WO2008148274A1 - Procédé et système de codage et de décodage de message numérique - Google Patents

Procédé et système de codage et de décodage de message numérique Download PDF

Info

Publication number
WO2008148274A1
WO2008148274A1 PCT/CN2007/070263 CN2007070263W WO2008148274A1 WO 2008148274 A1 WO2008148274 A1 WO 2008148274A1 CN 2007070263 W CN2007070263 W CN 2007070263W WO 2008148274 A1 WO2008148274 A1 WO 2008148274A1
Authority
WO
WIPO (PCT)
Prior art keywords
function
message
private key
public key
key
Prior art date
Application number
PCT/CN2007/070263
Other languages
English (en)
Chinese (zh)
Inventor
Haiming Guan
Original Assignee
Guan, Haiying
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guan, Haiying filed Critical Guan, Haiying
Publication of WO2008148274A1 publication Critical patent/WO2008148274A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the present invention relates to the field of encoding and decoding of information, and more particularly to a public key cryptosystem for encrypting, decrypting, and signing and verifying data messages.
  • Cryptography is a science and technology that studies encryption and decryption transformation.
  • people refer to plain text as plaintext; incomprehensible text that transforms plaintext into ciphertext.
  • the process of transforming plaintext into ciphertext is called encryption; the reverse process, that is, the process of transforming ciphertext into plaintext is called decryption.
  • This encryption or decryption transformation is controlled by a key.
  • the cryptosystem used in an open environment should meet the following basic requirements:
  • Integrity Ensure that information is not arbitrarily or intentionally modified
  • Non-repudiation Prevent individuals or entities from denying the information they have published by destroying evidence to prove that something has happened.
  • Public key cryptography is a key technology to address the above-mentioned confidentiality, integrity, and non-repudiation.
  • the official birth of it is the "New Directions in Cryptography” by W. Diffie and M. Hellman in 1976 (W. Diffe, ME Hellman, "New direction in cryptography", IEEE Trans., 1976, 22, 644-654 ).
  • the public key cipher uses a public key and a private key.
  • the public key can be publicly delivered, but the associated private key is kept secret. Only by using a private key can decrypt the data encrypted with the public key and sign the data.
  • the role of the public key is to encrypt the information and verify the correctness of the signature.
  • NTRU public key cryptosystem J. Hoffstein, J. Pipher, and JH Silverman, "NTRU: a ring based public key cryptosystem", Crypto'96, LNCS 1423, pp. 267-288. Springer-Verlag, 1998.
  • its security is based on the mathematical problem of finding a very short vector in a large dimension lattice.
  • the second is the OTU2000 public key cryptosystem (T. Okamoto, K. Tanaka, and S. Uchiyama, "Quantum Public-Key Cryptosystems," CRYPTO2000, LNCS 1880, pp. 147-165, Springer-Verlag (2000).) Security is based on improved backpacking issues.
  • the third is the MQ public key cryptosystem, that is, the Multivariate Quadratic Polynomials in Public Key Cryptosystem. Its security is based on the incomprehensibility of the quadratic polynomial indefinite equations.
  • a typical solution in this area is the SPLASH signature algorithm (J. Patarin, L. Goubin, N. Courtois, "C*+- and HM: Variations around two schemes of T. Matsumoto and H. Imai", in Advances in Cryptology, Proceedings Of ASIACRYPT'98, LNCS 1514. Springer Verlag, 1998, pp.35-49. ), which is the digital signature algorithm recommended by the European cryptographic standard NESSIE (http://www.cryptonessie.org), mainly in special cards such as smart cards. Used in the field.
  • the prior art solution most similar to the present invention is the MQ public key cryptosystem.
  • the general form of the public key of the MQ public key cryptosystem is:
  • the public key of MQ is an indefinite system of equations, which is an irreversible function.
  • the encryption algorithm is too simple, that is, the mathematical structure of the quadratic polynomial function limits the size of the encryption algorithm. If the number of polynomials is "less than the number of arguments, or the combination is relatively simple, it is easy to be deciphered. If the number of polynomials is "more than the number of arguments, or a combination of complex Miscellaneous, engineering practical aspects such as key length, encoding and decoding speed, memory requirements, and transmission bandwidth all pose insurmountable technical problems. Due to this shortcoming, coupled with some simple MQ solutions being deciphered, people are suspected that MQ is not safe enough. There are many papers on MQ research, but they are rarely used, even if they become international standards (such as SPLASH signature algorithm). Rarely used.
  • the signature M leads to the original complete signed data 1 ... , a m ), ie it cannot be used for encryption.
  • the present invention provides a method and apparatus for encoding and decoding digital messages, which utilizes a rational fractional method to overcome the shortcomings of the current MQ encryption algorithm, and raises the quadratic sparse polynomial to an equivalent height.
  • the sub-dense polynomial explodes the scale of the polynomial function equivalent to the public key, essentially improving the difficulty of finding the inverse function of the indefinite system of equations.
  • a method for encoding and decoding a digital message may specifically include: selecting a positive integer / w, n where m ⁇ r ; generating a public containing E'(x) a key, wherein the set is a non-linear mapping function from ..., x m ) (y ...
  • the ⁇ ' includes "a function, the " The function contains a rational fractional function for :); generating a private key corresponding to the public key; encoding the message M with the public key to obtain an encoded message N; using the private key to encode the message Decoding, obtaining a decoded message and/or, encoding the message by using the private key, to obtain an encoded message N' ; using the public key to encode the message The message N' is decoded to obtain a decoded message 7.
  • a method for encoding and decoding a digital message is further disclosed, which may specifically include: selecting a positive integer /w, n where m ⁇ r; generating a containing E'(x) a public key, where the E'(x) is a set of nonlinear mapping functions from ..., x m ) (y ..., JV) on the domain F, the ⁇ ' including "a function , the rational function of "the function contains:”: generating a private key corresponding to the public key; setting a one-way function chain HO), and an inverse function of the one-way function chain H- ⁇ Translating the message w into an intermediate result X by a one-way function chain HO), and then encoding the intermediate result X with the public key to obtain a coding result sum, and transforming the coding result J into the middle by using the private key
  • the result Z, then the intermediate result z is converted to the decoded message ⁇ using the inverse function H-)
  • a method for digital signature may include: selecting a positive integer w, n where m ⁇ r; generating a public key containing E'(x), where Described as a set of nonlinear mapping functions from ..., x m ) (y ..., JV) on the domain F, the ⁇ ' includes "a function, the "the function contains ⁇ a rational fractional function of ..., x ra :); generating a private key corresponding to the public key; setting a one-way function chain HO), and an inverse function of the one-way function chain H— ⁇ );
  • the private key first converts the message to be signed /' into an intermediate result z, and then converts the intermediate result z into a digital signature IV using the inverse function H- 1 of the one-way function chain; and, through the one-way function chain HO Converting the digital signature w into an intermediate result X, and then decoding the intermediate result X by using the
  • a method for encoding and decoding a digital message is further disclosed, which may specifically include: selecting a positive integer / w, nr, where m > «'; generating one containing E' (x) , ID) of the public key, where E'(x, ID) is from ..., x m , lO u on domain F a set of non-linear mapping functions of ..., jv), said E'(x, ID) including "a function, said "a function containing ..., x m , lO u ...,
  • the rational fractional function of the ID; the ID (ID 1; ..., ID is the identity of the authorized user; for the authorized user whose identity is ⁇ , a private key corresponding to the identity is generated;
  • the public key and the ⁇ are used to encode the message to obtain the encoded message N.
  • the encoded message N is decoded by using the private key to obtain a decoded message and/or, and the message is encoded by using the private key to obtain Encoding message N' ; using the public key and ID ( ⁇ ), decoding the encoded message N' to obtain a decoded message 7.
  • a system for encoding and decoding a digital message at least Includes:
  • a public key generating unit configured to generate a public key including ⁇ ' , wherein the ⁇ ' is a nonlinearity from ..., x m )m(y ..., JV) on the domain F Mapping function group, said E'(x) includes "' functions, said "the function contains relevant rational fractional functions; wherein m, «' are positive integers, m ⁇ r;
  • a private key generating unit configured to generate a private key corresponding to the public key; and at least one of a decryption unit and a signature verification unit, where
  • the encryption and decryption unit is configured to encode the message M by using the public key to obtain an encoded message N.
  • the encoded message N is decoded by using the private key to obtain a decoded message.
  • the signature verification unit is configured to encode the message by using the private key to obtain an encoded message, and decode the encoded message N′ by using the public key to obtain a decoded message.
  • another system for encoding and decoding a digital message including: a public key generating unit, configured to generate a public key including ⁇ ' ⁇ , where the ⁇ ' is a set of nonlinear mapping functions from ..., x m )m(y ..., JV) on the domain F, the E'(x) including "a function, the "the function contains Rational fractional function; where m, «' is a positive integer, m>n';
  • a private key generating unit configured to generate a private key corresponding to the public key
  • An encryption unit configured to convert the message w into an intermediate result X by a one-way function chain HO), and encode the intermediate result X by using the public key to obtain a coding result J;
  • a decryption unit is configured to convert the encoded result J into an intermediate result Z by using the private key, and convert the intermediate result z into a decoded message ⁇ by using an inverse function H of the one-way function chain.
  • a system for digital signature including: a public key generating unit, configured to generate a public key including ⁇ ' ,, where the ⁇ ' is in a domain
  • a private key generating unit configured to generate a private key corresponding to the public key
  • a verification unit configured to convert the digital signature w into an intermediate result X by using a one-way function chain HO), using the public key to decode the intermediate result X, obtaining a decoding result, and comparing the decoding result and the waiting The verified message determines whether the digital signature w is correct based on the comparison result.
  • another system for encoding and decoding a digital message which at least includes:
  • a private key generating unit configured to generate, according to an authorized user whose identity is ⁇ , a private key corresponding to the identity identifier; and at least one of an encryption and decryption unit and a signature verification unit, where the encryption and decryption unit, For encoding the message by using the public key and the ID ( ⁇ ), to obtain the encoded message N; decoding the encoded message N by using the private key to obtain a decoded message;
  • the signature verification unit is configured to encode the message by using the private key to obtain an encoded message, and use the public key and the ID ( ⁇ ) to decode the encoded message N′ to obtain a decoded message.
  • a system for digital signature including:
  • a private key generating unit configured to generate an private key according to an inverse function
  • a public key generating unit which is used to select "a function as ⁇ " to obtain a public key
  • a signature verification unit configured to encode the message by using the private key to obtain an encoded message, and use the public key to decode the encoded message N′ to obtain a decoded message.
  • the present invention has the following advantages:
  • the present invention has a significantly increased size of the encryption function.
  • the rational fraction on the finite field is converted to an equivalent polynomial. For example, let the number of times the public key of the present invention is 2, and convert it into a polynomial representation:
  • the quadratic sparse polynomial of MQ is promoted to a higher-order dense polynomial, which causes the scale of the polynomial function equivalent to the public key to explode, which substantially improves the difficulty of finding the inverse function of the indefinite system of equations, thereby significantly increasing the anti-deciphering ability.
  • the present invention reduces the encoding and decoding speed relative to the MQ under the same parameters (because the calculation of the rational fraction is slightly slower than the calculation of the polynomial), it takes up a certain amount of storage space (because the rational storage space is slightly More than the polynomial storage space); However, under the MQ system, it is unimaginable to achieve the corresponding function scale and anti-deciphering ability of the present invention at the cost (compilation code speed and storage space).
  • the present invention has a more complicated mathematical structure than the prior art.
  • the security of the present invention is based on the intractability of a multivariate rational fractional indefinite system of equations, and there is no feasible solution in the prior art for directly deciphering a rational fraction.
  • the present invention further categorizes safety by alternately applying factorization (mainly for "multiplication”) and function decomposition (decomposition (mainly for “iteration”) to analyze multiple layers hidden inside the rational fractional indefinite system of equations.
  • factorization mainly for "multiplication”
  • function decomposition decomposition (mainly for "iteration”
  • the difficulty of nesting structure combining multiple simple functions into complex functions, so that the security of the password does not depend on a single variable, but depends on the multi-layered chain relationship, thus achieving the mathematical problem of directly setting a complex representation. But this puzzle is hard to prove equivalent to a mathematical problem known as a simple representation.
  • the present invention has a broader algorithm space.
  • the inventor not only has to grasp the progress of the frontier of contemporary mathematics, but also has rich practical coding experience and analysis level, and can skillfully apply some special mathematical skills, the law of the password and The essence has a deep understanding, and has certain engineering realization capabilities, in addition to relying on indeterminate factors such as inspiration and opportunity.
  • the proposal of the present invention fully embodies the inventor's intellectual innovation.
  • FIG. 1 is a flow chart of Embodiment 1 of a method for encoding and decoding a digital message according to the present invention
  • FIG. 2 is a flow chart of a data flow according to Embodiment 1 of the present invention
  • FIG. 3 is a flow chart of a second embodiment of a method for encoding and decoding a digital message according to the present invention
  • FIG. 4 is a flow chart of a preferred embodiment of the present invention for digital signature
  • Figure 7a is a preferred embodiment of the present invention for encoding and decoding digital messages in an identity based manner.
  • Flow chart Figure 7b is a data flow diagram of the embodiment of Figure 7a of the present invention.
  • FIG. 8 is a schematic diagram of jointly establishing a private key by multiple private key distribution centers of the present invention.
  • the present invention will be further described in detail with reference to the accompanying drawings and specific embodiments.
  • the invention belongs to the category of information security products and is mainly applied to network trust systems, such as documents, banks, mobile phones, internet, e-commerce, e-government, logistics, network monitoring, power control, fund transfer, transactions, data encryption and the like.
  • public key generation unit private key generation unit, one-way function chain determination unit and function group determination unit, involving the automatic derivation of complex mathematical formulas, generally should adopt high-end computer system
  • encryption and decryption unit signature verification unit, only Involving the evaluation of a given mathematical formula, various grades of hardware platforms can be used, such as a single chip microcomputer, a dedicated digital signal processing chip, a smart card, and the like.
  • Password Generally understood as an algorithm for information encryption and decryption transformation. Its basic purpose is to disguise information so that outsiders cannot understand the true meaning of the information, and insiders can understand the original meaning of the disguised information.
  • the key parameter that controls the effective conversion between plaintext and ciphertext during the execution of the cryptographic algorithm is called the key.
  • Public key cryptosystem The public key cryptosystem uses two keys—a public key (referred to as: public key) and a private key (referred to as: private key).
  • the public and private keys are mathematically related, but it is difficult to calculate the private key from the public key.
  • the public key can be publicly transmitted between the communicating parties, or it can be publicly published as a telephone number, and the private key is kept in secret by the authorized user.
  • anyone can find its public key from the name of a user, so it can send an encrypted message to this user. Only authorized users can use their private key to complete the decryption.
  • the public key cryptosystem also provides the ability to digitally sign and authenticate: an authorized user can sign the information with his private key (equivalent to the process of decrypting with the private key described above); other users do not have the private key
  • the signature cannot be made, but the user's public key can be used to verify the correctness of the signature (equivalent to the above process of encrypting with the public key).
  • digital signature algorithms Recoverable digital signature system: The signed data can be derived from the signature; Unrecoverable digital signature system: The signed data cannot be derived from the signature.
  • Finite field It is a concrete and visual mathematical structure that can be understood in a colloquial manner as a collection of finite elements that can be added, subtracted, multiplied, and divided. (usually denoted as F, when the number of elements in the finite field is prime;?, denote F.)
  • the polynomial set on F, the polynomial four is the domain, called the polynomial extension of F. If the number of terms in a polynomial is relatively small, it is called a sparse polynomial; otherwise it is called a dense polynomial. Dense polynomials not only have a high number of times, but the number of items is very large, and it is expanded to indicate that it takes a lot of space.
  • Rational fraction on a finite field It can be understood as dividing two polynomials:
  • X is difficult.
  • This kind of function is called one-way function, also called hash function, hash function, Hash function, etc. It has been widely used in data integrity check and information authentication. It converts an arbitrary length of data X into a fixed-length or fixed-number field or a string _y.
  • One-way function algorithms are MD5 and SHA-1 (FIPS 180-1); stronger one-way function algorithms are SHA-256, SHA-384 and SHA-512 (US Federation) Information Processing Standard FIPS 180-2).
  • an embodiment 1 of a method for encoding and decoding a digital message according to the present invention is shown as follows:
  • Step 101 selecting a positive integer w, n where m ⁇ n';
  • Step 102 Generate a public key containing ⁇ ', where ⁇ ' is a slave on domain F
  • the E'(x) includes "' functions, the 'functions contain rational sense Fractional function;
  • the number of rational fractional functions included in the E'(x) is not limited, and one or more are feasible.
  • Step 103 Generate a private key corresponding to the public key
  • Step 104 The message M is encoded by using the public key to obtain an encoded message N.
  • the encoded message N is decoded by using the private key to obtain a decoded message L.
  • step 105 encoding the message by using the private key to obtain an encoded message
  • the encoded message N' is decoded by using the public key to obtain a decoded message.
  • step 103 of generating a private key may be prior to the step 102 of generating the public key, and the numerical ordering is merely for convenience of explanation.
  • step 104 is mainly applied to the case of encryption and decryption
  • step 105 can be mainly applied to the case of digital signature and verification.
  • the parameters are different, and the performance of the compiled code is also good or bad. A more preferred embodiment will be described later in the specification.
  • the domain F specified in the present invention can adopt the finite field F whose number of elements is prime; ?, but is not limited to this, but can be extended to various domains.
  • F is a finite field
  • the power operations of functions or arguments, including integer power operations and fractional power operations can be converted into rational fractional representations after being expanded, simplified, and collated.
  • the encoded message described in the present invention may be generated by a user of a location and transmitted to another location and then decoded by the user of the other location, i.e., the coded decoding may not be co-located.
  • the coded decoding may not be co-located.
  • encoding and decoding at the same location is a simpler case.
  • the embodiment shown in FIG. 1 can obtain the public key and the private key by the following steps:
  • Step a select a positive integer ", where m ⁇ n ⁇ r;
  • Step c generating a private key according to the inverse function of ⁇ ( ⁇ ;
  • step d can be performed by: manually selecting or randomly selecting.
  • the selection may take the form of an interface function (the interface function is used to convert the arguments into "elemental polynomials”), or the interface function may not be used.
  • a public key in mathematical terms, that is, a transformation rule for a given input and output message, corresponds to only one private key; of course, this private key can take different representations.
  • the public key includes ⁇ ' and other parameter items.
  • FIG. 2 there is shown a data flow diagram of the present embodiment, including data processing procedures such as encryption and decryption and digital signature.
  • «' can be used for encryption and decryption and recoverable signatures; when m > r, it can be used for unrecoverable signatures.
  • the decoded message is compared with all the data of the original message to determine whether it belongs to the correct signature; and for the unrecoverable signature (ie, the case of "> «' in the specification), it is decoded.
  • the message is compared to a portion of the original message to determine if it is the correct signature.
  • F the specified domain.
  • This domain can be simply understood as a mathematical structure that can implement the operations of addition, subtraction, multiplication and division. Generally, the number of elements can be selected as prime numbers.
  • ⁇ '( ⁇ ) ( ⁇ ( ⁇ , x m ⁇ E w i, x m )) z E(x), which contains at least one rational fractional function for :).
  • ⁇ ' is a set of irreversible functions, ⁇ ( ⁇ , DO is a pair of reciprocal functions. Since the number of arguments in ⁇ ' is more than the number of functions, 'more, when X is known, ⁇ ' is F The w-membered rational fractional indefinite equations have no unique solution.
  • (a part of the function in ⁇ be defined as the public key ⁇ ', for example, let E ⁇ u be the public key, and E 2 (x 1 X 2 ) is not a public key;
  • the present invention further provides an apparatus embodiment, including at least the following unit: a public key generating unit, configured to generate a public key including ⁇ ' ,, where the ⁇ ' is in the domain a set of nonlinear mapping functions from ..., x m )m(y ..., JV) on F, said E'(x) includes "' functions, said "these functions contain relevant Rational fractional function; where m, «' is a positive integer, m>n';
  • a private key generating unit configured to generate a private key corresponding to the public key; and at least one of a decryption unit and a signature verification unit, where
  • An encryption and decryption unit configured to encode the message M by using the public key to obtain an encoded message N; decoding the encoded message N by using the private key to obtain a decoded message
  • the signature verification unit is configured to encode the message by using the private key to obtain an encoded message, and decode the encoded message N′ by using the public key to obtain a decoded message.
  • FIG. 3 there is shown a preferred embodiment of a method embodiment 2 for encoding and decoding digital messages for encryption and decryption using a public key containing a rational fractional function.
  • the embodiment may specifically include:
  • Step 301 Select a positive integer w, n where m ⁇ n';
  • Step 302 Generate a public key containing ⁇ ', where the ⁇ ' is a slave on the domain F
  • Step 303 Generate a private key corresponding to the public key.
  • Step 304 setting a one-way function chain HO), and an inverse function of the one-way function chain H- 1 ⁇ ;
  • Step 305 Convert the message w into an intermediate result X through a one-way function chain HO), and then encode the intermediate result X by using the public key to obtain a coding result ⁇ and
  • Step 306 When the coding result is decoded by using the private key, first convert the private result into an intermediate result Z, and then convert the intermediate result z into the decoding message IV by using the inverse function H—the one-way function chain.
  • the embodiment shown in FIG. 3 is a modification of the embodiment shown in FIG. 1. Since the embodiment shown in FIG. 1 is used for encryption and decryption and recoverable signatures, the security performance is not very high; this embodiment is introduced on the basis of the present embodiment. A one-way function chain is used to first expand the original message, then compress it, and meet the reversible requirements. Therefore, it can be applied to various encryption and decryption and digital signature situations with high security performance.
  • the one-way function chain has the following two properties: First, complexity: Its mathematical properties should be understood as a set of dense polynomial functions: xj ⁇ ⁇ ⁇ , " ),
  • the present embodiment can obtain the public key and the private key by the following steps:
  • Step a select a positive integer ", where m ⁇ n ⁇ r;
  • the information of R(x), including the functional form of i3 ⁇ 4, M Q2 , and the value of the coefficient e 3 are all secret information that the unauthorized user should not know.
  • those skilled in the art can design a variety of modes according to the characteristics of R(x), which cannot be detailed here.
  • the function may include various function types such as a polynomial, a rational fraction, and the like, because the rational fractional function can be obtained by using various preset synthesis rules.
  • the purpose of synthesizing the " ⁇ ), T, and G is to embed and hide information about R, T, and G in the public key, all of which belong to secret information that the unauthorised user should not know.
  • the embodiment can be used for various situations such as encryption and decryption and digital signature.
  • step f a method of discarding a part of the function is employed, and this embodiment can be used for the case of digital signature.
  • Ho step g generating inverse function T T- 1; generating an inverse function of G G- 1; T a. 1 and G- 1 calculated the DO; generating a private key, the private key R and comprising D0, the key that Send it to authorized users for secret storage.
  • the preset rules described in the foregoing step e can be performed by a person skilled in the art according to actual conditions. Set, as long as you can guarantee that the obtained E' contains a rational fractional function about (A, :). Preferably, the preset rule may be in the following two situations:
  • ⁇ 2 is substituted into G 2
  • ..., 1 ⁇ is substituted into G, ..., and substituted into G s .
  • the denominator polynomial of each rational fraction is the same; when the last is a nonlinear transformation
  • the denominator polynomial for each rational fraction in its public key is usually different.
  • the default denominator can save public key storage space (as long as "+1, not 2" polynomial is stored), increase the speed of the operation (as long as the value of "+1, not 2" polynomial is calculated ).
  • the present invention further provides an apparatus embodiment, including the following unit: a public key generating unit, configured to generate a public key including ⁇ ' ,, where the ⁇ ' is in the domain F
  • a public key generating unit configured to generate a public key including ⁇ ' , where the ⁇ ' is in the domain F
  • the E'(x) includes "a function, the "the function contains the relevant rationality” Fractional function; where m, «' is a positive integer, m >n';
  • a private key generating unit configured to generate a private key corresponding to the public key
  • An encryption unit configured to convert the message w into an intermediate result X by a one-way function chain HO), and then encode the intermediate result X by using the public key to obtain a coding result J;
  • a decryption unit configured to convert the encoded result J into an intermediate result Z by using the private key, and then convert the intermediate result z into a decoded message ⁇ by using an inverse function H ⁇ of the one-way function chain.
  • FIG. 4 an embodiment of a method for digital signature according to the present invention is shown. Since the core idea is substantially similar to the embodiment shown in FIG. 3, it is not described in detail.
  • Step 401 Select a positive integer w, n where m ⁇ n';
  • Step 402 Generate a public key containing ⁇ ', wherein the ⁇ ' is a nonlinear mapping of (i, . . . , ⁇ ⁇ ) ( ⁇ , ..., jv) on the domain F a function group, the E'(x) includes "a function, the "' The function contains the relevant rational fractional function;
  • Step 403 Generate a private key corresponding to the public key.
  • Step 404 setting a one-way function chain HO), and an inverse function of the one-way function chain H- 1 ⁇ ;
  • Step 405 Calculate the message 'to be signed with the private key', obtain an intermediate result z, and then convert the intermediate result z into a digital signature IV through an inverse function of the one-way function chain ;-;
  • Step 406 Convert the digital signature IV into an intermediate result X by using a one-way function chain, and then use the public key to decode the intermediate result X to obtain a decoding result.
  • Step 407 Compare the decoding result with the message to be verified, and determine whether the digital signature w is correct according to the comparison result.
  • the public key generation method in the embodiment shown in FIG. 1 is completely feasible, but preferably, the embodiment can also generate a step by using the public key and the private key in the embodiment shown in FIG. 3, which is not repeated here. .
  • the second step establish password parameters T, G
  • the inverse function T 1 of T is derived, that is, the above-mentioned inverse transformation of the meta-linear transformation is respectively derived, wherein each inverse transformation IV 1 is determined by "one?" On the meta-polynomial composition of ...,
  • T" 1 ( ⁇ 1 , ..., ⁇ + ⁇ 1 ), where:
  • ⁇ 1 ( ⁇ ' ⁇ , ..., ⁇ ..., ⁇ , ⁇ , 4)
  • each n-ary reversible nonlinear transformation consists of w functions on On for F:
  • G" 1 (Gf 1 , ..., ⁇ 1 ), where:
  • G, — 1 (Gn— i, ⁇ , ⁇ — 1 ⁇ ...:
  • the third step is to synthesize the function group « « « ⁇ , T, G into E(x), and establish a public key ⁇ '
  • E'(x) is defined as "a function in E(x)
  • the fourth step, put! 11 , G- 1 is synthesized as DO), and the private key ⁇ DO, R(x) ⁇ is established.
  • the DO can take a variety of function representations: it can be represented by a function or a simplification, or it can be used directly! 11 , G- 1 to indicate that it can also be represented by other functional forms;
  • Step 5 encrypt and decrypt, digitally sign and verify
  • R ⁇ When the private key ⁇ DO , R ⁇ is used to generate a digital signature, the data;, is converted into a digital signature w, and the calculation method is: w );
  • the preferred method for establishing G is: pre-establishing a large enough function library; later, when needed, randomly extracting a number of simple functions from the library and combining them into complex encryption and decryption functions according to certain rules.
  • the preferred method of building a function library is to select several different types of polynomial functions or rational fractional functions whose number of independent variables does not exceed ", and is reversible for its last independent variable, according to its independent variable. The number is divided into "classes
  • G( y ) and G( y) - 1 in the above equation represent a pair of reciprocal functions with the number of arguments i and the number j in .
  • z l
  • at least two records can be created in the function library (set parameters...
  • the 0) and G ⁇ )- 1 points in the above equations respectively indicate that the number of their self-variable variables is ⁇ and is reversible for the first argument.
  • the first function in the z-th function vector of G- 1 The advantages of this type of G are: In the encryption process, the functions are independent, the latter calculation does not need to refer to the result of the previous calculation; but in the decryption process, the latter calculation refers to the result of the previous calculation. , making the decryption function more complicated than the encryption function, BP:
  • the z-layer encryption function vector is:
  • the function scale of the corresponding decryption function vector G 1 of the z-th layer has exploded: u i2 ),
  • Vin Gin ⁇ n) (1 ⁇ 41, ⁇ , U in )
  • the dashed box 502 represents the process of processing with the public key E'(x);
  • the dashed box 602 represents the secret parameter e 3 with the inverse function H_ and the private key.
  • Vll («111 UQI + «112 ⁇ 02 + ⁇ ll) mod p
  • V ⁇ 2 («121 «01 + «122 ⁇ 02 + b n ) mod p
  • V 2 1 («211 «11 + «212 ⁇ 12 + 3 ⁇ 4l) mod p
  • V 2 2 («221 «11 + «222 ⁇ 12 + 22) mod p
  • n (1 / 3 ⁇ 4ii) mod p
  • the present invention further provides an apparatus embodiment, including the following unit: a public key generating unit, configured to generate a public key including ⁇ ' ,, where the ⁇ ' is in the domain F a set of non-linear mapping functions from ..., ⁇ ⁇ ) ( ⁇ , ..., jv), the E'(x) includes "' functions, the 'functions contain rational sense Fractional function; where m, «' is a positive integer, m >n';
  • a private key generating unit configured to generate a private key corresponding to the public key;
  • a one-way function chain determining unit for setting a one-way function chain HO) and an inverse function H of a one-way function chain
  • a signature unit configured to convert the message to be signed /' into an intermediate result Z by using the private key, and then convert the intermediate result z into a digital signature IV by using an inverse function of the one-way function chain;
  • a verification unit configured to convert the digital signature w into an intermediate result X by a one-way function chain HO), and then use the public key to decode the intermediate result X to obtain a decoding result ⁇ and a comparison decoding result ⁇ and The message to be verified determines whether the digital signature w is correct based on the comparison result.
  • PKI Public Key Infrastructure
  • PKI construction has faced major challenges, highlighted by the sharp increase in management costs.
  • One of the main reasons is that the current public key cryptosystem is difficult to adapt to the complex use environment of ultra-large-scale networks.
  • the present invention proposes a basic countermeasure for a public key cryptography to cope with the challenge of building a network trust system: an identity-based public key cryptography system.
  • identity-based means that the content of the public key is the user's identity mark ID - some combination of information such as name, phone, email, etc., with the information itself, you can directly determine who the public key belongs to. Instead of using a public key certificate like PKI, bind the user's ID to the user's public key. The essence of this technology point is that "all users share a public key”.
  • the realization of "identity-based” brings the benefits of public key management in the network environment: first, the economic benefits are significant; second, the user capacity is huge; third, the integrated management of public key data and user identification is realized.
  • FIG. 7a shows a flowchart
  • Figure 7b shows a data flow diagram.
  • This embodiment uses an identity-based technology point, which may specifically include:
  • Step 701 Select a positive integer w, n r, where m ⁇ n,
  • Step 703 Generate, according to an authorized user whose identity is an ID, a private key corresponding to the identity identifier, where f is a user number.
  • Step 704 Using the public key and ID ( ⁇ ), encoding the message to obtain an encoded message N; Decoding the encoded message N by using the private key to obtain a decoded message
  • step 705 encoding the message by using the private key to obtain an encoded message, using the public key and the ID (, decoding the encoded message N' to obtain a decoded message 7 .
  • the public key and the private key can be obtained by the following steps:
  • E'(x, ID) (EiC !, x m , ID b ID r ), ..., E w i, ..., x m , IDi, ID r ))o
  • the embodiment can also obtain the public key and the private key by the following steps:
  • At least one of the coefficients of T and / or G is a mapping function of an ID
  • E'(x, ID) contains the rational fractional function about ⁇ , x m , IDi, ID;
  • E, (x, ID) (Ei( b ⁇ , x m , ID b ID r ), ... , E w i, ..., x m , IDi, ... , ID r ));
  • the private key includes R(X) and D0.
  • At least one of the coefficients of T and / or G is a mapping function of the ID.
  • Gp a mapping function in which at least one coefficient of any one or more of T is an ID; and/or at least one coefficient of any one or more of G is a mapping function of an ID.
  • at least one of the coefficients in the last layer is a mapping function of the ID; and/or, at least one of the coefficients in the last layer is a mapping function of the ID.
  • E'(x, ID) Limiting the size of the function of the public key E'(x, ID). For example, E'(x, ID) is just a function of ID ⁇ ID. On the contrary, if you put it! The coefficient in ⁇ is defined as a function of ID. After the nonlinear transformation, the number of IDs increases, making the function size of the public key too large, reducing the practicability.
  • ID (ID 1 ..., ID, r is a positive integer, ID ⁇ F; the coefficient in the public key ⁇ ' ⁇ is specified as the mapping function of the ID, After the public key is expanded, simplified, and collated, it can be expressed as a +r element nonlinear transformation on F:
  • the first step is to define the password parameters T and G as functions of ID.
  • the distribution center defines the coefficients of the functions in T and G as the mapping functions of the IDs, so that T and G become functions of ID;
  • the second step is to synthesize 1 ⁇ G into E(x, ID) and establish the public key E'(x, ID)
  • the fourth step encryption and decryption, digital signature and verification
  • ⁇ 2 ⁇ 2 ( ⁇ , 2, ⁇ 3, ID)
  • the present invention also provides an apparatus embodiment, which includes at least the following units:
  • the public key generating unit is configured to generate a public key including E′(x, ID), wherein the E′(x, ID) is from the range , ... , x m , lO h on the domain F. .. , lO r )m(y ... , JV) of the nonlinear mapping function group, the E'(x, ID) includes "a function, the "the function contains the ID 1 ..
  • the rational fractional function of ID; the ID (ID 1; ..., ID is the identity of the authorized user; where m, «' , r is a positive integer, m ⁇ r ⁇ '
  • a private key generating unit configured to generate, according to an authorized user whose identity is ⁇ , a private key corresponding to the identity identifier; and at least one of an encryption and decryption unit and a signature verification unit, where the encryption and decryption unit is configured to: Using the public key and ID ( ⁇ ), encoding the message to obtain an encoded message N; using the private key to decode the encoded message N to obtain a decoded message;
  • the signature verification unit is configured to encode the message by using the private key, obtain the encoded message N, use the public key and the ID ( ⁇ ), and decode the encoded message N' to obtain a decoded message.
  • the coefficient ⁇ in the above encryption process is specified as the mapping function of the ID, the number of decryption process IDs is n times the number of IDs in the encryption process, and the number of times remains unchanged.
  • this embodiment can also combine the technical points of the one-way function chain, that is, the step of setting the one-way function chain HO), and the inverse function H- of the one-way function chain; Bay I", in this embodiment
  • the specific compilation code step can be optimized as:
  • the original message may be converted into an intermediate result message M by using a one-way function chain (HO), and the message is encoded by using the public key and ID ( ⁇ ) to obtain an encoded message N;
  • the private key decodes the encoded message N to obtain a decoded message, and converts the intermediate result message into a final decoding result by using an inverse function H- ⁇ of the one-way function chain;
  • signature it may be: using the private key to encode the message, obtaining an intermediate result z, transforming the intermediate result z into a digital signature message N through the inverse function H of the one-way function chain, and, through a one-way function
  • the chain HO converts the digital signature message N' into an intermediate result X, and uses the public key and ID ( ⁇ ) to decode the intermediate result X to obtain a decoded message 7.
  • ho comprises the sub-steps of: sub-ho step a, from T 1 and G- 1 calculated D0, and, associated with said DO ID; Sub-step b, dividing the DO into at least two parts, stored in at least two private key distribution centers, each part being associated with an ID;
  • each private key distribution center substitutes the authorized user identifier ⁇ into the part DO that is secretly saved, calculates a part of the private key, and sends it to the user;
  • Sub-step d the user synthesizes the private key of each part, and calculates the private key.
  • FIG. 8 it is a schematic diagram of a plurality of private key distribution centers of the present invention jointly establishing a private key.
  • An example of the above process is described mathematically as follows:
  • a unique primary key distribution center in the network ⁇ ( ⁇ establishes the public key E'(x, ID) and establishes a private key generation function corresponding to E'(x, ID):
  • O (2) (y, A 2 , B 2 ) two denominator polynomials in O(y, A 2 , ⁇ 2 ).
  • KDCn sends the above D (1 3 ⁇ 4, ⁇ 2 , ⁇ 2 ) to KDC 21 , D( 2 3 ⁇ 4, ⁇ 2 , ⁇ 2 ) to KDC 22 , and maps ID to 4, 4, ...
  • the functions are also sent to them.
  • KDC 21 and KDC 22 respectively substitute the ID of the user into the mapping function, and calculate "211, «212, «221, «222, ⁇ 1, 1 ⁇ 2, and then substitute them respectively. :
  • Authorized users receive D (1) 0 and D (2) 0 from KDC 21 and KDC 22 respectively, and then restore to DO according to the specified method.
  • each KDC 2 is not restricted by the management system and computing power, but is unable to steal the user's private key due to lack of information; and KDCu who masters all secrets is usually in the off Closed archived state, not directly involved in the establishment of the private key. It is recommended that KDCu rename the relevant variables (such as ll, «212, «221, «222, 621, 2) when creating the private key generation function, which can achieve better results.
  • this embodiment can further include the following steps: In the process of generating the private key, the random transform w() and the inverse w-) are inserted.
  • the specific implementation method of W(), W ⁇ ) is a well-known technique.
  • the basic idea of personalization of the private key form is to insert a random transformation in the process of deriving the DO to cover up the correlation between the DO and the ID, and hide it; thus:
  • D0 of different users Not only its mathematical properties are different, but also the expression of its functions is subject to two independent factors, one from ID and random transformation, which effectively improves the ability to resist collusion.
  • a random linear transformation W 2 0, W ⁇ O is inserted between IV 1 , and the specific steps are as follows:
  • the first step is to calculate:
  • the second step is to calculate in order:
  • Vll D v 11(M,11, ⁇ l8 ), which is a 8 yuan secondary rational fraction
  • V ⁇ 2 D v 12(M,11, ⁇ 18, Vl ( ), which is 9 yuan 2 times rational fraction;
  • Vl3 D v 13(M,11, ⁇ 18, Vl u), which is a 10 yuan 2 rational fraction;
  • Vl4 D v 14(M,11, ⁇ 18, Vl i, vi2, i 3 ), which is 11 yuan 2 times rational fraction
  • Vl5 D v 15(M,11, ⁇ 18, Vl 1, ..., ⁇ 4 ), which is 12 yuan 2 times rational fraction
  • Vl6 D v 16(M,11, ⁇ 18, Vl 1, ..., vi 5 ), which is 13 yuan 2 times rational fraction
  • Vl7 D v 17(M,11, . 18, Vl 1, ..., ⁇ 6 ), which is 14 yuan 2 times rational fraction
  • Vl8 D v 18(M,11, ⁇ 18, Vl 1, ..., ⁇ ), which is 15 yuan 2 times rational fraction
  • n, ..., ⁇ 17 the arguments to be substituted when deriving the formula; the values to be substituted when performing the decryption calculation.
  • the third step is to calculate:
  • the fourth step is to calculate in order:
  • Xj O XJ (z , ... , z' 8 , x % io, n, i 2 ). l ⁇ / 6, which is a 12-ary linear polynomial;
  • each secondary private key distribution center should use the same W), ⁇ ".
  • the number of elements of the solution set of the indefinite equations ⁇ ' ⁇ , ..., jv) is approximately, which should be greater than 2 64 .
  • the number of times that DO is about; is that the number of terms of the polynomial polynomial is C + A , which reflects the difficulty of deciphering the private key by linear attack, and should be as large as possible.
  • G 2 uses the "non-linear transformation whose nonlinear number remains constant" as described above:
  • G 2 - 1 gy coefficients the coefficient to be understood as the G 2 1 ⁇ 2 (), ..., 88 8 linear function; G 2 is disposed linear function ID, then G 2 - 1 It is the 8th function of the ID.
  • the second step is to calculate E'(x,ID):
  • Yj Ej(x u ..., 12 , ID!, ..., ID 4 ), l ⁇ y 8, which is a 16-time 3 rational fraction.
  • the ID mapping method is used to establish an identity-based working mode, so that all users of the entire network share a public key, which brings great convenience to the public key management in the network environment;
  • the method of "multiple private key distribution center synthesis private key” and “private key form personalization” improves the anti-collusion attack ability of the cryptosystem.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un système de codage et de décodage d'un message numérique. Ledit procédé consiste: à choisir des entiers positifs m, n', m étant supérieur ou égal à n'; à générer une clé publique contenant E'(X), E'(X) désignant un groupe de fonctions de mappage non linéaire allant de (x1,..., xm) à (y1,..., xn') dans un domaine F, et E'(X) comprenant n' fonctions, les n' fonctions contenant des fonctions de fractions rationnelles pour (x1,..., xm); à générer une clé privée correspondant à la clé publique; puis à terminer le traitement de chiffrement/déchiffrement de clé publique/privée correspondant, ou à terminer le traitement d'authentification de signature de clé publique/privée correspondant. L'échelle des fonctions de chiffrement est significativement agrandie. Et le polynôme quadratique épars est augmenté en polynôme quadratique épais, de sorte que l'échelle des fonctions polynomiales équivalentes à la clé publique est explosée. La difficulté à résoudre la fonction inverse du groupe d'équations infinies est sensiblement augmentée, de sorte que la capacité d'anti-craquage est significativement augmentée.
PCT/CN2007/070263 2007-06-07 2007-07-10 Procédé et système de codage et de décodage de message numérique WO2008148274A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200710100307 CN101321059B (zh) 2007-06-07 2007-06-07 一种用于编码和译码数字消息的方法和系统
CN200710100307.9 2007-06-07

Publications (1)

Publication Number Publication Date
WO2008148274A1 true WO2008148274A1 (fr) 2008-12-11

Family

ID=40093146

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070263 WO2008148274A1 (fr) 2007-06-07 2007-07-10 Procédé et système de codage et de décodage de message numérique

Country Status (2)

Country Link
CN (1) CN101321059B (fr)
WO (1) WO2008148274A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017198197A1 (fr) * 2016-05-20 2017-11-23 Huawei Technologies Co., Ltd. Procédé pour la conception, la transmission et la détection d'un livre de codes à accès multiple par codes épars flexibles
US10020839B2 (en) * 2016-11-14 2018-07-10 Rampart Communications, LLC Reliable orthogonal spreading codes in wireless communications
US10965352B1 (en) 2019-09-24 2021-03-30 Rampart Communications, Inc. Communication system and methods using very large multiple-in multiple-out (MIMO) antenna systems with extremely large class of fast unitary transformations

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1314040A (zh) * 1999-04-29 2001-09-19 布尔Cp8公司 公共密钥签字的方法和系统
CN1870499A (zh) * 2005-01-11 2006-11-29 丁津泰 产生新的多变量公钥密码系统的方法
WO2007057610A1 (fr) * 2005-11-18 2007-05-24 France Telecom Systeme et procede cryptographique d'authentification ou de signature

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101048969B (zh) * 2004-10-28 2012-04-04 耶德托公司 用于扰乱密码函数的方法和系统
CN100586065C (zh) * 2006-04-24 2010-01-27 北京易恒信认证科技有限公司 Cpk可信认证系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1314040A (zh) * 1999-04-29 2001-09-19 布尔Cp8公司 公共密钥签字的方法和系统
CN1870499A (zh) * 2005-01-11 2006-11-29 丁津泰 产生新的多变量公钥密码系统的方法
WO2007057610A1 (fr) * 2005-11-18 2007-05-24 France Telecom Systeme et procede cryptographique d'authentification ou de signature

Also Published As

Publication number Publication date
CN101321059B (zh) 2011-02-16
CN101321059A (zh) 2008-12-10

Similar Documents

Publication Publication Date Title
Buchmann et al. On the security of the Winternitz one-time signature scheme
Naor On cryptographic assumptions and challenges
Sen Homomorphic encryption-theory and application
JP4830860B2 (ja) 署名装置、検証装置、証明装置、暗号化装置、及び復号化装置
CN109462481B (zh) 一种基于非对称双线性对的匿签密方法
WO2009026771A1 (fr) Procédé pour négocier une clé, chiffrer et déchiffrer des informations, signer et authentifier les informations
WO2008148275A1 (fr) Procédé et système de codage et de décodage de message numérique
CN103259662A (zh) 一种新的基于整数分解问题的代理签名及验证方法
CN114095181B (zh) 一种基于国密算法的门限环签名方法及系统
Savu Signcryption scheme based on schnorr digital signature
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
WO2012147001A1 (fr) Cryptage de données
CN106453253B (zh) 一种高效的基于身份的匿签密方法
Ren et al. An efficient lattice-based linkable ring signature scheme with scalability to multiple layer
Tsai et al. Multi‐document threshold signcryption scheme
Ruan et al. Provably leakage-resilient password-based authenticated key exchange in the standard model
Mi et al. Oblivious transfer based on NTRUEncrypt
CN103748830A (zh) 信息处理设备、签名提供方法、签名验证方法、程序和记录介质
WO2008148274A1 (fr) Procédé et système de codage et de décodage de message numérique
WO2008148276A1 (fr) Procédé et système de codage et de décodage de message numérique
Wang et al. Attribute-based signature with policy-and-endorsement mechanism
Jadhav et al. Enhancing the security and efficiency of resource constraint devices in IoT
Zhang et al. Provably secure and subliminal-free variant of schnorr signature
Sheth et al. Analysis of cryptography techniques
Debnath et al. Efficient post-quantum private set-intersection protocol

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07764191

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07764191

Country of ref document: EP

Kind code of ref document: A1