private data. By adopting the method, although the security of private data can be ensured, an attacker can impersonate the wrong ciphertext sent to a data receiver by the data sending party, and when the wrong ciphertext is received by the data receiver, the data receiver can consume a large amount of resources to decrypt the ciphertext due to whether the unknown ciphertext is correct or not, and meanwhile, the wrong ciphertext is decrypted, so that potential safety hazards are brought. Therefore, how to accurately verify the correctness of the ciphertext becomes a key point of data transmission.
Disclosure of Invention
The embodiment of the application provides a data encryption transmission method and device, which are used for improving the security of data encryption transmission.
In a first aspect, an embodiment of the present application provides a data encryption transmission method, including: the first equipment receives a first ciphertext and a first numerical value from the second equipment, wherein the first numerical value is related to a first random number, the first ciphertext is obtained by the second equipment through encrypting first data according to a first public key, the first public key corresponds to third equipment, the first data are data requested by the third equipment, the first random number is smaller than a second random number, and the second random number is used for generating the first public key; the first device determining a second group power value based on the first ciphertext, the first challenge value determined based on the first ciphertext and the first group power value determined based on the first random number, and the first response value determined based on the first random number and the first challenge value; if the first group power value is the same as the second group power value, the first device sends a first ciphertext to the third device.
By adopting the method, whether the ciphertext is the correct ciphertext or not can be checked, if the ciphertext is the correct ciphertext, the ciphertext is decrypted, so that the safety of data encryption transmission is improved, meanwhile, the wrong ciphertext is prevented from being decrypted, and the consumption of calculation resources is reduced.
In one possible design, the first value includes at least one of a first group power value, a first challenge value, and a first response value.
In one possible design, the first device determines the second challenge value from the first ciphertext and the second group power value before the first device sends the first ciphertext to the third device; the first device determines that the first challenge value and the second challenge value are the same.
By adopting the design, the first device can verify the validity and consistency of the first ciphertext again after verifying that the first ciphertext is the correct ciphertext, so that the security of data encryption transmission is improved.
In a second aspect, an embodiment of the present application provides a data encryption transmission method, including: the second device determines a first ciphertext and a first value according to a first public key and first data, the first public key corresponds to the third device, the first value is related to a first random number, the first random number is smaller than a second random number, the second random number is used for generating the first public key, the first value comprises at least one of a first group power value, a first challenge value and a first response value, the first group power value is determined according to the first random number, the first challenge value is determined according to the first ciphertext and the first group power value, and the first response value is determined according to the first random number and the first challenge value; the second device sends the first ciphertext and the first value to the first device.
In one possible design, the second device obtains the first public key from a first identification, the first identification corresponding to the third device. Wherein, optionally, the second device obtains a first request, the first request is used for requesting the first data, and the first request includes the first identifier.
By adopting the design, the second device can encrypt data corresponding to different decryption devices according to different public keys, so that decryption authority isolation is realized, that is, the different decryption devices can only decrypt ciphertext corresponding to the device, thereby improving the security of data transmission.
In a third aspect, an embodiment of the present application provides a data encryption transmission apparatus, including: the communication module is used for receiving a first ciphertext and a first numerical value, the first numerical value is related to a first random number, the first ciphertext is obtained by encrypting first data according to a first public key by second equipment, the first public key corresponds to third equipment, the first data is data requested by the third equipment, the first random number is smaller than a second random number, and the second random number is used for generating the first public key; a processing module configured to determine a second group power value based on the first ciphertext, the first challenge value determined based on the first ciphertext and the first group power value determined based on the first random number, and the first response value determined based on the first random number and the first challenge value; and if the first group power value is the same as the second group power value, the communication module is also used for transmitting the first ciphertext.
In one possible design, the first value includes at least one of a first group power value, a first challenge value, and a first response value.
In one possible design, the processing module is specifically configured to determine a second challenge value based on the first ciphertext and the second group power value; the first challenge value and the second challenge value are determined to be the same.
In a fourth aspect, an embodiment of the present application provides a data encryption transmission apparatus, including: a processing module configured to determine a first ciphertext and a first value from a first public key and first data, the first public key corresponding to a third device, the first value associated with a first random number, the first random number being less than a second random number, the second random number being configured to generate the first public key, the first value including at least one of a first group exponent value, a first challenge value, and a first response value, the first group exponent value being determined from the first random number, the first challenge value being determined from the first ciphertext and the first group exponent value, the first response value being determined from the first random number and the first challenge value; and the communication module is used for sending the first ciphertext and the first numerical value.
In one possible design, the processing module is specifically configured to obtain the first public key according to a first identifier, where the first identifier corresponds to the third device.
In one possible design, the processing module is specifically configured to obtain a first request, where the first request is configured to request the first data, and the first request includes the first identifier.
In a fifth aspect, embodiments of the present application further provide a computer readable storage medium, in which a computer program is stored, which when executed by a processor, implements the method of the first aspect and the second aspect and any one of the designs thereof.
In a sixth aspect, embodiments of the present application further provide an electronic device, including a memory and a processor, where the memory stores a computer program executable on the processor, and when the computer program is executed by the processor, causes the processor to implement the methods of the first aspect and the second aspect and any one of the designs thereof.
The technical effects of the third aspect to the sixth aspect and any one of the designs thereof may be referred to the technical effects of the corresponding designs in the first aspect and the second aspect, and will not be described herein.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a data encryption transmission method provided in an embodiment of the present application;
fig. 2 is a flow chart of another data encryption transmission method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a data encryption and decryption system according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a data encryption transmission system according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a data encryption transmission device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purposes of clarity, technical solutions and advantages of the present application, the following optional detailed description of the present application will be made with reference to the accompanying drawings, it being apparent that the described embodiments are only some, but not all, embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The following describes a data encryption transmission method in connection with the prior art.
In order to avoid the data receiver receiving the wrong ciphertext and ensure the security of data encryption transmission, the prior art generally adds a ciphertext verification link before receiving the encrypted data, and performs security verification on the transmitted ciphertext. At present, the ciphertext security is usually checked by decrypting the ciphertext to see whether the corresponding privacy data is correct, so as to judge whether the ciphertext is correct. For example, when the ciphertext of f7f73747231fc45b is received, the ciphertext is decrypted using the private key in the verification link, and whether the corresponding privacy data is 1.1.1.1 is checked, so as to determine whether the ciphertext is a correct ciphertext. Although the method can avoid potential safety hazards brought by the wrong ciphertext to the data receiver, decrypting the wrong ciphertext still occupies a large amount of resources. In addition, usually before decrypting the ciphertext, the verifier does not know the plaintext data corresponding to the ciphertext, so that when verifying the correctness of the ciphertext, a verification error condition occurs, and the security of data encryption transmission cannot be ensured. For example, if the verifier determines the incorrect ciphertext as the correct ciphertext, the data receiver performs data interaction with the attacker, which may cause data leakage.
In order to solve the above-mentioned drawbacks, the present application provides a data encryption transmission method and device, which are used for verifying the correctness of ciphertext, so as to improve the security of data encryption transmission.
It is appreciated that a method for encrypted transmission of data provided herein may be performed by a first device and a second device. The second device may be a data device that provides data and encrypts the data, the second device may determine a first ciphertext and a first value from the first public key and the first data, and the second device may further send the first ciphertext and the first value to the first device. The first device may be a device for verifying whether the ciphertext is legal, and after receiving the first ciphertext and the first value from the second device, the first device may determine a second group power value according to the first ciphertext, the first challenge value, and the first response value, so as to verify the validity of the first ciphertext. If the first group power value is the same as the second group power value, the first device can also send the first ciphertext, and the first ciphertext meets the ciphertext correctness requirement through the verification of the first device, so that the security of the encryption transmission process can be improved. Furthermore, the first device and the second device may be included in a computer system for performing the method shown in the present application, or may be a processing apparatus, such as a processor or a processing module, for performing the method shown in the present application in the computer system, which is not specifically limited in the present application.
Fig. 1 is a flow chart of a data encryption transmission method according to an embodiment of the present invention. The process may include the steps of:
s101, the second device determines a first ciphertext and a first numerical value according to the first public key and the first data.
Wherein the first public key corresponds to the third device, the first value is associated with a first random number, the first random number is less than a second random number, the second random number is used to generate the first public key, the first value includes at least one of a first group of power values, a first challenge value, and a first response value, the first group of power values is determined from the first random number, the first challenge value is determined from the first ciphertext and the first group of power values, and the first response value is determined from the first random number and the first challenge value.
For example, the second device may encrypt the first data according to the first public key using an Elgamal encryption algorithm to generate the first ciphertext. Wherein the first public key may be denoted as y, the first data may be denoted as m, and the first ciphertext may be denoted as C (C 1 ,C 2 ) The second random number may be represented as p, where p is a positive integer, and the first public key, the first data, the first ciphertext, and the second random number satisfy:
C 1 ≡g r mod p;
C 2 ≡my r mod p;
wherein r is a positive integer less than p, g is a generator of the p-order group.
The second device may also obtain a first random number, wherein the first random number is a positive integer less than the second random number, and generate a first group of power values from the first random number. Wherein the first random number may be represented as s and the first group power value may be represented as u 1 The second random number may be denoted as p, and the first random number, the second random number, and the first group power value satisfy:
u 1 =g s mod p;
wherein g is the generator of the p-order group.
The second device may also generate a first challenge value from the first ciphertext and the first group of power values. Wherein the first ciphertext may be represented as C (C 1 ,C 2 ) The first challenge value may be denoted as t 1 The first group of power values may represent u 1 The generator of the second random order group may be denoted as g, and the first ciphertext, the first group power value, the first challenge value, and the second random generator satisfy:
t 1 =H(C 1 ,g,u 1 );
where H (x, y, z) represents performing a hash calculation on x, y, z.
The second device may also generate a first response value based on the first random number and the first challenge value. Wherein the first random number may be denoted as s and the first challenge value may be denoted as t 1 The first response value may be expressed as v 1 The first random number, the first challenge value, and the first response value satisfy:
v 1 =s+rt 1
wherein r is a positive integer less than the second random number.
In one or more embodiments, a second device obtains a first request for requesting first data, the first request including a first identification.
In one or more embodiments, the second device obtains the first public key from a first identification, the first identification corresponding to the third device.
Fig. 2 is a schematic flow chart of an exemplary method for encrypting data for transmission. As shown in fig. 2, in step S202, the fourth device transmits the first public key and the first identification to the second device. Accordingly, the second device receives the first public key and the first identification from the fourth device. Wherein the first identity corresponds to the first public key. The first identification corresponds to a third device. For example, the first identifier may be a preset value, such as the number of the third device, or the first identifier may be an identifier generated according to a preset value, such as the preset value of the third device, where the preset value may be represented as P, the first identifier may be represented as Z, and the preset value and the first identifier satisfy:
Z=H(P);
where H (P) denotes hashing P.
Further, the third device is one of a plurality of decryption devices, the plurality of decryption devices corresponding to different identifications. It will be appreciated that different decryption devices correspond to different identifications and that public and private keys are generated from the identifications, and therefore, different decryption devices correspond to different public and private keys.
Based on the embodiment, the encryption device can encrypt data corresponding to different decryption devices according to different public keys, so that decryption authority isolation is realized, that is, the different decryption devices can only decrypt ciphertext corresponding to the devices, thereby improving the security of data transmission.
S102, the second device sends a first ciphertext and a first value to the first device. Accordingly, the first device receives the first ciphertext and the first value from the second device.
S103, the first device determines a second group power value according to the first ciphertext, the first challenge value and the first response value.
Specifically, the first device may obtain the first challenge value and the first response value through the first value in step S102, where the first value includes the first challenge value and the first response value. The first device may also obtain the first challenge value and the first response value by calculating based on the first value, e.g., the first device may determine the first random number based on the first value; the first device may also determine a first group power value from the first ciphertext and the first random number; the first device may also obtain a first challenge value from the first group power value and the first ciphertext; the first device may also generate a first response value based on the first random number and the first challenge value. The specific calculation manner of the first group power value, the first challenge value and the first response value can be referred to step S101, and will not be described herein. The first ciphertext may be represented as C (C 1 ,C 2 ) The first challenge value may be denoted as t 1 The first response value may be expressed as v 1 The second random number may be represented as p and the second group power value may represent u 2 The first ciphertext, the first challenge value, the first response value, the second random number, and the second group power value satisfy:
Figure BDA0004072012610000081
wherein g is the generator of the p-order group.
And S104, if the first group power value is the same as the second group power value, the first device sends a first ciphertext to the third device.
Specifically, the first device may obtain the first group of power values through the first value in step S102, where the first value includes the first group of power values. The first device may further obtain a first group of power values according to the first numerical value and the calculation formula, e.g., the first device may obtain the first random number according to the first data; the first device then obtains a first group of power values based on the first random number and the first ciphertext. The specific calculation method of the first group of power values can refer to step S101, which is not described herein. The first device may also determine whether the first group power and the second group power are the same, and if so, the first device sends a first ciphertext to the third device.
Based on step S104, the first device determines whether the first ciphertext is a correct ciphertext by comparing whether the first group power value and the second group power value are the same. By adopting the method, the first equipment can accurately judge whether the first ciphertext is the correct ciphertext or not on the premise that the first ciphertext is not decrypted and the first data corresponding to the first ciphertext is not known, so that the accuracy of checking the correctness of the ciphertext is improved, and the safety of data encryption transmission is improved. In addition, as the first device does not need to decrypt the first ciphertext, the problem that equipment resources are occupied by decrypting the wrong ciphertext can be avoided, the consumption of computing resources is reduced, and the cost is saved.
In one or more embodiments, the first device may also determine a second challenge value from the first ciphertext and the second group power value.
Specifically, the first device may further determine the second challenge value from the first ciphertext and the second group power value before sending the first ciphertext to the third device. The first ciphertext may be represented as C (C 1 ,C 2 ) The second group power value may represent u 2 The second challenge value may be denoted as t 2 The generator of the second random number order group may be denoted as g, and the first ciphertext, the second group power value, the second challenge value, and the generator of the second random number order group satisfy:
t 2 =H(C 1 ,g,u 2 );
where H (x, y, z) represents performing a hash calculation on x, y, z.
The first device may further determine whether the first challenge value and the second challenge value are the same, and if the first challenge value and the second challenge value are the same, the first ciphertext is a legal ciphertext, that is, the first ciphertext received by the first device is consistent with the first ciphertext sent by the second device. After verifying the validity and consistency of the first ciphertext, the first device may also send the first ciphertext to the third device.
Based on the embodiment, the first device can verify the validity and consistency of the first ciphertext again after verifying that the first ciphertext is the correct ciphertext, so that the security of data encryption transmission is improved.
The method of encrypted transmission of data provided in the application will be described with reference to embodiment 1. Among them, embodiment 1 is an achievable data encryption transmission method, which can be executed by a first device, a second device, a third device, and a fourth device. The first device may be a verification device for verifying correctness, legality, and consistency of ciphertext, the second device may be an encryption device for encrypting plaintext data into ciphertext, the third device may be a decryption device for decrypting ciphertext into plaintext data, and the fourth device may be a device for generating a public-private key.
The implementation procedure of example 1 is as follows:
fig. 2 is a flow chart of an achievable data encryption transmission method. The process may include the steps of:
s201, the fourth device determines a first public key and a first private key according to the first identifier and the second random number. Wherein the first identification corresponds to the third device.
Specifically, the fourth device may generate different public and private keys according to different identifiers, where the different identifiers correspond to different devices, that is, the fourth device may generate different public and private keys according to different devices.
Illustratively, the fourth device may determine the first public key and the first private key by:
FIG. 3 is a schematic diagram of an exemplary architecture of an exemplary data encryption and decryption system. As shown in fig. 3, the fourth device may randomly acquire a second random number, where the second random number is a positive integer. And generating a corresponding generation element according to the second random number. The second private key is a positive integer less than the second random number. The second random number may be denoted as p, the generator may be denoted as g, the first private key may be denoted as x, and the first public key may be denoted as y, the second random number, the generator, the second private key, and the second public key satisfy:
y≡g x mod p。
the fourth device may generate the first public key and the first private key according to:
the fourth device may generate the first identifier according to a value (e.g., a device number of the third device) set in advance with the third device, e.g., hash the device number of the third device to generate the first identifier. The device number of the third device may represent P, and the first identifier may represent Z, and then the device number of the third device and the first identifier satisfy:
Z=H(P);
where H (P) denotes hashing P.
And the fourth equipment splices the second public key with the first identifier to obtain a first public key, and splices the second private key with the first identifier to obtain a first private key.
Based on step S201, different public and private keys are configured for different devices according to the identifiers of the different devices, so that each device can only use the public and private key corresponding to the device, and the security of data transmission is improved.
S202, the fourth device sends the first public key and the first identification to the second device. Accordingly, the second device is tricky to the first public key and the first identification from the fourth device.
And S203, the fourth device sends the first public key, the first private key and the first identifier to the third device. Accordingly, the third device is tricky to the first public key, the first private key and the first identification from the fourth device. In addition, the third device may also obtain the first identifier through a hash calculation method, and the specific calculation method may refer to step S201, which is not described herein again. The third device can also verify whether the first public key and the first private key from the fourth device are correct according to the first identifier, that is, the third device can also verify whether the first public key and the first private key are public keys of the device, and only receive the public key of the device, so that the security of data transmission is improved.
S204, the third device sends a first request to the second device. Accordingly, the second device accepts the first request from the third device. Wherein the first request is for requesting first data, the first request including a first identification.
S205, the second device determines a first ciphertext and a first value from the first public key and the first data.
Specifically, the second device may obtain the first public key according to the first identifier in the first request, and encrypt the first data according to the first public key.
Illustratively, the second device may obtain the first ciphertext by:
the second device may encrypt the first data using an Elgamal encryption algorithm to generate a first ciphertext. The first data may be represented as m and the first ciphertext may be represented as C (C 1 ,C 2 ) The obtained random number may be represented as r, where r is a positive integer smaller than the second random number, and the first public key is represented as y, then the first data, the first ciphertext, the random number, and the first public key satisfy:
C 1 ≡g r mod p;
C 2 ≡my r mod p。
the first numerical value includes at least one of a first power value, a first challenge value, and a first response value. The first device may obtain the first group power value, the first challenge value, and the first response value by:
fig. 4 is a schematic diagram illustrating the structure of an exemplary data encryption transmission system. As shown, the second device may include a zero knowledge proof generation module, and the second device may randomly select a first random number, wherein the first random number is a positive integer less than the second random number; the second device may also generate a first group of power values from the first random number, the first random number may be represented as s, and the first group of power values may be represented as u 1 The second random number may be denoted as p, and the first random number, the second random number, and the first group power value satisfy:
u 1 =g s mod p;
wherein g is the generator of the p-order group.
The second device may also generate a first challenge value from the first ciphertext and the first group of power values. The first ciphertext may be represented as C (C 1 ,C 2 ) The first challenge value may be denoted as t 1 The first group of power values may represent u 1 The generator of the second random order group may be denoted as g, and the first ciphertext, the first group power value, the first challenge value, and the second random generator satisfy:
t 1 =H(C 1 ,g,u 1 );
where H (x, y, z) represents performing a hash calculation on x, y, z.
The second device may also generate a first response value based on the first random number and the first challenge value. The first random number may be denoted as s and the first challenge value may be denoted as t 1 The first response value may be expressed as v 1 The first random number, the first challenge value, and the first response value satisfy:
v 1 =s+rt 1
wherein r is a positive integer less than the second random number.
S206, the second device sends the first ciphertext and the first value to the first device. Accordingly, the first device accepts the first ciphertext and the first value from the second device.
S207, the first device determines a second group power value according to the first ciphertext, the first challenge value and the first response value.
Illustratively, as shown in FIG. 4, the first device may be the third verifier of FIG. 4, and the second group power value may be generated by the ciphertext correctness verification module. The first ciphertext may be represented as C (C 1 ,C 2 ) The first challenge value may be denoted as t 1 The first response value may be expressed as v 1 The second random number may be represented as p and the second group power value may represent u 2 The first ciphertext, the first challenge value, the first response value, the second random number, and the second group power value satisfy:
Figure BDA0004072012610000121
wherein g is the generator of the p-order group.
S208, the first device determines whether the first group power value is the same as the second group power value.
It can be appreciated that the first device may determine that the first ciphertext is the correct ciphertext according to the first group power value being the same as the second group power value, that is, the first ciphertext transmitted by the second device is the same ciphertext as the first ciphertext received by the first device.
The first device may verify that step S208 may correctly determine that the first ciphertext is the correct ciphertext by:
the first ciphertext transmitted by the second device and the first ciphertext received by the first device are the same ciphertext, and the second device is only required to be verified to know r. If the second device does not know r, the second device can only prove for one challenge value. Assume that two copies are represented as (u, t), respectively 1 ,v 1 ) And (u, t) 2 ,v 2 ) Where u is a group power value, t is a challenge value, v is a response value, and the first ciphertext may be represented as C (C 1 ,C 2 ) The group power value, challenge value, response value, and first ciphertext satisfy the following formulas:
Figure BDA0004072012610000122
Figure BDA0004072012610000131
from this equation the following equation can be deduced:
Figure BDA0004072012610000132
according to step S205:
C 1 ≡g r mod p;
it can be derived that:
r=(v 2 -v 1 )(t 2 -t 1 ) -1
the conclusion is contradictory to the assumption, so that the first device can judge that the first ciphertext is the correct ciphertext according to the fact that the first group power value is the same as the second group power value.
S209, if the first group power value is the same as the second group power value, the first device determines a second challenge value according to the second group power value and the first ciphertext.
Exemplary, as shown in FIG. 4, the first device may generate a second challenge value from a ciphertext consistency verification module, the first ciphertext may be represented as C (C 1 ,C 2 ) The second group power value may be in the form ofU is shown 2 The second challenge value may be denoted as t 2 The generator of the second random number order group may be denoted as g, and the first ciphertext, the second group power value, the second challenge value, and the generator of the second random number order group satisfy:
t 2 =H(C 1 ,g,u 2 );
where H (x, y, z) represents performing a hash calculation on x, y, z.
And S210, if the first challenge value is the same as the second challenge value, the first device sends a first ciphertext to the third device. Accordingly, the third device receives the first ciphertext from the first device.
S211, the third device determines first data according to the first private key, the first public key and the first ciphertext.
The first private key may be denoted as x, the first public key may be denoted as y, and the first ciphertext may be denoted as C (C 1 ,C 2 ) The first data may be represented as m, and the first private key, the first public key, the first ciphertext, and the first data satisfy:
Figure BDA0004072012610000133
Figure BDA0004072012610000134
wherein p is a second random number, g is a generator of the second random number order group, and (p, g) is a set system parameter.
Based on the above and the same conception, the present application provides a data encryption transmission apparatus. As shown in fig. 5, the apparatus includes a communication module 501 and a processing module 502.
In implementing the actions performed by the first device in the above method embodiment, the communication module 501 may be configured to receive a first ciphertext and a first value, where the first value is related to a first random number, the first ciphertext is obtained by encrypting, by the second device, first data according to a first public key, the first public key corresponds to a third device, the first data is data requested by the third device, the first random number is smaller than a second random number, and the second random number is used to generate the first public key; the processing module 502 is operable to determine a second group power value based on the first ciphertext, the first challenge value determined based on the first ciphertext and the first group power value determined based on the first random number, and the first response value determined based on the first random number and the first challenge value; the communication module 501 may be further configured to send the first ciphertext if the first group power value is the same as the second group power value.
In one possible design, the first value includes at least one of a first group power value, a first challenge value, and a first response value.
In one possible design, the processing module 502 may be specifically configured to determine a second challenge value based on the first ciphertext and the second group power value; the first challenge value and the second challenge value are determined to be the same.
In implementing the actions performed by the second device in the above method embodiments, the processing module 502 may be configured to determine a first ciphertext and a first value from a first public key and first data, the first public key corresponding to a third device, the first value associated with a first random number, the first random number being less than a second random number, the second random number being configured to generate the first public key, the first value including at least one of a first group exponent value, the first challenge value being determined from the first random number, the first challenge value being determined from the first ciphertext and the first group exponent value, and a first response value being determined from the first random number and the first challenge value; the communication module 501 may also be configured to transmit a first ciphertext and a first value.
In one possible design, the processing module 502 may be specifically configured to obtain the first public key according to a first identifier, where the first identifier corresponds to the third device.
In one possible design, the processing module 502 may be specifically configured to obtain a first request, where the first request is configured to request first data, and the first request includes a first identifier.
Fig. 6 shows a schematic structural diagram of an electronic device according to an embodiment of the present application.
The electronic device in embodiments of the present application may include a processor 601. The processor 601 is the control center of the device and can connect the various parts of the device using various interfaces and lines by running or executing instructions stored in the memory 603 and invoking data stored in the memory 603. Alternatively, the processor 601 may include one or more processing units, and the processor 601 may integrate an application processor and a modem processor, wherein the application processor primarily processes an operating system and application programs, etc., and the modem processor primarily processes wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 601. In some embodiments, the processor 601 and the memory 603 may be implemented on the same chip, and in some embodiments they may be implemented separately on separate chips.
The processor 601 may be a general purpose processor such as a Central Processing Unit (CPU), digital signal processor, application specific integrated circuit, field programmable gate array or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, which may implement or perform the methods, steps and logic blocks disclosed in embodiments of the present application. The general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be performed directly by a hardware processor or by a combination of hardware and software modules in a processor.
In the embodiment of the present application, the memory 603 stores instructions executable by the at least one processor 601, and the at least one processor 601 may be configured to perform the method steps disclosed in the embodiment of the present application by executing the instructions stored in the memory 603.
The memory 603 is a non-volatile computer-readable storage medium that can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 603 may include at least one type of storage medium, and may include, for example, flash Memory, hard disk, multimedia card, card Memory, random access Memory (Random Access Memory, RAM), static random access Memory (Static Random Access Memory, SRAM), programmable Read-Only Memory (Programmable Read Only Memory, PROM), read-Only Memory (ROM), charged erasable programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), magnetic Memory, magnetic disk, optical disk, and the like. Memory 603 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. The memory 603 in the embodiments of the present application may also be circuitry or any other device capable of implementing a memory function for storing program instructions and/or data.
In the embodiment of the application, the apparatus may further include a communication interface 602, and the electronic device may transmit data through the communication interface 602.
Alternatively, the processing module 502 and/or the communication module 501 shown in fig. 5 may be implemented by the processor 601 (or the processor 601 and the communication interface 602) shown in fig. 6, that is, the actions of the processing module 502 and/or the communication module 501 may be performed by the processor 601 (or the processor 601 and the communication interface 602).
Based on the same inventive concept, the present embodiments also provide a computer-readable storage medium in which instructions may be stored, which when run on a computer, cause the computer to perform the operational steps provided by the above-described method embodiments. The computer readable storage medium may be the memory 603 shown in fig. 6.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims (14)

1. A method of encrypted transmission of data, the method comprising:
the method comprises the steps that first equipment receives a first ciphertext and a first numerical value from second equipment, wherein the first numerical value is related to a first random number, the first ciphertext is obtained by the second equipment through encrypting first data according to a first public key, the first public key corresponds to third equipment, the first data are data requested by the third equipment, the first random number is smaller than a second random number, and the second random number is used for generating the first public key;
the first device determining a second group power value from the first ciphertext, a first challenge value, and a first response value, the first challenge value being determined from the first ciphertext and the first group power value, the first group power value being determined from the first random number, the first response value being determined from the first random number and the first challenge value;
and if the first group power value is the same as the second group power value, the first device sends the first ciphertext to the third device.
2. The method of claim 1, wherein the first numerical value comprises at least one of the first power value, the first challenge value, and the first response value.
3. The method of claim 1, wherein before the first device sends the first ciphertext to the third device, the method further comprises:
the first device determines a second challenge value from the first ciphertext and the second group power value;
the first device determines that the first challenge value and the second challenge value are the same.
4. A method for encrypted transmission of data, the method comprising:
the second device determines a first ciphertext and a first numerical value according to a first public key and first data, wherein the first public key corresponds to a third device, the first numerical value is related to a first random number, the first random number is smaller than a second random number, the second random number is used for generating the first public key, the first numerical value comprises at least one of a first group power value, a first challenge value and a first response value, the first group power value is determined according to the first random number, the first challenge value is determined according to the first ciphertext and the first group power value, and the first response value is determined according to the first random number and the first challenge value;
the second device sends the first ciphertext and the first value to the first device.
5. The method of claim 4, wherein the second device determining the first ciphertext from the first public key and the first data comprises:
the second device obtains a first public key according to a first identifier, and the first identifier corresponds to the third device.
6. The method of claim 5, wherein the method further comprises:
the second device obtains a first request for requesting the first data, the first request including the first identification.
7. An apparatus for encrypted transmission of data, the apparatus comprising:
the communication module is used for receiving a first ciphertext and a first numerical value, wherein the first numerical value is related to a first random number, the first ciphertext is obtained by the second device through encrypting first data according to a first public key, the first public key corresponds to third equipment, the first data are data requested by the third equipment, the first random number is smaller than a second random number, and the second random number is used for generating the first public key;
a processing module configured to determine a second group power value from the first ciphertext, a first challenge value, and a first response value, the first challenge value being determined from the first ciphertext and the first group power value, the first group power value being determined from the first random number, the first response value being determined from the first random number and the first challenge value;
and if the first group power value is the same as the second group power value, the communication module is further configured to send the first ciphertext.
8. The apparatus of claim 7, wherein the first value comprises at least one of the first power value, the first challenge value, and the first response value.
9. The apparatus of claim 7, wherein the processing module is specifically configured to:
determining a second challenge value from the first ciphertext and the second group power value;
determining that the first challenge value and the second challenge value are the same.
10. A data encryption transmission apparatus, the apparatus comprising:
a processing module configured to determine a first ciphertext and a first value from a first public key and first data, the first public key corresponding to a third device, the first value being associated with a first random number, the first random number being less than a second random number, the second random number being used to generate the first public key, the first value comprising at least one of a first group exponent value, a first challenge value, and a first response value, the first group exponent value being determined from a first random number, the first challenge value being determined from the first ciphertext and the first group exponent value, the first response value being determined from the first random number and the first challenge value;
and the communication module is used for sending the first ciphertext and the first numerical value.
11. The apparatus of claim 10, wherein the processing module is specifically configured to:
the first public key is obtained from a first identity, the first identity corresponding to a third device.
12. The apparatus of claim 11, wherein the processing module is specifically configured to:
a first request is obtained, the first request being for requesting the first data, the first request including the first identification.
13. An electronic device comprising a processor for implementing the steps of the method according to any of claims 1-6 when executing a computer program stored in a memory.
14. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, implements the steps of the method according to any of claims 1-6.
CN202310096976.2A 2023-01-18 2023-01-18 Data encryption transmission method and device Pending CN116015976A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310096976.2A CN116015976A (en) 2023-01-18 2023-01-18 Data encryption transmission method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310096976.2A CN116015976A (en) 2023-01-18 2023-01-18 Data encryption transmission method and device

Publications (1)

Publication Number Publication Date
CN116015976A true CN116015976A (en) 2023-04-25

Family

ID=86033594

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310096976.2A Pending CN116015976A (en) 2023-01-18 2023-01-18 Data encryption transmission method and device

Country Status (1)

Country Link
CN (1) CN116015976A (en)

Similar Documents

Publication Publication Date Title
EP3382933B1 (en) Using a trusted execution environment as a trusted third party providing privacy for attestation
US8472621B2 (en) Protection of a prime number generation for an RSA algorithm
EP3779792B1 (en) Two-dimensional code generation method, data processing method, apparatus, and server
US8509429B2 (en) Protection of a prime number generation against side-channel attacks
CN112887282B (en) Identity authentication method, device, system and electronic equipment
EP4258593A1 (en) Ota update method and apparatus
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN112711761B (en) Controller safety protection method, main chip of controller and controller
KR20200075451A (en) Unique encryption key generator for device and method thereof
CN113329004B (en) Authentication method, system and device
CN114362951B (en) Method and device for updating certificates
CN115348023A (en) Data security processing method and device
WO2024060244A1 (en) Method, device and system for managing carbon data and related apparatus
CN114124440B (en) Secure transmission method, apparatus, computer device and storage medium
CN114338091B (en) Data transmission method, device, electronic equipment and storage medium
CN109768969A (en) Authority control method and internet-of-things terminal, electronic equipment
KR20240030815A (en) Device certificate update method and device driving the same
US20230068650A1 (en) Method for testing if a data element belongs to a list of reference data elements
CN116015976A (en) Data encryption transmission method and device
KR100897075B1 (en) Method of delivering direct proof private keys in signed groups to devices using a distribution cd
CN117596083B (en) Intelligent Internet of things data aggregation method and device based on data desensitization
CN115361168B (en) Data encryption method, device, equipment and medium
CN117896183B (en) Aggregation batch authentication method and system for large-scale Internet of things equipment
CN115202952B (en) Method and system for testing cost control function of electric energy meter, test host and storage medium
CN115426160B (en) Dual-encryption vehicle controller key filling method, system and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination