CN1455543A - Encryption key agreement method - Google Patents
Encryption key agreement method Download PDFInfo
- Publication number
- CN1455543A CN1455543A CN 03128072 CN03128072A CN1455543A CN 1455543 A CN1455543 A CN 1455543A CN 03128072 CN03128072 CN 03128072 CN 03128072 A CN03128072 A CN 03128072A CN 1455543 A CN1455543 A CN 1455543A
- Authority
- CN
- China
- Prior art keywords
- key
- agreement
- communication
- calculate
- pki
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
In the method, both communication parties are set as A and B with their private key as SKa as well as public key as PKa and PKb which are stored in the third credible party of certification centre, of which PK=Sk-1XG. The temporary session key agreement is operated as the follows when both parties is communicated with unsafe channel: 1) random selecting an integer Ka by A and obtaining public key PKb of B from Ca, calculating Sa=KaXPKa and sending Sa to B; 2) random selecting an integer Kb by B, obtaining public key PKa of A from CA, calculating Sb=KbXPKa and sending Sb to A; 3) for Sb received by A from B to used his own privato key SKa to calculate Kab=KaXSKaXSb and calculating Kba=KbXSKbXSa by B with private key SKb to obtain temporary session key K=KaXKbXG for this time of communication.
Description
Technical field
The invention belongs to cipher key communication Negotiation Technology in the information security field, specifically a kind of agreement method of key.
Background technology
In information safety system, key is unique voucher of Lawful access.Under Kerckhoff cipher safety analysis hypothesis, the protection to key itself is depended in the fail safe of an information safety system, rather than to the safeguard protection of system or communication hardware.Under this prerequisite, itself can be disclosed cryptographic system and algorithm, and access strategy can announce that encryption device may be lost, but information safety system still can continue normal operation, and is unaffected.But key is in case leak, and then safety system is with destroyed: not only validated user can not access system, information extraction, and the information in the system will be stolen by the disabled user, jeopardizes the safety of whole system.This shows that the key management method of safety is very crucial and extremely important in the safety of communication system.It not only affects the fail safe of system, but also will be referred to the contents such as reliability, validity and economy of system.
The secret theory of Shannon has been pointed out the fail safe of one-time pad system and the importance of regular replacing key.And regular replacing key operates in practice because too loaded down with trivial details and infeasible.In order to make the both sides of communication to obtain being similar to the fail safe of one-time pad system needn't frequently changing under the situation of its basic key, people have proposed the notion of " session key ".So-called session key, the both sides that just are meant communication are employed temporary key in once conversation or exchanges data.
Cryptographic key agreement method (Key Agreement Scheme) is exactly a kind ofly can allow the two or more participation main bodys in the communication system unite the communication mechanism of setting up the used temporary key of a session by communication protocol on disclosed, a unsafe channel, and the value of this interim conversation key is one, and what obtained by the input acting in conjunction that participates in each side and provide is identical functional value for participating in each side.
At present, the cryptographic key agreement method that has occurred has the Diffie-Hellman method, several methods such as MQV method and STS method, and they all are put among the standards such as IEEE1363-2000 and ANSI-F.9.62.
Wherein, the Diffie-Hellman method is the cryptographic key agreement method that occurs the earliest, it is based on the discrete logarithm problem DLP on the finite multiplicative group, has computational security, be widely used at present, but because its key exchange process has adopted handshake method, be difficult to opposing " go-between " and attack, have safety issue.The MQV method adopts static keys and two pairs of keys of dynamic key to finish handshake procedure and identity discrimination process, complex steps, and complicated operation, practicality is not strong.The STS method is finished cryptographic key agreement by three-way handshake, needs complicated digital signature and authentication process itself, also needs special-purpose time stamp server sometimes, and communications cost is higher.These all make the communications cost of handshake procedure of communication session increase greatly, and too complex password agreement method also can stay the potential safety hazard that is difficult to perceive.
Summary of the invention
The purpose of this invention is to provide a kind of difficulty of finding the solution,, realized a kind of agreement method of simple and practical efficient key by introducing authenticating authority mechanism of trusted third party based on discrete logarithm problem on the Abel finite group.
To achieve these goals, concrete steps of the present invention are as follows:
The both sides of communication are A and B, and their private key is respectively SK
AAnd SK
B, PKI is respectively PK
AAnd PK
B, and leave the trusted third party authentication center in, and wherein, PK=SK
-1* G.
When the both sides of communication need reach an agreement on the interim conversation key that this signal post uses by unsafe channel, then finish the cryptographic key agreement task by following operation:
1. A selects an integer k at random
A, and obtain the PKI PK of B from the CA of authentication center
B, calculate S then
A=k
A* PK
B, and with S
ASend to B;
2. B selects an integer k at random
B, and obtain the PKI PK of A from the CA of authentication center
A, calculate S then
B=k
B* PK
A, and with S
BSend to A;
3. A is for the S that receives from B
B, with the private key SK of oneself
ACalculating K
AB=k
A* SK
A* S
BSimilarly, B is at the S that receives that A sends
AAfter, with the private key SK of oneself
BCalculating K
BA=k
B* SK
B* S
AThen the cryptographic key agreement process finishes, and the interim conversation key that this signal post that arranges after the mutual agreement of communication uses is K=k
A* k
B* G.
The present invention compares with various similar approach before, the present invention need not loaded down with trivial details identity and differentiates authentication, does not also need to introduce the time stamp server, only needs an exchanges data can directly finish the cryptographic key agreement task, can resist known various attack method at present, fail safe is very high.This method is simple to operate, efficient, and computing cost and space requirement are very low, can be applied to as in the various hardware environments such as computer, communication network, smart card, mobile phone.
Description of drawings
Fig. 1 for the present invention with the formal description of figure above-mentioned cryptographic key agreement process.
Fig. 2 for the present invention with the formal description of figure the implementation process of the present invention under the Three Party Communication condition.
Embodiment
The invention will be further described below in conjunction with drawings and Examples, but embodiment should not be construed as limitation of the present invention.
Embodiment 1:
Execution mode on the finite multiplicative group:
System parameters: selected at random big prime number p, generator g is a positive integer less than p.Private key SK
AAnd SK
BBe positive integer at random less than p-1.PKI PK then
AAnd PK
BObtain as follows:
The cryptographic key agreement process:
A) A selects the positive integer k less than p-1 at random
A, and obtain the PKI PK of B from the CA of authentication center
B, calculate then
, and with S
ASend to B.
B) the B picked at random is less than the positive integer k of p-1
B, and obtain the PKI PK of A from the CA of authentication center
A, calculate then
, and with S
BSend to A.
C) A is for the S that receives from B
B, with the private key SK of oneself
ACalculate
Similarly, at the S that receives that A sends
AAfter, B SK
BCalculate
The interim conversation key used of this signal post that arranges after Tong Xin the mutual agreement then
Embodiment 2:
Execution mode on the elliptic curve finite group:
System parameters: selected at random big prime number p, elliptic curve E (GF (p): y
2=x
3+ ax+b (mod p) is a safety elliptic curve that is defined on the finite field gf (p), and basic point of picked at random is G on it, and (GF (p) is the rank of elliptic curve E, and r is the big prime factor of n to establish n=#E.Private key SK
AAnd SK
BBe positive integer at random less than r-1.PKI PK then
AAnd PK
BObtain as follows:
The cryptographic key agreement process is as follows:
A) A selects positive integer k at random
A∈ [1, r-1], and obtain the PKI PK of B from the CA of authentication center
B, calculate S
A=k
APK
B, and with S
ASend to B.
B) B picked at random positive integer k
B∈ [1, r-1], and obtain the PKI PK of A from the CA of authentication center
A, calculate S then
B=k
BPK
A, and with S
BSend to A.
C) A is for the S that receives from B
B, with the private key SK of oneself
ACalculating K
AB=k
ASK
AS
B
Similarly, at the S that receives that A sends
AAfter, the B private key SK of oneself
BCalculating K
BA=k
BSK
BS
A
Interim conversation key K=k of using of this signal post that arranges after Tong Xin the mutual agreement then
Ak
BG.
Embodiment 3:
Execution mode on the hyperelliptic curve finite group:
System parameters: selected at random big prime number p, hyperelliptic curve C:y
2+ h (x) y=f (x) modp is that a deficiency that is defined on the finite field gf (p) is the safe hyperelliptic curve of g, and wherein f (x) is that number of times is the monic polynomial of 2g+1, and h (x) is the multinomial that number of times is at most g.If the Jacobian group J (C of this hyperelliptic curve C; GF (p)) rank #J (C; GF (p)) be n, r is that of n is big by the number factor.Picked at random basic point D ∈ J (C on this hyperelliptic curve C; GF (p)).Private key SK
AAnd SK
BBe positive integer at random less than r-1.PKI PK then
AAnd PK
BObtain as follows:
Then the cryptographic key agreement process is as follows:
A) A selects positive integer k at random
A∈ [1, r-1], and obtain the PKI PK of B from the CA of authentication center
B, calculate S
A=k
APK
B, and with S
ASend to B.
B) B picked at random positive integer k
B∈ [1, r-1], and obtain the PKI PK of A from the CA of authentication center
A, calculate S then
B=k
BPK
A, and with S
BSend to A.
C) A is for the S that receives from B
B, with the private key SK of oneself
ACalculating K
AB=k
ASK
AS
BSimilarly, at the S that receives that A sends
AAfter, the B private key SK of oneself
BCalculating K
BA=k
BSK
BS
AInterim conversation key K=k of using of this signal post that arranges after Tong Xin the mutual agreement then
Ak
BD.
Embodiment 4:
In many ways cryptographic key agreement method:
The implementation method that discuss the front can only be applicable to the sight when having only two communication main bodys.When communication main body not only two time, need carry out suitable improvement to concrete implementation method.Here be example with three communication main bodys, this improvement be described:
If the three parts of communication is A, B and C, their key is to all according to PK=SK
-1* G produces.If their private key is respectively SK
A, SK
BAnd SK
C, PKI is respectively PK
A, PK
BAnd PK
CThen can reach an agreement on the as follows interim conversation key of this communication:
A) A selects an integer k at random
A∈ [1, r-1], and obtain the PKI PK of C from the CA of authentication center
C, calculate X then
A=k
APK
C, and with X
ASend to B;
B) B selects an integer k at random
B∈ [1, r-1], and obtain the PKI PK of A from the CA of authentication center
A, calculate Y then
B=k
BPK
A, and with Y
BSend to C;
C) C selects an integer k at random
C∈ [1, r-1], and obtain the PKI PK of B from the CA of authentication center
B, calculate Z then
C=k
CPK
B, and with Z
CSend to A;
D) B is for the X that receives from A
A, with selected just now random integers k
B, calculate X
B=k
BX
A, and with X
BSend to C;
E) C is for the Y that receives from B
B, with selected just now random integers k
C, calculate Y
C=k
CY
B, and with Y
CSend to A;
F) A is for the Z that receives from C
C, with selected just now random integers k
AOneself private key SK
ACalculate Z
A=k
AZ
C, and with Z
ASend to B;
G) C is for the X that receives from B
B, with the private key SK of oneself
CCalculating K
ABC=k
CSK
CX
B
H) A is for the Y that receives from C
c, with the private key SK of oneself
ACalculating K
BCA=k
ASK
AY
C
I) B is for the Z that receives from A
A, with the private key SK of oneself
BCalculating K
CAB=k
BSK
BZ
A
So far, San Fang cryptographic key agreement process is finished.Interim conversation key K=k that this signal post that arranges behind the communication trip agreement uses
Ak
Bk
CG.For four directions or more communication party, only need in above-mentioned tripartite XKAS cryptographic key agreement method, to increase more key transmission link and get final product.
The content that is not described in detail in this specification belongs to and well known to a person skilled in the art prior art.
Claims (3)
1, a kind of agreement method of key, the each side of communication has private key SK and PKI PK respectively, wherein, PK=SK
-1* G, and leave the trusted third party authentication center in, concrete steps are as follows:
The both sides of communication are A and B, and their private key is respectively SK
AAnd AK
B, PKI is respectively PK
AAnd PK
B, when the both sides of communication need reach an agreement on the interim conversation key that this signal post uses by unsafe channel, then finish the cryptographic key agreement task by following operation:
1. A selects an integer K at random
A, and obtain the PKI PK of B from the CA of authentication center
B, calculate S then
A=k
A* PK
B, and with S
ASend to B;
2. B selects an integer k at random
S, and obtain the PKI PK of A from the CA of authentication center
A, calculate S then
B=k
B* PK
A, and with S
BSend to A;
3. A is for the S that receives from B
B, with the private key SK of oneself
ACalculating K
AB=k
A* SK
A* S
BSimilarly, B is at the S that receives that A sends
AAfter, with the private key SK of oneself
BCalculating K
BA=k
B* SK
B* S
AThen the cryptographic key agreement process finishes, and the interim conversation key that this signal post that arranges after the mutual agreement of communication uses is K=k
A* k
B* G.
2, the agreement method of key as claimed in claim 1, if the communication party is tripartite, the three parts of communication is A, B and C, their key is to all according to PK=SK
-1* G produces, and the private key of establishing them is respectively SK
A, SK
BAnd SK
C, PKI is respectively PK
A, PK
BAnd PK
CThen can reach an agreement on the as follows interim conversation key of this communication:
A) A selects an integer k at random
A∈ [1, r-1], and obtain the PKI PK of C from the CA of authentication center
C, calculate X then
A=k
APK
C, and with X
ASend to B;
B) B selects an integer k at random
B∈ [1, r-1], and obtain the PKI PK of A from the CA of authentication center
A, calculate Y then
B=k
BPK
A, and with Y
BSend to C;
C) C selects an integer k at random
C∈ [1, r-1], and obtain the PKI PK of B from the CA of authentication center
B, calculate Z then
C=k
CPK
B, and with Z
CSend to A;
D) B is for the X that receives from A
A, with selected just now random integers k
B, calculate X
B=k
BX
A, and with X
BSend to C;
E) C is for the Y that receives from B
B, with selected just now random integers k
C, calculate Y
C=k
BY
B, and with Y
CSend to A;
F) A is for the Z that receives from C
C, with selected just now random integers k
AOneself private key SK
ACalculate Z
A=k
AZ
C, and with Z
ASend to B;
G) C is for the X that receives from B
B, with the private key SK of oneself
CCalculating K
ABC=k
CSK
CX
B
H) A is for the Y that receives from C
C, with the private key SK of oneself
ACalculating K
BCA=k
ASK
AY
C
J) B is for the Z that receives from A
A, with the private key SK of oneself
BCalculating K
CAB=k
BSK
BZ
A
So far, San Fang cryptographic key agreement process is finished.Interim conversation key K=k that this signal post that arranges behind the communication trip agreement uses
Ak
Bk
CG.
3, the agreement method of key as claimed in claim 1 or 2 for four directions or more communication party, only needs to increase more key transmission link and gets final product in the tripartite XKAS cryptographic key agreement method of claim 2.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 03128072 CN1455543A (en) | 2003-05-30 | 2003-05-30 | Encryption key agreement method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 03128072 CN1455543A (en) | 2003-05-30 | 2003-05-30 | Encryption key agreement method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1455543A true CN1455543A (en) | 2003-11-12 |
Family
ID=29260371
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 03128072 Pending CN1455543A (en) | 2003-05-30 | 2003-05-30 | Encryption key agreement method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1455543A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009135444A1 (en) * | 2008-05-09 | 2009-11-12 | 西安西电捷通无线网络通信有限公司 | Key distribution method, terminal device and key distribution center |
CN102164119A (en) * | 2010-02-12 | 2011-08-24 | 株式会社理光 | Authentication system, transmission terminal, and transmission system |
CN101048970B (en) * | 2004-10-29 | 2012-05-23 | 汤姆森许可贸易公司 | Secure authenticated channel |
CN105337969A (en) * | 2015-10-19 | 2016-02-17 | 朱建龙 | Safety communication method between two mobile terminals |
CN106559566A (en) * | 2016-11-10 | 2017-04-05 | 广州小鹏汽车科技有限公司 | A kind of intelligent control method and system of automobile value-added service |
CN111373692A (en) * | 2017-10-19 | 2020-07-03 | 三菱电机株式会社 | Key sharing device, key sharing method, key sharing program, and key sharing system |
-
2003
- 2003-05-30 CN CN 03128072 patent/CN1455543A/en active Pending
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101048970B (en) * | 2004-10-29 | 2012-05-23 | 汤姆森许可贸易公司 | Secure authenticated channel |
WO2009135444A1 (en) * | 2008-05-09 | 2009-11-12 | 西安西电捷通无线网络通信有限公司 | Key distribution method, terminal device and key distribution center |
CN102164119A (en) * | 2010-02-12 | 2011-08-24 | 株式会社理光 | Authentication system, transmission terminal, and transmission system |
US8949593B2 (en) | 2010-02-12 | 2015-02-03 | Ricoh Company, Limited | Authentication system for terminal identification information |
CN102164119B (en) * | 2010-02-12 | 2015-06-03 | 株式会社理光 | Authentication system, transmission terminal, and transmission system |
CN105337969A (en) * | 2015-10-19 | 2016-02-17 | 朱建龙 | Safety communication method between two mobile terminals |
CN106559566A (en) * | 2016-11-10 | 2017-04-05 | 广州小鹏汽车科技有限公司 | A kind of intelligent control method and system of automobile value-added service |
CN111373692A (en) * | 2017-10-19 | 2020-07-03 | 三菱电机株式会社 | Key sharing device, key sharing method, key sharing program, and key sharing system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8190895B2 (en) | Authenticated key exchange with derived ephemeral keys | |
US7908482B2 (en) | Key confirmed authenticated key exchange with derived ephemeral keys | |
TWI233739B (en) | Systems, methods and computer readable recording medium for remote password authentication using multiple servers | |
EP1226678B1 (en) | Split-key key-agreement protocol | |
US7694141B2 (en) | Extended authenticated key exchange with key confirmation | |
US7627760B2 (en) | Extended authenticated key exchange | |
CN101296075B (en) | Identity authentication system based on elliptic curve | |
CN102739401B (en) | Private key safety management method based on identity public key cryptography system | |
CN107566128A (en) | A kind of two side's distribution SM9 digital signature generation methods and system | |
CN1902853A (en) | Method and apparatus for verifiable generation of public keys | |
CN105141425A (en) | Bidirectional authentication method capable of protecting identity based on chaotic mapping | |
CN100350816C (en) | Method for implementing wireless authentication and data safety transmission based on GSM network | |
CN107483191A (en) | A kind of SM2 algorithm secret keys segmentation signature system and method | |
CN1260664C (en) | Method for exchanging pins between users' computers | |
CN114826656A (en) | Trusted data link transmission method and system | |
CN101060530A (en) | Repudiation Internet key exchange protocol | |
CN112417489B (en) | Digital signature generation method and device and server | |
CN107612680A (en) | A kind of national secret algorithm in mobile network's payment | |
CN112380579A (en) | Lattice-based forward security certificateless digital signature scheme | |
CN116074019A (en) | Identity authentication method, system and medium between mobile client and server | |
Lin et al. | Security enhancement for the" simple authentication key agreement algorithm" | |
CN1455543A (en) | Encryption key agreement method | |
CN111756537B (en) | Two-party cooperative decryption method, system and storage medium based on SM2 standard | |
CN111277411B (en) | Anti-quantum computing vehicle-mounted network identity authentication system and method based on secret sharing and multiple mobile devices | |
CN114978481A (en) | Anti-quantum computing communication method and system based on post-quantum cryptography CA |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |