CN1455543A - Encryption key agreement method - Google Patents

Encryption key agreement method Download PDF

Info

Publication number
CN1455543A
CN1455543A CN 03128072 CN03128072A CN1455543A CN 1455543 A CN1455543 A CN 1455543A CN 03128072 CN03128072 CN 03128072 CN 03128072 A CN03128072 A CN 03128072A CN 1455543 A CN1455543 A CN 1455543A
Authority
CN
China
Prior art keywords
key
agreement
communication
calculate
pki
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 03128072
Other languages
Chinese (zh)
Inventor
肖攸安
李腊元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University of Technology WUT
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN 03128072 priority Critical patent/CN1455543A/en
Publication of CN1455543A publication Critical patent/CN1455543A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

In the method, both communication parties are set as A and B with their private key as SKa as well as public key as PKa and PKb which are stored in the third credible party of certification centre, of which PK=Sk-1XG. The temporary session key agreement is operated as the follows when both parties is communicated with unsafe channel: 1) random selecting an integer Ka by A and obtaining public key PKb of B from Ca, calculating Sa=KaXPKa and sending Sa to B; 2) random selecting an integer Kb by B, obtaining public key PKa of A from CA, calculating Sb=KbXPKa and sending Sb to A; 3) for Sb received by A from B to used his own privato key SKa to calculate Kab=KaXSKaXSb and calculating Kba=KbXSKbXSa by B with private key SKb to obtain temporary session key K=KaXKbXG for this time of communication.

Description

A kind of agreement method of key
Technical field
The invention belongs to cipher key communication Negotiation Technology in the information security field, specifically a kind of agreement method of key.
Background technology
In information safety system, key is unique voucher of Lawful access.Under Kerckhoff cipher safety analysis hypothesis, the protection to key itself is depended in the fail safe of an information safety system, rather than to the safeguard protection of system or communication hardware.Under this prerequisite, itself can be disclosed cryptographic system and algorithm, and access strategy can announce that encryption device may be lost, but information safety system still can continue normal operation, and is unaffected.But key is in case leak, and then safety system is with destroyed: not only validated user can not access system, information extraction, and the information in the system will be stolen by the disabled user, jeopardizes the safety of whole system.This shows that the key management method of safety is very crucial and extremely important in the safety of communication system.It not only affects the fail safe of system, but also will be referred to the contents such as reliability, validity and economy of system.
The secret theory of Shannon has been pointed out the fail safe of one-time pad system and the importance of regular replacing key.And regular replacing key operates in practice because too loaded down with trivial details and infeasible.In order to make the both sides of communication to obtain being similar to the fail safe of one-time pad system needn't frequently changing under the situation of its basic key, people have proposed the notion of " session key ".So-called session key, the both sides that just are meant communication are employed temporary key in once conversation or exchanges data.
Cryptographic key agreement method (Key Agreement Scheme) is exactly a kind ofly can allow the two or more participation main bodys in the communication system unite the communication mechanism of setting up the used temporary key of a session by communication protocol on disclosed, a unsafe channel, and the value of this interim conversation key is one, and what obtained by the input acting in conjunction that participates in each side and provide is identical functional value for participating in each side.
At present, the cryptographic key agreement method that has occurred has the Diffie-Hellman method, several methods such as MQV method and STS method, and they all are put among the standards such as IEEE1363-2000 and ANSI-F.9.62.
Wherein, the Diffie-Hellman method is the cryptographic key agreement method that occurs the earliest, it is based on the discrete logarithm problem DLP on the finite multiplicative group, has computational security, be widely used at present, but because its key exchange process has adopted handshake method, be difficult to opposing " go-between " and attack, have safety issue.The MQV method adopts static keys and two pairs of keys of dynamic key to finish handshake procedure and identity discrimination process, complex steps, and complicated operation, practicality is not strong.The STS method is finished cryptographic key agreement by three-way handshake, needs complicated digital signature and authentication process itself, also needs special-purpose time stamp server sometimes, and communications cost is higher.These all make the communications cost of handshake procedure of communication session increase greatly, and too complex password agreement method also can stay the potential safety hazard that is difficult to perceive.
Summary of the invention
The purpose of this invention is to provide a kind of difficulty of finding the solution,, realized a kind of agreement method of simple and practical efficient key by introducing authenticating authority mechanism of trusted third party based on discrete logarithm problem on the Abel finite group.
To achieve these goals, concrete steps of the present invention are as follows:
The both sides of communication are A and B, and their private key is respectively SK AAnd SK B, PKI is respectively PK AAnd PK B, and leave the trusted third party authentication center in, and wherein, PK=SK -1* G.
When the both sides of communication need reach an agreement on the interim conversation key that this signal post uses by unsafe channel, then finish the cryptographic key agreement task by following operation:
1. A selects an integer k at random A, and obtain the PKI PK of B from the CA of authentication center B, calculate S then A=k A* PK B, and with S ASend to B;
2. B selects an integer k at random B, and obtain the PKI PK of A from the CA of authentication center A, calculate S then B=k B* PK A, and with S BSend to A;
3. A is for the S that receives from B B, with the private key SK of oneself ACalculating K AB=k A* SK A* S BSimilarly, B is at the S that receives that A sends AAfter, with the private key SK of oneself BCalculating K BA=k B* SK B* S AThen the cryptographic key agreement process finishes, and the interim conversation key that this signal post that arranges after the mutual agreement of communication uses is K=k A* k B* G.
The present invention compares with various similar approach before, the present invention need not loaded down with trivial details identity and differentiates authentication, does not also need to introduce the time stamp server, only needs an exchanges data can directly finish the cryptographic key agreement task, can resist known various attack method at present, fail safe is very high.This method is simple to operate, efficient, and computing cost and space requirement are very low, can be applied to as in the various hardware environments such as computer, communication network, smart card, mobile phone.
Description of drawings
Fig. 1 for the present invention with the formal description of figure above-mentioned cryptographic key agreement process.
Fig. 2 for the present invention with the formal description of figure the implementation process of the present invention under the Three Party Communication condition.
Embodiment
The invention will be further described below in conjunction with drawings and Examples, but embodiment should not be construed as limitation of the present invention.
Embodiment 1:
Execution mode on the finite multiplicative group:
System parameters: selected at random big prime number p, generator g is a positive integer less than p.Private key SK AAnd SK BBe positive integer at random less than p-1.PKI PK then AAnd PK BObtain as follows:
Figure A0312807200071
The cryptographic key agreement process:
A) A selects the positive integer k less than p-1 at random A, and obtain the PKI PK of B from the CA of authentication center B, calculate then S A = ( P K B ) k A mod p , and with S ASend to B.
B) the B picked at random is less than the positive integer k of p-1 B, and obtain the PKI PK of A from the CA of authentication center A, calculate then S B = ( P K A ) k B mod p , and with S BSend to A.
C) A is for the S that receives from B B, with the private key SK of oneself ACalculate K AB = ( S B ) ( k A × S K A ) mod p ; Similarly, at the S that receives that A sends AAfter, B SK BCalculate K BA = ( S A ) ( k B × SK B ) mod p ; The interim conversation key used of this signal post that arranges after Tong Xin the mutual agreement then K = g k A k B mod p .
Embodiment 2:
Execution mode on the elliptic curve finite group:
System parameters: selected at random big prime number p, elliptic curve E (GF (p): y 2=x 3+ ax+b (mod p) is a safety elliptic curve that is defined on the finite field gf (p), and basic point of picked at random is G on it, and (GF (p) is the rank of elliptic curve E, and r is the big prime factor of n to establish n=#E.Private key SK AAnd SK BBe positive integer at random less than r-1.PKI PK then AAnd PK BObtain as follows:
The cryptographic key agreement process is as follows:
A) A selects positive integer k at random A∈ [1, r-1], and obtain the PKI PK of B from the CA of authentication center B, calculate S A=k APK B, and with S ASend to B.
B) B picked at random positive integer k B∈ [1, r-1], and obtain the PKI PK of A from the CA of authentication center A, calculate S then B=k BPK A, and with S BSend to A.
C) A is for the S that receives from B B, with the private key SK of oneself ACalculating K AB=k ASK AS B
Similarly, at the S that receives that A sends AAfter, the B private key SK of oneself BCalculating K BA=k BSK BS A
Interim conversation key K=k of using of this signal post that arranges after Tong Xin the mutual agreement then Ak BG.
Embodiment 3:
Execution mode on the hyperelliptic curve finite group:
System parameters: selected at random big prime number p, hyperelliptic curve C:y 2+ h (x) y=f (x) modp is that a deficiency that is defined on the finite field gf (p) is the safe hyperelliptic curve of g, and wherein f (x) is that number of times is the monic polynomial of 2g+1, and h (x) is the multinomial that number of times is at most g.If the Jacobian group J (C of this hyperelliptic curve C; GF (p)) rank #J (C; GF (p)) be n, r is that of n is big by the number factor.Picked at random basic point D ∈ J (C on this hyperelliptic curve C; GF (p)).Private key SK AAnd SK BBe positive integer at random less than r-1.PKI PK then AAnd PK BObtain as follows:
Figure A0312807200081
Then the cryptographic key agreement process is as follows:
A) A selects positive integer k at random A∈ [1, r-1], and obtain the PKI PK of B from the CA of authentication center B, calculate S A=k APK B, and with S ASend to B.
B) B picked at random positive integer k B∈ [1, r-1], and obtain the PKI PK of A from the CA of authentication center A, calculate S then B=k BPK A, and with S BSend to A.
C) A is for the S that receives from B B, with the private key SK of oneself ACalculating K AB=k ASK AS BSimilarly, at the S that receives that A sends AAfter, the B private key SK of oneself BCalculating K BA=k BSK BS AInterim conversation key K=k of using of this signal post that arranges after Tong Xin the mutual agreement then Ak BD.
Embodiment 4:
In many ways cryptographic key agreement method:
The implementation method that discuss the front can only be applicable to the sight when having only two communication main bodys.When communication main body not only two time, need carry out suitable improvement to concrete implementation method.Here be example with three communication main bodys, this improvement be described:
If the three parts of communication is A, B and C, their key is to all according to PK=SK -1* G produces.If their private key is respectively SK A, SK BAnd SK C, PKI is respectively PK A, PK BAnd PK CThen can reach an agreement on the as follows interim conversation key of this communication:
A) A selects an integer k at random A∈ [1, r-1], and obtain the PKI PK of C from the CA of authentication center C, calculate X then A=k APK C, and with X ASend to B;
B) B selects an integer k at random B∈ [1, r-1], and obtain the PKI PK of A from the CA of authentication center A, calculate Y then B=k BPK A, and with Y BSend to C;
C) C selects an integer k at random C∈ [1, r-1], and obtain the PKI PK of B from the CA of authentication center B, calculate Z then C=k CPK B, and with Z CSend to A;
D) B is for the X that receives from A A, with selected just now random integers k B, calculate X B=k BX A, and with X BSend to C;
E) C is for the Y that receives from B B, with selected just now random integers k C, calculate Y C=k CY B, and with Y CSend to A;
F) A is for the Z that receives from C C, with selected just now random integers k AOneself private key SK ACalculate Z A=k AZ C, and with Z ASend to B;
G) C is for the X that receives from B B, with the private key SK of oneself CCalculating K ABC=k CSK CX B
H) A is for the Y that receives from C c, with the private key SK of oneself ACalculating K BCA=k ASK AY C
I) B is for the Z that receives from A A, with the private key SK of oneself BCalculating K CAB=k BSK BZ A
So far, San Fang cryptographic key agreement process is finished.Interim conversation key K=k that this signal post that arranges behind the communication trip agreement uses Ak Bk CG.For four directions or more communication party, only need in above-mentioned tripartite XKAS cryptographic key agreement method, to increase more key transmission link and get final product.
The content that is not described in detail in this specification belongs to and well known to a person skilled in the art prior art.

Claims (3)

1, a kind of agreement method of key, the each side of communication has private key SK and PKI PK respectively, wherein, PK=SK -1* G, and leave the trusted third party authentication center in, concrete steps are as follows:
The both sides of communication are A and B, and their private key is respectively SK AAnd AK B, PKI is respectively PK AAnd PK B, when the both sides of communication need reach an agreement on the interim conversation key that this signal post uses by unsafe channel, then finish the cryptographic key agreement task by following operation:
1. A selects an integer K at random A, and obtain the PKI PK of B from the CA of authentication center B, calculate S then A=k A* PK B, and with S ASend to B;
2. B selects an integer k at random S, and obtain the PKI PK of A from the CA of authentication center A, calculate S then B=k B* PK A, and with S BSend to A;
3. A is for the S that receives from B B, with the private key SK of oneself ACalculating K AB=k A* SK A* S BSimilarly, B is at the S that receives that A sends AAfter, with the private key SK of oneself BCalculating K BA=k B* SK B* S AThen the cryptographic key agreement process finishes, and the interim conversation key that this signal post that arranges after the mutual agreement of communication uses is K=k A* k B* G.
2, the agreement method of key as claimed in claim 1, if the communication party is tripartite, the three parts of communication is A, B and C, their key is to all according to PK=SK -1* G produces, and the private key of establishing them is respectively SK A, SK BAnd SK C, PKI is respectively PK A, PK BAnd PK CThen can reach an agreement on the as follows interim conversation key of this communication:
A) A selects an integer k at random A∈ [1, r-1], and obtain the PKI PK of C from the CA of authentication center C, calculate X then A=k APK C, and with X ASend to B;
B) B selects an integer k at random B∈ [1, r-1], and obtain the PKI PK of A from the CA of authentication center A, calculate Y then B=k BPK A, and with Y BSend to C;
C) C selects an integer k at random C∈ [1, r-1], and obtain the PKI PK of B from the CA of authentication center B, calculate Z then C=k CPK B, and with Z CSend to A;
D) B is for the X that receives from A A, with selected just now random integers k B, calculate X B=k BX A, and with X BSend to C;
E) C is for the Y that receives from B B, with selected just now random integers k C, calculate Y C=k BY B, and with Y CSend to A;
F) A is for the Z that receives from C C, with selected just now random integers k AOneself private key SK ACalculate Z A=k AZ C, and with Z ASend to B;
G) C is for the X that receives from B B, with the private key SK of oneself CCalculating K ABC=k CSK CX B
H) A is for the Y that receives from C C, with the private key SK of oneself ACalculating K BCA=k ASK AY C
J) B is for the Z that receives from A A, with the private key SK of oneself BCalculating K CAB=k BSK BZ A
So far, San Fang cryptographic key agreement process is finished.Interim conversation key K=k that this signal post that arranges behind the communication trip agreement uses Ak Bk CG.
3, the agreement method of key as claimed in claim 1 or 2 for four directions or more communication party, only needs to increase more key transmission link and gets final product in the tripartite XKAS cryptographic key agreement method of claim 2.
CN 03128072 2003-05-30 2003-05-30 Encryption key agreement method Pending CN1455543A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 03128072 CN1455543A (en) 2003-05-30 2003-05-30 Encryption key agreement method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 03128072 CN1455543A (en) 2003-05-30 2003-05-30 Encryption key agreement method

Publications (1)

Publication Number Publication Date
CN1455543A true CN1455543A (en) 2003-11-12

Family

ID=29260371

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 03128072 Pending CN1455543A (en) 2003-05-30 2003-05-30 Encryption key agreement method

Country Status (1)

Country Link
CN (1) CN1455543A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009135444A1 (en) * 2008-05-09 2009-11-12 西安西电捷通无线网络通信有限公司 Key distribution method, terminal device and key distribution center
CN102164119A (en) * 2010-02-12 2011-08-24 株式会社理光 Authentication system, transmission terminal, and transmission system
CN101048970B (en) * 2004-10-29 2012-05-23 汤姆森许可贸易公司 Secure authenticated channel
CN105337969A (en) * 2015-10-19 2016-02-17 朱建龙 Safety communication method between two mobile terminals
CN106559566A (en) * 2016-11-10 2017-04-05 广州小鹏汽车科技有限公司 A kind of intelligent control method and system of automobile value-added service
CN111373692A (en) * 2017-10-19 2020-07-03 三菱电机株式会社 Key sharing device, key sharing method, key sharing program, and key sharing system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101048970B (en) * 2004-10-29 2012-05-23 汤姆森许可贸易公司 Secure authenticated channel
WO2009135444A1 (en) * 2008-05-09 2009-11-12 西安西电捷通无线网络通信有限公司 Key distribution method, terminal device and key distribution center
CN102164119A (en) * 2010-02-12 2011-08-24 株式会社理光 Authentication system, transmission terminal, and transmission system
US8949593B2 (en) 2010-02-12 2015-02-03 Ricoh Company, Limited Authentication system for terminal identification information
CN102164119B (en) * 2010-02-12 2015-06-03 株式会社理光 Authentication system, transmission terminal, and transmission system
CN105337969A (en) * 2015-10-19 2016-02-17 朱建龙 Safety communication method between two mobile terminals
CN106559566A (en) * 2016-11-10 2017-04-05 广州小鹏汽车科技有限公司 A kind of intelligent control method and system of automobile value-added service
CN111373692A (en) * 2017-10-19 2020-07-03 三菱电机株式会社 Key sharing device, key sharing method, key sharing program, and key sharing system

Similar Documents

Publication Publication Date Title
US8190895B2 (en) Authenticated key exchange with derived ephemeral keys
US7908482B2 (en) Key confirmed authenticated key exchange with derived ephemeral keys
TWI233739B (en) Systems, methods and computer readable recording medium for remote password authentication using multiple servers
EP1226678B1 (en) Split-key key-agreement protocol
US7694141B2 (en) Extended authenticated key exchange with key confirmation
US7627760B2 (en) Extended authenticated key exchange
CN101296075B (en) Identity authentication system based on elliptic curve
CN102739401B (en) Private key safety management method based on identity public key cryptography system
CN107566128A (en) A kind of two side's distribution SM9 digital signature generation methods and system
CN1902853A (en) Method and apparatus for verifiable generation of public keys
CN105141425A (en) Bidirectional authentication method capable of protecting identity based on chaotic mapping
CN100350816C (en) Method for implementing wireless authentication and data safety transmission based on GSM network
CN107483191A (en) A kind of SM2 algorithm secret keys segmentation signature system and method
CN1260664C (en) Method for exchanging pins between users' computers
CN114826656A (en) Trusted data link transmission method and system
CN101060530A (en) Repudiation Internet key exchange protocol
CN112417489B (en) Digital signature generation method and device and server
CN107612680A (en) A kind of national secret algorithm in mobile network's payment
CN112380579A (en) Lattice-based forward security certificateless digital signature scheme
CN116074019A (en) Identity authentication method, system and medium between mobile client and server
Lin et al. Security enhancement for the" simple authentication key agreement algorithm"
CN1455543A (en) Encryption key agreement method
CN111756537B (en) Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN111277411B (en) Anti-quantum computing vehicle-mounted network identity authentication system and method based on secret sharing and multiple mobile devices
CN114978481A (en) Anti-quantum computing communication method and system based on post-quantum cryptography CA

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication