CN117650898A

CN117650898A - Method and system for combining quantum hybrid certificate and electronic equipment

Info

Publication number: CN117650898A
Application number: CN202410123776.6A
Authority: CN
Inventors: 姚德益; 杨亚; 戴乐; 朱加强; 邱媛
Original assignee: Beijing Geer Guoxin Technology Co ltd
Current assignee: Beijing Geer Guoxin Technology Co ltd
Priority date: 2024-01-30
Filing date: 2024-01-30
Publication date: 2024-03-05

Abstract

The embodiment of the application provides a combination method, a system and electronic equipment of an anti-quantum hybrid certificate, and relates to the field of digital certificates. Constructing a first extension item in the digital certificate, and storing the public key of the quantum-resistant encryption algorithm to the first extension item to obtain a preliminary digital certificate; inputting the public key of the anti-quantum encryption algorithm into a CA mechanism signature algorithm negotiated with a server to sign the public key of the anti-quantum encryption algorithm, so as to obtain an anti-quantum signature result; constructing a second extension item in the preliminary digital certificate, and storing the quantum-resistant signature result to the second extension item to obtain a target digital certificate; and sending the target digital certificate to the server. The system can be optimized on the existing asymmetric algorithm certificate system so as to have the quantum attack resistance.

Description

Method and system for combining quantum hybrid certificate and electronic equipment

Technical Field

The application relates to the field of digital certificates, in particular to a method, a system and electronic equipment for combining quantum-resistant mixed certificates.

Background

The unit of information of a quantum computer is a qubit. Unlike classical computers, qubits can represent "0" and can also represent "1" and can also represent the superposition of "0" and "1". Based on this property, the computational power of quantum computers can far exceed classical computers. Traditional cryptography is based on mathematical problems, including symmetric key encryption, public key encryption, and the like. However, with the development of quantum computers, the security of some classical cryptographic algorithms is compromised. For example, RSA algorithms based on large number decomposition problems and elliptic curve cryptography algorithms based on discrete logarithmic problems, which can be broken down rapidly in the presence of a quantum computer, result in the transmitted information no longer being secure. Therefore, the earlier the anti-quantum key and algorithm is used, the earlier we can protect the user information from future quantum cryptanalysis.

However, in the practical situation that public key infrastructure digital certificate systems based on RSA and ECC algorithms are widely applied, the deployment of a new anti-quantum algorithm certificate system is difficult to realize in order to completely replace the traditional asymmetric algorithm certificate system, so that a method capable of enabling the asymmetric algorithm certificate system to have the capability of resisting quantum attack is urgently needed.

Disclosure of Invention

The application provides a combination method, a system, electronic equipment and a readable storage medium of an anti-quantum hybrid certificate, which can optimize an existing asymmetric algorithm certificate system to enable the existing asymmetric algorithm certificate system to have the anti-quantum attack capability.

The technical scheme of the embodiment of the application is as follows:

in a first aspect, an embodiment of the present application provides a method for combining quantum hybrid certificates, applied to a CA institution, where the method includes:

receiving a digital certificate request sent by a server, wherein the digital certificate request comprises an anti-quantum encryption algorithm public key;

constructing a first extension item in the digital certificate, and storing the public key of the quantum-resistant encryption algorithm to the first extension item to obtain a preliminary digital certificate;

inputting the public key of the anti-quantum encryption algorithm into a CA mechanism signature algorithm negotiated with a server to sign the public key of the anti-quantum encryption algorithm, so as to obtain an anti-quantum signature result;

constructing a second extension item in the preliminary digital certificate, and storing the quantum-resistant signature result to the second extension item to obtain a target digital certificate;

and sending the target digital certificate to the server.

In the technical scheme, a digital certificate request sent by a server is received, the request comprises an anti-quantum encryption algorithm public key, then a first expansion item is constructed in the digital certificate, and the anti-quantum encryption algorithm public key is stored in the first expansion item, so that a preliminary digital certificate is obtained. And then, inputting the public key of the anti-quantum encryption algorithm into a CA organization signing algorithm which is negotiated in advance with the server so as to sign the public key of the anti-quantum encryption algorithm, and obtaining an anti-quantum signing result. And continuing to construct a second extension item in the preliminary digital certificate, and storing an anti-quantum signature result to the second extension item, thereby obtaining a final target digital certificate. And finally, the target digital certificate is sent to a server. According to the combination method of the anti-quantum mixed certificate, the digital certificate contains the traditional signature and the anti-quantum signature, so that backward compatibility is realized, the anti-quantum capability is realized, the effect of the mixed certificate is achieved, the safety is ensured, smooth transition is realized, and the anti-quantum encryption algorithm public key and the anti-quantum signature result are respectively stored in two different expansion items of the digital certificate, so that the anti-quantum algorithm public key in the certificate can be protected by the anti-quantum signature of a CA mechanism, and the anti-quantum attack capability of the certificate is enhanced. Meanwhile, the two extension items are arranged, so that the certificate can be compatible with the public key infrastructure of the current mainstream, and the popularization and application of the quantum-resistant digital certificate are facilitated. The method has the advantages that the backward compatibility is realized while the safety is ensured, the quantum resistance technology can be smoothly transited to the traditional environment, so that the capability of the generated digital certificate for resisting future quantum computer attacks can be enhanced by using the traditional algorithm and the quantum resistance algorithm in a mixed way on the premise of not changing the traditional public key system, and the information transmission safety is effectively ensured.

In some embodiments of the present application, the saving the anti-quantum cryptography algorithm public key to the first extension includes:

and encoding the byte array of the quantum-resistant encryption algorithm public key into a first bit string according to a preset encoding mode, and storing the first bit string into the first extension item.

In the above technical solution, in the method for combining the anti-quantum hybrid certificate, the process of saving the public key of the anti-quantum encryption algorithm to the first extension item includes encoding a byte array of the public key of the anti-quantum encryption algorithm according to a preset encoding mode, and encoding into a first bit string; the first bit string is then saved to the first extension. The method for encoding the public key of the anti-quantum encryption algorithm into the bit string and then storing the bit string can compress and normalize public key information, is convenient for generation and transmission of certificates, and also enables the volume of the certificates to be smaller and the transmission to be more efficient. Meanwhile, the adoption of a preset coding mode can ensure that certificates generated by different CA institutions adopt uniform coding and storage formats, so that the verification end can conveniently analyze and verify, and the interoperability of quantum hybrid certificate resistance is improved. Therefore, the technical means of encoding the anti-quantum encryption public key into the bit string and then storing the bit string into the extension item can enable the finally generated anti-quantum mixed certificate to be more standardized and efficient, and improves the reliability and applicability of the whole anti-quantum mixed certificate scheme.

In some embodiments of the present application, the constructing a second extension in the preliminary digital certificate and placing the anti-quantum signature result into the second extension includes:

constructing a second extension in the preliminary digital certificate;

and encoding the byte array of the quantum signature resisting result into a second bit string according to a preset encoding mode, and storing the second bit string into the second extension item.

In the above technical scheme, in the method for combining the anti-quantum hybrid certificate, the process of saving the anti-quantum signature result to the second extension item includes that firstly, the second extension item is constructed in the primary digital certificate; then, encoding the byte array of the quantum signature resisting result into a second bit string according to a preset encoding mode; the second bit string is then saved to the constructed second extension. The technical means of encoding the anti-quantum signature result into the bit string and then storing the bit string can compress and normalize signature information, reduce the data scale of the signature and facilitate certificate storage and transmission. Meanwhile, the preset unified coding mode is adopted, so that certificates generated by different CA institutions adopt the same coding and storage format, the verification end can conveniently analyze and verify the signature, and the safety and interoperability of the certificates are improved. Therefore, the technical scheme for storing the encoded anti-quantum signature result in the extension item can generate a more standardized and efficient anti-quantum mixed certificate, and enhances the reliability and applicability of the whole certificate scheme.

In some embodiments of the present application, the CA institution signature algorithm comprises: CRYSTALS-Dilithium algorithm, FALCON algorithm or SPHINCS+ algorithm.

In the above technical solution, in the method for combining quantum hybrid certificates, the CA mechanism signature algorithm includes a crystalsdilithium algorithm, a FALCON algorithm, or a sphincs+ algorithm. These are all currently accepted quantum signature resistant algorithms that can resist quantum computer attacks. The anti-quantum signature algorithm is adopted to sign the public key of the anti-quantum encryption algorithm, so that a signature with anti-quantum security can be generated, and the signature result is prevented from being cracked by a quantum computer. Meanwhile, a plurality of algorithm choices are provided, different security strength requirements are met, and the whole certificate scheme is more flexible. In addition, the algorithms are high in efficiency, safe and reliable, have been widely examined and tested, are high in technical maturity, and can enable the generated quantum-resistant signature result to be safer and more reliable. Therefore, by adopting an anti-quantum signature algorithm such as CRYSTALS-Dilithium, FALCON or SPHINCS+, the security and the integrity of the generated anti-quantum hybrid certificate can be greatly improved, and the reliability of the whole certificate scheme is enhanced.

In some embodiments of the present application, the anti-quantum encryption algorithm identification represents an anti-quantum encryption algorithm employed to generate an anti-quantum encryption algorithm public key.

In the above technical solution, in the method for combining quantum-resistant hybrid certificates, the quantum-resistant encryption algorithm identifier represents an quantum-resistant encryption algorithm used when the quantum-resistant encryption algorithm public key is generated. The quantum-resistant encryption algorithm identifier is set, and it can be clearly indicated by which quantum-resistant encryption algorithm the public key is generated, such as LWE algorithm or code encryption algorithm. The method can enable the certificate verifier to clearly know the algorithm type of the public key, so that the public key is checked in a correct verification mode, and verification efficiency and accuracy are improved. Meanwhile, the identification is also convenient for an administrator to monitor the use proportion and popularization condition of different anti-quantum algorithms. In addition, the identifier can also be used for guiding the corresponding anti-quantum algorithm to update the public key when the certificate is updated, so that the continuous anti-quantum security of the public key is ensured. Therefore, the anti-quantum encryption algorithm mark is arranged, so that the descriptive property, manageability and flexibility of the anti-quantum mixed certificate can be enhanced, and the safety and efficiency of certificate use are improved.

In some embodiments of the present application, the digital certificate is a digital certificate conforming to the X509 format.

In the above technical solution, in the method for combining quantum hybrid certificates, the digital certificate adopts a structure conforming to the x.509 format. The X.509 certificate can be widely mature in technical specifications and support systems, so that development difficulty is reduced, and compatibility is improved. The anti-quantum hybrid certificate conforming to the X.509 format can be directly supported by a large number of existing certificate verification software and libraries, and can be seamlessly docked with the current PKI system without modification, thereby realizing smooth transition. Meanwhile, the X.509 certificate specification also defines an adding method of the extension item, and the anti-quantum algorithm public key and signature extension information can be conveniently inserted into the certificate under the condition that the certificate body is not changed. In addition, asn.1 encoding, which is widely used for x.509 certificates, also facilitates the encoding and compression of anti-quantum signatures and public keys. Therefore, the adoption of the mature and reliable X.509 certificate format can reduce development work, simplify integration with the current system, and enable the generated quantum-resistant mixed certificate to be verified and trusted more easily by the current system, so that popularization and application are realized.

In some embodiments of the present application, the first extension and the second extension may be the same extension or different extensions.

In the above technical solution, in the method for combining quantum hybrid certificates, the first extension item and the second extension item may be set to be the same extension item. The design of combining the quantum-resistant encryption algorithm public key and the quantum-resistant signature result in one extension item can reduce the number of extension items in the certificate, reduce the data redundancy of the certificate, and enable the finally generated quantum-resistant mixed certificate to be smaller in size and higher in analysis efficiency. Meanwhile, the public key and the signature are combined in one extension item, so that the semantic meaning is more consistent, the public key and the signature can be more intuitively understood by a certificate user, and the user experience is improved. In addition, the same extension item is used for conveniently updating the public key and the signature result at the same time, so that certificate management is simplified. On the other hand, the public key and the signature can be arranged in different extension items according to the requirement, so that more flexibility is provided. Therefore, the design allows the public key and signature to be the same extension item, and the certificate format can be optimized, so that the finally generated quantum-resistant mixed certificate is more compact and efficient.

In a second aspect, embodiments of the present application provide a combination system of quantum hybrid certificate resistant, the system comprising:

a receiving module 101, configured to receive a digital certificate request sent by a server, where the digital certificate request includes an anti-quantum encryption algorithm public key;

the primary certificate module 102 is configured to construct a first extension term in the digital certificate, and store the public key of the quantum-resistant encryption algorithm to the first extension term to obtain a primary digital certificate;

the signature module 103 is configured to input the public key of the anti-quantum encryption algorithm into a CA institution signature algorithm negotiated with the server, so as to sign the public key of the anti-quantum encryption algorithm, and obtain an anti-quantum signature result;

the digital certificate generation module 104 is configured to construct a second extension item in the preliminary digital certificate, and store the quantum signature resistant result to the second extension item to obtain a target digital certificate;

and the sending module 105 is used for sending the target digital certificate to the server.

In a third aspect, an embodiment of the present application provides an electronic device, including a processor, a memory, a user interface, and a network interface, where the memory is configured to store instructions, and the user interface and the network interface are configured to communicate with other devices, and the processor is configured to execute the instructions stored in the memory, so that the electronic device performs the method provided in any one of the first aspect and the second aspect.

In a fourth aspect, embodiments of the present application provide a computer-readable storage medium storing instructions that, when executed, perform the method of any one of the first and second aspects provided above.

In summary, one or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:

1. and receiving a digital certificate request sent by a server, wherein the request comprises an anti-quantum encryption algorithm public key, then constructing a first extension item in the digital certificate, and storing the anti-quantum encryption algorithm public key to the first extension item, thereby obtaining a primary digital certificate. And then, inputting the public key of the anti-quantum encryption algorithm into a CA organization signing algorithm which is negotiated in advance with the server so as to sign the public key of the anti-quantum encryption algorithm, and obtaining an anti-quantum signing result. And continuing to construct a second extension item in the preliminary digital certificate, and storing an anti-quantum signature result to the second extension item, thereby obtaining a final target digital certificate. And finally, the target digital certificate is sent to a server. According to the combination method of the anti-quantum mixed certificate, the digital certificate contains the traditional signature and the anti-quantum signature, so that backward compatibility is realized, the anti-quantum capability is realized, the effect of the mixed certificate is achieved, the safety is ensured, smooth transition is realized, and the anti-quantum encryption algorithm public key and the anti-quantum signature result are respectively stored in two different expansion items of the digital certificate, so that the anti-quantum algorithm public key in the certificate can be protected by the anti-quantum signature of a CA mechanism, and the anti-quantum attack capability of the certificate is enhanced. Meanwhile, the two extension items are arranged, so that the certificate can be compatible with the public key infrastructure of the current mainstream, and the popularization and application of the quantum-resistant digital certificate are facilitated. The method has the advantages that the backward compatibility is realized while the safety is ensured, the quantum resistance technology can be smoothly transited to the traditional environment, so that the capability of the generated digital certificate for resisting future quantum computer attacks can be enhanced by using the traditional algorithm and the quantum resistance algorithm in a mixed way on the premise of not changing the traditional public key system, and the information transmission safety is effectively ensured.

2. In the method for combining the anti-quantum mixed certificate, the process of saving the anti-quantum signature result to the second extension item comprises the steps of firstly, constructing the second extension item in the primary digital certificate; then, encoding the byte array of the quantum signature resisting result into a second bit string according to a preset encoding mode; the second bit string is then saved to the constructed second extension. The technical means of encoding the anti-quantum signature result into the bit string and then storing the bit string can compress and normalize signature information, reduce the data scale of the signature and facilitate certificate storage and transmission. Meanwhile, the preset unified coding mode is adopted, so that certificates generated by different CA institutions adopt the same coding and storage format, the verification end can conveniently analyze and verify the signature, and the safety and interoperability of the certificates are improved. Therefore, the technical scheme for storing the encoded anti-quantum signature result in the extension item can generate a more standardized and efficient anti-quantum mixed certificate, and enhances the reliability and applicability of the whole certificate scheme.

3. In the method for combining quantum hybrid certificates, the first extension item and the second extension item may be set to be the same extension item. The design of combining the quantum-resistant encryption algorithm public key and the quantum-resistant signature result in one extension item can reduce the number of extension items in the certificate, reduce the data redundancy of the certificate, and enable the finally generated quantum-resistant mixed certificate to be smaller in size and higher in analysis efficiency. Meanwhile, the public key and the signature are combined in one extension item, so that the semantic meaning is more consistent, the public key and the signature can be more intuitively understood by a certificate user, and the user experience is improved. In addition, the same extension item is used for conveniently updating the public key and the signature result at the same time, so that certificate management is simplified. On the other hand, the public key and the signature can be arranged in different extension items according to the requirement, so that more flexibility is provided. Therefore, the design allows the public key and signature to be the same extension item, and the certificate format can be optimized, so that the finally generated quantum-resistant mixed certificate is more compact and efficient.

Drawings

FIG. 1 is a flow diagram of a method for quantum hybrid certificate resistant binding provided in one embodiment of the present application;

FIG. 2 is a schematic structural diagram of a combination system of quantum hybrid certificate resistant provided in one embodiment of the present application;

fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present application, but not all embodiments.

In the description of embodiments of the present application, words such as "for example" or "for example" are used to indicate examples, illustrations or descriptions. Any embodiment or design described herein as "such as" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "or" for example "is intended to present related concepts in a concrete fashion.

In the description of the embodiments of the present application, the term "plurality" means two or more. For example, a plurality of systems means two or more systems, and a plurality of screen terminals means two or more screen terminals. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating an indicated technical feature. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.

With the development of quantum computing technology, traditional public key cryptography algorithms (such as RSA and ECC) based on the large number decomposition problem and the discrete logarithm problem face the threat of rapid cracking of quantum computers. This will result in digital certificates that rely on these algorithms no longer being secure after the quantum computer appears. Therefore, a new quantum-resistant digital certificate scheme is urgently needed to ensure the security of information transmission.

However, the public key infrastructure digital certificate hierarchy, which is currently widely used with RSA and ECC algorithms, is difficult to be completely replaced in a short time. This is because PKI systems involve many aspects, such as CA institutions, operators, browser vendors, etc., that require a great deal of coordination to achieve algorithm switching. Meanwhile, the anti-quantum algorithm also needs a certain time to test and perfect.

Based on the above, the embodiment of the application provides a method, a system and an electronic device for combining anti-quantum hybrid certificates, wherein the method for combining the anti-quantum hybrid certificates receives a digital certificate request sent by a server, and the digital certificate request comprises an anti-quantum encryption algorithm public key; constructing a first extension item in the digital certificate, and storing the public key of the quantum-resistant encryption algorithm to the first extension item to obtain a preliminary digital certificate; inputting the public key of the anti-quantum encryption algorithm into a CA mechanism signature algorithm negotiated with a server to sign the public key of the anti-quantum encryption algorithm, so as to obtain an anti-quantum signature result; constructing a second extension item in the preliminary digital certificate, and storing the quantum-resistant signature result to the second extension item to obtain a target digital certificate; and sending the target digital certificate to the server. The method and the device can optimize the existing asymmetric algorithm certificate system to enable the existing asymmetric algorithm certificate system to have quantum attack resistance.

The technical scheme provided by the embodiment of the application is further described below with reference to the accompanying drawings.

Referring to fig. 1, fig. 1 is a flow chart of a method for combining quantum hybrid certificate according to an embodiment of the present application. The method of combining anti-quantum hybrid certificate is applied to a CA institution, and is performed by an electronic device or a processor in a readable storage medium, and includes steps S110, S120, S130, S140, and S150.

Step S110, a digital certificate request sent by a server is received, wherein the digital certificate request comprises an anti-quantum encryption algorithm public key.

In one embodiment, in the method of quantum hybrid certificate resistant integration, the CA authority needs to receive a digital certificate request sent by a server in order to generate a certificate for the server. In view of the threat of quantum computers to traditional public key algorithms, the server will include in the credential request an encrypted public key generated based on an anti-quantum algorithm, such as the public key of a CRYSTALS-Kyber, LATTICEL, HASH or CODE algorithm. This may ensure that the digital certificate obtained by the server contains the public key that is quantum secure. Upon receipt of the certificate request, the CA institution authenticates and validates the request, and only legitimate requests from trusted servers are accepted. The CA authority then extracts the quantum-resistant public key information in the certificate request for subsequent generation of a digital certificate containing the quantum-resistant public key. The method for binding the anti-quantum public key in the certificate request stage can enable the server to finish generation of the anti-quantum key and certificate application in advance, so that the anti-quantum secure digital certificate is rapidly owned after the CA organization approves the certification, and quantum computing threats are timely dealt with.

On the basis of the above embodiment, as an alternative embodiment, the digital certificate is a digital certificate conforming to the X509 format.

Specifically, when a digital certificate containing an anti-quantum algorithm public key and a signature is generated, a widely used X.509 certificate format is adopted, and the existing rich support system of X.509 can be utilized, so that the development and implementation process is simplified. X.509 is a popular public key certificate standard, and a large number of security verification schemes and matched software and hardware are already applied. If a new certificate format is directly constructed, a trust chain and ecology need to be reestablished, and the cost is too high. Whereas x.509 supports elastic extensions, anti-quantum public keys and signature information can be inserted in extension fields without modifying the certificate body. In addition, ASN.1 coding also facilitates the coding and optimization of anti-quantum key information.

Step S120, a first extension item is constructed in the digital certificate, and the quantum encryption algorithm resistant public key is stored in the first extension item, so that a preliminary digital certificate is obtained.

Specifically, after the anti-quantum encryption public key of the server is obtained, the CA institution needs to store it in the digital certificate. Considering that the currently mainstream certificate formats, such as x.509, do not have special fields to store the anti-quantum public key, the CA institution will add an extension to the existing certificate structure to store the anti-quantum public key. An extension named "qkpubkey" may be added, for example, for storing a bit string of the anti-quantum public key. By constructing the special extension, the anti-quantum public key can be issued together with the original certificate content such as the server identity and other information, and the core field of the certificate is not required to be changed, so that backward compatibility can be ensured. After the quantum-resistant public key is successfully saved in the new extension, the certificate inserted with the extension is the primary digital certificate. The quantum-resistant public key is written into the certificate in an extension way, so that the effect of smoothly migrating to the quantum-resistant certificate system is realized, the requirement of a server on quantum security resistance is met, the compatibility with the existing verification system is ensured, and the method can be used for achieving two purposes.

And step S130, inputting the public key of the anti-quantum encryption algorithm into a CA organization signing algorithm negotiated with the server to sign the public key of the anti-quantum encryption algorithm, and obtaining an anti-quantum signing result.

On the basis of the foregoing embodiment, as an optional embodiment, the storing the quantum cryptography resistant algorithm public key in the first extension includes:

Specifically, after obtaining the public key of the quantum cryptography resistant algorithm provided by the server, the CA institution needs to encode and process it for insertion into the certificate extension. The public key itself is a byte array containing a large amount of redundant information. To facilitate storage and transmission of the data size of the compressed public key, the CA mechanism may encode the public key byte array using a predetermined bit string encoding scheme, converting to a compact bit string. The coding mode is uniformly regulated and adopted by each CA organization so as to ensure that certificates issued by different CA organizations adopt a consistent public key coding mode. The CA mechanism then inserts the encoded bit string into the pre-constructed first extension for storage. The processing means for encoding the anti-quantum public key into the bit string can reduce the scale of the public key, and meanwhile, the interoperability is promoted by adopting a unified encoding mode, so that the verification terminal can analyze the public key conveniently, and the reliability and the applicability of the whole mixed certificate scheme are improved.

Illustratively, the asn.1 structure of the first extension defining PQKeyExtension is defined as follows:

PQKeyExtension := SEQUENCE {algorithm OBJECT IDENTIFIER，

pqPublicKey BIT STRING }

in the above structure, algorithm is used to identify a specific anti-quantum encryption algorithm, pqpublic key is used to represent a public key, and a byte array of the public key is encoded into a bit string type according to asn.1 and stored in an extension item.

On the basis of the above embodiment, as an alternative embodiment, the anti-quantum encryption algorithm identifier represents an anti-quantum encryption algorithm adopted to generate the public key of the anti-quantum encryption algorithm.

Specifically, when the server generates the public key of the anti-quantum encryption algorithm, the server needs to specify the type of the anti-quantum encryption algorithm adopted. For example, a lattice type encryption algorithm or a code type encryption algorithm may be employed. In order for the CA and the verifier to be able to clearly know the algorithm type of the public key, the server needs to carry an anti-quantum encryption algorithm identifier in the certificate request. The identification may be a string, e.g. "Lattice" means a Lattice-based encryption algorithm and "Hash" means a Hash-based encryption algorithm. The CA will insert this algorithm identification directly into the certificate extension or be hidden in some coded way in the public key when making the certificate. When the verification party verifies the certificate, the corresponding quantum-resistant algorithm type can be obtained through the algorithm identification, so that a proper verification mode is adopted, and the verification efficiency and the security are improved. Meanwhile, the identification is also convenient for an administrator to monitor the adoption trend of different anti-quantum algorithms. Therefore, the explicit anti-quantum encryption algorithm identification is set, so that the certificate can be used and managed more clearly and efficiently.

On the basis of the above embodiment, as an alternative embodiment, the CA institution signature algorithm includes: CRYSTALS-Dilithium algorithm, FALCON algorithm or SPHINCS+ algorithm.

Specifically, in order to improve the quantum attack resistance of the digital certificate, the CA institution needs to use a quantum security resistant signature algorithm when signing the content of the certificate. Among them, the CRYSTALS-Dilithium algorithm, the FALCON algorithm and the SPHINCS+ algorithm are all currently recognized signature algorithms that are resistant to quantum computing threats. The CA mechanism can realize maturity according to the security strength requirement and the algorithm, and one or more algorithms are selected to perform quantum-resistant signature on the certificate content. For example, the CA authority may preferentially generate anti-quantum signatures using the CRYSTALS-Dilithium algorithm that verifies more fully. Therefore, even if a quantum computer appears, the quantum signature resistant algorithms are extremely difficult to crack, and the integrity and the authentication of the certificate are not threatened. The standardized and widely verified quantum-resistant signature algorithm is adopted, so that uniform quantum-resistant signature schemes are adopted by different CA institutions, and interoperability is improved. In conclusion, the CA mechanism adopts an anti-quantum signature algorithm such as CRYSTALS-Dilithium and the like, so that the quantum cracking resistance of the generated digital certificate can be greatly improved, and the communication safety of users and infrastructure is ensured.

And step S140, constructing a second extension item in the preliminary digital certificate, and storing the quantum-signing-resisting result to the second extension item to obtain the target digital certificate.

Specifically, after obtaining a preliminary digital certificate with an anti-quantum public key inserted, the CA institution needs to further perform anti-quantum signing on the content of the certificate to prevent the certificate from being cracked by the quantum computer. The CA institution may sign the anti-quantum public key in the preliminary certificate using a pre-negotiated anti-quantum signature algorithm (e.g., sphincs+) to generate an anti-quantum signature value. The CA authority will then reconstruct an extension, e.g., named "qksign," in the preliminary certificate for storing the bit string of the anti-quantum signature value. This may avoid modifying the original signature field of the certificate, ensuring backward compatibility. After the quantum signature resisting result is stored in the newly added extension item, the digital certificate with the two extension items inserted becomes the target digital certificate. The certificate containing the classical signature and the quantum signature realizes the function of a mixed certificate, inherits the trust chain of the current system, and has the capability of resisting quantum computing attack.

On the basis of the foregoing embodiment, as an optional embodiment, the constructing a second extension in the preliminary digital certificate and placing the quantum-resistant signature result into the second extension includes:

S201, constructing a second extension item in the preliminary digital certificate;

in particular, after the CA institution obtains a preliminary digital certificate containing an anti-quantum public key, it is necessary to further enhance the anti-quantum security of the certificate. Original certificate signature algorithms such as SHA256 are at risk of being cracked by quantum algorithms. In order for a certificate to have both classical and anti-quantum signatures, the CA authority needs to reconstruct a special extension in the preliminary certificate to preserve the anti-quantum signature. This can avoid changing the existing certificate structure, ensuring compatibility with legacy systems. The CA organization may name the extension in a standardized manner, e.g., "qksign," indicating that this portion of the field is used to store an anti-quantum signature bit string. Constructing the newly added second extension provides a carrier for the subsequent insertion of the anti-quantum signature result, and also enables the verification terminal to identify the position of the anti-quantum signature.

S202, encoding the byte array of the anti-quantum signature result into a second bit string according to a preset encoding mode, and storing the second bit string into the second extension item.

Specifically, after a specific second extension is constructed, the CA authority needs to insert the anti-quantum signature result into the extension. The CA organization adopts a pre-negotiated anti-quantum signature algorithm (such as SPHINCS+) to sign the content of the primary certificate and outputs a signature value in a byte array format. The direct storage byte array has space redundancy, which is unfavorable for storage and transmission. For further optimization, the CA mechanism may encode the signature byte array in a uniformly specified encoding manner (e.g., base 64) to convert it into a compact bit string. The preset coding mode ensures that different CA institutions adopt a consistent quantum signature resistance representation method, and is convenient for verification end identification and verification. Finally, the CA mechanism puts the anti-quantum signature in the bit string format generated by encoding into a second expansion item constructed in advance for storage.

Exemplary, second extension definition

The asn.1 structure of pqsignature extension is defined as follows:

pqSignatureExtension BIT STRING

the pqSignature extension field contains the result of quantum-resistant signing on PQKeyExtension, and the signed result is stored in the extension item according to the ASN.1 coding into BIT STRING type by using the ASN.1 coding PQKeyExtension as input.

And step S150, the target digital certificate is sent to the server.

In one embodiment, the final step after the CA organization completes the generation of the target digital certificate, including the anti-quantum public key and the anti-quantum signature, is to send the certificate to the server that submitted the certificate request in the early stage. The CA institution needs to verify the identity of the server to ensure that the certificate is sent to the legitimate recipient. The CA institution may then send the target certificate file to the server via a secure transmission channel. After receiving the certificate, the server can install and deploy the certificate into a server program for enabling SSL/TLS secure connection based on the quantum-resistant algorithm. So far, the whole application and issuing process of the quantum hybrid certificate is completed. The method for sending the mixed certificate containing the anti-quantum public key and the signature to the server for use meets the requirement of the server for improving the communication safety on one hand, and can cope with the threat brought by quantum computing; on the other hand, the existing certificate distribution flow is not required to be changed, and the backward compatibility is ensured.

On the basis of the above embodiment, as an alternative implementation, the first extension item and the second extension item may be the same extension item or different extension items.

Specifically, when constructing a digital certificate including an anti-quantum public key and a signature, the public key and the signature result may be combined and inserted into the same extension item, i.e., the first extension item and the second extension item are set to be the same extension item. For example, a unified extension named "qk_info" contains both an anti-quantum public key bit string and a signature bit string. The design can reduce the number of extension items in the certificate, reduce the data redundancy, and the generated certificate has smaller volume and more efficient transmission and processing. Meanwhile, the method accords with the semantics and the use habit, and the public key and the signature are placed in one extension item, so that the user can understand and realize conveniently. In addition, the public key and signature information are also conveniently updated simultaneously.

As shown in fig. 2, embodiments of the present application provide a bonding system 100 that resists quantum mixing certificates,

The signature module 103 is configured to input the public key of the anti-quantum encryption algorithm into a CA signature algorithm negotiated with the server, so as to sign the public key of the anti-quantum encryption algorithm, and obtain an anti-quantum signature result;

Also to be described is: in the device provided in the above embodiment, when implementing the functions thereof, only the division of the above functional modules is used as an example, in practical application, the above functional allocation may be implemented by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to implement all or part of the functions described above. In addition, the embodiments of the apparatus and the method provided in the foregoing embodiments belong to the same concept, and specific implementation processes of the embodiments of the method are detailed in the method embodiments, which are not repeated herein.

The application also discloses electronic equipment. Referring to fig. 3, fig. 3 is a schematic structural diagram of an electronic device according to the disclosure in an embodiment of the present application. The electronic device 300 may include: at least one processor 301, at least one network interface 304, a user interface 303, a memory 305, at least one communication bus 302.

Wherein the communication bus 302 is used to enable connected communication between these components.

The user interface 303 may include a Display screen (Display), a camera (CA mechanism), and the optional user interface 303 may further include a standard wired interface, a wireless interface.

The network interface 304 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), among others.

Wherein the processor 301 may include one or more processing cores. The processor 301 utilizes various interfaces and lines to connect various portions of the overall server, perform various functions of the server and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 305, and invoking data stored in the memory 305. Alternatively, the processor 301 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 301 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 301 and may be implemented by a single chip.

The Memory 305 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (Read-Only Memory). Optionally, the memory 305 includes a non-transitory computer readable medium (non-transitory computer-readable storage medium). Memory 305 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 305 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the above-described respective method embodiments, etc.; the storage data area may store data or the like involved in the above respective method embodiments. Memory 305 may also optionally be at least one storage device located remotely from the aforementioned processor 301. Referring to fig. 3, an operating system, a network communication module, a user interface module, and an application program of a combination method of quantum hybrid certificate resistance may be included in a memory 305 as a computer storage medium.

In the electronic device 300 shown in fig. 3, the user interface 303 is mainly used for providing an input interface for a user, and acquiring data input by the user; and processor 301 may be used to invoke an application in memory 305 that stores a combination method of anti-quantum hybrid certificate, which when executed by one or more processors 301, causes electronic device 300 to perform the method as in one or more of the embodiments described above. It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required in the present application.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.

In the several embodiments provided herein, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, such as a division of units, merely a division of logic functions, and there may be additional divisions in actual implementation, such as multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some service interface, device or unit indirect coupling or communication connection, electrical or otherwise.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a memory, including several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned memory includes: various media capable of storing program codes, such as a U disk, a mobile hard disk, a magnetic disk or an optical disk.

The above are merely exemplary embodiments of the present disclosure and are not intended to limit the scope of the present disclosure. That is, equivalent changes and modifications are contemplated by the teachings of this disclosure, which fall within the scope of the present disclosure. Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure.

This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a scope and spirit of the disclosure being indicated by the claims.

Claims

1. A method of combining quantum hybrid certificates, applied to a CA institution, the method comprising:

and sending the target digital certificate to the server.

2. The method of claim 1, wherein the saving the public key of the anti-quantum cryptography algorithm to the first extension comprises:

3. The method for combining quantum hybrid certificates according to claim 1, wherein the constructing a second extension in the preliminary digital certificate and putting the quantum signature result into the second extension comprises:

constructing a second extension in the preliminary digital certificate;

4. The method of claim 1, wherein the CA-authority signature algorithm comprises: CRYSTALS-Dilithium algorithm, FALCON algorithm or SPHINCS+ algorithm.

5. The method of claim 2, wherein the anti-quantum cryptography algorithm identification represents an anti-quantum cryptography algorithm employed to generate an anti-quantum cryptography algorithm public key.

6. The method of claim 1, wherein the digital certificate is a digital certificate conforming to an X509 format.

7. The method of claim 1, wherein the first extension and the second extension may be the same extension or different extensions.

8. A system for combining quantum hybrid certificates, the system comprising:

the receiving module is used for receiving a digital certificate request sent by the server, wherein the digital certificate request comprises an anti-quantum encryption algorithm public key;

the primary certificate module is used for constructing a first extension item in the digital certificate, and storing the quantum encryption algorithm resistant public key to the first extension item to obtain a primary digital certificate;

the signing module is used for inputting the public key of the quantum-resistant encryption algorithm into a CA organization signing algorithm negotiated with the server so as to sign the public key of the quantum-resistant encryption algorithm and obtain an quantum-resistant signing result;

the digital certificate generation module is used for constructing a second extension item in the preliminary digital certificate, and storing the quantum-resistant signature result to the second extension item to obtain a target digital certificate;

And the sending module is used for sending the target digital certificate to the server.

9. An electronic device comprising a processor (301), a memory (305), a user interface (303), a communication bus (302) and a network interface (304), the processor (301), the memory (305), the user interface (303) and the network interface (304) being respectively connected to the communication bus (302), the memory (305) being for storing instructions, the user interface (303) and the network interface (304) being for communicating to other devices, the processor (301) being for executing the instructions stored in the memory (305) for causing the electronic device (300) to perform the method according to any one of claims 1-7.

10. A computer readable storage medium storing instructions which, when executed, perform the method of any one of claims 1-7.