CN1472914A - High performance and quick public pin encryption - Google Patents

High performance and quick public pin encryption Download PDF

Info

Publication number
CN1472914A
CN1472914A CNA031282229A CN03128222A CN1472914A CN 1472914 A CN1472914 A CN 1472914A CN A031282229 A CNA031282229 A CN A031282229A CN 03128222 A CN03128222 A CN 03128222A CN 1472914 A CN1472914 A CN 1472914A
Authority
CN
China
Prior art keywords
key
message
private
public key
secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA031282229A
Other languages
Chinese (zh)
Other versions
CN1277365C (en
Inventor
肖攸安
李腊元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University of Technology WUT
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN 03128222 priority Critical patent/CN1277365C/en
Publication of CN1472914A publication Critical patent/CN1472914A/en
Application granted granted Critical
Publication of CN1277365C publication Critical patent/CN1277365C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention relates to a fast and high efficient public key encrypting method. The two parties of communication are A and B, they have the private keys and public keys respectively, which are stored in the trustable verification center of the third party. 1. A produces randomly one of some temporary secret-key and encrypts the private information using the symmetric secret-code encrypting system to acquire encrypted file; 2. A converts the secret-key selected presently into an assigned file using the secret-key assigning technique of the public key secret-code system and using the public key of the receiving part B, and then transmits the secret-key assigning file and encrypted file to the receiving party; 3. The receiving party acquires the secret-key assigned by the transmitting party using his own private key.

Description

Efficient and quick public key encryption method
Technical Field
The invention belongs to the data encryption technology in the field of information security, and particularly relates to a high-efficiency and quick public key encryption method.
Background
Data encryption is a fundamental task of cryptographic systems. According to the relationship between encryption key and decryption key, the current various data encryption systems can be divided into two categories: a symmetric cipher encryption system and a public key cipher encryption system.
The symmetric cipher encryption body has a history of thousands of years, and is the most common encryption technology at present. Among them, the most representative symmetric cryptographies include DES, AES, IDEA, RC6, and the like. The algorithm has the advantages of high encryption speed, high strength, good safety and the like. But since the encryption process and the decryption process of the symmetric cipher are reciprocal, both processes use the same key, i.e. the secret key. For the symmetric cipher encryption system, the distribution and management of the key are very difficult, and a cumbersome authentication process and an expensive dedicated secret channel are generally required, which greatly limits the application range of the symmetric cipher encryption system.
The public key cryptographic system was first proposed by Diffie and Hellman at the end of the last 70's of the century. The method is established on the basis of a trapdoor mathematical function, and by introducing mutually independent public and private key pairs, the encryption process and the decryption process are not symmetrical to each other, so that the key distribution and management problems disturbing the symmetric cipher encryption system are successfully solved. However, although the public key encryption system solves the problem of key distribution and management of the symmetric encryption system, the public key encryption system is established on the basis of a trapdoor mathematical function and needs a large amount of complex mathematical operations, so the implementation speed is very slow, and generally only 1/100-1/1000 which is equal to the implementation speed of the symmetric encryption system with the same intensity is needed, so the public key encryption system is not practical and cannot be practically applied to a data encryption system.
Disclosure of Invention
The invention aims to realize a high-efficiency and quick public key encryption method by combining a public key distribution technology and a symmetric cipher encryption system.
In order to achieve the purpose, the method comprises the following specific steps:
two communication parties are A and B, and the private keys of the two communication parties are SKAAnd AKBThe public key is PKAAnd PKBAnd storing in a trusted third party authentication center, and when the communication party A needs to send a private message M to the receiving party B through an unsafe channelThen, the message M may be encrypted as follows:
a randomly generating a certain temporary Key, using the Key as a secret Key of a symmetric cipher encryption system, and encrypting a private message M by using the symmetric cipher encryption system to obtain a ciphertext C;
secondly, a secret key distribution technology of a public key cryptosystem is utilized, and a public key PK of a receiver B is utilizedBThe secret key selected immediately is converted into a distribution message S, and the secret key distribution message S and the ciphertext C are sent to a receiving party B through a public channel.
For receiving party B, firstly, according to secret key distribution technique, utilizing its own private key SKBThe secret Key distributed by the sender a is acquired, and then the received ciphertext C is decrypted by using the secret Key to obtain the private message M.
The invention combines the advantages of two encryption systems of a symmetric cipher encryption system and a public key cipher encryption system: the method has the advantages of high encryption speed and high strength of a symmetric cipher encryption system, and also has the advantages of a public key encryption system in key distribution and management and an additional identity authentication function.
Compared with the mode of directly exchanging the temporary session key through the key exchange protocol and finishing data encryption through secret communication, the invention does not require both parties of communication to be on line at the same time and does not need a special authentication process, thereby having stronger practicability, higher efficiency, more convenience and more safety; compared with the prior single encryption technology, the method has the advantages of high encryption speed, safety and high efficiency of key management, does not need various complicated authentication processes and expensive special secret channels, can resist various known attack schemes, has high safety, simple and high efficiency in operation and very low calculation overhead and space requirements, and can be widely applied to various software and hardware environments such as computers, communication networks, smart cards, mobile phones, electronic commerce and the like.
Drawings
The figure graphically depicts the data encryption process of the present invention.
Detailed Description
The invention is further described with reference to the following figures and examples, which should not be construed as limiting the invention.
Example 1
When the public key distribution technology is an XECDA key distribution technology based on the problem of discrete logarithm of an elliptic curve and AES is selected in a symmetric cryptosystem, the specific implementation mode of the invention is as follows:
system parameters: randomly selecting a large prime number p, an elliptic curve E (GF (p): y)2=x3+ ax + b (mod p) is a secure elliptic curve defined over the finite field gf (p), where the randomly chosen base point is G, n ═ E (gf (p) is the order of the elliptic curve E, r is a large prime factor of n, private key SK of A, BAAnd SKBIs a random positive integer less than r-1. Then the public key PKAAnd PKBObtained as follows:
and is placed in a trusted third party certification authority. The data encryption process is as follows:
a) a randomly selects an integer k epsilon [1, r-1 ]]If K is K × G, K is a secret key used for the symmetric cipher system AES in the data encryption process; meanwhile, encrypting the private message M to be sent by using a secret key K by using an AES symmetric encryption technology to obtain a ciphertext C; and obtaining the public key PK of B from the certification center CABCalculating R ═ k × PKBThen using its own private key SKADigitally signing the message (R, C) to obtain S ═ SigA(R, C); finally, A sends the message (R, C, S) to B;
b) b for the message (R, C, S) received from A, firstly, the public key PK of A is obtained from the certification center CAAAnd the digital signature verification algorithm verifies the authenticity and the integrity of the message, and then uses the private key SK of the messageBCalculating K ═ SKBxAR, namely obtaining a secret key K used for the symmetric cipher system AES in the data encryption process, and then decrypting the received ciphertext C by using the obtained secret key K as the control of the AES symmetric cipher system to obtain the private message M sent by A.
Example 2
RSA is selected in the public key cryptosystem, and DES is selected in the symmetric cryptosystem:
system parameters: randomly selecting two large prime numbers p and q (needing to be kept secret), calculating the product n ═ pq of the two large prime numbers p and q as the public modulus of the system, and randomly selecting an integer as the public key PK of the communication party A (B)A(PKB) Then its private key SKA(SKB) Can be obtained as follows:
wherein,
*(n)=(p-1)×(q-1)
at the same time, the public key PKA(PKB) And if the data is placed in a trusted third party authentication center, the data encryption process is as follows:
a) a randomly selects a positive integer k epsilon [1.n-1 ]]And K is a secret key used for a symmetric cryptosystem DES in the data encryption process, and meanwhile, the secret key K is used for encrypting the private message M to be sent by using a DES symmetric encryption technology to obtain a ciphertext C. And obtaining the public key PK of B from the certification center CABCalculating R = k PK B mod n ; Then uses its own private key SKADigitally signing the message (R, C) to obtain S ═ SigA(R, C); finally, A sends the message (R, C, S) to the receiving party B through the public channel:
b) b firstly uses the public key PK of A obtained from the certification center CA for the message (R, S, C) received from AAVerifying the authenticity and integrity of the message by using a corresponding digital signature verification algorithm; then uses its private key SKBComputing K = C SK B mod n , The secret key K used for the symmetric cipher system DES in the data encryption process can be obtained; then, the obtained secret key K is used as a control parameter of a DES symmetric cryptosystem to decrypt the received ciphertext C, and the private message M sent by the A can be obtained.
What is not described in detail in this specification is prior art to the knowledge of those skilled in the art.

Claims (3)

1. A high-efficiency and quick public key encryption method comprises the following specific steps:
two communication parties are A and B, and the private keys of the two communication parties are SKAAnd SKBThe public key is PKAAnd PKBAnd storing the message in a trusted third party authentication center, and when the communication party A needs to send the private message M to the receiving party B through an unsafe channel, encrypting the message M according to the following operations:
a randomly generating a certain temporary Key, using the Key as a secret Key of a symmetric cipher encryption system, and encrypting a private message M by using the symmetric cipher encryption system to obtain a ciphertext C;
secondly, a secret key distribution technology of a public key cryptosystem is utilized, and a public key PK of a receiver B is utilizedBThe secret key selected immediately is converted into a distribution message S, and the secret key distribution message S and the ciphertext C are sent to a receiving party B through a public channel.
For receiving party B, firstly, according to secret key distribution technique, utilizing its own private key SKBThe secret Key distributed by the sender a is acquired, and then the received ciphertext C is decrypted by using the secret Key to obtain the private message M.
2. The efficient and fast public key encryption method according to claim 1, comprising the following steps:
when the public key distribution technology is an XECDA key distribution technology based on the problem of discrete logarithm of an elliptic curve and AES is selected in a symmetric cryptosystem, the specific implementation mode of the invention is as follows:
system parameters: randomly selecting a large prime number p, an elliptic curve E (GF (p): y)2=x3+ ax + b (mod p) is a secure elliptic curve defined over the finite field gf (p), where the randomly chosen base point is G, n ═ E (gf (p) is the order of the elliptic curve E, r is a large prime factor of n, private key SK of A, BAAnd SKBIs a random positive integer less than r-1. Then the public key PK4And PKBObtained as follows:
Figure A0312822200021
and is placed in a trusted third party certification authority. The data encryption process is as follows:
a) a randomly selects an integer k epsilon [1, r-1 ]]If K is K × G, K is a secret key used for the symmetric cipher system AES in the data encryption process; meanwhile, encrypting the private message M to be sent by using a secret key K by using an AES symmetric encryption technology to obtain a ciphertext C; and obtaining the public key PK of B from the certification center CABCalculating R ═ k × PKBThen using its own private key SKAFor messages (R, C)Line digital signature to get S ═ SigA(R, C): finally, A sends the message (R, C, S) to B;
b) b for the message (R, C, S) received from A, firstly, the public key PK of A is obtained from the certification center CAAAnd the digital signature verification algorithm verifies the authenticity and the integrity of the message, and then uses the private key SK of the messageBCalculating K ═ SKBxAR, namely obtaining a secret key K used for the symmetric cipher system AES in the data encryption process, and then decrypting the received ciphertext C by using the obtained secret key K as the control of the AES symmetric cipher system to obtain the private message M sent by A.
3. The efficient and fast public key encryption method according to claim 1, comprising the following steps:
RSA is selected in a public key cryptosystem, DES is selected in a symmetric cryptosystem:
system parameters: randomly selecting two large prime numbers p and q (needing to be kept secret), calculating the product n ═ pq of the two large prime numbers p and q as the public modulus of the system, and randomly selecting an integer as the public key PK of the communication party A (B)A(PKB) Then its private key SKA(SKB) Can be obtained as follows:
wherein,
*(n)=(p-1)×(q-1)
at the same time, the public key PKA(PKB) And if the data is placed in a trusted third party authentication center, the data encryption process is as follows:
a) a randomly selects a positive integer k epsilon [1.n-1 ]]And K is a secret key used for a symmetric cryptosystem DES in the data encryption process, and meanwhile, the secret key K is used for encrypting the private message M to be sent by using a DES symmetric encryption technology to obtain a ciphertext C. And obtaining the public key PK of B from the certification center CABCalculating R = k PK B mod n ; Then uses its own private key SKADigitally signing the message (R, C) to obtain S ═ SigA(R, C); finally, A sends the message (R, C, S) to the receiving party B through the public channel;
b) b firstly uses the public key PK of A obtained from the certification center CA for the message (R, S, C) received from AAVerifying the authenticity and integrity of the message by using a corresponding digital signature verification algorithm; then uses its private key SKBComputing K = C SK B mod n , The secret key K used for the symmetric cipher system DES in the data encryption process can be obtained; then, the obtained secret key K is used as a control parameter of a DES symmetric cryptosystem to decrypt the received ciphertext C, and the private message M sent by the A can be obtained.
CN 03128222 2003-06-27 2003-06-27 High performance and quick public pin encryption Expired - Fee Related CN1277365C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 03128222 CN1277365C (en) 2003-06-27 2003-06-27 High performance and quick public pin encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 03128222 CN1277365C (en) 2003-06-27 2003-06-27 High performance and quick public pin encryption

Publications (2)

Publication Number Publication Date
CN1472914A true CN1472914A (en) 2004-02-04
CN1277365C CN1277365C (en) 2006-09-27

Family

ID=34153280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 03128222 Expired - Fee Related CN1277365C (en) 2003-06-27 2003-06-27 High performance and quick public pin encryption

Country Status (1)

Country Link
CN (1) CN1277365C (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100403814C (en) * 2004-11-25 2008-07-16 华为技术有限公司 Packet broadcasting service key controlling method
CN100423484C (en) * 2005-03-03 2008-10-01 武汉大学 Method for implementing security E-mail system having transmitting-receiving bidirectional nonrepudiation mechanism
CN100426718C (en) * 2004-12-31 2008-10-15 北京中星微电子有限公司 A secure transmission method for media content
WO2009074092A1 (en) * 2007-12-03 2009-06-18 China Iwncomm Co., Ltd. A light access authentication method and system
CN100586060C (en) * 2004-09-09 2010-01-27 国际商业机器公司 Method and device for establishing safety peer-to-peer communications
CN1633068B (en) * 2004-12-31 2010-10-06 北京中星微电子有限公司 A method of media stream transmission in point-to-point communication
CN101931535A (en) * 2010-08-31 2010-12-29 武汉理工大学 Method for adaptively performing data encryption and authentication without authentication center
CN102075544A (en) * 2011-02-18 2011-05-25 博视联(苏州)信息科技有限公司 Encryption system, encryption method and decryption method for local area network shared file
CN101064595B (en) * 2006-04-27 2011-07-27 联想(北京)有限公司 Computer network safe input authentication system and method
CN102185691A (en) * 2011-03-31 2011-09-14 中山大学深圳研究院 Method for encrypting information of comprehensive service card based on digital home
CN101378320B (en) * 2008-09-27 2011-09-28 北京数字太和科技有限责任公司 Authentication method and system
CN101141251B (en) * 2006-09-08 2012-05-23 华为技术有限公司 Method, system and equipment of message encryption signature in communication system
CN101742501B (en) * 2010-01-15 2012-06-20 南京邮电大学 Safe multi-channel media access control method of wireless self-organizing network
CN103546481A (en) * 2013-10-31 2014-01-29 曙光云计算技术有限公司 Initiating and receiving method and device of communication session
CN104301332A (en) * 2014-10-31 2015-01-21 成都卫士通信息产业股份有限公司 Secret key distribution system based on wireless cascading
CN106682520A (en) * 2016-11-17 2017-05-17 精硕科技(北京)股份有限公司 Data exchange method and system
CN106850670A (en) * 2017-03-06 2017-06-13 浙江晨泰科技股份有限公司 A kind of charging pile communication system encrypting and decrypting method
CN112532648A (en) * 2020-12-11 2021-03-19 中电科大数据研究院有限公司 Security access method and system based on hybrid cryptosystem

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100586060C (en) * 2004-09-09 2010-01-27 国际商业机器公司 Method and device for establishing safety peer-to-peer communications
CN100403814C (en) * 2004-11-25 2008-07-16 华为技术有限公司 Packet broadcasting service key controlling method
CN100426718C (en) * 2004-12-31 2008-10-15 北京中星微电子有限公司 A secure transmission method for media content
CN1633068B (en) * 2004-12-31 2010-10-06 北京中星微电子有限公司 A method of media stream transmission in point-to-point communication
CN100423484C (en) * 2005-03-03 2008-10-01 武汉大学 Method for implementing security E-mail system having transmitting-receiving bidirectional nonrepudiation mechanism
CN101064595B (en) * 2006-04-27 2011-07-27 联想(北京)有限公司 Computer network safe input authentication system and method
CN101141251B (en) * 2006-09-08 2012-05-23 华为技术有限公司 Method, system and equipment of message encryption signature in communication system
US8560847B2 (en) 2007-12-03 2013-10-15 China Iwncomm Co., Ltd. Light access authentication method and system
RU2445740C1 (en) * 2007-12-03 2012-03-20 Чайна Ивнкомм Ко., Лтд. Simple access authentication method and system
WO2009074092A1 (en) * 2007-12-03 2009-06-18 China Iwncomm Co., Ltd. A light access authentication method and system
KR101117453B1 (en) 2007-12-03 2012-03-13 차이나 아이더블유엔콤 씨오., 엘티디 A light access authentication method and system
CN101378320B (en) * 2008-09-27 2011-09-28 北京数字太和科技有限责任公司 Authentication method and system
CN101742501B (en) * 2010-01-15 2012-06-20 南京邮电大学 Safe multi-channel media access control method of wireless self-organizing network
CN101931535A (en) * 2010-08-31 2010-12-29 武汉理工大学 Method for adaptively performing data encryption and authentication without authentication center
CN102075544A (en) * 2011-02-18 2011-05-25 博视联(苏州)信息科技有限公司 Encryption system, encryption method and decryption method for local area network shared file
CN102185691A (en) * 2011-03-31 2011-09-14 中山大学深圳研究院 Method for encrypting information of comprehensive service card based on digital home
CN103546481A (en) * 2013-10-31 2014-01-29 曙光云计算技术有限公司 Initiating and receiving method and device of communication session
CN104301332A (en) * 2014-10-31 2015-01-21 成都卫士通信息产业股份有限公司 Secret key distribution system based on wireless cascading
CN104301332B (en) * 2014-10-31 2017-10-27 成都卫士通信息产业股份有限公司 A kind of key distribution system based on wireless cascade
CN106682520A (en) * 2016-11-17 2017-05-17 精硕科技(北京)股份有限公司 Data exchange method and system
CN106850670A (en) * 2017-03-06 2017-06-13 浙江晨泰科技股份有限公司 A kind of charging pile communication system encrypting and decrypting method
CN112532648A (en) * 2020-12-11 2021-03-19 中电科大数据研究院有限公司 Security access method and system based on hybrid cryptosystem

Also Published As

Publication number Publication date
CN1277365C (en) 2006-09-27

Similar Documents

Publication Publication Date Title
CN112367175B (en) Implicit certificate key generation method based on SM2 digital signature
CN108989053B (en) Method for realizing certificateless public key cryptosystem based on elliptic curve
CN1277365C (en) High performance and quick public pin encryption
US6151395A (en) System and method for regenerating secret keys in diffie-hellman communication sessions
Nyberg et al. Message recovery for signature schemes based on the discrete logarithm problem
EP2416524B1 (en) System and method for secure transaction of data between wireless communication device and server
US6697488B1 (en) Practical non-malleable public-key cryptosystem
EP2334008A1 (en) A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN101079701B (en) Highly secure ellipse curve encryption and decryption method and device
CN112104453B (en) Anti-quantum computation digital signature system and signature method based on digital certificate
CN101262341A (en) A mixed encryption method in session system
CN101931536B (en) Method for encrypting and authenticating efficient data without authentication center
CN110113150A (en) The encryption method and system of deniable authentication based on no certificate environment
CN102469173A (en) IPv6 (Internet Protocol Version 6) network layer credible transmission method and system based on combined public key algorithm
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
EP2309670B1 (en) Method for providing information security for wireless transmissions
CN114726546A (en) Digital identity authentication method, device, equipment and storage medium
CN113162773A (en) Heterogeneous blind signcryption method capable of proving safety
CN109474436A (en) A kind of deniable authentication method and system
CN117879833A (en) Digital signature generation method based on improved elliptic curve
CN109831305B (en) Anti-quantum computation signcryption method and system based on asymmetric key pool
Dutta et al. An efficient signcryption scheme based on ECC with forward secrecy and encrypted message authentication
Toorani SMEmail-a new protocol for the secure e-mail in mobile environments
CN115834175A (en) Quantum key-based group chat encryption method, message transmitting and receiving equipment and system
KR20030047148A (en) Method of messenger security based on client/server using RSA

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20060927

Termination date: 20110627