CN1323478A - Method and device for authenticating with symmetrical algorithm - Google Patents
Method and device for authenticating with symmetrical algorithm Download PDFInfo
- Publication number
- CN1323478A CN1323478A CN99812286.6A CN99812286A CN1323478A CN 1323478 A CN1323478 A CN 1323478A CN 99812286 A CN99812286 A CN 99812286A CN 1323478 A CN1323478 A CN 1323478A
- Authority
- CN
- China
- Prior art keywords
- xor
- key
- value
- alg
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Abstract
The invention concerns a method and a system for authenticating with symmetrical algorithm essentially characterised in that, for each mutual authentication of two parties, a cryptographic computation with a variable key, referred to as K', is carried out. The main steps of said method are as follows: a) party A, possessing the secret key K, sends a random number R1 to party B, the latter also possessing the same secret key K; b) party B selects a random number R2, and computes the number K', which is also a secret key, from the following formula: K' = R2 xor K, xor being the equivalent of the exclusive or mathematical operation; c) then, B, using a symmetrical encryption algorithm ALG, computes a result r derived from the formula: r = ALG[K'](R1); d) said party B then sends r and R2 to said party A; e) said party A, using the same symmetrical encryption algorithm ALG, computes K' and r' from the following formulae: K' = R2 xor K and r' = ALG[k'](R1); f) if r is equal to r', then said party B is authenticated by said party A.
Description
The present invention relates to the method with the symmetry algorithm checking, its principal character that has is, for two sides' that are referred to as A and B usually checking mutually separately, carries out the cryptographic calculations to changeable key (being referred to as K ').
Or rather, the present invention relates to the cryptographic calculations quoted from above during two sides' that are referred to as A and B and under the exchanges data situation, are independent of each other the checking.This can be between PC and server, between reader and server, between monolithic card and monolithic card reader, for instance, such as an ATM under use monolithic card situation, be referred to as A, the user who comes the cash dispenser side that hope is withdrawn cash is referred to as B.
More particularly, two side A and (or) B can be taken as be a monolithic card and (or) reader.
The expert knows that privacy problem is of great concern to the true(-)running of the device of cash dispenser and monolithic Card Type.These concerns are to continue and the theme of more effective safeguard measure, so that this attack more and more is difficult to succeed.
In order to explain this situation, in cryptological technical field, two sides that interknit as everybody knows are called as A and B.
In more technology and scientific terminology, this method is made up of the step of some.
Specifically, the A that has a privacy key K selects a random value R, or random number, also is referred to as a message.
A sends this random value R to the B that also has identical privacy key K.
B utilizes symmetric encipherment algorithm ALG to calculate a result by following formula, is referred to as r:
r=ALG[K](R)。
R is the result with the encryption of the message R of algorithm ALG and privacy key K.The algorithm that is called ALG is a symmetric encipherment algorithm.This can be DES (a data encryption message), triple des, IDES etc.
This computing can be performed, because privacy key is known to two side A and B, and has only A and B to know.
Secondly, B sends as a result r to A.Latter A utilizes following formula result of calculation r ' then:
r’=ALG[K](R)。
If number r equals r ' as a result, then B is verified.
B is finished by this way by the checking of A.
Yet this operation is inadequate, because it is fragile to current measurement thereby to possible assaulter's attack.
An assailant, or the assaulter measures the current drain of this sheet.According to resulting curve, he can infer information and the employed data of processor in the management.In order to implement accurate measurement, the assailant must take multiple measurements and screen them.
Or rather, problem is the calculating of r, that is to say to be formula:
r=ALG[K](R)。
This is because current measurement is easy to realize on this level, therefore can know data via calculating, particularly because key K is a constant.
In order to obtain a pertinent measurement, the assaulter must carry out and repeatedly measure and screen them, so that therefrom extract pertinent information.Because use identical constant key K, so identical key K is all used in all measurements, so results of screening is that key K is distinctive.
The present invention proposes first characteristic, and it is made up of a simple and clear modification, and this is modified in the r ' computing formula as the object of the invention indentification protocol and carries out.
The A side that has privacy key K sends several R of a random value or picked at random
1To B side.The latter also has identical privacy key K.
B selects a random number R
2, use following formula to calculate number K ' then, it also is a privacy key:
'=R
2Xor K, xor are the mathematic sign distances.
Secondly, B calculates caused by following formula one r as a result:
r=ALG[K’](R
1)
B sends r and R then
2Give A.
The symmetric encipherment algorithm ALG that The latter is identical adopts following formula calculating K ' and r ':
K’=R
2xor?K
With
r’=ALG[K’](R
1)。
Suppose that r equals r ', then B is verified by A.
The impossibility of Gong Jiing is based on the following fact at the moment, and promptly because K ' changes when each checking, the current drain that calculates r and r ' is different when carrying out checking at every turn.
Yet the calculating of K ' is still fragility to attack, because relate to current drain.Therefore, the present invention proposes second characteristic, and itself and above-mentioned first characteristic are irrelevant, only relevant with the calculating of K '.
This be because the present invention use one with above-mentioned verification system irrelevant with (or) relevant encryption system.
It is made up of the calculating of K ', and K ' produces at random.
For this purpose, the formula below privacy key K utilizes is broken down into one group of n sub-key k
i, i is the subscript of sub-key:
K=k
i?xor?k
2?xor…xor?kn。
Therefore, the calculating of K ' is possible as existing with another formulae express:
K’=R
2?xor?k
1?xor…xor?kn。
Because the in-place property of operator xor, the order of calculating might be changed, so that when each checking, obtain a different calculating.
In order to set up the contact between k and the k ', the algorithm that is adopted comprises an initial phase and a circulation subclass.
The initialization of algorithm is explained in general at first, and is by explaining a concrete condition, last interchangeable to general situation then.
Initialization is explained in following statement.
In general, first table k (be referred to as k[in the following description]) is used; This table comprises n sub-key k
iValue.
Second table (hereinafter be referred to as to-do[]) that is referred to as to-do comprises n Boolean.Each Boolean comprises true value, below and in Fig. 2, be referred to as " True " or " T ".Table k[] and to-do[] comprise n element of similar number, represent n sub-key k
iWith n Boolean.
Value R
2Be assigned to K ', or K '=R or rather
2
Circulating in of algorithm describes below and draws in Fig. 1:
First step, as long as promptly step a is made up of the following fact, promptly table to-do[] in still have an element value be " T ", then 1 and n between random number i selected.
Step subsequently, step b, the test the table to-do[] in element i with hereinafter with the identity property that is referred to as the value of " T " among the figure.
If the identity property test is then carried out two computings for true:
-at first, step c is with K ' and table k[] i element between the result of mathematics distance distribute to variable K ', in fact it is the calculating of following formula:
K’=K’xor?k?[i]
-the second, steps d is will be hereinafter be assigned to table to-do[with the value " False " that is referred to as " F " among the figure] in the element of subscript i: to-do[i]=" F ".
If the test of the identity property of step b is for false, then computing system turns back to first step, i.e. step a.
This algorithm is not the constant time, because might carry out than sub-key k
iWant many circulations.
The present invention also relates between two entities that have identical privacy key K or two side A and B with a verification system of symmetric encipherment algorithm, it realizes above-mentioned method.
The present invention will describe with the embodiment of a definite example now, and as only describing the shown in Figure 2 of two circulations, it is that sub-key number n equals 2, the situation of n=2.
Initialization is still identical with above-mentioned ordinary circumstance; In Fig. 2, illustrate with note A or 10.
The circulation of algorithm is implemented as follows:
Two calculating of algorithm are possible.
Be not to carry out following computing:
K’=R
2?xor?k
1?xor?k
2;
Be exactly to carry out following computing:
K’=R
2?xor?k
2?xor?k
1;
Therefore, which the assaulter do not know will carry out at the beginning and calculates, and therefore can not use repeatedly to measure and screen.
A cyclical-transformation or the probability of inserting two elements in attempting for the first time be zero, perhaps in clearer and visible mode (referring to Fig. 2), in once attempting at table to-do[] two elements in the probability of input value " F " be zero.Therefore, once can not obtain two identical values " F ", " F " in the circulation.
Secondly, in two circulations or twice trial at table to-do[] two elements in the probability of input " F " equal 1/2nd or 1/2.
This is because at first circulation time, and random number i equals 1 (20) can 2 (21), and i=1 or 2 is selected; Value " F " is put into table to-do[then] in two elements one; This first circulate in and be denoted as B among Fig. 2.
When second circulation (referring to Fig. 2), random number i equals 1 or 2, and i=1 or 2 is selected; Value " F " is put into table to-do[according to selected random number then] in two elements in one; This second circulates in and is denoted as C among Fig. 2.
Therefore two kinds of situations about having stopped (31,32) are arranged, that is to say in two elements to be two values " F " and two situations (30,33) that do not stop; The calculating of K ' is not terminated.The probability that obtains this result is 1/2nd.
In addition, the probability of inserting two elements in the 3rd circulation or trial equals 1/4th, or 1/4 (not shown among Fig. 2).
This is because random number i equals 1 or 2 selected; Value " F " be not be devoted to the table to-do[] first element in be exactly to render in second element.
Therefore,, two situations about having stopped are arranged, that is to say in two elements to be two values " F " as at second circulation time, and two situations about not stopping.The calculating of K ' is not terminated.
More generally, the probability of inserting two elements in k circulation equals 1/2
K-1
Know that in order to betide each mean value S that comprises the circulation that value " F " will carry out of two elements be favourable.
For this reason, mathematic expectaion calculated and formulation as follows:
This mathematic expectaion is the weighted sum of probability.
As calculated, it equals three.
Therefore conclusion is: S=3.
The calculating of K ' is on average finished with three circulations.
Claims (8)
- Between two entities that have identical privacy key K or two side A and B with the method for symmetric encipherment algorithm checking, it is characterized in that it carries out following verification step:A) have random value of A side's transmission of privacy key K or several R of picked at random 1To B side, the latter also has identical privacy key K;B) random number R is selected by B side 2And adopt following formula to calculate number K ', it also is a privacy key:K '=R 2Xor K, xor are equivalent to the distance of mathematics;C) secondly, B utilize symmetric encipherment algorithm ALG to calculate to obtain r as a result by following formula:r=ALG[K’](R 1)D) said B side sends r and R then 2Give said A side;E) said A side utilizes identical symmetric encipherment algorithm ALG to adopt following formula calculating K ' and r ':K’=R 2?xor?KWithr’=ALG[K’](R 1)。F) if r equals r ', then said B side is verified by said A side.
- 2. according to the method for claim 1, it is characterized in that the formula below the key K utilization is broken down into one group of n sub-key k i, i is the subscript of sub-key:K=k i?xor?k 2?xor…xor?kn。
- 3. according to the method for claim 1 or 2, it is characterized in that it comprises with following formula comes calculating K ' system, K ' is according to sub-key K iThe order that uses becomes at random, and i is the sub-key subscript:K’=R 2?xor?k 1?xor…xor?kn。
- 4. according to the method for claim 3, it is characterized in that privacy key K ' utilizes the algorithm that comprises an initial phase and one group of circulation to be calculated.
- 5. according to the method for claim 4, it is characterized in that initial phase comprises;-first shows k, or k[], n sub-key k comprised iAnd-the second table is referred to as to-do, or to-do[], comprise n Boolean, each Boolean comprises the true value that is called " True " or " T ",And it is characterized in that showing k[] and to-do[] comprising n element of similar number, it represents n sub-key k iWith n Boolean.
- 6. according to the method for claim 4, it is characterized in that the algorithm circulation comprises the steps:A) as long as first step is made up of the following fact, promptly table to-do[] in still have an element value be " T ", then 1 and n between random number i selected;B) second step comprises that test is at table to-do[] in element i have value " T ";C) if the result of second step is true, then the 3rd step comprises two computings:-at first, with K ' and table k[] i element between the result of mathematics distance distribute to variable K ', it is to be calculated as follows:K’=K’xor?k[i]The-the second, will be hereinafter distribute to table to-do[with the value " False " that is referred to as " F " among the figure] in the element of subscript i: to-do[i]=" F ".
- 7. according to the method for claim 4, it is characterized in that the algorithm circulation is made up of the following step:A) as long as first step is made up of the following fact, promptly table to-do[] in still have an element value be " T ", then 1 and n between random number i selected;B) second step comprises that test is at table to-do[] in element i have value " T ";C) if the result of second step is false, then computing system turns back to first step.
- Between two entities that have identical privacy key K or two side A and B with a system of symmetric encipherment algorithm checking, it is characterized in that its realizes verification method according to any of claim 1 to 7.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR98/10591 | 1998-08-17 | ||
FR9810591A FR2782431B1 (en) | 1998-08-17 | 1998-08-17 | SYMMETRIC ALGORITHM AUTHENTICATION METHOD AND DEVICE |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1323478A true CN1323478A (en) | 2001-11-21 |
Family
ID=9529804
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN99812286.6A Pending CN1323478A (en) | 1998-08-17 | 1999-08-16 | Method and device for authenticating with symmetrical algorithm |
Country Status (7)
Country | Link |
---|---|
EP (1) | EP1104607A1 (en) |
JP (1) | JP2002523923A (en) |
CN (1) | CN1323478A (en) |
AU (1) | AU5173199A (en) |
FR (1) | FR2782431B1 (en) |
MX (1) | MXPA01001783A (en) |
WO (1) | WO2000010287A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100405395C (en) * | 2005-03-22 | 2008-07-23 | 刘普合 | Commodity composite anti-fake code and symmetric test anit-fake method |
CN1684411B (en) * | 2004-04-13 | 2010-04-28 | 华为技术有限公司 | Method for verifying user's legitimate of mobile terminal |
CN101997880A (en) * | 2010-12-01 | 2011-03-30 | 湖南智源信息网络技术开发有限公司 | Method and device for verifying security of network page or interface |
CN102014136A (en) * | 2010-12-13 | 2011-04-13 | 南京邮电大学 | Peer to peer (P2P) network secure communication method based on random handshake |
CN1863042B (en) * | 2005-12-13 | 2011-05-04 | 华为技术有限公司 | Method for information encryption and decryption |
CN102411692A (en) * | 2010-09-25 | 2012-04-11 | 中国移动通信有限公司 | Method, system and equipment for running terminal |
CN1682479B (en) * | 2002-07-24 | 2013-07-17 | 高通股份有限公司 | Method and device for efficient encryption and authentication for data processing systems |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2804524B1 (en) * | 2000-01-31 | 2002-04-19 | Oberthur Card Systems Sas | METHOD FOR EXECUTING A CRYPTOGRAPHIC PROTOCOL BETWEEN TWO ELECTRONIC ENTITIES |
FR2819079B1 (en) * | 2000-12-29 | 2003-02-14 | Gemplus Card Int | METHOD OF PROTECTION AGAINST ATTACKS BY MEASURING CURRENT OR ELECTROMAGNETIC RADIATION |
FR2819078B1 (en) * | 2000-12-29 | 2003-02-14 | Gemplus Card Int | METHOD OF PROTECTION AGAINST ATTACKS BY MEASURING CURRENT OR BY MEASURING ELECTROMAGNETIC RADIATION |
CN100364262C (en) * | 2004-08-04 | 2008-01-23 | 中国联合通信有限公司 | Access discrimination method and device for EV-DO network |
US7401222B2 (en) * | 2004-12-16 | 2008-07-15 | Xerox Corporation | Method of authentication of memory device and device therefor |
FR2974694B1 (en) * | 2011-04-27 | 2013-05-31 | Peugeot Citroen Automobiles Sa | METHOD OF SECURELY EXCHANGING SYMMETRICALLY ENCRYPTED MESSAGES |
CZ2022127A3 (en) * | 2022-03-17 | 2023-05-17 | Jan Topol | A method of municipal wastewater treatment and equipment for performing the method |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2530053B1 (en) * | 1982-07-08 | 1986-04-25 | Bull Sa | METHOD FOR CERTIFYING THE SOURCE OF AT LEAST ONE INFORMATION RECORDED IN A MEMORY OF A FIRST ELECTRONIC DEVICE AND TRANSMITTED TO A SECOND ELECTRONIC DEVICE, AND SYSTEM FOR IMPLEMENTING SUCH A METHOD |
FR2612315A1 (en) * | 1987-03-13 | 1988-09-16 | Trt Telecom Radio Electr | METHOD FOR SIMULTANEOUSLY READING AND CERTIFYING INFORMATION PRESENT IN A MEMORY OF AN ELECTRONIC MEDIUM |
JP2531354B2 (en) * | 1993-06-29 | 1996-09-04 | 日本電気株式会社 | Authentication method |
FR2738972B1 (en) * | 1995-09-15 | 1997-11-28 | Thomson Multimedia Sa | DATA PAGING METHOD FOR A SECURE DATA EXCHANGE PROTOCOL |
DE19716111A1 (en) * | 1997-04-17 | 1998-10-22 | Giesecke & Devrient Gmbh | Procedure for mutual authentication of two units |
-
1998
- 1998-08-17 FR FR9810591A patent/FR2782431B1/en not_active Expired - Fee Related
-
1999
- 1999-08-16 AU AU51731/99A patent/AU5173199A/en not_active Abandoned
- 1999-08-16 WO PCT/FR1999/001995 patent/WO2000010287A1/en active Application Filing
- 1999-08-16 EP EP99936740A patent/EP1104607A1/en not_active Withdrawn
- 1999-08-16 JP JP2000565636A patent/JP2002523923A/en active Pending
- 1999-08-16 CN CN99812286.6A patent/CN1323478A/en active Pending
- 1999-08-16 MX MXPA01001783A patent/MXPA01001783A/en unknown
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1682479B (en) * | 2002-07-24 | 2013-07-17 | 高通股份有限公司 | Method and device for efficient encryption and authentication for data processing systems |
CN1684411B (en) * | 2004-04-13 | 2010-04-28 | 华为技术有限公司 | Method for verifying user's legitimate of mobile terminal |
CN100405395C (en) * | 2005-03-22 | 2008-07-23 | 刘普合 | Commodity composite anti-fake code and symmetric test anit-fake method |
CN1863042B (en) * | 2005-12-13 | 2011-05-04 | 华为技术有限公司 | Method for information encryption and decryption |
CN102411692A (en) * | 2010-09-25 | 2012-04-11 | 中国移动通信有限公司 | Method, system and equipment for running terminal |
CN102411692B (en) * | 2010-09-25 | 2015-07-01 | 中国移动通信有限公司 | Method, system and equipment for running terminal |
CN101997880A (en) * | 2010-12-01 | 2011-03-30 | 湖南智源信息网络技术开发有限公司 | Method and device for verifying security of network page or interface |
CN102014136A (en) * | 2010-12-13 | 2011-04-13 | 南京邮电大学 | Peer to peer (P2P) network secure communication method based on random handshake |
CN102014136B (en) * | 2010-12-13 | 2013-03-06 | 南京邮电大学 | Peer to peer (P2P) network secure communication method based on random handshake |
Also Published As
Publication number | Publication date |
---|---|
WO2000010287A1 (en) | 2000-02-24 |
FR2782431B1 (en) | 2000-09-29 |
EP1104607A1 (en) | 2001-06-06 |
AU5173199A (en) | 2000-03-06 |
FR2782431A1 (en) | 2000-02-18 |
MXPA01001783A (en) | 2002-07-22 |
JP2002523923A (en) | 2002-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7356696B1 (en) | Proofs of work and bread pudding protocols | |
CN1323478A (en) | Method and device for authenticating with symmetrical algorithm | |
CN1314277C (en) | Method and device for testing first communication side truth and reliability in communication network | |
CN104811300B (en) | The key updating method of cloud storage and the implementation method of cloud data accountability system | |
CN107749836B (en) | Mobile sensing system and mobile sensing method for user privacy protection and data reliability | |
US6940976B1 (en) | Generating user-dependent RSA keys | |
CN101032117A (en) | Method of authentication based on polynomials | |
CN1846397A (en) | Two-factor authenticated key exchange method and authentication method using the same, and recording medium storing program including the same | |
CN1281608A (en) | Cryptographic key generation using biometric data | |
CN1889432A (en) | Long-distance password identifying method based on smart card, smart card, server and system | |
CN1413320A (en) | Method of authenticating anonymous users while reducing potential for | |
CN1922845A (en) | Token authentication system and method | |
CN1902853A (en) | Method and apparatus for verifiable generation of public keys | |
CN101030859A (en) | Method and system for verifying distributed network | |
CN1193538C (en) | Electronic cipher formation and checking method | |
CN1763760A (en) | Be used to use digital ticket that the method and apparatus of the ecommerce of anonymity is provided | |
CN1855810A (en) | Dynamic code verificating system, method and use | |
US9973514B2 (en) | Method and apparatus for assuring location data integrity with minimum location disclosure | |
CN101034985A (en) | Method and system for the anti-counterfeit of the mobile phone with the dynamic code | |
CN1925398A (en) | Cipher card dynamic identification method and system based on pre-computation | |
CN101075869A (en) | Method for realizing network certification | |
CN108337092A (en) | Method and system for executing collective's certification in a communication network | |
US8051097B2 (en) | System and method for authentication using a shared table and sorting exponentiation | |
CN110932865B (en) | Linkable ring signature generation method based on SM2 digital signature algorithm | |
CN112487253A (en) | User invitation code generation method, verification method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |