CN117978388A - Method, apparatus, device, medium and program product for key generation - Google Patents

Method, apparatus, device, medium and program product for key generation Download PDF

Info

Publication number
CN117978388A
CN117978388A CN202410382157.9A CN202410382157A CN117978388A CN 117978388 A CN117978388 A CN 117978388A CN 202410382157 A CN202410382157 A CN 202410382157A CN 117978388 A CN117978388 A CN 117978388A
Authority
CN
China
Prior art keywords
ciphertext
node
vector
local
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410382157.9A
Other languages
Chinese (zh)
Other versions
CN117978388B (en
Inventor
宋一民
蔡超超
刘轩奇
刘卓涛
单进勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shudu Technology Co ltd
Original Assignee
Beijing Shudu Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shudu Technology Co ltd filed Critical Beijing Shudu Technology Co ltd
Priority to CN202410382157.9A priority Critical patent/CN117978388B/en
Priority claimed from CN202410382157.9A external-priority patent/CN117978388B/en
Publication of CN117978388A publication Critical patent/CN117978388A/en
Application granted granted Critical
Publication of CN117978388B publication Critical patent/CN117978388B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a method, a device, equipment, a medium and a program product for generating a secret key, which relate to the technical field of cryptography. The specific scheme comprises the following steps: receiving a first ciphertext and a second ciphertext sent by each second node, wherein the first ciphertext is obtained by encrypting a first vector by the second node, and the second ciphertext is obtained by encrypting a second vector by the second node; respectively carrying out summation processing on the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext; performing reduction processing on the product of the first vector ciphertext and the second vector ciphertext to obtain a target ciphertext; receiving a third vector component ciphertext transmitted by a second node; and generating a key based on the destination ciphertext, the third vector component ciphertext, and the local third vector component ciphertext. In this way, communication overhead between nodes in a multiparty communication scenario may be reduced.

Description

Method, apparatus, device, medium and program product for key generation
Technical Field
The present application belongs to the technical field of cryptography, and in particular, relates to a method, an apparatus, a device, a medium, and a program product for generating a key.
Background
The encryption of the data can be realized by utilizing the multiplication triplets to carry out various arithmetic operations on the data, thereby realizing the safety communication among multiple nodes in the communication network.
In a scene of multiparty communication, aiming at each node in the scene, the node needs to complete two communication rounds with another target node, namely, the node receives ciphertext sent by the target node and is a first communication round; the node sends the encrypted ciphertext to the target node as a second communication round.
Thus, in the scene of multiparty communication, each node needs to complete two communication rounds with other nodes except the node, and as the number of the nodes increases, the communication rounds also increase, and the cost of the communication rounds is high.
Disclosure of Invention
The embodiment of the application provides a method, a device, equipment, a medium and a program product for generating a secret key, which can reduce communication overhead among nodes in a multiparty communication scene.
In a first aspect, an embodiment of the present application provides a method for generating a key, applied to a first node in a communication network, the method including:
receiving a first ciphertext and a second ciphertext sent by each second node, wherein the first ciphertext is obtained by encrypting a first vector by the second node, the second ciphertext is obtained by encrypting a second vector by the second node, the second node is any node except the first node in the communication network, and the first vector and the second vector belong to a preset vector space;
Respectively carrying out summation processing on the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext;
Performing reduction processing on the product of the first vector ciphertext and the second vector ciphertext to obtain a target ciphertext;
Receiving a third vector component ciphertext transmitted by the second node, wherein the third vector component ciphertext is obtained by encrypting a locally generated third vector component by the second node;
And generating a key based on the target ciphertext, the third vector component ciphertext and a local third vector component ciphertext, wherein the local third vector component is obtained by the first node based on the target ciphertext.
In one possible implementation manner, the performing a reduction process on the product of the first vector ciphertext and the second vector ciphertext to obtain a destination ciphertext includes:
Acquiring a re-linearization public key;
and determining the product of the first vector ciphertext, the second vector ciphertext and the re-linearization public key as a target ciphertext.
In one possible implementation, before the obtaining the re-linearized public key, the method further comprises:
Acquiring synchronous random numbers and local random numbers, wherein the synchronous random numbers are the same random numbers in each node in the communication network, and the local random numbers are random numbers generated by the first node by using a local random number generator;
generating a first public key corresponding to the first node by using the synchronous random number and the local random number, and sending the first public key of the first node to the second node;
Receiving a first public key corresponding to the second node, which is sent by the second node, wherein the first public key corresponding to the second node is determined by the second node based on the synchronous random number and the local random number corresponding to the second node;
generating a second public key corresponding to the first node based on the first public key corresponding to the first node and the first public key corresponding to the second node;
Receiving a second public key corresponding to the second node, which is sent by the second node, wherein the second public key corresponding to the second node is determined by the second node based on the first public key of the first node;
And summing the second public key corresponding to the first node and the second public key corresponding to the second node to obtain a re-linearization public key.
In one possible implementation manner, before the summing processing is performed on the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext, the method further includes:
Acquiring a first synchronous random number, a first local random number, a preset scale factor and a private key;
And encrypting the local first vector and the local second vector by using the first synchronous random number, the first local random number, the preset scale factor and the private key to obtain the local first ciphertext and the local second ciphertext.
In one possible implementation manner, encrypting the local first vector and the local second vector by using the first synchronous random number, the first local random number, the preset scale factor and the private key to obtain the local first ciphertext and the local second ciphertext includes:
calculating the product of the private key and the first synchronous random number to obtain a first product;
calculating the product of the preset scale factor and the local first vector to obtain a second product;
Calculating the sum value of the second product and the first local random number to obtain a first sum value;
Taking the difference value of the first sum and the first product as the local first ciphertext;
calculating the product of the preset scale factor and the local second vector to obtain a third product;
Calculating the sum of the third multiplication and the first local random number to obtain a second sum;
and taking the difference value of the second sum value and the first product as the local second ciphertext.
In one possible implementation, the destination ciphertext includes a first value and a second value; before the generating a key based on the destination ciphertext, the third vector component ciphertext, and the local third vector component ciphertext, the method further comprises:
acquiring a private key and a second local random number corresponding to the first node;
Calculating the product of the private key corresponding to the first node and the second value to obtain a fourth product;
and summing the fourth product and the second local random number to obtain the local third vector component ciphertext.
In one possible implementation manner, the generating a key based on the destination ciphertext, the third vector component ciphertext, and a local third vector component ciphertext includes:
summing the local third vector component ciphertext and the received third vector component ciphertext to obtain a third sum value;
Summing the first value and the third sum value to obtain a third vector ciphertext;
and decrypting the third vector ciphertext by using the private key corresponding to the first node to obtain the secret key.
In a second aspect, the present application provides an apparatus for key generation for use in a first node in a communication network, the apparatus comprising:
The receiving module is used for receiving a first ciphertext and a second ciphertext sent by each second node, wherein the first ciphertext is obtained by encrypting a first vector by the second node, the second ciphertext is obtained by encrypting a second vector by the second node, the second node is any node except the first node in the communication network, and the first vector and the second vector belong to a preset vector space;
The summing module is used for respectively summing the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext;
the reducing module is used for reducing the product of the first vector ciphertext and the second vector ciphertext to obtain a target ciphertext;
the receiving module is further configured to receive a third vector component ciphertext sent by the second node, where the third vector component ciphertext is obtained by encrypting a third vector component generated locally by the second node;
The generation module is used for generating a secret key based on the target ciphertext, the third vector component ciphertext and a local third vector component ciphertext, wherein the local third vector component is obtained by the first node based on the target ciphertext.
In a third aspect, the present application provides an electronic device, the device comprising: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements the method according to any one of the first aspects.
In a fourth aspect, the present application provides a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement a method according to any of the first aspects.
In a fifth aspect, the application provides a computer program product, instructions in which, when executed by a processor of an electronic device, cause the electronic device to perform the method according to any of the first aspects.
The method, the device, the equipment, the medium and the program product for generating the secret key in the embodiment of the application are used for receiving a first ciphertext and a second ciphertext which are transmitted by any node except the first node in the communication network aiming at the first node in the communication network. Thus, the first node can receive the first ciphertext and the second ciphertext transmitted by each node except the first node in the communication network, that is, each first node can receive the ciphertext of other nodes except the first node in the communication network, so that the situation that each pair of participants need to transmit the first ciphertext and the second ciphertext to the communication party once in a multiparty communication scene is avoided. As participants increase, the communication turn decreases. And then, respectively carrying out summation processing on the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext, and then carrying out reproducibility processing on the product of the first vector ciphertext and the second vector ciphertext to obtain the target ciphertext. And receiving a third vector component ciphertext transmitted by the second nodes, wherein the third vector component generated by each second node can form a third vector, namely a key. The received third vector component ciphertext and the local third vector component ciphertext are then decrypted using the destination ciphertext, thereby generating the key. In this way, by means of disclosure of ciphertext, each node in the communication network may obtain the first ciphertext and the second ciphertext of other nodes than the node. And receiving a third vector component ciphertext of a node other than the node prior to generating the key, thereby generating the key. The first node and the plurality of second nodes are prevented from being communicated independently, and communication rounds among the nodes in a multiparty communication scene are reduced.
Drawings
In order to more clearly illustrate the technical solution of the embodiments of the present application, the drawings that are needed to be used in the embodiments of the present application will be briefly described, and it is possible for a person skilled in the art to obtain other drawings according to these drawings without inventive effort.
FIG. 1 is a flow chart of a method of key generation provided by one embodiment of the present application;
FIG. 2 is a flow chart of a method for vector encryption according to an embodiment of the present application;
FIG. 3 is a flow diagram of a method for re-linearization public key generation provided by one embodiment of the application;
FIG. 4 is a schematic diagram of an apparatus for generating a key according to another embodiment of the present application;
Fig. 5 is a schematic structural diagram of an electronic device according to another embodiment of the present application.
Detailed Description
Features and exemplary embodiments of various aspects of the present application will be described in detail below, and in order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described in further detail below with reference to the accompanying drawings and the detailed embodiments. It should be understood that the particular embodiments described herein are meant to be illustrative of the application only and not limiting. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the application by showing examples of the application.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In a multiparty communication scenario, the multiplication triplets in each party are generated based on a two-party multiplication triplet generation protocol, and after each party executes the two-party multiplication triplet generation protocol, three values are generated, respectivelyWherein/>Belonging to the modulo-t integer set/>. And, per party generated/>Sum of (2) and generated per participant/>The product of the sum of values is equal to the/>, generated by each participantSum of (d) and (d).
Typically, the multiplication triples are generated in bulk, i.e. per partyIs composed of multiple vectors,/>Is composed of multiple vectorsIs composed of a plurality of vectors. I.e.. And satisfy the following. Wherein/>Is element-by-element multiplication.
The following describes a conventional multiplicative triplet generation method taking party a and party B in a multiparty communication scenario as examples:
party A random generation Participant B randomly generated/>Participant B pair/>After encryption, the encrypted/>And sending the secret sharing result to the party A, wherein the party A calculates the secret sharing of the cross terms according to the following formula (1):
formula (1)
Wherein in formula (1)For encrypted/>
Calculated by party AThereafter, the calculated/>Is sent to party B so that party a and party B can both calculate/>, based on equation (2)
Formula (2)
In summary, each pair of parties needs to complete two communication rounds to obtain a complete multiplication triplet, so as to increase the number of parties in a multiparty communication scene, the communication overhead in the scene is larger.
In order to solve the problems in the prior art, embodiments of the present application provide a method, apparatus, device, medium, and program product for generating a key.
It should be noted that the present application uses the BFV cryptosystem as the underlying cryptosystem, which includes a plaintext modulusCiphertext modulus/>Scale factor/>Polynomial degree/>And decomposing the substrate/>Equal parameters, and the cryptographic system specifies a uniform distribution/>Three-value distribution/>Abbreviated as/>And noise distribution/>. The method for generating the key provided by the embodiment of the application is described below in connection with the cryptographic system.
Fig. 1 is a flow chart of a method for generating a key according to an embodiment of the present application. The method is applied to a first node in a communication network. As shown in fig. 1, the method includes:
S101, receiving a first ciphertext and a second ciphertext which are sent by each second node.
The first ciphertext is obtained by encrypting the first vector by a second node, the second ciphertext is obtained by encrypting the second vector by the second node, the second node is any node except the first node in the communication network, and the first vector and the second vector belong to a preset vector space.
The space of the preset vector is,/>N-dimensional vector being modulo t integer, each node randomly generates a vector belonging to/>Is a first vector and a second vector.
In one embodiment, the second node may convert the first vector and the second vector to a form of a polynomial after generating the first vector and the second vector.
In addition, each node in the communication network encrypts the first vector and the second vector which are generated locally, and the first ciphertext and the second ciphertext obtained after local encryption are disclosed to other nodes in the communication network, namely, for each node in the communication network, the first ciphertext and the second ciphertext corresponding to each node in the communication network are stored in the node.
S102, respectively summing the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext.
Specifically, the first node performs accumulation and summation on a first ciphertext obtained after local first vector encryption and a received first ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext; similarly, the first node performs accumulation and summation on the second ciphertext obtained after the local second vector encryption and the received second ciphertext to obtain a second vector ciphertext corresponding to the second ciphertext.
In one embodiment, after each node in the communication network receives the first ciphertext and the second ciphertext transmitted by other nodes except the node, the first vector ciphertext and the second vector ciphertext can be calculated, and the calculated first vector ciphertext and second vector ciphertext are disclosed to other nodes in the communication network, so that each node in the communication network stores the first vector ciphertext and the second vector ciphertext.
S103, performing reduction processing on the product of the first vector ciphertext and the second vector ciphertext to obtain a target ciphertext.
The reduction processing refers to the fact that the product result of the first vector ciphertext and the second vector ciphertext accords with the preset polynomial quantity of a preset password system.
In one example, the product of the first vector ciphertext and the second vector ciphertext is 3 polynomials, and the number of the polynomials preset by the BFV cryptographic system is 2, so that the 3 polynomials can be processed into 2 polynomials through a reduction process.
It can be appreciated that since each node in the communication network stores the first vector ciphertext and the second vector ciphertext, each node can calculate the same destination ciphertext.
S104, receiving a third vector component ciphertext sent by the second node.
The third vector component ciphertext is obtained by encrypting a locally generated third vector component by the second node by using the target ciphertext.
Each second node in the communication network holds a third vector component, which is part of the key. I.e. the keys of the first node are dispersed in each second node.
S105, generating a key based on the target ciphertext, the third vector component ciphertext and the local third vector component ciphertext, wherein the local third vector component is obtained by the first node based on the target ciphertext.
The third vector component ciphertext and the local third vector component ciphertext are obtained by encrypting the local third vector component corresponding to the node by the node through the destination ciphertext. Thus, the third component ciphertext and the local third component ciphertext may be decrypted using the destination ciphertext to generate the key.
By adopting the method, aiming at the first node in the communication network, the first ciphertext and the second ciphertext which are sent by any node except the first node in the communication network are received. Thus, the first node can receive the first ciphertext and the second ciphertext transmitted by each node except the first node in the communication network, that is, each first node can receive the ciphertext of other nodes except the first node in the communication network, so that the situation that each pair of participants need to transmit the first ciphertext and the second ciphertext to the communication party once in a multiparty communication scene is avoided. As participants increase, the communication turn decreases. And then, respectively carrying out summation processing on the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext, and then carrying out reproducibility processing on the product of the first vector ciphertext and the second vector ciphertext to obtain the target ciphertext. And receiving a third vector component ciphertext transmitted by the second nodes, wherein the third vector component generated by each second node can form a third vector, namely a key. The received third vector component ciphertext and the local third vector component ciphertext are then decrypted using the destination ciphertext, thereby generating the key. In this way, by means of disclosure of ciphertext, each node in the communication network may obtain the first ciphertext and the second ciphertext of other nodes than the node. And receiving a third vector component ciphertext of a node other than the node prior to generating the key, thereby generating the key. The first node and the plurality of second nodes are prevented from being communicated independently, and communication rounds among the nodes in a multiparty communication scene are reduced.
It should be noted that, before the first node performs the summation processing on the received first ciphertext and the received second ciphertext, the first node calculates the local first ciphertext and the local second ciphertext, that is, the first node encrypts the local first vector and the local second vector. As shown in fig. 2. The method can be concretely realized as follows:
s201, a first synchronous random number, a first local random number, a preset scale factor and a private key are obtained.
S202, encrypting the local first vector and the local second vector by using the first synchronous random number, the first local random number, the preset scale factor and the private key respectively to obtain a local first ciphertext and a local second ciphertext.
Wherein the first synchronous random number is generated by each node in the communication network based on the same random number generator.
Specifically, each node may be provided with the same random number generator, or after a certain node in the communication network generates a random number by using the random number generator, the random number is used as a first synchronous random number to be synchronized to other nodes in the communication network, so that each node in the communication network stores the first synchronous random number.
Wherein the first local random number is randomly generated by each node using a locally stored random number generator. The first local random number in each node is different.
The preset scale factor is empirically set. Taking the BFV cryptographic system in the above embodiment as an example, the preset scale factor is the above scale factor
For S202, the local first vector and the local second vector are encrypted by using the first synchronous random number, the first local random number, the preset scale factor and the private key to obtain a local first ciphertext and a local second ciphertext, and how to encrypt to obtain the local first ciphertext and the local second ciphertext is described in detail below, which specifically includes steps 1 to 7:
and step1, calculating the product of the private key and the first synchronous random number to obtain a first product.
And step 2, calculating the product of the preset scaling factor and the local first vector to obtain a second product.
And step 3, calculating the sum of the second product and the first local random number to obtain a first sum.
And 4, taking the difference value of the first sum value and the first product as a local first ciphertext.
And 5, calculating the product of the preset scaling factor and the local second vector to obtain a third product.
And step 6, calculating the sum of the third multiplication and the first local random number to obtain a second sum.
And 7, taking the difference value of the second sum value and the first product as a local second ciphertext.
Specifically, the calculation formula of the local first ciphertext or the local second ciphertext is as follows:
Formula (3)
Wherein,Is a local first ciphertext or a local second ciphertext,/>For presetting scale factor,/>Representing a first vector or a second vector,/>For the first synchronous random number,/>Is a first local random number.
It should be noted that, a method for encrypting the local first vector and the local second vector by the second node in the communication network is the same as a method for calculating the local first ciphertext and the local second ciphertext by the first node, which is not described herein.
By adopting the method provided by the embodiment, the local first vector is encrypted by using the acquired first synchronous random number, the first local random number, the preset scale factor and the private key corresponding to the node, so that the difficulty of cracking the first vector and the second vector is improved, and the safety of the communication network is improved.
Correspondingly, the step S102 is to sum the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext, and specifically, the first vector ciphertext and the second vector ciphertext may be obtained by calculating the following formulas:
Formula (4)
Wherein,Representing either the first vector ciphertext or the second vector ciphertext,/>Representing that the first node performs summation processing on the local first ciphertext and the received first ciphertext; or the local second ciphertext and the received second ciphertext are summed. /(I)Can be used/>And (3) representing. Wherein/>
After the first vector ciphertext and the second vector ciphertext are obtained through calculation, the product of the first vector ciphertext and the second vector ciphertext is subjected to reduction processing to obtain a target ciphertext, which can be implemented as follows:
a re-linearized public key is obtained. And determining the product of the first vector ciphertext, the second vector ciphertext and the re-linearization public key as a target ciphertext.
It will be appreciated that, taking the BFV cryptosystem as an example, the ciphertext space of the cryptosystem isThe value of k can be empirically set. The first vector ciphertext and the second vector ciphertext obtained through calculation meet the ciphertext space requirement, however, after the first vector ciphertext and the second vector ciphertext are subjected to multiplication operation, the number of polynomials included in the ciphertext is increased, that is, the number of polynomials included in the ciphertext obtained after the multiplication operation may be larger than the k value. Therefore, the result obtained by calculation needs to be reduced by utilizing the re-linearization public key so as to make the target ciphertext meet the ciphertext space requirement.
The process of generating the re-linearized public key is described below, and as shown in fig. 3, before the obtaining the re-linearized public key, the method further includes:
S301, acquiring a synchronous random number and a local random number.
Wherein the synchronous random number is the same random number in each node in the communication network, and the local random number is a random number generated by the first node by using a local random number generator. The local random number includes a plurality of.
In one example, the synchronous random number belongs to the uniformly distributed space defined by the BFV cryptosystem. The embodiment of the application does not limit the space of the synchronous random number.
And can be defined in the BFV cryptosystem described aboveIs randomly generated with a local random number/>In the noise distribution space/>Randomly generating two local random numbers, denoted/>, respectively
S302, generating a first public key corresponding to the first node by using the synchronous random number and the local random number, and sending the first public key of the first node to the second node.
Continuing the above example, generating a first public key corresponding to the first node using the local random number and the synchronous random number:
Formula (5)
Wherein,Representing a first public key,/>Is the private key corresponding to the first node.
It should be noted that, after each node in the communication network calculates the first public key, the first public key obtained by local calculation is publicly synchronized to other nodes in the communication network. In this way, when a node in the network fails, other nodes may continue to calculate the re-linearized public key according to the first public key that was synchronized before the failed node.
S303, receiving a first public key corresponding to the second node sent by the second node.
The first public key corresponding to the second node is determined by the second node based on the synchronous random number and the local random number corresponding to the second node.
The method for generating the first public key by the second node is the same as the method for generating the public key by the first node, and will not be described here again.
S304, generating a second public key corresponding to the first node based on the first public key corresponding to the first node and the first public key corresponding to the second node.
The first node performs summation processing on the locally generated first public key and the received second public key. A local random number is generated using a local random number generator. And calculating to obtain a second public key by using the summation processing result and the local random number.
In one example, the first public key is summed according to the following formula:
Formula (6)
Formula (7)
Then a local random number generator is utilized to generate a local random number belonging to the noise distribution
Obtaining a second public key by using the local random number and the summation processing result, as shown in a formula (8):
Formula (8)
It should be noted that, after each node in the communication network calculates to obtain the second public key corresponding to the node, the calculated second public key is publicly synchronized to other nodes in the communication network.
S305, receiving a second public key corresponding to the second node sent by the second node.
The second public key corresponding to the second node is determined by the second node based on the first public key of the first node.
S306, summing the second public key corresponding to the first node and the second public key corresponding to the second node to obtain a re-linearization public key.
After each node in the communication network completes synchronization of the second public keys, each node in the communication network stores the second public keys of all nodes, so that the first node can sum the second public keys stored in the nodes to obtain the re-linearization public keys. Specifically as shown in formula (9):
Formula (9)
Wherein,Representing a re-linearized public key,/>,/>
After the first node calculates the first public key and the second public key, the first node discloses the calculated first public key and second public key to the second node in the communication network. Namely, each node stores a first public key and a second public key corresponding to all the nodes. In this way, each node in the communication network can calculate the re-linearization public key, and in the process of calculating the re-linearization public key, the security of calculating the re-linearization public key is improved by generating the re-linearization public key by using the private key and a plurality of random number pairs.
In some embodiments of the present application, before generating the key in S105, based on the destination ciphertext, the third vector component ciphertext, and the local third vector component ciphertext, the method further includes: the first node calculates a local third vector component ciphertext.
The destination secret generated in this embodiment may include a first value and a second value. In one example, the destination ciphertext includes a polynomialAnd/>The first value is/>The second value is/>
The specific process of the first node for calculating the local third vector component ciphertext comprises the following steps: and acquiring a private key corresponding to the first node and a second local random number. And calculating the product of the private key corresponding to the first node and the second value to obtain a fourth product. And summing the fourth product and the second local random number to obtain a local third vector component ciphertext.
Wherein the first node generates a second local random number using a local random number generator belonging to the noise distribution space defined by the BFV cryptographic system described above.
Specifically, the local third vector component ciphertext may be calculated according to the following formula (10):
Formula (10)
Wherein,Representing a local third vector component ciphertext,/>Is the private key of the first node,/>Is a second local random number.
In addition, a second node except the first node in the communication network calculates a third vector component ciphertext corresponding to the second node, and then synchronously sends the calculated third vector component ciphertext to the first node. Based on this, the second node calculates a third vector component ciphertext as follows:
And calculating the product of the private key and the second value to obtain a fourth product. And calculating the product of the preset scaling factor and the third vector component to obtain a fifth product. And calculating the sum of the fourth product and the second local random number to obtain a first sum. And calculating the difference value of the first sum value and the fifth product to obtain a third vector component ciphertext.
It should be noted that the third vector component is a vector that each second node randomly generates and belongs to a preset space. Wherein the preset space is,/>Is an empirically set m-dimensional vector of modulo-t integers. The third vector component randomly generated by the packet in each second node is part of a third vector, which is the key of the first node. I.e. the third vector component randomly generated by each second node is part of the first node key. Therefore, a part of keys of the first node are stored in each second node, so that the cracking difficulty of an attacker is increased, and the safety of the communication network can be improved.
Specifically, the second node may calculate the third vector component ciphertext according to the following formula (11):
formula (11)
Wherein,Is a third vector component ciphertext,/>For the private key corresponding to the second node,/>Second local random number generated for the second node using a local random number generator,/>Is a third vector component.
It should be noted that each node in the communication network may be a first node or a second node. When each node in the communication network can be used as a first node, calculating a local third vector component ciphertext through the method for calculating the local third vector component ciphertext, and receiving the third vector component ciphertext sent by a second node; meanwhile, the method for generating the third vector component ciphertext can also be used as a second node, and the generated third vector component ciphertext is sent to the first node in the communication network.
After the first node generates the local third vector, the key may be generated based on the destination ciphertext, the third vector component ciphertext, and the local third vector component ciphertext, which may be specifically implemented as:
summing the local third vector component ciphertext and the received third vector component ciphertext to obtain a third sum value; summing the first value and the third sum value to obtain a third vector ciphertext; and decrypting the third vector ciphertext by using the private key corresponding to the first node to obtain the key.
In one example, the destination ciphertextThe first value is/>The second value is/>Then the third vector ciphertext is/>. Wherein/>Is the third vector ciphertext.
By adopting the method provided by the embodiment of the application, the third vector component ciphertext is obtained by encrypting the third vector component by using a plurality of random numbers. Therefore, the security of the third vector component ciphertext is improved. And the keys of the first node are dispersed in each second node, so that an attacker can acquire the complete key of the first node only by cracking all the second nodes at the same time, the difficulty of cracking the key of the first node is improved, and the safety of the communication network is improved.
Based on the same conception, an embodiment of the present application provides an apparatus for generating a key, which is applied to a first node in a communication network, as shown in fig. 4, and includes:
The receiving module 401 is configured to receive a first ciphertext and a second ciphertext sent by each second node, where the first ciphertext is obtained by encrypting a first vector by a second node, the second ciphertext is obtained by encrypting a second vector by a second node, the second node is any node in the communication network except the first node, and the first vector and the second vector belong to a preset vector space;
the summing module 402 is configured to sum the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext;
The reduction module 403 is configured to perform reduction processing on the product of the first vector ciphertext and the second vector ciphertext to obtain a target ciphertext;
the receiving module 401 is further configured to receive a third vector component ciphertext sent by the second node, where the third vector component ciphertext is obtained by encrypting a locally generated third vector component by the second node;
the generating module 404 is configured to generate a key based on the destination ciphertext, the third vector component ciphertext, and the local third vector component ciphertext, where the local third vector component is obtained by the first node based on the destination ciphertext.
In one possible implementation, the step-down module 403 is specifically configured to:
Acquiring a re-linearization public key;
And determining the product of the first vector ciphertext, the second vector ciphertext and the re-linearization public key as a target ciphertext.
In one possible implementation, the apparatus further includes an acquisition module;
The acquisition module is used for acquiring synchronous random numbers and local random numbers, wherein the synchronous random numbers are the same random numbers in each node in the communication network, and the local random numbers are random numbers generated by the first node by using a local random number generator;
the generating module 404 is further configured to generate a first public key corresponding to the first node by using the synchronous random number and the local random number, and send the first public key of the first node to the second node;
the receiving module 401 is further configured to receive a first public key corresponding to a second node sent by the second node, where the first public key corresponding to the second node is determined by the second node based on the synchronous random number and a local random number corresponding to the second node;
The generating module 404 is further configured to generate a second public key corresponding to the first node based on the first public key corresponding to the first node and the first public key corresponding to the second node;
The receiving module 401 is further configured to receive a second public key corresponding to a second node sent by the second node, where the second public key corresponding to the second node is determined by the second node based on the first public key of the first node;
the summing module 402 is further configured to sum the second public key corresponding to the first node and the second public key corresponding to the second node to obtain a re-linearized public key.
In one possible implementation, the apparatus further includes an encryption module;
The acquisition module is also used for acquiring the first synchronous random number, the first local random number, a preset scale factor and a private key;
And the encryption module is used for encrypting the local first vector and the local second vector by using the first synchronous random number, the first local random number, the preset scale factor and the private key respectively to obtain a local first ciphertext and a local second ciphertext.
In one possible implementation, the encryption module is specifically configured to:
calculating the product of the private key and the first synchronous random number to obtain a first product;
calculating the product of a preset scale factor and a local first vector to obtain a second product;
calculating the sum of the second product and the first local random number to obtain a first sum;
taking the difference value of the first sum and the first product as a local first ciphertext;
calculating the product of a preset scale factor and a local second vector to obtain a third product;
calculating the sum of the third multiplication and the first local random number to obtain a second sum;
and taking the difference value of the second sum and the first product as a local second ciphertext.
In one possible implementation, the destination ciphertext includes a first value and a second value; the apparatus also includes a computing module;
The acquisition module is also used for acquiring a private key corresponding to the first node and a second local random number;
the computing module is used for computing the product of the private key corresponding to the first node and the second value to obtain a fourth product;
The summing module 402 is further configured to sum the fourth product and the second local random number to obtain a local third vector component ciphertext.
In one possible implementation, the generating module 404 is specifically configured to:
Summing the local third vector component ciphertext and the received third vector component ciphertext to obtain a third sum value;
summing the first value and the third sum value to obtain a third vector ciphertext;
and decrypting the third vector ciphertext by using the private key corresponding to the first node to obtain the key.
The modules/units in the apparatus shown in fig. 4 have functions of implementing the steps in fig. 1, and achieve corresponding technical effects, which are not described herein for brevity.
Fig. 5 shows a schematic hardware structure of an electronic device according to an embodiment of the present application.
A processor 501 and a memory 502 storing computer program instructions may be included in an electronic device.
In particular, the processor 501 may include a Central Processing Unit (CPU), or an Application SPECIFIC INTEGRATED Circuit (ASIC), or may be configured as one or more integrated circuits that implement embodiments of the present application.
Memory 502 may include mass storage for data or instructions. By way of example, and not limitation, memory 502 may comprise a hard disk drive (HARD DISK DRIVE, HDD), floppy disk drive, flash memory, optical disk, magneto-optical disk, magnetic tape, or universal serial bus (Universal Serial Bus, USB) drive, or a combination of two or more of the foregoing. Memory 502 may include removable or non-removable (or fixed) media, where appropriate. Memory 502 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 502 is a non-volatile solid state memory.
The memory may include Read Only Memory (ROM), random Access Memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions and when the software is executed (e.g., by one or more processors) it is operable to perform the operations described with reference to methods in accordance with aspects of the present disclosure.
The processor 501 implements the method of any one of the above embodiments by reading and executing the computer program instructions stored in the memory 502.
In one example, the electronic device may also include a communication interface 503 and a bus 504. As shown in fig. 5, the processor 501, the memory 502, and the communication interface 503 are connected to each other via the bus 504 and perform communication with each other.
The communication interface 503 is mainly used to implement communication between each module, apparatus, unit and/or device in the embodiments of the present application.
Bus 504 includes hardware, software, or both that couple components of the electronic device to each other. By way of example, and not limitation, the buses may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a HyperTransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a micro channel architecture (MCa) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus, or a combination of two or more of the above. Bus 504 may include one or more buses, where appropriate. Although embodiments of the application have been described and illustrated with respect to a particular bus, the application contemplates any suitable bus or interconnect.
In addition, in combination with the method for generating the key in the above embodiment, the embodiment of the present application may be implemented by providing a computer storage medium. The computer storage medium has stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement a method of key generation in any of the above embodiments.
In connection with the method of key generation in the above embodiments, embodiments of the present application may provide a computer program product, instructions in which, when executed by a processor of an electronic device, cause the electronic device to perform the method of any one of the above embodiments.
It should be understood that the application is not limited to the particular arrangements and instrumentality described above and shown in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. The method processes of the present application are not limited to the specific steps described and shown, but various changes, modifications and additions, or the order between steps may be made by those skilled in the art after appreciating the spirit of the present application.
The functional blocks shown in the above-described structural block diagrams may be implemented in hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave. A "machine-readable medium" may include any medium that can store or transfer information. Examples of machine-readable media include electronic circuitry, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and the like. The code segments may be downloaded via computer networks such as the internet, intranets, etc.
It should also be noted that the exemplary embodiments mentioned in this disclosure describe some methods or systems based on a series of steps or devices. The present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, or may be performed in a different order from the order in the embodiments, or several steps may be performed simultaneously.
Aspects of the present disclosure are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to being, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware which performs the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the foregoing, only the specific embodiments of the present application are described, and it will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the systems, modules and units described above may refer to the corresponding processes in the foregoing method embodiments, which are not repeated herein. It should be understood that the scope of the present application is not limited thereto, and any equivalent modifications or substitutions can be easily made by those skilled in the art within the technical scope of the present application, and they should be included in the scope of the present application.

Claims (11)

1. A method of key generation for a first node in a communication network, the method comprising:
receiving a first ciphertext and a second ciphertext sent by each second node, wherein the first ciphertext is obtained by encrypting a first vector by the second node, the second ciphertext is obtained by encrypting a second vector by the second node, the second node is any node except the first node in the communication network, and the first vector and the second vector belong to a preset vector space;
Respectively carrying out summation processing on the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext;
Performing reduction processing on the product of the first vector ciphertext and the second vector ciphertext to obtain a target ciphertext;
Receiving a third vector component ciphertext transmitted by the second node, wherein the third vector component ciphertext is obtained by encrypting a locally generated third vector component by the second node;
And generating a key based on the target ciphertext, the third vector component ciphertext and a local third vector component ciphertext, wherein the local third vector component is obtained by the first node based on the target ciphertext.
2. The method of claim 1, wherein the performing a reduction process on the product of the first vector ciphertext and the second vector ciphertext to obtain a destination ciphertext comprises:
Acquiring a re-linearization public key;
and determining the product of the first vector ciphertext, the second vector ciphertext and the re-linearization public key as a target ciphertext.
3. The method of claim 2, wherein prior to the obtaining the re-linearized public key, the method further comprises:
Acquiring synchronous random numbers and local random numbers, wherein the synchronous random numbers are the same random numbers in each node in the communication network, and the local random numbers are random numbers generated by the first node by using a local random number generator;
generating a first public key corresponding to the first node by using the synchronous random number and the local random number, and sending the first public key of the first node to the second node;
Receiving a first public key corresponding to the second node, which is sent by the second node, wherein the first public key corresponding to the second node is determined by the second node based on the synchronous random number and the local random number corresponding to the second node;
generating a second public key corresponding to the first node based on the first public key corresponding to the first node and the first public key corresponding to the second node;
Receiving a second public key corresponding to the second node, which is sent by the second node, wherein the second public key corresponding to the second node is determined by the second node based on the first public key of the first node;
And summing the second public key corresponding to the first node and the second public key corresponding to the second node to obtain a re-linearization public key.
4. The method of claim 1, wherein prior to summing the received first ciphertext and second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext, respectively, the method further comprises:
Acquiring a first synchronous random number, a first local random number, a preset scale factor and a private key;
And encrypting the local first vector and the local second vector by using the first synchronous random number, the first local random number, the preset scale factor and the private key to obtain the local first ciphertext and the local second ciphertext.
5. The method of claim 4, wherein encrypting the local first vector and the local second vector with the first synchronous random number, the first local random number, the predetermined scale factor, and the private key, respectively, to obtain the local first ciphertext and the local second ciphertext, comprises:
calculating the product of the private key and the first synchronous random number to obtain a first product;
calculating the product of the preset scale factor and the local first vector to obtain a second product;
Calculating the sum value of the second product and the first local random number to obtain a first sum value;
Taking the difference value of the first sum and the first product as the local first ciphertext;
calculating the product of the preset scale factor and the local second vector to obtain a third product;
Calculating the sum of the third multiplication and the first local random number to obtain a second sum;
and taking the difference value of the second sum value and the first product as the local second ciphertext.
6. The method of claim 1, wherein the destination ciphertext comprises a first value and a second value; before the generating a key based on the destination ciphertext, the third vector component ciphertext, and the local third vector component ciphertext, the method further comprises:
acquiring a private key and a second local random number corresponding to the first node;
Calculating the product of the private key corresponding to the first node and the second value to obtain a fourth product;
and summing the fourth product and the second local random number to obtain the local third vector component ciphertext.
7. The method of claim 6, wherein the generating a key based on the destination ciphertext, the third vector component ciphertext, and a local third vector component ciphertext comprises:
summing the local third vector component ciphertext and the received third vector component ciphertext to obtain a third sum value;
Summing the first value and the third sum value to obtain a third vector ciphertext;
and decrypting the third vector ciphertext by using the private key corresponding to the first node to obtain the secret key.
8. An apparatus for key generation for use with a first node in a communication network, the apparatus comprising:
The receiving module is used for receiving a first ciphertext and a second ciphertext sent by each second node, wherein the first ciphertext is obtained by encrypting a first vector by the second node, the second ciphertext is obtained by encrypting a second vector by the second node, the second node is any node except the first node in the communication network, and the first vector and the second vector belong to a preset vector space;
The summing module is used for respectively summing the received first ciphertext and the received second ciphertext to obtain a first vector ciphertext corresponding to the first ciphertext and a second vector ciphertext corresponding to the second ciphertext;
the reducing module is used for reducing the product of the first vector ciphertext and the second vector ciphertext to obtain a target ciphertext;
the receiving module is further configured to receive a third vector component ciphertext sent by the second node, where the third vector component ciphertext is obtained by encrypting a third vector component generated locally by the second node;
The generation module is used for generating a secret key based on the target ciphertext, the third vector component ciphertext and a local third vector component ciphertext, wherein the local third vector component is obtained by the first node based on the target ciphertext.
9. An electronic device, the device comprising: a processor and a memory storing computer program instructions;
The processor, when executing the computer program instructions, implements the method of any of claims 1-7.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon computer program instructions, which when executed by a processor, implement the method according to any of claims 1-7.
11. A computer program product, characterized in that instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to perform the method of any of claims 1-7.
CN202410382157.9A 2024-03-29 Method, apparatus, device, medium and program product for key generation Active CN117978388B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410382157.9A CN117978388B (en) 2024-03-29 Method, apparatus, device, medium and program product for key generation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410382157.9A CN117978388B (en) 2024-03-29 Method, apparatus, device, medium and program product for key generation

Publications (2)

Publication Number Publication Date
CN117978388A true CN117978388A (en) 2024-05-03
CN117978388B CN117978388B (en) 2024-06-07

Family

ID=

Similar Documents

Publication Publication Date Title
CN107196763B (en) SM2 algorithm collaborative signature and decryption method, device and system
CN108667625B (en) Digital signature method of cooperative SM2
CN109309569B (en) SM2 algorithm-based collaborative signature method and device and storage medium
US4200770A (en) Cryptographic apparatus and method
US4424414A (en) Exponentiation cryptographic apparatus and method
EP2882132B1 (en) Encryption device, decryption device, encryption method, decryption method, and program
CN112564907B (en) Key generation method and device, encryption method and device, and decryption method and device
CN111049650A (en) SM2 algorithm-based collaborative decryption method, device, system and medium
CN111585759B (en) Efficient on-line and off-line encryption method based on SM9 public key encryption algorithm
CN108933650B (en) Data encryption and decryption method and device
CN113972981B (en) SM2 cryptographic algorithm-based efficient threshold signature method
CN111030801A (en) Multi-party distributed SM9 key generation and ciphertext decryption method and medium
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN108055134B (en) Collaborative computing method and system for elliptic curve point multiplication and pairing operation
Abdelfatah A color image authenticated encryption using conic curve and Mersenne twister
CN111565108B (en) Signature processing method, device and system
CN110798313B (en) Secret dynamic sharing-based collaborative generation method and system for number containing secret
CN110401524B (en) Method and system for collaborative generation of secret-containing numbers by means of homomorphic encryption
CN117978388B (en) Method, apparatus, device, medium and program product for key generation
CN112737783A (en) Decryption method and device based on SM2 elliptic curve
CN117978388A (en) Method, apparatus, device, medium and program product for key generation
CN113849831A (en) Two-party collaborative signature and decryption method and system based on SM2 algorithm
Patel et al. A novel verifiable multi-secret sharing scheme based on elliptic curve cryptography
CN114978488A (en) SM2 algorithm-based collaborative signature method and system
CN113872767A (en) Two-party collaborative signature method and device based on ECDSA algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant