WO2009026771A1 - Procédé pour négocier une clé, chiffrer et déchiffrer des informations, signer et authentifier les informations - Google Patents

Procédé pour négocier une clé, chiffrer et déchiffrer des informations, signer et authentifier les informations Download PDF

Info

Publication number
WO2009026771A1
WO2009026771A1 PCT/CN2007/070628 CN2007070628W WO2009026771A1 WO 2009026771 A1 WO2009026771 A1 WO 2009026771A1 CN 2007070628 W CN2007070628 W CN 2007070628W WO 2009026771 A1 WO2009026771 A1 WO 2009026771A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
user
integer
result
private key
Prior art date
Application number
PCT/CN2007/070628
Other languages
English (en)
Chinese (zh)
Inventor
Haiming Guan
Original Assignee
Guan, Haiying
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guan, Haiying filed Critical Guan, Haiying
Publication of WO2009026771A1 publication Critical patent/WO2009026771A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Definitions

  • the present invention relates to the field of information security and cryptography, and more particularly to a public key cryptosystem capable of performing key negotiation, encrypting/decrypting data messages, and signing/verifying.
  • Cryptography is a science and technology that studies encryption and decryption transformation.
  • people refer to plain text as plaintext; incomprehensible text that transforms plaintext into ciphertext.
  • the process of transforming plaintext into ciphertext is called encryption; the reverse process, that is, the process of transforming ciphertext into plaintext is called decryption.
  • This encryption or decryption transformation is controlled by a key.
  • the cryptosystem used in an open environment should meet the following basic requirements:
  • Integrity Ensure that information is not arbitrarily or intentionally modified
  • Non-repudiation Prevent individuals or entities from denying the information they have published by destroying evidence to prove that something has happened.
  • Public key cryptography is a key technology to address the above-mentioned confidentiality, integrity, and non-repudiation.
  • the official birth of it is the "New Directions in Cryptography” by W. Diffie and M. Hellman in 1976 (W. Diffe, ME Hellman, "New direction in cryptography", IEEE Trans., 1976, 22, 644-654 ).
  • the public key cipher uses a public key and a private key.
  • the public key can be publicly delivered, but the associated private key is kept secret. Only by using a private key can decrypt the data encrypted with the public key and sign the data.
  • the role of the public key is to encrypt the information and verify the correctness of the signature.
  • the public key cipher can also implement a key agreement protocol, that is, two users establish a key shared by both parties on a completely public channel without any prior secret agreement.
  • Rivest, Shamir, and Adleman in 1978 Key cryptography (RL Rivest, A. Shamir, and LM Adleman, "A method for obtaining digital signatures public-key cryptosystems", Communications of the ACM, 21 (1978), 120-126), whose security is based on large integer factors Decompose the problem.
  • the second is the DH system.
  • the key agreement protocol invented by Diffie and Hellman in 1976, and the ElGamal encryption and digital signature scheme proposed by ElGamal in 1985 (T. ElGamal, "A public key cryptosystem and signature scheme based on discrete logarithms", IEEE Transactions on Information Theory, 31 (1985), pp. 469-472.), whose security is based on the discrete logarithm problem on multiplicative groups of finite fields.
  • This type of algorithm also includes the US Digital Signature Standard DSS (Federal Information Processing Standard FIPS 186) and so on.
  • the third is the ECC system.
  • Elliptic Curve Public Key Cryptography (VS Miller, “Use of elliptic curve in cryptography”, CRYPTO' 85, Springer-Verlag, 1986, pp. 417-426.) (N), which Miller and Koblits independently invented in 1985 (N) Koblitz, "Elliptic curve cryptosystems", Mathematics of Computation, v. 48, n. 177, 1987, pp. 203-209.), whose security is based on the discrete logarithm problem of elliptic curve groups.
  • This type of algorithm also includes the hyperelliptic curve public key cryptosystem (N. Koblitz, "Hyperelliptic cryptography", of Crypto., 1989, 1(3), ⁇ .139-150.)
  • the technical problem to be solved by the present invention is to provide a public key cryptosystem coding method and apparatus by using a conformal iterative transform method to realize key negotiation, encryption and decryption and digital with larger algorithm space and stronger security. Signed technical solution.
  • a method for key agreement which includes:
  • Step 1 the user group shared by the preset user group ( ⁇ , the user group includes at least two users; the is a non-linear function group of the meta-vector X to the meta-vector
  • A(x) needs to satisfy:
  • Step 2 Each user in the user group exchanges intermediate results related to integer layer iterations
  • Step 3 Each user uses the received intermediate result to calculate a key shared by the user group.
  • the step 2 further includes: the first user selecting an integer, calculating the first intermediate result, and transmitting to the second user; the first intermediate result and the A Layer iteration of (x);
  • the second user selects an integer, calculates a second intermediate result, and passes it to the first user; the second intermediate result is related to a layer iteration of A(x).
  • the value of the coefficient in A(x) may be determined according to a pseudo-random sequence; the seed of the pseudo-random sequence is used to identify the A(x).
  • a method for encoding and decoding a digital message including:
  • Step 1 Pre-set the shared side between the encryption end and the decryption end ( ⁇ ; the AW is a non-linear function group from the meta-vector to the meta-vector ⁇
  • Step 2 Select the integer ⁇ as the private key; use ⁇ ( ⁇ ⁇ layer iteration to establish the corresponding public key; Step 3, the encryption side selects the integer ⁇ , use the public key to convert to the intermediate key for ⁇ , and then use The intermediate key encrypts the plaintext, and transmits the result of the encryption and the result of the transformation to the decryption end; the transformation result of the t is related to the t-layer iteration of A(x);
  • Step 4 The decryption end uses the transformation result of the ⁇ , the private key, and the ⁇ ( ⁇ ) to calculate the same intermediate key, and then uses the intermediate key to decrypt the encryption result.
  • the private key is established by the following steps:
  • Presetting a private key table, ..., and corresponding public key tables ⁇ ... , Giller are distributed in a key distribution center;
  • a pointer to multiple private key tables is obtained according to the user ID; respectively, one or more private key components are respectively obtained from the plurality of private key tables pointed to, and the private key of the user is obtained in combination.
  • a method for digital signature and verification including: Step 1, a preset signature end and a verification end share a ⁇ ( ⁇ ; the ⁇ is determined by a meta vector Nonlinear function group of metavector ⁇
  • Step 2 Select the integer ⁇ as the private key; use ⁇ ( ⁇ layer to iterate to establish the corresponding public key; Step 3.
  • the signature end selects the integer ⁇ , and transforms the data to be signed into the private key according to the preset rule.
  • Intermediate message then transmitting a digital signature containing the intermediate message and the result of the transformation of ⁇ to the verification end; the transformation result of the t is related to the t-layer iteration of A(x);
  • Step 4 The verification end uses the transformation result of ⁇ , the data to be signed, the intermediate message, the public key, and the verification to satisfy whether the preset rule is met. If yes, the digital signature verification is passed.
  • a system for key agreement including: a sharing unit, configured to store a user group shared ⁇ ( ⁇ , the user group includes at least two users; Nonlinear function group of metavector X to ⁇ -element vector
  • A(x) needs to satisfy:
  • An intermediate result exchange unit is connected to each user end in the user group for transmitting intermediate results related to integer layer iterations of each user in the user group to other users.
  • the key calculation unit is located at each user end of the user group, and is configured to calculate, by using the received intermediate result for each user, a key K shared by the user group.
  • a system for encoding and decoding digital messages including:
  • a shared unit configured to store ⁇ ( ⁇ ) shared by the encryption end and the decryption end ;
  • the A(x) is a non-linear function group from the n-ary vector X to the meta-vector
  • a public-private key establishing unit for selecting an integer as a private key; using a layer of iteration to establish a corresponding public key;
  • An encryption unit located at the encryption end, for selecting an integer t, converting the public key into an intermediate key for t, encrypting the plaintext with the intermediate key, and transmitting the result of the encryption and the result of the transformation to the decryption end;
  • the transformation result of t is related to the t-layer iteration;
  • the decryption unit located at the decryption end, is configured to calculate the same intermediate key by using the transform result of t, the private key k and A(x), and decrypt the encrypted result by using the intermediate key.
  • a system for digital signature and verification including:
  • is a ⁇ element vector X to a non-linear function group of the meta-vector
  • a public-private key establishing unit for selecting an integer as a private key; using a layer of iteration to establish a corresponding public key; a signature unit, located at the signature end, for selecting an integer ⁇ , transforming the data to be signed into an intermediate message related to the private key according to a preset rule, and transmitting a digital signature including the intermediate message and the transformation result of t to the verification end;
  • the transformation result of t is related to the t-layer iteration;
  • the verification unit is located at the verification end, and is used to use the transformation result of the ⁇ , the data to be signed, the intermediate message, the public key, and the ⁇ ( ⁇ to verify whether the preset rule is satisfied, and if so, the digital signature verification is passed.
  • the present invention has the following advantages:
  • the inventive proposal proposes to construct a public key cryptosystem based on the number of layers of multivariate nonlinear conformal iterative transformation on the domain or on the ring; the public key cryptosystem can implement key negotiation, encryption and digital signature With a unique coding style and strong anti-attack capability, the size and complexity of the cryptographic algorithm are significantly enhanced to solve the problems of small algorithm space and insufficient security in the prior art.
  • FIG. 1 is a flow chart of an embodiment of a method for key agreement according to the present invention
  • FIG. 2 is a flow chart of an embodiment of a method for establishing a nonlinear function group ⁇ according to the present invention
  • FIG. 3 is a flow chart of another embodiment of a method for establishing a nonlinear function group according to the present invention
  • FIG. 5 is a flow chart of an embodiment of a method for encoding and decoding digital messages
  • FIG. 5 is a flow chart of an embodiment of a method for digital signature and verification of the present invention
  • Schematic diagram of a digital signature data stream
  • FIG. 7 is a schematic diagram of a signature verification data stream of the present invention.
  • FIG. 8 is a schematic diagram of a mathematical problem based on the security of the present invention based on an iterative layer number problem of a multivariate nonlinear conformal iterative transformation
  • FIG. 9 is a schematic diagram of a mathematical problem based on the security of the present invention based on an iterative layer number problem of a multivariate nonlinear conformal iterative transformation.
  • the invention belongs to the category of information security products and is mainly applied to network trust systems, such as documents, banks, mobile phones, internet, e-commerce, e-government, logistics, network monitoring, power control, fund transfer, transactions, data encryption and the like.
  • Password Generally understood as an algorithm for information encryption and decryption transformation. Its basic purpose is to disguise information so that outsiders cannot understand the true meaning of the information, and insiders can understand the original meaning of the disguised information.
  • Public key cryptosystem The public key cryptosystem uses two keys—a public key (referred to as: public key) and a private key (referred to as: private key).
  • the public and private keys are mathematically related, but it is difficult to calculate the private key from the public key.
  • the public key can be publicly transmitted between the communicating parties, or it can be publicly published as a telephone number, and the private key is kept in secret by the authorized user.
  • anyone can find its public key from the name of a user, so it can send an encrypted message to this user. Only authorized users can use their private key to complete the decryption.
  • the public key cryptosystem also provides the ability to digitally sign and authenticate: an authorized user can sign the information with his private key (equivalent to the process of decrypting with the private key described above); other users cannot sign because they do not have the private key. However, the user's public key can be used to verify the correctness of the signature (equivalent to the above process of encrypting with the public key).
  • Two or more users establish a key shared by two or more parties on a fully public channel without any prior secret agreement.
  • Finite field A concrete and visual mathematical structure that can be understood in a colloquial manner as a collection of finite elements that can be added, subtracted, multiplied, and divided. (usually denoted as F, when the number of elements in the domain is prime p, it is recorded as a finite field F.)
  • Rational fraction on a finite field It can be understood as the division of two polynomials: / (JCl "'") mod p
  • the multiplicative inverse of a polynomial other than the o polynomial is
  • Ring (rmg) is a mathematical structure, denoted R, which can be understood as a collection of elements with both addition and multiplication and satisfying the law of multiplication.
  • R a mathematical structure, denoted R, which can be understood as a collection of elements with both addition and multiplication and satisfying the law of multiplication.
  • the number of elements consisting of ⁇ 0, 1, is a set of positive integers, and the addition and multiplication specified in the sense of the modulus is called the integer residual class ring Z ra .
  • the method may include: Step 101: Pre-set a user group shared by a user group to include at least two users; To the nonlinear function group of the metavector
  • A(x) needs to satisfy:
  • Step 102 Each user in the user group exchanges intermediate results related to integer layer iterations of each other;
  • Step 103 Each user uses the received intermediate result to calculate a key shared by the user group.
  • each user in the user group can exchange the integers hidden in the iteration result of the user group to achieve the key shared by the parties on the public channel.
  • the symmetry can be performed. Encryption.
  • the purpose of key negotiation is to establish the key used by the symmetric password. The usual reason is: The public key encryption speed is too slow. Generally, the public key is used to establish the key used by the symmetric password, and then the symmetric password is used. The encryption and decryption are completed at a faster speed.
  • the purpose of this method is also to use keyless secure communication, that is, secret communication for temporary key negotiation for each communication, which is characterized by not being afraid of the key being leaked in advance, so that the internal personnel It doesn't make sense to sell a key, because the public-private key method still has a problem that the private key is leaked beforehand.
  • keyless secure communication that is, secret communication for temporary key negotiation for each communication, which is characterized by not being afraid of the key being leaked in advance, so that the internal personnel It doesn't make sense to sell a key, because the public-private key method still has a problem that the private key is leaked beforehand.
  • the user group may include two or more users.
  • each user in the user group needs to exchange information with each other to establish a key shared by the entire group. Since the exchange of information between two users is the basis for the exchange of multiple users, and the information exchange process between multiple users can be regarded as a repeated process of exchange between users, the following two users are The example is explained.
  • the step 2 may further refine: the first user selects an integer, calculates a first intermediate result, and delivers to the second user; The result is related to the layer iteration of A(x); the second user selects an integer, computes a second intermediate result, and passes it to the first user; the second intermediate result is related to the layer iteration.
  • the method further includes: establishing a vector shared by the user group, the number of arguments is greater than 1 and the user group includes only two users,
  • the step 102 further includes: the first user selecting an integer, substituting g and performing layer AW iteration: rf ⁇ A ⁇ ), passing the calculation result to the second user; the second user selecting the integer, substituting g ⁇ ( ⁇ ) and perform layer ⁇ ( ⁇ ) iteration: d ⁇ A ⁇ q , put the calculation result Rf 2 is passed to the first user;
  • ⁇ function type and method of establishing A(x) For example, a finite field or a function on a finite ring that appears in an exponential power manner; it is not described in detail here, and only a preferred embodiment of the present invention is described.
  • step 101 The "presets" described in the above may include: real-time establishment, pre-establishment or others establishment.
  • the present invention provides three types of establishing methods.
  • ⁇ 1, F be the specified domain
  • R be the specified ring
  • x (x u ..., x n )
  • y (y u ..., y n )
  • Step 201 Pre-configured structure: consisting of n-ary rational fractional functions on n domains F, each of which is rational
  • the numerator and denominator in the fractional function are linear polynomials for x descent, whose denominator polynomials are the same;
  • Step 202 Receive a related technical indicator parameter of A(x), where the indicator parameter includes an amount of the variable And the data length of the argument;
  • Step 203 A coefficient of each item in the generation
  • Step 204 Output the obtained according to the preset structure.
  • the first type consists of the "meta rational fractional function" on F:
  • Step 301 the second type of "meta-linear function group A can be established by the following steps: Step 301, Preset ⁇ () structure: consists of "meta rational function on the domain F, which contains For the term of d, greater than 1 time; when the denominator of Ai ⁇ x 1 is a polynomial of degree 0, the rational function is a polynomial; when the denominator of Ai ⁇ x 1 is a polynomial greater than 1 degree, the rational function is a rational part formula;
  • Step 302 Receive a related technical indicator parameter of A(x), where the indicator parameter includes an argument quantity “, a data length of the argument, and a highest nonlinear number of times;
  • Step 303 Generate a representation according to the indicator parameter and the preset structure, and the non-zero coefficient in the A(x) is represented by an argument symbol;
  • Step 307 Output the obtained A(x).
  • the second type consists of the "meta rational function" on F:
  • A(x) (A 1 (y 1 , ..., y n ), ..., ⁇ , ..., y n )), where :
  • Step a Preset structure: ⁇ 3 ⁇ 4 « Rings R on the "metapolynomial composition: it contains about ...," more than 1 term;
  • Step b receiving relevant technical parameter parameters of A(x), where the indicator parameter includes the number of arguments, the data length of the argument, and the highest non-linear number of times;
  • Step c generating a representation according to the indicator parameter and the preset structure, and the non-zero coefficient in the A(x) is represented by an argument symbol;
  • Step d substituting A(x) into itself and performing unwrapping, simplification of data processing:
  • B(x) A(A(x ee, new for B(x) versus A(x))
  • a polynomial is generated for the coefficients of these terms, so that the values of these polynomials are 0, thereby establishing a simultaneous equations;
  • Step f judging whether the system of equations has a solution, if there is no solution, returning to step c; if there is a solution, calculating a set of solutions of the system of equations, and taking the value of the coefficient in the step, substituting into the step c to generate Representation of A(x);
  • Step g output the obtained A(x).
  • the third type consists of the "metapolynomial function on R":
  • the method may further include: comparing B(x) with A(x), if there are at least two new items in the B(x) for each of the newly appearing items of X, performing step 305 or step e , otherwise return to step 303 or step 0.
  • the purpose of the present invention is to find a specific function that satisfies the conformal iteration, and if there is only one new item, the coefficient of this term multiplied by any number not equal to zero cannot be equal to zero (if it is on the ring)
  • the probability that the function is equal to zero is very small), and if there are more than two items, it is possible to add these coefficients to be equal to zero, thus eliminating the newly added item after iteration. That is, the effect of initial filtering can be achieved, the number of calls to the solution equation can be reduced, and computing resources can be saved.
  • the above method of establishing ⁇ ( ⁇ ) by using an indefinite system of equations on coefficients can ensure that the function scale after two iterations does not expand, and can guarantee a large probability of satisfying the requirements of the present invention.
  • more screening steps may be included for further filtering, for example, verification
  • the function scale after the layer iteration does not expand, or whether the combination law about the iterative operation is satisfied.
  • mod p set the desired optimal ⁇ (function representation of ⁇ , which is beyond the scope of the present invention, but has a significant impact on the implementation of the present invention. In a sense, This work often requires intuition and experience to design and analyze, rather than relying entirely on rigorous theoretical derivation and proof. Especially for complex nonlinear functions, there are many options. The best way is to try different transformations. Until the desired form of function is obtained. The specific algorithm of each layer of the function, the relationship between the layers, and how to combine several simple functions into a relatively complex function can be imported into Mathematica and other software. As a known condition for solving the equation, to improve the calculation efficiency.
  • a simple reversible nonlinear transformation can be set first:
  • the third step is to establish a simultaneous equation T and determine if it has a solution:
  • is a complex multivariable nonlinear indefinite system of equations, but the purpose of establishing this system is to find any set of special solutions, which is easier than the general solution of the indefinite equations.
  • the above method of constructing A using the polynomial is also suitable for establishing the rational fraction using the above and using the polynomial of the integer residual class ring Z W to establish the ⁇ ( ⁇ , and generalize to the «> 2 case, The established derivation process is more complicated.
  • a short data /0 can be used as a seed of a pseudo-random sequence generator, using the pseudo-random sequence generated by it ( ⁇ , ⁇ 2 , to establish the corresponding ⁇ ( ⁇ , thus using the short data / 0 to indicate the corresponding replacement only It is necessary to re-agreed /0. That is, preferably, the value of the coefficient in A(x) can be determined according to the pseudo-random sequence; and the seed of the pseudo-random sequence is used to identify the A(x).
  • the following invention provides a specific way of two key negotiation methods, the difference being whether the information conveyed by the public uses the vector d t or the function Bi(x).
  • a method for encoding and decoding a digital message according to the present invention is disclosed, which is mainly used for encryption and decryption, and may specifically include:
  • Step 401 The preset encryption terminal and the decryption end share the non-linear function group from the meta-vector X to the meta-vector J.
  • A(x) needs to satisfy:
  • Step 402 Select an integer ⁇ as a private key; use the layer iteration to establish a corresponding public key; Step 403, the encryption end selects an integer ⁇ , converts the public key into an intermediate key about ⁇ , and then uses the intermediate key Encrypting the plaintext, transmitting the result of the encryption and the result of the transformation to the decryption end; the transformation result of the t is related to the t-layer iteration of A(x);
  • Step 404 The decryption end uses the transformation result of the ⁇ , the private key, and the ⁇ ( ⁇ ) to calculate the same intermediate key, and then uses the intermediate key to decrypt the encryption result.
  • the encryption end transmits the real-time selected integer ⁇ to the decryption end by the conversion result of t, and the decryption end actually implicitly includes the information of the private key k when establishing the public key, so
  • the two sides exchanged their own information and, therefore, can perform encryption and decryption very well.
  • the present invention does not need to be limited.
  • the purpose of the transformation is to prevent the third party from obtaining the information of the ⁇ , and the decryption end can use the intermediate key to obtain the intermediate key.
  • the setting of the transformation rule may affect the security of the present invention in the process of encryption and decryption.
  • the step 404 further includes: the decryption end uses the transformation result v of the t, the private key k and the calculation to obtain the same intermediate key, and then uses the intermediate key to decrypt the encryption result C,
  • the encryption method for converting the plaintext M into ciphertext using the public key rf is: randomly select the integer ⁇ , calculate:
  • the step 404 further includes: the decryption end uses the transformation result V of the t, the private key k, and calculates the same intermediate key, and then uses the intermediate key to decrypt the encryption result C to obtain the plaintext.
  • for the establishment process of the n-ary nonlinear function group ⁇ ( ⁇ in the embodiment of the encryption and decryption in this section, refer to the foregoing related part, which is not described in detail here.
  • This embodiment can also determine the ⁇ according to the pseudo-random sequence ( The value of the coefficient in ⁇ ); the seed of the pseudo-random sequence is used to identify the ⁇ ( ⁇ ).
  • this embodiment can also establish an identity-based key management system.
  • ID-based key management is to directly use the user's identity, such as name, address, telephone, etc. as the user. Public key.
  • the private key ho a private key preset table, ..., and the corresponding public key distributed in Table G 1 a key distribution center; according to the predetermined rule, to obtain the identity of the user ID to point a pointer of the plurality of private key tables; respectively obtaining a private key component from each of the plurality of private key tables pointed to, and combining to obtain the private key of the user.
  • the specific description is as follows:
  • Each of the ⁇ key distribution centers independently establishes its own sufficiently large private key table, ..., and the corresponding public key table G 1 ..., G,;
  • the content of the record is a positive integer, denoted by y , l, 2, the content of the related record in the public key table is the corresponding public key; the public key table is disclosed, and the private key table is secretly saved by each key distribution center;
  • each authorized user receives a private key component from each of the key distribution centers:
  • the invention uses a plurality of key distribution centers to jointly establish a user private key to implement an identity-based key management system, which is characterized in that: the user ID is the public key of the user; each key distribution center and each user Managing their own secrets, no one can get all the secrets; each key distribution center is not restricted by the administrative management system and computing power, but is unable to steal the user's private key due to lack of information.
  • the present invention provides two encryption schemes, the difference being whether the public key uses the vector rf or the function B(); the scheme 1 uses a vector as the public key, and the scheme 2 uses a function group as the public key.
  • the advantage of the encryption scheme 1 is that the data length of the public key is very short, and the advantage of the encryption scheme 2 is that the security of the password is stronger.
  • the following are specific instructions:
  • the encryption scheme 1 uses a vector ⁇ 4) as the public key, and the advantage is that the public key data length is short;
  • ⁇ ( ) ( ⁇ ( ⁇ , ⁇ 2 ), ⁇ ( ⁇ , ⁇ 2 ))
  • Step 501 Establishing a non-linear function shared by an n-ary vector X to an n-ary vector shared by a signature end and a verification end group
  • a w ( i, ..., x n )) where ⁇ >1, the A(x) needs to satisfy:
  • Step 502 Select an integer ⁇ as a private key; use the layer iteration to establish a corresponding public key;
  • Step 504 The verification end uses the transformation result of t, the data to be signed, the intermediate message, the public key, and the verification to satisfy whether the preset rule is met. If yes, the digital signature verification is passed.
  • the preset rules are determined privately by both parties, the validity of the signature can be guaranteed.
  • the present invention cannot be and need not be limited, and those skilled in the art can set them as needed.
  • the direct verification verifies whether the preset rule is met.
  • the preset rule may also be transformed, and the signature is verified to be correct by verifying whether the transformed pre-made rule is satisfied.
  • the method further includes: establishing, by the signature end and the verification end, a vector having a variable number greater than 1
  • the embodiment may also be determined according to a pseudo-random sequence.
  • the value of the coefficient in ⁇ ( ⁇ ); the seed of the pseudo-random sequence is used to identify the ⁇ ( ⁇ ).
  • the embodiment can also be applied to the case of constructing an identity-based key management system, which has been previously Detailed, so I won't go into details here.
  • the present invention also provides two digital signature schemes, the difference being whether the public key is a vector rf or a function B(x), as follows:
  • the input ⁇ of the function is some combination of information such as data M that the verifier can obtain, but at least M should be included, and its output w is a positive integer;
  • be an integer equation for c, t, w, A
  • the present invention further discloses a system for performing key agreement, which specifically includes: a sharing unit, configured to store a user group shared ⁇ ( ⁇ , the user group includes at least two users; Nonlinear function group of metavector X to ⁇ -element vector
  • An intermediate result exchange unit is connected to each user end in the user group for transmitting intermediate results related to integer layer iterations of each user in the user group to other users.
  • the key calculation unit is located at each user end of the user group, and is configured to calculate, by using the received intermediate result for each user, a key shared by the user group.
  • the present invention also discloses a system for encoding and decoding a digital message, comprising: a sharing unit, configured to store A(x) shared by the encryption end and the decryption end ; the A(x) is by n Metavector X to the nonlinear function group of the metavector
  • a public-private key establishing unit for selecting an integer as a private key; using a layer iteration of A ⁇ to establish a corresponding public key;
  • An encryption unit located at the encryption end, for selecting an integer to convert the public key into an intermediate key for t, and then encrypting the plaintext by using the intermediate key, and transmitting the result of the encryption and the result of the transformation to the decryption end;
  • the transformation result is related to the t-layer iteration;
  • the decryption unit located at the decryption end, is configured to calculate the same intermediate key by using the transformation result of ⁇ , the private key, and ⁇ ( ⁇ ), and then decrypting the encryption result by using the intermediate key.
  • the present invention also discloses a system for digital signature and verification, comprising: a sharing unit, configured to store the identifier shared by the signature end and the verification end ( ⁇ is by n-direction The quantity X to the nonlinear function group of the metavector
  • a public-private key establishing unit for selecting an integer as a private key; using a layer iteration of A ⁇ to establish a corresponding public key;
  • a signature unit located at the signature end, for selecting an integer ⁇ , transforming the data to be signed into an intermediate message related to the ⁇ and the private key according to a preset rule, and then transmitting a digital signature including the intermediate message and the result of the transformation of the ⁇ to the verification end;
  • the transformation result of ⁇ is related to the ⁇ layer iteration;
  • the verification unit is located at the verification end, and is configured to use the transformation result, the data to be signed, the intermediate message, the public key, and the verification to satisfy the preset rule. If yes, the digital signature verification is passed.
  • the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
  • the corresponding module units are all virtualized for the corresponding execution steps. In order to save space, the corresponding process steps are not described here one by one, but Those skilled in the art should be aware that each execution step can correspond to a virtual module one by one. The following is an example with a simple explanation:
  • the foregoing device embodiments may further include an establishing unit, specifically including the following modules: a structure determining module, configured for presetting:) consisting of a "metapolynomial on a ring R: it contains more than one time. Item
  • a parameter determining module configured to receive a related technical indicator parameter of the ⁇ ( ⁇ ), where the indicator parameter includes an argument quantity “, a data length of the argument, and a highest non-linear number of times;
  • a random generation module configured to generate a representation form according to the indicator parameter and the preset structure, wherein the non-zero coefficient in the A(x) is represented by an argument symbol;
  • a judgment module configured to determine whether the equation group has a solution, and if there is no solution, return a random generation model a block; if there is a solution, a set of solutions of the system of equations is calculated and substituted as a value of the coefficient in A(x) into the representation generated by the random generation module;
  • the result output module is used to output the resulting ⁇ ( ⁇ ).
  • the Diffie-Hellman key agreement protocol is: Two users apply the common agreement; , g, when establishing the key f of the mutual secret agreement on the public channel, execute:
  • M odp where is plaintext, a, b is ciphertext
  • the decryption algorithm is:
  • M and b/ can be understood as simple symmetric cryptographic encryption and decryption operations.
  • the verification algorithm is: If ⁇ 1110 (1;?, then the signature is verified;
  • At ( 3+ mod (p - 1), depending on the ⁇ , w taxi, and whether the value is 1, you can establish different signature equations (see “Applied Cryptography - Protocols, Algorithms and C Programs", Bruce Schneier, China Machine Press, 2000., pp. 389-399).
  • DH proved for the first time that "on a completely open channel, even if the communication parties do not have any secrets agreed in advance, they can conduct confidential communication.” This is the most revolutionary cryptography for thousands of years. Sexual progress, its contribution is mainly to propose new concepts. However, the security of DH's specific algorithm still has a lot of room for improvement.
  • the main difference between the present invention and DH is that the mathematical difficulties on which the two are based are different.
  • the security of the present invention is based on the iterative layer number problem of multivariate nonlinear conformal iterative transformation, ⁇ : set to a given nonlinear conformal iterative function group, which is a positive integer, and B is a layer iteration, then known A (x), B (x) seeking is difficult.
  • the core idea of the various algorithms of the present invention is that a certain integer k is preset as a secret parameter, and a k-layer iteration B of AW is used as a public parameter, and then the parameter is publicized (soliciting the secret parameter k is difficult, by secret It is easy to find the parameter B for the parameter.
  • another expression of the core idea of various algorithms of the present invention is: preset g, A(x), with a positive integer as a secret parameter, a vector as a public parameter, and a secret parameter by a public parameter ⁇ sleepy Difficult, it is easy to ask for public parameters from secret parameters.
  • ⁇ expression as a public parameter, but in the process of calculation, you need to use B.
  • the advantage of this expression is: the data length is significantly reduced than the function length of B, saving the public key storage.
  • the invention achieves a significant improvement in the security of the password, and the beneficial effects thereof are as follows: Compared with DH, the invention runs in a larger and more complex algorithm space, causing the scale of the cryptographic function to explode. .
  • a w (x) The non-linear number of coefficients will increase at a faster rate, causing A W (X) to explode at a faster rate with respect to the function size of the coefficients.
  • the nonlinear number of A w (x) with respect to the coefficient is (2 fc -l).
  • the required function sequence ⁇ (1) , ⁇ (2) ( ) Performing a generalized discrete Fourier transform, this transformation is subject to the number of terms in the function A w , that is, when A w explodes on the function scale of the coefficient, the cost of performing the generalized discrete Fourier transform is greatly increased.
  • the present invention achieves a qualitative leap for the security of the password.
  • the mathematical expression is similar to DH.
  • the present invention is simply understood as a natural extension of DH, and the innovation difficulties of the present invention will be briefly described below.
  • the present invention proposes a completely new research direction, just in the mathematical expression
  • the extreme form is similar to DH.
  • the term “conformal iteration” is used for the first time in the present invention, but also its concept, definition, description of nature, method of determination, establishment of steps, etc., which was first proposed by the present invention.
  • the non-linear number of times c : ) remains constant, and a function that rapidly increases the number of nonlinearities of the coefficients in the function can be guaranteed, and such a function can be established by a certain method.
  • the invention belongs to pioneering research, and its mathematical theory background is not mature. There is very little information available, for example: How to understand the mathematical structure of the conformal iterative transformation from the perspective of abstract space? How to establish a homomorphic mapping from a rational fractional domain to a polynomial domain, and a homomorphic mapping from a polynomial domain to a basic domain? How to find the period of conformal iteration? How to determine the specific mathematical properties of conformal iterations and how to determine these properties? These issues involve some profound mathematical frontier topics that are not yet fully resolved.
  • the invention mainly establishes the signature equation by the calculation of integers instead of the calculation of one cycle. It should be noted that although this cycle problem exists in key negotiation, encryption and signature, the signature is The problem is especially acute.
  • the first is the difference in mathematical concepts: the points on the elliptic curve are represented by a two-dimensional array (X, the elliptic curve group defines an "addition" - one is a two point in an elliptic curve, seeking A three-point nonlinear operation, but this operation does not satisfy the definition of a conformal iterative function.
  • a conformal iterative transformation A(x) is equivalent to an n input, "output function, set ⁇ A (1) W, A (2) W, ... , A W W, for a iterative operation, constitutes a semigroup.
  • the so-called conformal iterative layer number problem can be understood as defining a “conformal iterative discrete logarithm problem” in the semigroup, and its mathematical properties and “elliptic curve dispersion” The logarithm problem is very different.
  • ECC uses the operation of values between two points, and the algorithm space corresponds to a two-dimensional plane.
  • the set of points of the elliptic curve, the elements in the set are represented by the value of the two-dimensional vector (X,; and the present invention uses an operator between two functions whose algorithm space corresponds to a polynomial group Or a collection of rational fractions, from the perspective of abstract space:
  • the elements in the set are represented by coefficients in the function group, independent of the value of their unknown element x 1 ; for example, a polynomial group (( ⁇ 3 ⁇ 4 ) + Mod /?) is described by the coefficients ⁇ , , , ⁇ , which are independent of the value of ( ⁇ , ⁇ ) and belong to the set of points in the upper 8-dimensional space; obviously, the present invention has a larger algorithm space, The law of change is also more complicated.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Complex Calculations (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

L'invention porte sur un procédé pour négocier une clé, chiffrer et déchiffrer des informations, signer et authentifier les informations, qui comprend les étapes suivantes : étape 1 : le A(x) partagé d'un groupe d'utilisateurs est prédéfini et le groupe d'utilisateurs comprend au moins deux utilisateurs, le A(x) est un groupe de fonctions non linaires, dans lequel le vecteur X à n variables est transformé en un vecteur Y à n variables, où n > 1. En ce qui concerne A(x), le nombre de coefficients de x qui ne sont pas nuls dans l'itération à s niveaux est inchangé, s étant un entier. Lorsque B(x) = (A(A(x)), alors A(b(x))= B(A(x)). Étape 2 : les utilisateurs du groupe d'utilisateurs échangent entre eux les résultats intermédiaires de l'itération de A(x). Étape 3 : les utilisateurs calculent la clé partagée K en fonction des résultats intermédiaires. Par conséquent, la complexité de cryptographie et les performances anti-attaque sont améliorées.
PCT/CN2007/070628 2007-08-24 2007-09-05 Procédé pour négocier une clé, chiffrer et déchiffrer des informations, signer et authentifier les informations WO2009026771A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710120763XA CN101374043B (zh) 2007-08-24 2007-08-24 密钥协商的方法、加/解密的方法及签名/验证的方法
CN200710120763.X 2007-08-24

Publications (1)

Publication Number Publication Date
WO2009026771A1 true WO2009026771A1 (fr) 2009-03-05

Family

ID=40386661

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070628 WO2009026771A1 (fr) 2007-08-24 2007-09-05 Procédé pour négocier une clé, chiffrer et déchiffrer des informations, signer et authentifier les informations

Country Status (2)

Country Link
CN (1) CN101374043B (fr)
WO (1) WO2009026771A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013172790A1 (fr) * 2012-05-16 2013-11-21 Nanyang Technological University Procédés de détermination d'un résultat d'application d'une fonction à une entrée et dispositifs d'évaluation
WO2019000231A1 (fr) * 2017-06-27 2019-01-03 王威鉴 Procédé d'établissement d'un chiffrement de clé publique anti-attaque
WO2020252617A1 (fr) * 2019-06-17 2020-12-24 云图有限公司 Procédé, appareil et système de traitement de données
WO2023216403A1 (fr) * 2022-05-07 2023-11-16 上海阵方科技有限公司 Procédé de restauration de cryptogramme pour intersection d'ensemble privé sur la base d'un chiffrement homomorphe

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499908B (zh) * 2009-03-20 2011-06-22 四川长虹电器股份有限公司 一种身份认证及共享密钥产生方法
CN102006170B (zh) * 2010-11-11 2013-04-17 西安理工大学 基于有限域上mq问题对消息匿名环签名的方法
CN103414569B (zh) * 2013-08-21 2016-08-10 王威鉴 一种建立抗攻击的公钥密码的方法
CN103490882B (zh) * 2013-09-17 2016-10-05 华南理工大学 一种用于密钥交换的多变量公钥密码系统及生成方法
CN103595526A (zh) * 2013-11-19 2014-02-19 南京信息工程大学 一种基于区组设计的容错性密钥协商方法
CN105337738B (zh) * 2014-07-15 2018-10-30 华为技术有限公司 线性同态签名的处理方法和装置
EP3402118A1 (fr) * 2017-05-10 2018-11-14 Koninklijke Philips N.V. Dispositifs et procédé d'accord de clé
US10491373B2 (en) * 2017-06-12 2019-11-26 Microsoft Technology Licensing, Llc Homomorphic data analysis
WO2019039382A1 (fr) * 2017-08-22 2019-02-28 日本電信電話株式会社 Système d'accord, dispositif d'accord, programme et support d'enregistrement
US10637656B2 (en) * 2017-11-28 2020-04-28 Blackberry Limited Method and system for key agreement utilizing semigroups
CN109361504B (zh) * 2018-12-04 2021-10-08 桂林电子科技大学 一种基于区块链的多用户通信密钥协商方法
WO2020168543A1 (fr) * 2019-02-22 2020-08-27 云图有限公司 Procédé et dispositif de traitement de données
CN109995786B (zh) * 2019-04-08 2020-11-13 北京深思数盾科技股份有限公司 在组织中对数据授权的方法及装置
CN110213354B (zh) * 2019-05-20 2021-07-13 电子科技大学 云存储数据机密性保护方法
CN110533816B (zh) * 2019-09-03 2021-07-27 中国联合网络通信集团有限公司 一种电子指纹锁的授权指纹的远程加密方法和装置
US11569987B2 (en) 2021-02-12 2023-01-31 Blackberry Limited Method and system for key agreement utilizing plactic monoids

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5375170A (en) * 1992-11-13 1994-12-20 Yeda Research & Development Co., Ltd. Efficient signature scheme based on birational permutations
US20050149732A1 (en) * 2004-01-07 2005-07-07 Microsoft Corporation Use of static Diffie-Hellman key with IPSec for authentication
JP2005284111A (ja) * 2004-03-30 2005-10-13 Japan Science & Technology Agency 楕円曲線暗号の高速演算処理方法および装置
US7096356B1 (en) * 2001-06-27 2006-08-22 Cisco Technology, Inc. Method and apparatus for negotiating Diffie-Hellman keys among multiple parties using a distributed recursion approach
CN1831754A (zh) * 2005-11-04 2006-09-13 北京浦奥得数码技术有限公司 一种椭圆曲线密码系统及实现方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5398284A (en) * 1993-11-05 1995-03-14 United Technologies Automotive, Inc. Cryptographic encoding process
CN1564504B (zh) * 2004-03-23 2011-08-17 南京大学 一种数据流混沌编解码方法和模块化电路
US7404089B1 (en) * 2005-06-03 2008-07-22 Pitney Bowes Inc. Method and system for protecting against side channel attacks when performing cryptographic operations
CN1761185B (zh) * 2005-11-18 2011-08-17 清华大学 乱序执行的数据流aes加密电路结构

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5375170A (en) * 1992-11-13 1994-12-20 Yeda Research & Development Co., Ltd. Efficient signature scheme based on birational permutations
US7096356B1 (en) * 2001-06-27 2006-08-22 Cisco Technology, Inc. Method and apparatus for negotiating Diffie-Hellman keys among multiple parties using a distributed recursion approach
US20050149732A1 (en) * 2004-01-07 2005-07-07 Microsoft Corporation Use of static Diffie-Hellman key with IPSec for authentication
JP2005284111A (ja) * 2004-03-30 2005-10-13 Japan Science & Technology Agency 楕円曲線暗号の高速演算処理方法および装置
CN1831754A (zh) * 2005-11-04 2006-09-13 北京浦奥得数码技术有限公司 一种椭圆曲线密码系统及实现方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
GUAN HAIMING: "Rational Function Public Key Cryptosystem", CCICS' 2007, July 2007 (2007-07-01), pages 139, ISBN: 978-7-03-019312-4 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013172790A1 (fr) * 2012-05-16 2013-11-21 Nanyang Technological University Procédés de détermination d'un résultat d'application d'une fonction à une entrée et dispositifs d'évaluation
WO2019000231A1 (fr) * 2017-06-27 2019-01-03 王威鉴 Procédé d'établissement d'un chiffrement de clé publique anti-attaque
WO2020252617A1 (fr) * 2019-06-17 2020-12-24 云图有限公司 Procédé, appareil et système de traitement de données
WO2023216403A1 (fr) * 2022-05-07 2023-11-16 上海阵方科技有限公司 Procédé de restauration de cryptogramme pour intersection d'ensemble privé sur la base d'un chiffrement homomorphe

Also Published As

Publication number Publication date
CN101374043A (zh) 2009-02-25
CN101374043B (zh) 2010-09-22

Similar Documents

Publication Publication Date Title
WO2009026771A1 (fr) Procédé pour négocier une clé, chiffrer et déchiffrer des informations, signer et authentifier les informations
JP4809598B2 (ja) 暗号システムの設計におけるアイソジャニの使用
US6490352B1 (en) Cryptographic elliptic curve apparatus and method
US20100166174A1 (en) Hash functions using elliptic curve cryptography
CN111162906A (zh) 一种基于茫然传输算法的协同秘密分享方法及装置、系统、介质
WO2013021360A1 (fr) Procédé de chiffrement et de déchiffrement
CN111262709B (zh) 基于陷门哈希函数的无证书签密系统及方法
Mohapatra Public key cryptography
Tan An Improvement on a three-party authentication key exchange protocol using elliptic curve cryptography.
Lizama-Perez Non-invertible key exchange protocol
WO2022172041A1 (fr) Schémas cryptographiques asymétriques
Murugan An efficient algorithm on quantum computing with quantum key distribution for secure communication
Mohapatra Signcryption schemes with forward secrecy based on elliptic curve cryptography
WO2003013052A1 (fr) Cryptosystemes bases sur la non-commutativite
JP3706398B2 (ja) 楕円曲線による署名、認証及び秘密通信方式
Vahedi et al. An Overview of Cryptography
Hesamian Analysis of bcns and newhope key-exchange protocols
Nabil et al. New authenticated key agreement protocols
Bashir et al. Cryptanalysis and improvement of an encryption scheme that uses elliptic curves over finite fields
Al-Saidi et al. A new idea in zero knowledge protocols based on iterated function systems
Soman Lightweight Elliptical Curve Cryptography (ECC) for Data Integrity and User Authentication in Smart Transportation IoT System
Yang et al. Lecture note 3: Public key cryptography
Chandravathi et al. A new authentication RSA homomorphic encryption technique for prime factorization-based attacks scheme using Brahmagupta Fibonacci identity for cloud data security
Suresh et al. Advanced Cryptographic System for data Encryption and Decryption
Zia et al. Cryptanalysis and improvement of an encryption scheme that uses elliptic curves over finite fields

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07801037

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07801037

Country of ref document: EP

Kind code of ref document: A1