CN1472914A - High performance and quick public pin encryption - Google Patents
High performance and quick public pin encryption Download PDFInfo
- Publication number
- CN1472914A CN1472914A CNA031282229A CN03128222A CN1472914A CN 1472914 A CN1472914 A CN 1472914A CN A031282229 A CNA031282229 A CN A031282229A CN 03128222 A CN03128222 A CN 03128222A CN 1472914 A CN1472914 A CN 1472914A
- Authority
- CN
- China
- Prior art keywords
- key
- message
- private
- public key
- secret
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims abstract description 35
- 238000004891 communication Methods 0.000 claims abstract description 12
- 238000005516 engineering process Methods 0.000 claims description 14
- 238000004422 calculation algorithm Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 4
- 238000007620 mathematical function Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a fast and high efficient public key encrypting method. The two parties of communication are A and B, they have the private keys and public keys respectively, which are stored in the trustable verification center of the third party. 1. A produces randomly one of some temporary secret-key and encrypts the private information using the symmetric secret-code encrypting system to acquire encrypted file; 2. A converts the secret-key selected presently into an assigned file using the secret-key assigning technique of the public key secret-code system and using the public key of the receiving part B, and then transmits the secret-key assigning file and encrypted file to the receiving party; 3. The receiving party acquires the secret-key assigned by the transmitting party using his own private key.
Description
Technical Field
The invention belongs to the data encryption technology in the field of information security, and particularly relates to a high-efficiency and quick public key encryption method.
Background
Data encryption is a fundamental task of cryptographic systems. According to the relationship between encryption key and decryption key, the current various data encryption systems can be divided into two categories: a symmetric cipher encryption system and a public key cipher encryption system.
The symmetric cipher encryption body has a history of thousands of years, and is the most common encryption technology at present. Among them, the most representative symmetric cryptographies include DES, AES, IDEA, RC6, and the like. The algorithm has the advantages of high encryption speed, high strength, good safety and the like. But since the encryption process and the decryption process of the symmetric cipher are reciprocal, both processes use the same key, i.e. the secret key. For the symmetric cipher encryption system, the distribution and management of the key are very difficult, and a cumbersome authentication process and an expensive dedicated secret channel are generally required, which greatly limits the application range of the symmetric cipher encryption system.
The public key cryptographic system was first proposed by Diffie and Hellman at the end of the last 70's of the century. The method is established on the basis of a trapdoor mathematical function, and by introducing mutually independent public and private key pairs, the encryption process and the decryption process are not symmetrical to each other, so that the key distribution and management problems disturbing the symmetric cipher encryption system are successfully solved. However, although the public key encryption system solves the problem of key distribution and management of the symmetric encryption system, the public key encryption system is established on the basis of a trapdoor mathematical function and needs a large amount of complex mathematical operations, so the implementation speed is very slow, and generally only 1/100-1/1000 which is equal to the implementation speed of the symmetric encryption system with the same intensity is needed, so the public key encryption system is not practical and cannot be practically applied to a data encryption system.
Disclosure of Invention
The invention aims to realize a high-efficiency and quick public key encryption method by combining a public key distribution technology and a symmetric cipher encryption system.
In order to achieve the purpose, the method comprises the following specific steps:
two communication parties are A and B, and the private keys of the two communication parties are SKAAnd AKBThe public key is PKAAnd PKBAnd storing in a trusted third party authentication center, and when the communication party A needs to send a private message M to the receiving party B through an unsafe channelThen, the message M may be encrypted as follows:
a randomly generating a certain temporary Key, using the Key as a secret Key of a symmetric cipher encryption system, and encrypting a private message M by using the symmetric cipher encryption system to obtain a ciphertext C;
secondly, a secret key distribution technology of a public key cryptosystem is utilized, and a public key PK of a receiver B is utilizedBThe secret key selected immediately is converted into a distribution message S, and the secret key distribution message S and the ciphertext C are sent to a receiving party B through a public channel.
For receiving party B, firstly, according to secret key distribution technique, utilizing its own private key SKBThe secret Key distributed by the sender a is acquired, and then the received ciphertext C is decrypted by using the secret Key to obtain the private message M.
The invention combines the advantages of two encryption systems of a symmetric cipher encryption system and a public key cipher encryption system: the method has the advantages of high encryption speed and high strength of a symmetric cipher encryption system, and also has the advantages of a public key encryption system in key distribution and management and an additional identity authentication function.
Compared with the mode of directly exchanging the temporary session key through the key exchange protocol and finishing data encryption through secret communication, the invention does not require both parties of communication to be on line at the same time and does not need a special authentication process, thereby having stronger practicability, higher efficiency, more convenience and more safety; compared with the prior single encryption technology, the method has the advantages of high encryption speed, safety and high efficiency of key management, does not need various complicated authentication processes and expensive special secret channels, can resist various known attack schemes, has high safety, simple and high efficiency in operation and very low calculation overhead and space requirements, and can be widely applied to various software and hardware environments such as computers, communication networks, smart cards, mobile phones, electronic commerce and the like.
Drawings
The figure graphically depicts the data encryption process of the present invention.
Detailed Description
The invention is further described with reference to the following figures and examples, which should not be construed as limiting the invention.
Example 1
When the public key distribution technology is an XECDA key distribution technology based on the problem of discrete logarithm of an elliptic curve and AES is selected in a symmetric cryptosystem, the specific implementation mode of the invention is as follows:
system parameters: randomly selecting a large prime number p, an elliptic curve E (GF (p): y)2=x3+ ax + b (mod p) is a secure elliptic curve defined over the finite field gf (p), where the randomly chosen base point is G, n ═ E (gf (p) is the order of the elliptic curve E, r is a large prime factor of n, private key SK of A, BAAnd SKBIs a random positive integer less than r-1. Then the public key PKAAnd PKBObtained as follows:
and is placed in a trusted third party certification authority. The data encryption process is as follows:
a) a randomly selects an integer k epsilon [1, r-1 ]]If K is K × G, K is a secret key used for the symmetric cipher system AES in the data encryption process; meanwhile, encrypting the private message M to be sent by using a secret key K by using an AES symmetric encryption technology to obtain a ciphertext C; and obtaining the public key PK of B from the certification center CABCalculating R ═ k × PKBThen using its own private key SKADigitally signing the message (R, C) to obtain S ═ SigA(R, C); finally, A sends the message (R, C, S) to B;
b) b for the message (R, C, S) received from A, firstly, the public key PK of A is obtained from the certification center CAAAnd the digital signature verification algorithm verifies the authenticity and the integrity of the message, and then uses the private key SK of the messageBCalculating K ═ SKBxAR, namely obtaining a secret key K used for the symmetric cipher system AES in the data encryption process, and then decrypting the received ciphertext C by using the obtained secret key K as the control of the AES symmetric cipher system to obtain the private message M sent by A.
Example 2
RSA is selected in the public key cryptosystem, and DES is selected in the symmetric cryptosystem:
system parameters: randomly selecting two large prime numbers p and q (needing to be kept secret), calculating the product n ═ pq of the two large prime numbers p and q as the public modulus of the system, and randomly selecting an integer as the public key PK of the communication party A (B)A(PKB) Then its private key SKA(SKB) Can be obtained as follows:
wherein,
*(n)=(p-1)×(q-1)
at the same time, the public key PKA(PKB) And if the data is placed in a trusted third party authentication center, the data encryption process is as follows:
a) a randomly selects a positive integer k epsilon [1.n-1 ]]And K is a secret key used for a symmetric cryptosystem DES in the data encryption process, and meanwhile, the secret key K is used for encrypting the private message M to be sent by using a DES symmetric encryption technology to obtain a ciphertext C. And obtaining the public key PK of B from the certification center CABCalculating Then uses its own private key SKADigitally signing the message (R, C) to obtain S ═ SigA(R, C); finally, A sends the message (R, C, S) to the receiving party B through the public channel:
b) b firstly uses the public key PK of A obtained from the certification center CA for the message (R, S, C) received from AAVerifying the authenticity and integrity of the message by using a corresponding digital signature verification algorithm; then uses its private key SKBComputing The secret key K used for the symmetric cipher system DES in the data encryption process can be obtained; then, the obtained secret key K is used as a control parameter of a DES symmetric cryptosystem to decrypt the received ciphertext C, and the private message M sent by the A can be obtained.
What is not described in detail in this specification is prior art to the knowledge of those skilled in the art.
Claims (3)
1. A high-efficiency and quick public key encryption method comprises the following specific steps:
two communication parties are A and B, and the private keys of the two communication parties are SKAAnd SKBThe public key is PKAAnd PKBAnd storing the message in a trusted third party authentication center, and when the communication party A needs to send the private message M to the receiving party B through an unsafe channel, encrypting the message M according to the following operations:
a randomly generating a certain temporary Key, using the Key as a secret Key of a symmetric cipher encryption system, and encrypting a private message M by using the symmetric cipher encryption system to obtain a ciphertext C;
secondly, a secret key distribution technology of a public key cryptosystem is utilized, and a public key PK of a receiver B is utilizedBThe secret key selected immediately is converted into a distribution message S, and the secret key distribution message S and the ciphertext C are sent to a receiving party B through a public channel.
For receiving party B, firstly, according to secret key distribution technique, utilizing its own private key SKBThe secret Key distributed by the sender a is acquired, and then the received ciphertext C is decrypted by using the secret Key to obtain the private message M.
2. The efficient and fast public key encryption method according to claim 1, comprising the following steps:
when the public key distribution technology is an XECDA key distribution technology based on the problem of discrete logarithm of an elliptic curve and AES is selected in a symmetric cryptosystem, the specific implementation mode of the invention is as follows:
system parameters: randomly selecting a large prime number p, an elliptic curve E (GF (p): y)2=x3+ ax + b (mod p) is a secure elliptic curve defined over the finite field gf (p), where the randomly chosen base point is G, n ═ E (gf (p) is the order of the elliptic curve E, r is a large prime factor of n, private key SK of A, BAAnd SKBIs a random positive integer less than r-1. Then the public key PK4And PKBObtained as follows:
and is placed in a trusted third party certification authority. The data encryption process is as follows:
a) a randomly selects an integer k epsilon [1, r-1 ]]If K is K × G, K is a secret key used for the symmetric cipher system AES in the data encryption process; meanwhile, encrypting the private message M to be sent by using a secret key K by using an AES symmetric encryption technology to obtain a ciphertext C; and obtaining the public key PK of B from the certification center CABCalculating R ═ k × PKBThen using its own private key SKAFor messages (R, C)Line digital signature to get S ═ SigA(R, C): finally, A sends the message (R, C, S) to B;
b) b for the message (R, C, S) received from A, firstly, the public key PK of A is obtained from the certification center CAAAnd the digital signature verification algorithm verifies the authenticity and the integrity of the message, and then uses the private key SK of the messageBCalculating K ═ SKBxAR, namely obtaining a secret key K used for the symmetric cipher system AES in the data encryption process, and then decrypting the received ciphertext C by using the obtained secret key K as the control of the AES symmetric cipher system to obtain the private message M sent by A.
3. The efficient and fast public key encryption method according to claim 1, comprising the following steps:
RSA is selected in a public key cryptosystem, DES is selected in a symmetric cryptosystem:
system parameters: randomly selecting two large prime numbers p and q (needing to be kept secret), calculating the product n ═ pq of the two large prime numbers p and q as the public modulus of the system, and randomly selecting an integer as the public key PK of the communication party A (B)A(PKB) Then its private key SKA(SKB) Can be obtained as follows:
wherein,
*(n)=(p-1)×(q-1)
at the same time, the public key PKA(PKB) And if the data is placed in a trusted third party authentication center, the data encryption process is as follows:
a) a randomly selects a positive integer k epsilon [1.n-1 ]]And K is a secret key used for a symmetric cryptosystem DES in the data encryption process, and meanwhile, the secret key K is used for encrypting the private message M to be sent by using a DES symmetric encryption technology to obtain a ciphertext C. And obtaining the public key PK of B from the certification center CABCalculating Then uses its own private key SKADigitally signing the message (R, C) to obtain S ═ SigA(R, C); finally, A sends the message (R, C, S) to the receiving party B through the public channel;
b) b firstly uses the public key PK of A obtained from the certification center CA for the message (R, S, C) received from AAVerifying the authenticity and integrity of the message by using a corresponding digital signature verification algorithm; then uses its private key SKBComputing The secret key K used for the symmetric cipher system DES in the data encryption process can be obtained; then, the obtained secret key K is used as a control parameter of a DES symmetric cryptosystem to decrypt the received ciphertext C, and the private message M sent by the A can be obtained.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 03128222 CN1277365C (en) | 2003-06-27 | 2003-06-27 | High performance and quick public pin encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 03128222 CN1277365C (en) | 2003-06-27 | 2003-06-27 | High performance and quick public pin encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1472914A true CN1472914A (en) | 2004-02-04 |
CN1277365C CN1277365C (en) | 2006-09-27 |
Family
ID=34153280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 03128222 Expired - Fee Related CN1277365C (en) | 2003-06-27 | 2003-06-27 | High performance and quick public pin encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1277365C (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100403814C (en) * | 2004-11-25 | 2008-07-16 | 华为技术有限公司 | Packet broadcasting service key controlling method |
CN100423484C (en) * | 2005-03-03 | 2008-10-01 | 武汉大学 | Method for implementing security E-mail system having transmitting-receiving bidirectional nonrepudiation mechanism |
CN100426718C (en) * | 2004-12-31 | 2008-10-15 | 北京中星微电子有限公司 | A secure transmission method for media content |
WO2009074092A1 (en) * | 2007-12-03 | 2009-06-18 | China Iwncomm Co., Ltd. | A light access authentication method and system |
CN100586060C (en) * | 2004-09-09 | 2010-01-27 | 国际商业机器公司 | Method and device for establishing safety peer-to-peer communications |
CN1633068B (en) * | 2004-12-31 | 2010-10-06 | 北京中星微电子有限公司 | A method of media stream transmission in point-to-point communication |
CN101931535A (en) * | 2010-08-31 | 2010-12-29 | 武汉理工大学 | Method for adaptively performing data encryption and authentication without authentication center |
CN102075544A (en) * | 2011-02-18 | 2011-05-25 | 博视联(苏州)信息科技有限公司 | Encryption system, encryption method and decryption method for local area network shared file |
CN101064595B (en) * | 2006-04-27 | 2011-07-27 | 联想(北京)有限公司 | Computer network safe input authentication system and method |
CN102185691A (en) * | 2011-03-31 | 2011-09-14 | 中山大学深圳研究院 | Method for encrypting information of comprehensive service card based on digital home |
CN101378320B (en) * | 2008-09-27 | 2011-09-28 | 北京数字太和科技有限责任公司 | Authentication method and system |
CN101141251B (en) * | 2006-09-08 | 2012-05-23 | 华为技术有限公司 | Method, system and equipment of message encryption signature in communication system |
CN101742501B (en) * | 2010-01-15 | 2012-06-20 | 南京邮电大学 | Safe multi-channel media access control method of wireless self-organizing network |
CN103546481A (en) * | 2013-10-31 | 2014-01-29 | 曙光云计算技术有限公司 | Initiating and receiving method and device of communication session |
CN104301332A (en) * | 2014-10-31 | 2015-01-21 | 成都卫士通信息产业股份有限公司 | Secret key distribution system based on wireless cascading |
CN106682520A (en) * | 2016-11-17 | 2017-05-17 | 精硕科技(北京)股份有限公司 | Data exchange method and system |
CN106850670A (en) * | 2017-03-06 | 2017-06-13 | 浙江晨泰科技股份有限公司 | A kind of charging pile communication system encrypting and decrypting method |
CN112532648A (en) * | 2020-12-11 | 2021-03-19 | 中电科大数据研究院有限公司 | Security access method and system based on hybrid cryptosystem |
-
2003
- 2003-06-27 CN CN 03128222 patent/CN1277365C/en not_active Expired - Fee Related
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100586060C (en) * | 2004-09-09 | 2010-01-27 | 国际商业机器公司 | Method and device for establishing safety peer-to-peer communications |
CN100403814C (en) * | 2004-11-25 | 2008-07-16 | 华为技术有限公司 | Packet broadcasting service key controlling method |
CN100426718C (en) * | 2004-12-31 | 2008-10-15 | 北京中星微电子有限公司 | A secure transmission method for media content |
CN1633068B (en) * | 2004-12-31 | 2010-10-06 | 北京中星微电子有限公司 | A method of media stream transmission in point-to-point communication |
CN100423484C (en) * | 2005-03-03 | 2008-10-01 | 武汉大学 | Method for implementing security E-mail system having transmitting-receiving bidirectional nonrepudiation mechanism |
CN101064595B (en) * | 2006-04-27 | 2011-07-27 | 联想(北京)有限公司 | Computer network safe input authentication system and method |
CN101141251B (en) * | 2006-09-08 | 2012-05-23 | 华为技术有限公司 | Method, system and equipment of message encryption signature in communication system |
US8560847B2 (en) | 2007-12-03 | 2013-10-15 | China Iwncomm Co., Ltd. | Light access authentication method and system |
RU2445740C1 (en) * | 2007-12-03 | 2012-03-20 | Чайна Ивнкомм Ко., Лтд. | Simple access authentication method and system |
WO2009074092A1 (en) * | 2007-12-03 | 2009-06-18 | China Iwncomm Co., Ltd. | A light access authentication method and system |
KR101117453B1 (en) | 2007-12-03 | 2012-03-13 | 차이나 아이더블유엔콤 씨오., 엘티디 | A light access authentication method and system |
CN101378320B (en) * | 2008-09-27 | 2011-09-28 | 北京数字太和科技有限责任公司 | Authentication method and system |
CN101742501B (en) * | 2010-01-15 | 2012-06-20 | 南京邮电大学 | Safe multi-channel media access control method of wireless self-organizing network |
CN101931535A (en) * | 2010-08-31 | 2010-12-29 | 武汉理工大学 | Method for adaptively performing data encryption and authentication without authentication center |
CN102075544A (en) * | 2011-02-18 | 2011-05-25 | 博视联(苏州)信息科技有限公司 | Encryption system, encryption method and decryption method for local area network shared file |
CN102185691A (en) * | 2011-03-31 | 2011-09-14 | 中山大学深圳研究院 | Method for encrypting information of comprehensive service card based on digital home |
CN103546481A (en) * | 2013-10-31 | 2014-01-29 | 曙光云计算技术有限公司 | Initiating and receiving method and device of communication session |
CN104301332A (en) * | 2014-10-31 | 2015-01-21 | 成都卫士通信息产业股份有限公司 | Secret key distribution system based on wireless cascading |
CN104301332B (en) * | 2014-10-31 | 2017-10-27 | 成都卫士通信息产业股份有限公司 | A kind of key distribution system based on wireless cascade |
CN106682520A (en) * | 2016-11-17 | 2017-05-17 | 精硕科技(北京)股份有限公司 | Data exchange method and system |
CN106850670A (en) * | 2017-03-06 | 2017-06-13 | 浙江晨泰科技股份有限公司 | A kind of charging pile communication system encrypting and decrypting method |
CN112532648A (en) * | 2020-12-11 | 2021-03-19 | 中电科大数据研究院有限公司 | Security access method and system based on hybrid cryptosystem |
Also Published As
Publication number | Publication date |
---|---|
CN1277365C (en) | 2006-09-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112367175B (en) | Implicit certificate key generation method based on SM2 digital signature | |
CN108989053B (en) | Method for realizing certificateless public key cryptosystem based on elliptic curve | |
CN1277365C (en) | High performance and quick public pin encryption | |
US6151395A (en) | System and method for regenerating secret keys in diffie-hellman communication sessions | |
Nyberg et al. | Message recovery for signature schemes based on the discrete logarithm problem | |
EP2416524B1 (en) | System and method for secure transaction of data between wireless communication device and server | |
US6697488B1 (en) | Practical non-malleable public-key cryptosystem | |
EP2334008A1 (en) | A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
CN101079701B (en) | Highly secure ellipse curve encryption and decryption method and device | |
CN112104453B (en) | Anti-quantum computation digital signature system and signature method based on digital certificate | |
CN101262341A (en) | A mixed encryption method in session system | |
CN101931536B (en) | Method for encrypting and authenticating efficient data without authentication center | |
CN110113150A (en) | The encryption method and system of deniable authentication based on no certificate environment | |
CN102469173A (en) | IPv6 (Internet Protocol Version 6) network layer credible transmission method and system based on combined public key algorithm | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
EP2309670B1 (en) | Method for providing information security for wireless transmissions | |
CN114726546A (en) | Digital identity authentication method, device, equipment and storage medium | |
CN113162773A (en) | Heterogeneous blind signcryption method capable of proving safety | |
CN109474436A (en) | A kind of deniable authentication method and system | |
CN117879833A (en) | Digital signature generation method based on improved elliptic curve | |
CN109831305B (en) | Anti-quantum computation signcryption method and system based on asymmetric key pool | |
Dutta et al. | An efficient signcryption scheme based on ECC with forward secrecy and encrypted message authentication | |
Toorani | SMEmail-a new protocol for the secure e-mail in mobile environments | |
CN115834175A (en) | Quantum key-based group chat encryption method, message transmitting and receiving equipment and system | |
KR20030047148A (en) | Method of messenger security based on client/server using RSA |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060927 Termination date: 20110627 |