CN119316140B - Method, equipment and system for generating post quantum key - Google Patents

Method, equipment and system for generating post quantum key Download PDF

Info

Publication number
CN119316140B
CN119316140B CN202411833206.2A CN202411833206A CN119316140B CN 119316140 B CN119316140 B CN 119316140B CN 202411833206 A CN202411833206 A CN 202411833206A CN 119316140 B CN119316140 B CN 119316140B
Authority
CN
China
Prior art keywords
data
key data
public key
encryption
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411833206.2A
Other languages
Chinese (zh)
Other versions
CN119316140A (en
Inventor
朱云
李元骅
张国庆
刘飞宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shudun Information Technology Co ltd
Original Assignee
Shudun Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shudun Information Technology Co ltd filed Critical Shudun Information Technology Co ltd
Priority to CN202411833206.2A priority Critical patent/CN119316140B/en
Publication of CN119316140A publication Critical patent/CN119316140A/en
Application granted granted Critical
Publication of CN119316140B publication Critical patent/CN119316140B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3093Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a method, equipment and a system for generating a post quantum key, belongs to the technical field of computer information processing, and solves the problem of decryption failure caused by data encryption parameter configuration errors in the data encryption process. The method comprises the steps of obtaining encryption parameters, generating public key data and private key data according to the encryption parameters, sending the public key data to a sending end device, obtaining ciphertext data sent by the sending end device, wherein the ciphertext data is obtained by processing plaintext data according to the public key data by the sending end device, and processing the ciphertext data according to the private key data. The scheme realizes the rapid encryption and decryption of the data and improves the encryption and decryption efficiency.

Description

Method, equipment and system for generating post quantum key
Technical Field
The invention relates to the technical field of computer information processing, in particular to a method, equipment and a system for generating a post quantum key.
Background
With the development of quantum computers, the security of traditional public key cryptography is greatly threatened, and quantum cryptography is vigorously developed after that. The public key cryptosystem based on lattice design has the characteristic of quantum computing attack resistance. The security of public key encryption algorithms relies on lattice error learning problems (LEARNING WITH Errors, LWE). Quantum computers have not found quantum algorithms to solve the lattice-based problem, so cryptographic algorithms constructed based on the lattice-based problem are considered to be resistant to quantum attacks. The public key cryptosystem of the number theory research unit (number theory research unit, NTRU) algorithm has the characteristics of simple structure and quantum computing attack resistance, and is a typical post quantum cryptosystem.
Disclosure of Invention
The invention provides a method, equipment and a system for generating a post quantum key, which solve the problem of decryption failure caused by data encryption parameter configuration errors in the data encryption process.
In order to solve the technical problems, the technical scheme of the invention is as follows:
The embodiment of the invention provides a method for generating a post quantum key, which is applied to receiving end equipment and comprises the following steps:
Acquiring an encryption parameter, wherein the encryption parameter is a Gaussian integer with a real part equal to zero;
Generating public key data and private key data according to the encryption parameters;
Transmitting the public key data to a transmitting end device;
Obtaining ciphertext data sent by a sending end device, wherein the ciphertext data is obtained by processing plaintext data by the sending end device according to the public key data;
and processing the ciphertext data according to the private key data to obtain plaintext data.
Optionally, obtaining the encryption parameter includes:
generating random integers u, v and q;
According to the following:
obtaining a first encryption parameter;
According to the following:
g=vi,
Obtaining a second encryption parameter;
Wherein f is a first encryption parameter, g is a second encryption parameter, Z is an integer set, i is an imaginary unit, and i 2 = -1.
Optionally, generating public key data and private key data according to the encryption parameter includes:
According to the following:
Generating public key data and private key data;
Wherein pk is public key data, sk is private key data, h is a real number, p is a public parameter, p and q are mutually prime, q is larger than p, f q -1 is the inverse of f (modulo q), f p -1 is the inverse of f (modulo p), and≡is a congruential symbol.
Optionally, processing the ciphertext data according to the private key data to obtain plaintext data includes:
According to the following:
a≡f×c(mod q),
Processing the ciphertext data to obtain an intermediate result;
wherein a is an intermediate result and c is ciphertext data;
and processing the intermediate result to obtain plaintext data.
Optionally, processing the intermediate result to obtain plaintext data includes:
According to the following:
b≡fp-1×a(mod p),
processing the intermediate result to obtain plaintext data;
where a is the intermediate result and b is the plaintext data.
The embodiment of the invention also provides a method for generating the post quantum key, which is applied to the transmitting end equipment and comprises the following steps:
obtaining public key data sent by receiving end equipment;
Processing the plaintext data according to the public key data to obtain ciphertext data;
And sending the ciphertext data to the receiving end equipment.
Optionally, processing the plaintext data according to the public key data to obtain ciphertext data, including:
According to the following:
c≡p×h×r+m(mod q),
Mapping the plaintext data to obtain ciphertext data;
where c is ciphertext data, h is public key data, ≡is congruence symbol, p, q are common parameters, r is an element in a ring Rq [ Z ], rq [ Z ] is a given complex ring, and m is plaintext data.
The embodiment of the invention also provides receiving end equipment, which comprises:
The first acquisition module is used for acquiring encryption parameters, wherein the encryption parameters are Gaussian integers with real parts equal to zero;
The first generation module is used for generating public key data and private key data according to the encryption parameters;
the first receiving and transmitting module is used for transmitting the public key data to the transmitting end equipment;
The first transceiver module is further configured to obtain ciphertext data sent by a sending end device, where the ciphertext data is obtained by the sending end device processing plaintext data according to the public key data;
And the first processing module is used for processing the ciphertext data according to the private key data to obtain plaintext data.
The embodiment of the invention also provides a transmitting end device, which comprises:
The second transceiver module is used for acquiring public key data sent by the receiving end equipment;
the second processing module is used for processing the plaintext data according to the public key data to obtain ciphertext data;
the second transceiver module is further configured to send the ciphertext data to the receiving end device.
The embodiment of the invention also provides a system for generating the post quantum key, which comprises the following steps:
The receiving end equipment is used for acquiring encryption parameters, generating public key data and private key data according to the encryption parameters, transmitting the public key data to the transmitting end equipment, acquiring ciphertext data transmitted by the transmitting end equipment, wherein the ciphertext data is obtained by processing plaintext data according to the public key data by the transmitting end equipment;
the receiving end equipment is used for receiving the public key data sent by the receiving end equipment, processing the plaintext data according to the public key data to obtain ciphertext data, and sending the ciphertext data to the receiving end equipment.
The technical scheme of the invention at least comprises the following effects:
The scheme of the invention comprises the steps of obtaining encryption parameters, generating public key data and private key data according to the encryption parameters, sending the public key data to a sending end device, obtaining ciphertext data sent by the sending end device, wherein the ciphertext data is obtained by processing plaintext data according to the public key data by the sending end device, and processing the ciphertext data according to the private key data. The scheme realizes the rapid encryption and decryption of the data and improves the encryption and decryption efficiency.
Drawings
Fig. 1 is a flowchart of a method for generating a post quantum key applied to a receiving end device according to an embodiment of the present invention;
Fig. 2 is a flowchart of a method for generating a post quantum key applied to a sender device according to an embodiment of the present invention;
fig. 3 is a block diagram of a receiving-end device according to an embodiment of the present invention;
Fig. 4 is a block diagram of a transmitting end device according to an embodiment of the present invention;
fig. 5 is a workflow diagram of a post quantum key generation system provided by an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
As shown in fig. 1, an embodiment of the present invention proposes a method for generating a post quantum key, which is applied to a receiving end device, and includes:
step 11, obtaining an encryption parameter, wherein the encryption parameter is a Gaussian integer with a real part equal to zero;
Step 12, generating public key data and private key data according to the encryption parameters;
step 13, the public key data is sent to a sending terminal device;
step 14, obtaining ciphertext data sent by a sending end device, wherein the ciphertext data is obtained by processing plaintext data by the sending end device according to the public key data;
And step 15, processing the ciphertext data according to the private key data to obtain plaintext data.
In this embodiment, a receiving end determines a parameter for an encryption process, where the parameter is a gaussian integer whose real part is equal to zero and may be expressed as xi, x is an integer, the value of the encryption parameter directly affects the strength of a generated public key and private key, an encryption algorithm is used to generate a pair of keys, the public key and private key are used as a preferred mode, in this embodiment, an number theory research unit (number theory research unit, NTRU) variant algorithm is selected to generate the public key and private key, the public key is public and can be used by any transmitting end device needing to communicate with an encryption party to encrypt a message, the private key is secret and is stored only in the encryption party device to decrypt the message encrypted by the public key, after the public key and private key are generated, the receiving end transmits the public key to any transmitting end device desiring to communicate with it, the public key is public key, the public key is used as a preferred mode, the public key is not required to be used by the public key, the receiving end device in the transmission process generates the public key and the private key, the public key is used by the receiving end, the public key is used to decrypt the data is used by the receiving end directly combining the public key with the receiving end and the public key, the cipher text is encrypted by the preferred embodiment, the cipher text is encrypted by the receiving end is decrypted by the encryption algorithm, and the cipher text is not required to be decrypted by the receiving end, and the cipher text is encrypted by the cipher text is directly generated by the receiving end, and the cipher text is encrypted by the cipher text and cipher text is encrypted by the cipher key and cipher, and because only the receiving end holds the correct private key, only the receiving end can successfully decrypt the message encrypted by the corresponding public key, thereby ensuring the safety and privacy of communication.
In an alternative embodiment of the present invention, step 11 may include:
step 111, generating random integers u, v and q;
step 112, according to:
obtaining a first encryption parameter;
step 113, according to:
g=vi (2)
Obtaining a second encryption parameter;
Wherein f is a first encryption parameter, g is a second encryption parameter, Z is an integer set, i is an imaginary unit, and i 2 = -1.
In the embodiment, a number theory research unit variant algorithm is selected to generate a public key and a private key, but in the execution process of the algorithm, if encryption parameters are wrongly configured, such as improper modulus selection, improper key generation parameters and the like, decryption failure can be caused, the number theory research unit variant algorithm on a Gaussian integer ring is established on the Gaussian integer ring, and is different from the polynomial algebraic structure of the number theory research unit algorithm, the algebraic structure of the number theory research unit variant algorithm is a Gaussian integer, the real algebraic structure of the number theory research unit variant algorithm is zero, the encryption and decryption speed of the algorithm is high, the encryption and decryption efficiency is high, random integers u, v and q are firstly determined, and a numerical value interval is obtainedAnd determining encryption parameters according to the random integer and the numerical value interval, wherein the encryption parameters comprise a first encryption parameter f and a second encryption parameter g, and the expression for determining the first encryption parameter f is as follows: The second encryption parameter g is determined by the expression g=vi, f+g= (u+v) i for pure imaginary addition, f×g= -uv for pure imaginary multiplication, f×b= uvi for integer and pure imaginary multiplication, f (mod q) =u (mod q) i for pure imaginary modulo q operation, the first encryption parameter f and the second encryption parameter g can be used to generate public and private keys.
In an alternative embodiment of the present invention, step 12 may include:
Step 121, according to:
Generating public key data and private key data;
Wherein pk is public key data, sk is private key data, h is a real number, p is a public parameter, p and q are mutually prime, q is larger than p, f q -1 is the inverse of f (modulo q), f p -1 is the inverse of f (modulo p), and≡is a congruential symbol.
In this embodiment, after the first encryption parameter f and the second encryption parameter g are determined, public key data pk and private key data sk can be obtained according to formula (3), the public parameter p ε Z, Z being an integer set, p and q being mutually prime and q being much greater than p, f, g ε R q [ Z ] having an inverse (modulo p and modulo q) in a given complex ring R q [ Z ], the inverse of f being expressed as(Modulo p)(Modulo q), i.e.) Coefficients of the modulo-q operation are in intervalsIs a kind of medium.
In an alternative embodiment of the present invention, step 15 may include:
step 151, according to:
a≡f×c(mod q)(4)
Processing the ciphertext data to obtain an intermediate result;
wherein a is an intermediate result and c is ciphertext data;
and 152, processing the intermediate result to obtain plaintext data.
In this embodiment, after the receiving end obtains the ciphertext data c, the ciphertext data c is processed according to formula (4) to obtain an intermediate result a, where a∈R q [ Z ] and its coefficient is kept atProcessing the intermediate result to obtain plaintext data, wherein the plaintext data is specifically based on the following steps:
b≡fp -1×a(mod p)(5)
processing the intermediate result to obtain plaintext data;
Wherein b is R q [ Z ], and b is the decrypted plaintext data.
As shown in fig. 2, an embodiment of the present invention proposes a method for generating a post quantum key, which is applied to a transmitting device, and includes:
step 21, obtaining public key data sent by receiving end equipment;
Step 22, processing the plaintext data according to the public key data to obtain ciphertext data;
and step 23, sending the ciphertext data to the receiving end equipment.
In the embodiment, a secure communication channel is established between a sending end and a receiving end to ensure the security of public key data in the transmission process, after the establishment of secure connection, receiving end equipment can send the public key data to the sending end, after the public key is received, the sending end selects an encryption algorithm to encrypt plaintext data to ensure that the ciphertext cannot be easily restored to plaintext even if the ciphertext is intercepted by a third party, the encrypted ciphertext data is obtained, the ciphertext data is the result of the plaintext data after the encryption algorithm processing and can be decrypted only under the condition of having a corresponding private key, the sending end sends the ciphertext data to the receiving end by utilizing the secure connection established before, the original information cannot be directly obtained even if the ciphertext data is intercepted by the third party in the network transmission process, and after the ciphertext data is confirmed to be successfully sent and the receiving end is confirmed, the sending end can safely close the secure connection with the receiving end.
In an alternative embodiment of the present invention, step 22 may include:
Step 221, according to:
c≡p×h×r+m(mod q)(6)
Mapping the plaintext data to obtain ciphertext data;
Where c is ciphertext data, h is public key data, ≡is congruence symbol, p, q are public parameters, R is an element in a ring R q [ Z ], R q [ Z ] is a given complex ring, and m is plaintext data.
In this embodiment, after receiving the public key, the transmitting end performs mapping processing on the plaintext data according to formula (6) to obtain ciphertext data m, where the public parameter p e Z is an integer set, p and q are mutually equal, and q is far greater than p.
The specific embodiment of the method for generating the post quantum key provided by the embodiment of the invention is as follows:
step 1, obtaining an encryption parameter, wherein the encryption parameter is a Gaussian integer with a real part equal to zero.
The encryption algorithm of this embodiment is preferably a number theory research unit variant algorithm on a gaussian integer ring, the algorithm is built on the gaussian integer ring, the algebraic structure is changed from polynomial to pure imaginary number, and complex numbers with non-zero real parts are not generated in the operation process.
The most notable feature of the algorithm is the dual mode operation, but the variant algorithm on the complex ring has no modulo operation due to the complex f=a+bi structure, when a+.0. When a=0, the complex number is a pure imaginary number, the pure imaginary number can satisfy the modulo operation, and the algebra based on the algorithm is a part of the complex number ring and the pure imaginary number.
And 2, generating public key data and private key data according to the encryption parameters.
Given a complex ring < R q[Z],+,×>,f∈Rq [ Z ], i.e., f is on the complex ring, f is in the form ofThe algebra on the ring R is selected as f in the algorithm. Given two pure imaginary numbers f=ai, g=bi, a, b e Z, there is f+g= (a+b) i for pure imaginary addition, f×g= -ab for pure imaginary multiplication, f×b= abi for integer and pure imaginary multiplication, f (mod q) =a (mod q) i for pure imaginary modulo q;
in this algorithm, the modulo q range is I.e. forIf it meetsWeighing elementIs the inverse of f modulo q.
The imaginary coefficient of a epsilon R q [ Z ] is then uniformly selected as a≡Z on Z. The common parameters q, p.epsilon.Z, p, q are mutually prime, and q is much larger than p. In ring R, f, g.epsilon.R q [ Z ] has the inverse (modulo p and modulo q), the inverse of f being expressed as(Modulo p)(Modulo q), i.e.)
And (3) calculating:
wherein h E R, the coefficients of the modulo q operation are in the interval Output public key pk=h, private key
And step 3, the public key data is sent to the sending end equipment.
The public key is sent to the sending end equipment, and the private key is stored in the receiving end equipment.
The sender device maps the plaintext message into pure imaginary plaintext m epsilon R q [ Z ], selects element R from ring R q [ Z ], and calculates:
c≡p×h×r+m(mod q)
Wherein c is R q [ Z ], outputting ciphertext c.
The sending end device sends the ciphertext c to the receiving end device.
And 4, acquiring ciphertext data transmitted by the transmitting end equipment.
And step 5, processing the ciphertext data according to the private key data to obtain plaintext data.
After receiving the ciphertext c, the receiving end device decrypts the ciphertext c by using the private key sk of the receiving end device to restore the plaintext by the following steps:
(1) And (3) calculating:
a≡f×c(mod q)
Wherein a is R q [ Z ], the coefficient of which is kept at Between them.
(2) And (3) calculating:
wherein b is R q [ Z ], and b is the decrypted plaintext m.
And the receiving end equipment can restore the message content of the sending end equipment after decrypting.
The method for generating the post quantum key solves the problem of decryption failure caused by data encryption parameter configuration errors in the data encryption process, realizes quick encryption and decryption of data and improves encryption and decryption efficiency, wherein the main application scene of the method can comprise the following aspects:
(1) In the cloud computing and distributed storage scene, the security and privacy of user data are key requirements; the variant algorithm can encrypt data with lower calculation cost, thereby saving the calculation resources of a server, improving the throughput and response efficiency of the cloud, and being particularly important for distributed storage (such as file transmission, data storage and the like) which needs large-scale data encryption;
(2) In real-time communication (such as video call and instant message), the improvement of encryption and decryption speed can reduce delay and improve user experience. Particularly, for instant messaging applications requiring end-to-end encryption, such as private chat, enterprise intranet communication and the like, faster encryption service can be provided;
(3) The lightweight equipment and the Internet of things have the advantages that in the lightweight equipment (such as Internet of things equipment, sensors and intelligent home products) with limited resources, hardware resources are limited, the computing capacity is weak, the traditional complex encryption algorithm possibly causes higher computation and power consumption, and the efficient research unit variant algorithm can obviously reduce the computation burden of encryption and decryption on the premise of ensuring the safety, so that the method is more suitable for the safety communication requirements of the equipment.
As shown in fig. 3, the embodiment of the present invention further provides a receiving end device 30, including:
A first obtaining module 31, configured to obtain an encryption parameter, where the encryption parameter is a gaussian integer whose real part is equal to zero;
a first generation module 32, configured to generate public key data and private key data according to the encryption parameter;
a first transceiver module 33, configured to send the public key data to a sender device;
The first transceiver module 33 is further configured to obtain ciphertext data sent by a sending end device, where the ciphertext data is obtained by processing plaintext data by the sending end device according to the public key data;
A first processing module 34, configured to process the ciphertext data according to the private key data, to obtain plaintext data.
Optionally, the first obtaining module 31 is specifically configured to:
generating random integers u, v and q;
According to the following:
obtaining a first encryption parameter;
According to the following:
g=vi,
Obtaining a second encryption parameter;
Wherein f is a first encryption parameter, g is a second encryption parameter, Z is an integer set, i is an imaginary unit, and i 2 = -1.
Optionally, the first generating module 32 is specifically configured to:
According to the following:
Generating public key data and private key data;
Wherein pk is public key data, sk is private key data, h is a real number, p is a public parameter, p and q are mutually prime, q is larger than p, f q -1 is the inverse of f (modulo q), f p -1 is the inverse of f (modulo p), and≡is a congruential symbol.
Optionally, the first processing module 34 is specifically configured to:
According to the following:
a≡f×c(mod q),
Processing the ciphertext data to obtain an intermediate result;
wherein a is an intermediate result and c is ciphertext data;
and processing the intermediate result to obtain plaintext data.
Optionally, processing the intermediate result to obtain plaintext data includes:
According to the following:
b≡fp -1×a(mod p),
processing the intermediate result to obtain plaintext data;
where a is the intermediate result and b is the plaintext data.
It should be noted that, the device corresponds to the method for generating the post quantum key applied to the receiving device, and all implementation manners in the method embodiment are applicable to the embodiment, so that the same technical effects can be achieved.
As shown in fig. 4, an embodiment of the present invention further provides a transmitting end device 40, including:
a second transceiver module 41, configured to obtain public key data sent by the receiving end device;
A second processing module 42, configured to process the plaintext data according to the public key data, so as to obtain ciphertext data;
the second transceiver module 41 is further configured to send the ciphertext data to the receiving end device.
Optionally, the second processing module 42 is specifically configured to:
According to the following:
c≡p×h×r+m(mod q),
Mapping the plaintext data to obtain ciphertext data;
Where c is ciphertext data, h is public key data, ≡is congruence symbol, p, q are public parameters, R is an element in a ring R q [ Z ], R q [ Z ] is a given complex ring, and m is plaintext data.
It should be noted that, the device corresponds to the method for generating the post quantum key applied to the transmitting device, and all implementation manners in the method embodiment are applicable to the embodiment, so that the same technical effects can be achieved.
As shown in fig. 5, the embodiment of the present invention further provides a system for generating a post quantum key, including:
The receiving end equipment is used for acquiring encryption parameters, generating public key data and private key data according to the encryption parameters, transmitting the public key data to the transmitting end equipment, acquiring ciphertext data transmitted by the transmitting end equipment, wherein the ciphertext data is obtained by processing plaintext data according to the public key data by the transmitting end equipment;
the receiving end equipment is used for receiving the public key data sent by the receiving end equipment, processing the plaintext data according to the public key data to obtain ciphertext data, and sending the ciphertext data to the receiving end equipment.
In this embodiment, the system for generating a post quantum key first controls the receiving end device to determine a parameter for the encryption process, where the parameter is a gaussian integer with a real part equal to zero, and may be expressed as xi, where x is an integer; the method comprises the steps of directly influencing the strength of a generated public key and a generated private key by numeric values of encryption parameters, generating a pair of keys by using an encryption algorithm after the encryption parameters are obtained, wherein the public key and the private key are used as a preferred mode, the public key and the private key are generated by selecting a variant algorithm of a numeral research unit in the embodiment, wherein the public key is public and can be used by any sender device needing to be communicated with an encryption party to encrypt a message, the private key is secret and is only stored in the encryption party device and used for decrypting the message encrypted by the public key, after the public key and the private key are generated, the public key is controlled by a receiver device by a generation system of a rear quantum key to transmit the public key to the sender device, the public key is public, and the safety of the message in a transmission process is not worried, because only the receiver device holds the corresponding private key and can decrypt the public key, the sender device is controlled by the generation system of the rear quantum key to control the sender device to encrypt the message, the private key is encrypted according to public key, the third party data is stored in the encryption party device, the result is easily restored to the third party data is easily obtained after the third party data is intercepted and the data is encrypted, the result is easily intercepted by the third party data is encrypted, and the result is easily obtained after the third party data is encrypted by the receiver device is encrypted, the method comprises the steps of receiving cipher text data, receiving a corresponding public key, obtaining original information, and controlling the receiving end to use the private key to decrypt the received cipher text data according to an encryption and decryption system after the cipher text data is successfully sent and the receiving end is confirmed, wherein decryption is the reverse process of an encryption process, and the original plain text data is restored by using the private key and an encryption algorithm.
The generation system of the post quantum key solves the problem of decryption failure caused by data encryption parameter configuration errors in the data encryption process, realizes quick encryption and decryption of data, and improves encryption and decryption efficiency.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method of the embodiments of the present invention. The storage medium includes various media capable of storing program codes such as a U disk, a mobile hard disk, a ROM, a RAM, a magnetic disk or an optical disk.
Furthermore, it should be noted that in the apparatus and method of the present invention, it is apparent that the components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered as equivalent aspects of the present invention. Also, the steps of performing the series of processes described above may naturally be performed in chronological order in the order of description, but are not necessarily performed in chronological order, and some steps may be performed in parallel or independently of each other. It will be appreciated by those of ordinary skill in the art that all or any of the steps or components of the methods and apparatus of the present invention may be implemented in hardware, firmware, software, or a combination thereof in any computing device (including processors, storage media, etc.) or network of computing devices, as would be apparent to one of ordinary skill in the art after reading this description of the invention.
The object of the invention can thus also be achieved by running a program or a set of programs on any computing device. The computing device may be a well-known general purpose device. The object of the invention can thus also be achieved by merely providing a program product containing program code for implementing the method or the apparatus. That is, such a program product also constitutes the present invention, and a storage medium storing such a program product also constitutes the present invention. Obviously, the storage medium may be any known storage medium or any storage medium developed in the future. It should also be noted that in the apparatus and method of the present invention, it is apparent that the components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered as equivalent aspects of the present invention. The steps of executing the series of processes may naturally be executed in chronological order in the order described, but are not necessarily executed in chronological order. Some steps may be performed in parallel or independently of each other.
The foregoing is a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention and are intended to be comprehended within the scope of the present invention.

Claims (5)

1.一种后量子密钥的生成方法,其特征在于,应用于接收端设备,包括:1. A method for generating a post-quantum key, characterized in that it is applied to a receiving device, comprising: 获取加密参数,所述加密参数为实部等于零的高斯整数;Obtain an encryption parameter, where the encryption parameter is a Gaussian integer with a real part equal to zero; 根据所述加密参数,生成公钥数据和私钥数据;Generate public key data and private key data according to the encryption parameters; 将所述公钥数据发送给发送端设备;Sending the public key data to a sending end device; 获取发送端设备发送的密文数据,所述密文数据是所述发送端设备根据所述公钥数据对明文数据进行处理得到的;Acquire ciphertext data sent by a sending end device, where the ciphertext data is obtained by the sending end device processing plaintext data according to the public key data; 根据所述私钥数据对所述密文数据进行处理,得到明文数据;Processing the ciphertext data according to the private key data to obtain plaintext data; 其中,获取加密参数,包括:The encryption parameters are obtained, including: 生成随机整数u、v、q;Generate random integers u, v, q; 根据:according to: 得到第一加密参数;Obtaining a first encryption parameter; 根据:according to: g=vi, g = vi, 得到第二加密参数;Obtaining a second encryption parameter; 其中,f为第一加密参数,g为第二加密参数,Z为整数集,i为虚数单位,i2=-1;Wherein, f is the first encryption parameter, g is the second encryption parameter, Z is an integer set, i is an imaginary unit, i 2 = -1; 其中,根据所述加密参数,生成公钥数据和私钥数据,包括:Wherein, generating public key data and private key data according to the encryption parameters includes: 根据:according to: 生成公钥数据和私钥数据;Generate public key data and private key data; 其中,pk为公钥数据,sk为私钥数据,h为实数,p为公共参数,p与q互质,且q大于p,fq -1为f模q的逆元,fp -1为f模p的逆元,≡为同余符号。Among them, pk is the public key data, sk is the private key data, h is a real number, p is the public parameter, p and q are coprime, and q is greater than p, f q -1 is the inverse element of f modulo q, f p -1 is the inverse element of f modulo p, and ≡ is the congruence symbol. 2.根据权利要求1所述的后量子密钥的生成方法,其特征在于,根据所述私钥数据对所述密文数据进行处理,得到明文数据,包括:2. The method for generating a post-quantum key according to claim 1, characterized in that the ciphertext data is processed according to the private key data to obtain the plaintext data, comprising: 根据:according to: a≡f×c(mod q),a≡f×c(mod q), 对所述密文数据进行处理,得到中间结果;Processing the ciphertext data to obtain an intermediate result; 其中,a为中间结果,c为密文数据;Among them, a is the intermediate result, c is the ciphertext data; 对所述中间结果进行处理,得到明文数据。The intermediate result is processed to obtain plaintext data. 3.根据权利要求2所述的后量子密钥的生成方法,其特征在于,对所述中间结果进行处理,得到明文数据,包括:3. The method for generating a post-quantum key according to claim 2, wherein the intermediate result is processed to obtain plaintext data, comprising: 根据:according to: b≡fp -1×a(mod p),b≡f p -1 ×a(mod p), 对所述中间结果进行处理,得到明文数据;Processing the intermediate result to obtain plaintext data; 其中,a为中间结果,b为明文数据。Among them, a is the intermediate result and b is the plaintext data. 4.一种接收端设备,其特征在于,包括:4. A receiving end device, characterized in that it comprises: 第一获取模块,用于获取加密参数,所述加密参数为实部等于零的高斯整数;A first acquisition module, used for acquiring an encryption parameter, wherein the encryption parameter is a Gaussian integer whose real part is zero; 第一生成模块,用于根据所述加密参数,生成公钥数据和私钥数据;A first generating module, used to generate public key data and private key data according to the encryption parameters; 第一收发模块,用于将所述公钥数据发送给发送端设备;A first transceiver module, used to send the public key data to a sending end device; 所述第一收发模块,还用于获取发送端设备发送的密文数据,所述密文数据是所述发送端设备根据所述公钥数据对明文数据进行处理得到的;The first transceiver module is further used to obtain ciphertext data sent by the sending end device, where the ciphertext data is obtained by the sending end device processing the plaintext data according to the public key data; 第一处理模块,用于根据所述私钥数据对所述密文数据进行处理,得到明文数据;A first processing module, used for processing the ciphertext data according to the private key data to obtain plaintext data; 其中,获取加密参数,包括:The encryption parameters are obtained, including: 生成随机整数u、v、q;Generate random integers u, v, q; 根据:according to: 得到第一加密参数;Obtaining a first encryption parameter; 根据:according to: g=vi, g = vi, 得到第二加密参数;Obtaining a second encryption parameter; 其中,f为第一加密参数,g为第二加密参数,Z为整数集,i为虚数单位,i2=-1;Wherein, f is the first encryption parameter, g is the second encryption parameter, Z is an integer set, i is an imaginary unit, i 2 = -1; 其中,根据所述加密参数,生成公钥数据和私钥数据,包括:Wherein, generating public key data and private key data according to the encryption parameters includes: 根据:according to: 生成公钥数据和私钥数据;Generate public key data and private key data; 其中,pk为公钥数据,sk为私钥数据,h为实数,p为公共参数,p与q互质,且q大于p,fq -1为f模q的逆元,fp -1为f模p的逆元,≡为同余符号。Among them, pk is the public key data, sk is the private key data, h is a real number, p is the public parameter, p and q are coprime, and q is greater than p, f q -1 is the inverse element of f modulo q, f p -1 is the inverse element of f modulo p, and ≡ is the congruence symbol. 5.一种后量子密钥的生成系统,其特征在于,包括:5. A post-quantum key generation system, comprising: 接收端设备,用于获取加密参数,所述加密参数为实部等于零的高斯整数;根据所述加密参数,生成公钥数据和私钥数据;将所述公钥数据发送给发送端设备;获取发送端设备发送的密文数据,所述密文数据是所述发送端设备根据所述公钥数据对明文数据进行处理得到的;根据所述私钥数据对所述密文数据进行处理,得到明文数据;A receiving end device is used to obtain an encryption parameter, where the encryption parameter is a Gaussian integer with a real part equal to zero; generate public key data and private key data according to the encryption parameter; send the public key data to a sending end device; obtain ciphertext data sent by the sending end device, where the ciphertext data is obtained by the sending end device processing plaintext data according to the public key data; and process the ciphertext data according to the private key data to obtain plaintext data; 发送端设备,用于获取接收端设备发送的公钥数据;根据所述公钥数据对明文数据进行处理,得到密文数据;将所述密文数据发送给所述接收端设备;The sending end device is used to obtain the public key data sent by the receiving end device; process the plaintext data according to the public key data to obtain the ciphertext data; and send the ciphertext data to the receiving end device; 其中,获取加密参数,包括:The encryption parameters are obtained, including: 生成随机整数u、v、q;Generate random integers u, v, q; 根据:according to: 得到第一加密参数;Obtaining a first encryption parameter; 根据:according to: g=vi, g = vi, 得到第二加密参数;Obtaining a second encryption parameter; 其中,f为第一加密参数,g为第二加密参数,Z为整数集,i为虚数单位,i2=-1;Wherein, f is the first encryption parameter, g is the second encryption parameter, Z is an integer set, i is an imaginary unit, i 2 = -1; 其中,根据所述加密参数,生成公钥数据和私钥数据,包括:Wherein, generating public key data and private key data according to the encryption parameters includes: 根据:according to: 生成公钥数据和私钥数据;Generate public key data and private key data; 其中,pk为公钥数据,sk为私钥数据,h为实数,p为公共参数,p与q互质,且q大于p,fq -1为f模q的逆元,fp -1为f模p的逆元,≡为同余符号。Among them, pk is the public key data, sk is the private key data, h is a real number, p is the public parameter, p and q are coprime, and q is greater than p, f q -1 is the inverse element of f modulo q, f p -1 is the inverse element of f modulo p, and ≡ is the congruence symbol.
CN202411833206.2A 2024-12-13 2024-12-13 Method, equipment and system for generating post quantum key Active CN119316140B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411833206.2A CN119316140B (en) 2024-12-13 2024-12-13 Method, equipment and system for generating post quantum key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411833206.2A CN119316140B (en) 2024-12-13 2024-12-13 Method, equipment and system for generating post quantum key

Publications (2)

Publication Number Publication Date
CN119316140A CN119316140A (en) 2025-01-14
CN119316140B true CN119316140B (en) 2025-04-01

Family

ID=94189012

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411833206.2A Active CN119316140B (en) 2024-12-13 2024-12-13 Method, equipment and system for generating post quantum key

Country Status (1)

Country Link
CN (1) CN119316140B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404121A (en) * 2011-11-30 2012-04-04 华为技术有限公司 A method, device and system for processing ciphertext
CN116975146A (en) * 2022-11-15 2023-10-31 腾讯科技(深圳)有限公司 Data processing method, device and computer readable storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI672932B (en) * 2018-09-27 2019-09-21 國立交通大學 Post-quantum asymmetric key generation method and system, encryption method, decryption method, and encrypted communication system based on prime array
CN118316607A (en) * 2024-06-11 2024-07-09 蓝象智联(杭州)科技有限公司 Quantum attack resistant privacy set intersection method, medium and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404121A (en) * 2011-11-30 2012-04-04 华为技术有限公司 A method, device and system for processing ciphertext
CN116975146A (en) * 2022-11-15 2023-10-31 腾讯科技(深圳)有限公司 Data processing method, device and computer readable storage medium

Also Published As

Publication number Publication date
CN119316140A (en) 2025-01-14

Similar Documents

Publication Publication Date Title
CN110958112B (en) Key generation method and system, encryption and decryption method, encrypted communication system
US9172529B2 (en) Hybrid encryption schemes
Li et al. Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards
US7590236B1 (en) Identity-based-encryption system
US7424615B1 (en) Mutually authenticated secure key exchange (MASKE)
KR102116877B1 (en) New cryptographic systems using pairing with errors
CN110113155A (en) One kind is efficiently without CertPubKey encryption method
Galla et al. Implementation of RSA
Saarinen Attacks against the WAP WTLS protocol
Mandal et al. A cryptosystem based on vigenere cipher by using mulitlevel encryption scheme
CN110321722B (en) DNA sequence similarity safe calculation method and system
CN115834175A (en) Group chat encryption method, message sending and receiving device and system based on quantum key
Li et al. REEDS: An Efficient Revocable End-to-End Encrypted Message Distribution System for IoT
EP2571192A1 (en) Hybrid encryption schemes
CN119316140B (en) Method, equipment and system for generating post quantum key
Benamara et al. A new distribution version of Boneh-Goh-Nissim cryptosystem: Security and performance analysis
JP2004246350A (en) Enciphering device, deciphering device, enciphering system equipped with the same, enciphering method, and deciphering method
Hegde et al. A Comparative study on state of art Cryptographic key distribution with quantum networks
Yi et al. ID-based key agreement for multimedia encryption
EP1456997B1 (en) System and method for symmetrical cryptography
CN115550007A (en) Signcryption method and system with equivalence test function based on heterogeneous system
Rashed et al. Secured message data transactions with a Digital Envelope (DE)-A higher level cryptographic technique
Schwenk Cryptography: Confidentiality
Jharbade et al. Network based Security model using Symmetric Key Cryptography (AES 256–Rijndael Algorithm) with Public Key Exchange Protocol (Diffie-Hellman Key Exchange Protocol)
Yin et al. An efficient and secure data storage scheme using ECC in cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant