WO2015103977A1 - 一种基于超球面的多变量公钥加密/解密系统及方法 - Google Patents

一种基于超球面的多变量公钥加密/解密系统及方法 Download PDF

Info

Publication number
WO2015103977A1
WO2015103977A1 PCT/CN2015/070255 CN2015070255W WO2015103977A1 WO 2015103977 A1 WO2015103977 A1 WO 2015103977A1 CN 2015070255 W CN2015070255 W CN 2015070255W WO 2015103977 A1 WO2015103977 A1 WO 2015103977A1
Authority
WO
WIPO (PCT)
Prior art keywords
processor
data
component
plaintext
decryption
Prior art date
Application number
PCT/CN2015/070255
Other languages
English (en)
French (fr)
Inventor
唐韶华
陈家辉
Original Assignee
华南理工大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华南理工大学 filed Critical 华南理工大学
Priority to EP15735039.8A priority Critical patent/EP3096488B1/en
Priority to US15/111,365 priority patent/US10142105B2/en
Publication of WO2015103977A1 publication Critical patent/WO2015103977A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3093Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Definitions

  • the present invention relates to the field of information security, and in particular, to a hypersphere-based multivariate public key encryption/decryption system and method.
  • Cryptography is the core and foundation of information security, and is widely used in network communications, e-commerce, banking, defense and military.
  • the cryptographic techniques include symmetric ciphers and asymmetric ciphers, which are also known as public key ciphers.
  • MPKC occupies an important position in the post-quantum encryption scheme.
  • the existing MPKC schemes are almost insecure because a quadratic equation of random design has no threshold and cannot be used for encryption.
  • the mathematical structure generated by the corresponding central mapping can generally be derived to know its central mapping (ie, no hidden), so that many MPKC schemes are not only based on MQ problems, but also structural problems such as MI, Square, and triangle schemes. Therefore, designing a hidden, but thresholded, central map is very important for MPKC design.
  • the current design includes HFE, ABC, and so on. Although the central mapping of the former is hidden, due to the need of decryption, the rank of the matrix corresponding to the entire mapping is very small, so it cannot be against the rank attack.
  • the main object of the present invention is to overcome the shortcomings and deficiencies of the prior art and to provide a supersphere based Multivariate public key encryption/decryption system.
  • Another object of the present invention is to provide a hypersphere-based multivariate public key encryption/decryption method.
  • a hypersphere-based multivariate public key encryption/decryption system comprising:
  • A. an encryption module configured to encrypt the encrypted plaintext, form a ciphertext, complete encryption, and includes a processor and a public key conversion component. After the plaintext to be encrypted is transmitted to the processor, the processor stores the plaintext, and then the plaintext is The data is transmitted to the public key conversion component, and the encrypted ciphertext is obtained by substituting the plaintext data into the multivariate polynomial, and the ciphertext is then transmitted to the processor for storage, and the processor transmits the ciphertext to the decryption module of other users. ;
  • the decryption module is configured to decrypt the ciphertext data sent by other users to form a plaintext and complete decryption, and includes a processor, an affine transformation inversion component, a trapdoor component, and an affine transformation inversion component.
  • the trapdoor component includes a linear equation group building component and a linear equation group solving component.
  • the processor After receiving the ciphertext data, the processor first transmits the ciphertext to the affine transform inverting component to perform an affine transformation inversion operation, and then transmit The linear equations building component and the linear equations solving component of the trapdoor component are respectively subjected to a linear equation group building operation and a linear equation group solving operation, and a set of solutions obtained by the polynomial inversion operation are transmitted to the affine transform inverting component 2 Performing an affine transformation inversion operation, and finally transmitting to the processor, for the transmitted one or more sets of data, the processor separately calculates the hash value of each set of data, if the obtained data of a certain set of hash values is pre-stored in the processor If the plaintext hash redundancy data is equal, the set of data is stored and output as the decrypted plaintext; if not, the processor outputs the solution to the user. Confidential error warning message.
  • the hypersphere-based multivariate public key encryption/decryption system further includes a selector connected to the processor, and when the selector is in an open state, the encryption module of the system works, when the selector is in a closed state, the system The decryption module works.
  • the processor includes a scheduler connected to the selector, the open state and the closed state of the selector are identified and processed by a scheduler in the processor, and the data stored in the processor is controlled by the scheduler and dispatched to each corresponding The parts are operated accordingly.
  • the processor further includes a hash detector and a memory.
  • the hash value of the calculated data in the processor is completed by the Hash detector, and the stored data in the processor is completed by the memory.
  • a hypersphere-based multivariate public key encryption/decryption method comprising the following sequence of steps:
  • the processor calculates the hash value, obtains the plaintext hash redundant data, and stores the plaintext and the plaintext hash redundant data;
  • the ciphertext is then transmitted to the processor for storage, and the processor transmits the ciphertext together with the plaintext hash redundant data to the decryption module of other users;
  • the processor After receiving the ciphertext and plaintext hash data sent by other users, the processor first stores the plaintext hash redundant data, and then transmits the ciphertext to the affine transform inversion component to perform the affine transformation inversion operation. ;
  • the inversed data is transmitted to the linear equations building part of the trapdoor component and the linear equation group solving component, respectively, to construct the linear equations and solve the linear equations, and the linear equations solve the operation. Or multiple sets of solutions;
  • the processor separately calculates the hash value of each set of data, if the hash value of a certain set of data is equal to the plaintext hash redundant data stored by the processor, Then, the set of data is stored as a decrypted plaintext and output; if not, the processor outputs a warning message of decryption error to the user.
  • the step (1) encryption process described includes:
  • ciphertext (y 1 ', ..., y m ') is then transmitted to the processor for storage, the processor will ciphertext (y 1 ', ..., y m ') and plaintext hash redundant data ( h 1 ',...,h j ') are transmitted together to the decryption module of other users;
  • Step (2) The decryption process includes:
  • the processor After receiving the ciphertext (y 1 ',...,y m ') sent by other users and the plaintext hash data (h 1 ',...,h j '), the processor will first clear the text.
  • the hash redundant data (h 1 ', ..., h j ') is stored, and the ciphertext (y 1 ', ..., y m ') is transmitted to the affine transform inverting component for affine transformation Inverse operation
  • the linear equations construction component uses the scheduler to pre-allocate the m data (c i,1 ,c i,2 in the trapdoor component). ...,c i,n ) and The simultaneous construction of the equations is as follows:
  • Equation 4 is the construction of the linear equations building component.
  • the linear equations are then solved by the Gaussian elimination method using the Gaussian elimination method.
  • the solution is one or more groups, set to group d, and the solution set is recorded as
  • (x i1 ',...,x in ') is transmitted to the processor, and the processor calculates the hash value of (x i1 ',...,x in '), if the data of a certain group i (x The hash value of i1 ',...,x in ') is equal to the plaintext hash redundant data (h 1 ',...,h j '), then the set of data (x i1 ',...,x In ') as the decrypted plaintext output; if there are (x i1 ',...,x in ') ⁇ (h 1 ',...,h j ') for all i, the processor is to the user Output a warning message for decryption error.
  • the hypersphere-based multivariate public key encryption/decryption method further comprises the following steps before the step (1) encryption process: when the selector is in an open state, the encryption module of the system works, wherein the selector is connected to the processor ;
  • the method further includes the following steps: when the selector is in the closed state, the decryption module of the system operates, wherein the selector is connected to the processor.
  • the processor includes a scheduler connected to the selector, the open state and the closed state of the selector are identified and processed by a scheduler in the processor, and the data stored in the processor is controlled by the scheduler and dispatched to each corresponding The parts are operated accordingly.
  • the processor further includes a hash detector and a memory.
  • the hash value of the calculated data in the processor is completed by the Hash detector, and the stored data in the processor is completed by the memory.
  • the present invention has the following advantages and beneficial effects:
  • the running speed is very fast, especially the decryption process, only need to solve a linear equations.
  • many encryption and decryption schemes such as HFE in multivariables, ABC scheme, almost all traditional ECC and RSA encryption and decryption algorithms
  • the decryption process requires complex mathematical operations such as modulo operation or scalar multiplication, so the decryption speed will be It is slow, and our scheme only needs to solve the linear equations in the decryption process.
  • the Gaussian elimination operation that needs to be solved is obviously more complex than most current schemes. Low noise.
  • the central mapping design of most MPKC schemes does not include hidden parameters as private keys, and the mathematical structure generated by the corresponding central mapping can generally be derived to know its central mapping, so that many MPKC schemes are not only based on MQ problems. There are also structural problems, such as MI, Square, triangle scheme, etc., and finally can not resist the corresponding algebraic structure attack.
  • the central mapping of the HFE scheme is hidden, but due to the need of decryption, the rank of the matrix corresponding to the entire mapping is very small, so it cannot be against the rank attack.
  • the central mapping also has hidden parameters as private keys, and its central mapping is full rank, so it can resist rank attacks.
  • FIG. 1 is a schematic structural diagram of a hypersphere-based multivariate public key encryption/decryption system according to the present invention.
  • a hypersphere-based multivariate public key encryption/decryption system includes:
  • the selector is connected to the scheduler in the processor. When the selector is in the open state, the encryption module of the system works. When the selector is in the closed state, the decryption module of the system works;
  • the encryption module is configured to perform encryption processing on the plaintext to be encrypted, form a ciphertext, complete encryption, and includes a processor and a public key conversion component, and the plaintext to be encrypted is transmitted to the processor, where the processor includes a scheduler and a hash.
  • the detector, the memory, and the hash detector calculate the hash value of the plaintext, obtain the plaintext hash redundant data, store the plaintext and its plaintext hash redundant data in the memory, and then transmit the plaintext data to the public key transform component.
  • the key transformation component substitutes the plaintext data into the public key mapping, that is, separately calculates the values of the respective multivariate polynomials of the public key mapping, and obtains the encrypted ciphertext, which is then transmitted to the processor's memory for storage, and the processor will ciphertext and The plaintext hash redundant data is transmitted together to the decryption module of other users;
  • the decryption module is configured to decrypt the ciphertext data sent by other users to form a plaintext and complete decryption, and includes a processor, an affine transformation inversion component, a trapdoor component, and an affine transformation inversion component.
  • the trapdoor component includes a linear equation group building component and a linear equation group solving component.
  • the processor After receiving the ciphertext data, the processor first transmits the ciphertext to the affine transform inverting component to perform an affine transformation inversion operation, and then transmit The linear equations building component and the linear equations solving component of the trapdoor component are respectively subjected to a linear equation group building operation and a linear equation group solving operation, and a set of solutions obtained by the polynomial inversion operation are transmitted to the affine transform inverting component 2 Perform affine transformation inversion, and finally transmit to the processor, The one or more sets of data received, the processor separately calculates the hash value of each set of data, and if the obtained data hash value is equal to the plaintext hash redundant data pre-stored in the processor, the set of data is used as The decrypted plaintext is stored and output; if it is not satisfied, the processor outputs a warning message of decryption error to the user.
  • the hypersphere-based multivariate public key encryption/decryption system needs to be initialized before it is used for the first time, as follows:
  • the system randomly selects the m-group spherical data (c i,1 , c i,2 ,...,c i,n ) to satisfy c i,j ⁇ F q ,1 ⁇ i ⁇ m, 1 ⁇ j ⁇ n;
  • the center map F (f 1 , ..., f m ) is initialized, that is, the center map is composed of m f i .
  • f i (x 1 -c i,1 ) 2 +(x 2 -c i,2 ) 2 +...+(x n -c i,n ) 2 ,1 ⁇ i ⁇ m, where (c i,1 ,c i,2 ,...,c i,n ) are the m sets of spherical data randomly selected by the system in the trapdoor component.
  • P T ⁇ F ⁇ S(x 1 ,...x n ) be the corresponding public key mapping.
  • mapping data is stored in the memory after the system is initialized. During the system working process, they are controlled and dispatched by the scheduler to the respective components for related operations.
  • a hypersphere-based multivariate public key encryption/decryption method comprising the following sequence of steps:
  • the ciphertext (y 1 ', ..., y n ') is then transmitted to the processor for storage, and the processor then hashes the ciphertext (y 1 ', ..., y n ') with the plaintext hash data. (h 1 ',...,h j ') are transmitted together to the decryption module of other users;
  • the decryption module of the system works, receiving ciphertext (y 1 ',...,y m ') sent by other users and plaintext hashed redundant data (h 1 ',. After .., h j '), the processor first stores the plaintext hash redundant data (h 1 ',...,h j ') and then ciphertext (y 1 ',...,y m ') Transmission to the affine transformation inversion component one for affine transformation inversion
  • the linear equations construction component uses the m data (c i,1 ,c i,2 ,.. pre-allocated in the trap component). .,c i,n ) and Simultaneously construct a system of equations (I).
  • the form is as follows:
  • (IV) is the construction of the linear equations building component
  • the linear equations are then solved by the Gaussian elimination method using the Gaussian elimination method.
  • the solution is one or more groups, set to group d, and the solution set is recorded as
  • (x i1 ',...,x in ') is transmitted to the processor, and the processor calculates the hash value of (x i1 ',..., x in '), if the data of a certain group i (x The hash value of i1 ',...,x in ') is equal to the plaintext hash redundant data (h 1 ',...,h j '), then the set of data (x i1 ',...,x In ') as the decrypted plaintext output; if there are (x i1 ',...,x in ') ⁇ (h 1 ',...,h j ') for all i, the processor is to the user Output a warning message for decryption error.
  • the encryption for plaintext (1, 2) and its decryption will be described in detail below.
  • the hash value of the plaintext (1, 2) can be set to (1, 1, 1) without loss of generality.
  • the selector is in an open state
  • the public key transformation component After receiving the data, the public key transformation component interacts with the processor, calls the function P, and calculates p 1 (1, 2), p 2 (1, 2), p 3 (1, 2), respectively, to obtain Result (2, 2, 1) and return it to memory;
  • the processor uses the data (2, 2, 1) as the ciphertext of the plaintext (1, 2), and then hashes the ciphertext (2, 2, 1) and its plaintext redundant data (1, 1, 1). ) output to the user (or device) together;
  • the selector is in a closed state
  • the trapdoor component After receiving the data (1, 1, 1), the trapdoor component first interacts with the processor, and then calls the linear equations to construct the subcomponent, which uses the scheduler to pre-allocate the three groups in the trapdoor component.
  • the spherical data (1, 2), (2, 1), (0, 1), and (1, 1, 1) are connected to form a system of equations, that is, Expand the above three formulas to get:
  • the trapdoor component transmits the solution set (1, 1) to the affine transform inversion component 2;
  • the affine transformation inversion component 2 After the affine transformation inversion component 2 receives the data set (1, 1), it interacts with the processor, runs the program and calculates S -1 (1, 1), and obtains the result (1, 2), and finally This data set is returned to the memory;
  • the processor calls the Hash probe, calculates the hash value of the data (1, 2), and finds the miscellaneous data (1, 2).
  • the processor outputs the data (1, 2) as a decrypted plaintext to the user (or device).
  • the above embodiments are simpler embodiments of the present invention, but the embodiments of the present invention are not limited by the above embodiments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Electromagnetism (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于超球面的多变量公钥加密/解密系统,由加密模块和解密模块组成,其中加密模块包含处理器、将明文变成密文的公钥变换部件;解密模块包含处理器、仿射变换求逆部件一、陷门部件和仿射变换求逆部件二,其中陷门部件包含线性方程组构建部件和线性方程组求解部件,各部件执行相应的运算,最后得到一组数据,则将该组数据作为解密后的明文存储并输出;若解密模块没有产生数据,处理器向用户输出解密错误的警告信息。本发明的系统及方法,没有使用大域技术,设计的中心映射包含N组作为私钥的"球心",实现中心隐藏,同时运行速度非常快,解密过程仅需要进行线性方程组求解。

Description

一种基于超球面的多变量公钥加密/解密系统及方法 技术领域
本发明涉及信息安全领域,特别涉及一种基于超球面的多变量公钥加密/解密系统及方法。
背景技术
密码技术是信息安全的核心和基础,广泛应用于网络通信、电子商务、银行、国防军事等领域。密码技术包括对称密码和非对称密码,非对称密码也称为公钥密码。
目前公钥密码的安全性主要依赖于大整数分解和离散对数求解等困难问题,如RSA、ECC等。然而,自提出在量子计算机上能够实现大整数分解和离散对数求解的方法后,这类传统的公钥密码便受到巨大的威胁,影响到各个行业。因此,人们致力于寻找一种能够抵御量子计算机攻击的密码系统以满足信息安全的需求,并将这类系统称为后量子密码,而多变量公钥密码便是其中的一种。
MPKC在后量子加密方案中占据重要位置,现存的MPKC方案几乎都是不安全的,原因在于随机设计的一个二次方程没有门限,因而不能用于加密。而对应的中心映射生成的数学结构,一般都能推导得知其中心映射(即没有隐藏),从而使得很多MPKC方案不仅仅基于MQ问题,还存在结构问题,如MI,Square,三角方案等。因此,设计一个隐藏的,但又存在门限的中心映射对MPKC方案设计非常重要,目前如此设计的方案包括HFE,ABC等等。前者的中心映射虽然存在隐藏,但是由于解密的需要,使得整个映射对应的矩阵的秩非常小,因而它不能对抗秩攻击。后者而言,由于中心映射的随机性,目前并没有相关的攻击方法对其进行破解,但是同样由于中心映射的随机性,它并不能绝对的解密成功,即使它强调通过对参数的设置,可以使得解密成功的概率变得很高,但是对一个密码系统而言,这仍然是不适用的。
就MPKC方案而言,一个比较常见的技术是“大域技术”,即把公钥映射到一个大域K上,然后使用向量同构(需要同构)。这种方法是一个双刃剑,因为K的结构使得解密变得容易,但是这样的结构也很容易被攻击者利用。
发明内容
本发明的主要目的在于克服现有技术的缺点与不足,提供一种基于超球面 的多变量公钥加密/解密系统。
本发明的另一目的在于提供一种基于超球面的多变量公钥加密/解密方法。
本发明的目的通过以下的技术方案实现:
一种基于超球面的多变量公钥加密/解密系统,包含:
A、加密模块,用于对待加密的明文进行加密处理,形成密文、完成加密,其包括处理器、公钥变换部件,待加密的明文传输到处理器后,处理器存储明文,然后将明文数据传输至公钥变换部件中,通过将明文数据分别代入多变量多项式,得到加密后的密文,密文随后被传输到处理器中存储,处理器再将密文传输给其他用户的解密模块;
B、解密模块,用于对其他用户发来的密文数据进行解密处理,形成明文、完成解密,其包括处理器、仿射变换求逆部件一、陷门部件和仿射变换求逆部件二,其中陷门部件包含线性方程组构建部件和线性方程组求解部件,收到密文数据后,处理器先将密文传输给仿射变换求逆部件一进行仿射变换求逆运算,然后传输到陷门部件的线性方程组构建部件和线性方程组求解部件,分别进行线性方程组构建运算、线性方程组求解运算,将多项式求逆运算所得的一组解传输到仿射变换求逆部件二进行仿射变换求逆运算,最终传输到处理器,对传输过来的一组或多组数据,处理器分别计算每组数据的杂凑值,若所得的某组数据杂凑值与预先存储在处理器中的明文杂凑冗余数据相等,则将该组数据作为解密后的明文存储并输出;若都不满足,处理器向用户输出解密错误的警告信息。
所述的基于超球面的多变量公钥加密/解密系统还包含选择器,其与处理器相连,当选择器处于开状态时,系统的加密模块工作,当选择器处于闭状态时,系统的解密模块工作。
所述的处理器包含与选择器相连的调度器,选择器的开状态、闭状态由处理器中的调度器识别、处理,存储在处理器中的数据由调度器控制、调度到各个相应的部件进行相应的操作。
所述的处理器还包含Hash探测器、存储器,处理器中计算数据的杂凑值由Hash探测器完成,处理器中存储数据由存储器完成。
本发明的另一目的通过以下的技术方案实现:
一种基于超球面的多变量公钥加密/解密方法,包含以下顺序的步骤:
(1)加密过程:
a、待加密的明文传输到处理器后,处理器计算其杂凑值,得到明文杂凑冗余数据,并存储明文和明文杂凑冗余数据;
b、将明文数据传输至公钥变换部件中,通过将明文数据代入多变量多项式,得到加密后的密文;
c、密文随后传输到处理器中存储,处理器将密文与明文杂凑冗余数据一起传输给其他用户的解密模块;
(2)解密过程:
a、收到其他用户发来的密文和明文杂凑冗余数据后,处理器先将明文杂凑冗余数据存储,再将密文传输给仿射变换求逆部件一进行仿射变换求逆运算;
b、然后将求逆后的数据传输到陷门部件的线性方程组构建部件和线性方程组求解部件,分别进行线性方程组的构建和线性方程组的求解操作,线性方程组求解操作得一组或多组解;
c、上述得到的解将传输到仿射变换求逆部件二进行仿射变换求逆运算;
d、最终传输到处理器,对传输过来的一组或多组的数据,处理器分别计算每组数据的杂凑值,若某组数据的杂凑值与处理器存储的明文杂凑冗余数据相等,则将该组数据作为解密后的明文存储并输出;若都不满足,处理器向用户输出解密错误的警告信息。
所述的步骤(1)加密过程包含:
a、待加密的明文(x1′,...,xn′)∈Fn传输到处理器后,处理器计算其杂凑值(h1′,...,hj′)=Hash(x1′,...,xn′),得到明文杂凑冗余数据(h1′,...,hj′),其中Hash(·)是密码学上安全的单向函数,存储明文和明文杂凑冗余数据;
b、将明文(x1′,...,xn′)数据传输至公钥变换部件中,公钥变换部件将明文数据代入公钥映射P(x1,...,xn),即分别计算各个多变量多项式p1(x1′,...,xn′),...,pm(x1′,...,xn′)的值,其值分别记为y1′,...,ym′,(y1′,...,ym′)就是加密后的密文;
c、密文(y1′,...,ym′)随后传输到处理器中存储,处理器将密文(y1′,...,ym′)和明文杂凑冗余数据(h1′,...,hj′)一起传输给其他用户的解密模块;
步骤(2)解密过程包含:
a、收到其他用户发来的密文(y1′,...,ym′)和明文杂凑冗余数据(h1′,...,hj′)后,处理器先将明文杂凑冗余数据(h1′,...,hj′)存储,再将密文(y1′,...,ym′)传输给仿射变换求逆部件一进行仿射变换求逆运算
Figure PCTCN2015070255-appb-000001
b、接着将
Figure PCTCN2015070255-appb-000002
传输给陷门部件,分别进行线性方程组构建、线性方程组求解操作,即线性方程组构建部件利用调度器预先分配在陷门部件里的m组数据(ci,1,ci,2,...,ci,n)以及
Figure PCTCN2015070255-appb-000003
联立构建方程组,具体如下:
Figure PCTCN2015070255-appb-000004
记为式子一,将式子一扩展成式子二:
Figure PCTCN2015070255-appb-000005
式子一减式子二得式子三:
Figure PCTCN2015070255-appb-000006
将式子三转换成矩阵形式,得式子四:
Figure PCTCN2015070255-appb-000007
式子四即为线性方程组构建部件构建的关于
Figure PCTCN2015070255-appb-000008
的线性方程组;然后线性方程组求解部件利用高斯消元法对式子四进行求解,此解为一组或多组,设为d组,将该解集记为
Figure PCTCN2015070255-appb-000009
c、再将所得数据传输到仿射变换求逆部件二进行仿射变换求逆运算
Figure PCTCN2015070255-appb-000010
d、最终将(xi1′,...,xin′)传输到处理器,处理器计算(xi1′,...,xin′)的杂凑值,若 某组i的数据(xi1′,...,xin′)的杂凑值与明文杂凑冗余数据(h1′,...,hj′)相等,则将该组数据(xi1′,...,xin′)作为解密后的明文输出;若对于所有的i都有(xi1′,...,xin′)≠(h1′,...,hj′),则处理器向用户输出解密错误的警告信息。
所述的基于超球面的多变量公钥加密/解密方法,在步骤(1)加密过程之前还包含以下步骤:当选择器处于开状态时,系统的加密模块工作,其中选择器与处理器相连;
在步骤(2)解密过程之前还包含以下步骤:当选择器处于闭状态时,系统的解密模块工作,其中选择器与处理器相连。
所述的处理器包含与选择器相连的调度器,选择器的开状态、闭状态由处理器中的调度器识别、处理,存储在处理器中的数据由调度器控制、调度到各个相应的部件进行相应的操作。
所述的处理器还包含Hash探测器、存储器,处理器中计算数据的杂凑值由Hash探测器完成,处理器中存储数据由存储器完成。
本发明与现有技术相比,具有如下优点和有益效果:
1、没有使用“大域技术”,避免了使用同构部件进行向量同构,但是又能保证解密过程的方便。“大域技术”,即把公钥映射到一个大域K上,然后使用向量同构(需要同构)。这种方法是一个双刃剑,因为K的结构使得解密变得容易,但是这样的结构也很容易被攻击者利用。我们的方案完全摒除了这个技术,同时我们方案的解密过程又没有因为缺少同构技术而变得复杂。
2、设计的中心映射由N组作为私钥的“球心”完全隐藏,使得攻击者即使知道我们设计的结构,也不能获得任何有利的帮助。对于中心映射的设计,我们设定m个随机的n维“球心”作为隐藏参数(私钥),使得其加密的几何意义为为m个“距离平方”,而就解密而言,其几何意义为知道球心及距离,如何找满足条件的超球面的点。
3、运行速度非常快,尤其解密过程,仅需要进行一个线性方程组求解。目前很多加解密方案,如多变量当中的HFE,ABC方案,几乎所有传统的ECC和RSA加解密算法,解密过程都是需要进行求模运算或者标量乘法等复杂的数学运算的,因而解密速度会比较慢,而我们的方案,解密过程中只需要进行线性方程组求解,其求解需要使用的高斯消元运算明显比目前大多数方案运算复 杂度低。
4、在适当的参数选择下,可以抵御多变量公钥密码目前已知的代数攻击,安全性非常高。目前大多数MPKC方案的中心映射设计都不加入隐藏的参数作为私钥,而对应的中心映射生成的数学结构,一般都能推导得知其中心映射,从而使得很多MPKC方案不仅仅基于MQ问题,还存在结构问题,如MI,Square,三角方案等,最后不能抵抗对应的代数结构攻击。如HFE方案的中心映射虽然存在隐藏,但是由于解密的需要,使得整个映射对应的矩阵的秩非常小,因而它不能对抗秩攻击。而我们的方案,中心映射同样存在隐藏的参数作为私钥,且其中心映射是满秩的,故能抵抗秩攻击。
附图说明
图1为本发明所述的一种基于超球面的多变量公钥加密/解密系统的结构示意图。
具体实施方式
如图1,一种基于超球面的多变量公钥加密/解密系统,包含:
A、选择器,其与处理器中的调度器相连,当选择器处于开状态时,系统的加密模块工作,当选择器处于闭状态时,系统的解密模块工作;
B、加密模块,用于对待加密的明文进行加密处理,形成密文、完成加密,其包括处理器、公钥变换部件,待加密的明文被传输到处理器,其中处理器包含调度器、Hash探测器、存储器,Hash探测器计算明文的杂凑值,得到明文杂凑冗余数据,并将明文及其明文杂凑冗余数据存储在存储器里,然后将该明文数据传输至公钥变换部件中,公钥变换部件将明文数据代入公钥映射,即分别计算公钥映射的各个多变量多项式的值,得到加密后的密文,密文随后传输到处理器的存储器中存储,处理器将密文和明文杂凑冗余数据一起传输给其他用户的解密模块;
C、解密模块,用于对其他用户发来的密文数据进行解密处理,形成明文、完成解密,其包括处理器、仿射变换求逆部件一、陷门部件和仿射变换求逆部件二,其中陷门部件包含线性方程组构建部件和线性方程组求解部件,收到密文数据后,处理器先将密文传输给仿射变换求逆部件一进行仿射变换求逆运算,然后传输到陷门部件的线性方程组构建部件和线性方程组求解部件,分别进行线性方程组构建运算、线性方程组求解运算,将多项式求逆运算所得的一组解传输到仿射变换求逆部件二进行仿射变换求逆运算,最终传输到处理器,对传 输过来的一组或多组数据,处理器分别计算每组数据的杂凑值,若所得的某组数据杂凑值与预先存储在处理器中的明文杂凑冗余数据相等,则将该组数据作为解密后的明文存储并输出;若都不满足,处理器向用户输出解密错误的警告信息。
基于超球面的多变量公钥加密/解密系统首次使用前,需要进行初始化,如下所示:
(1)系统所有部件的算术运算都是建立在一个阶为q的有限域F上,其中q是一个奇素数;
(2)令多变量公钥密码系统的方程个数为m,变量个数为n;
(3)在仿射变换求逆部件一里,令
Figure PCTCN2015070255-appb-000011
是从Fm到Fm的随机选择的可逆仿射变换,类似地,在仿射变换求逆部件二里,令
Figure PCTCN2015070255-appb-000012
是从Fn到Fn的随机选择的可逆仿射变换;
(4)在陷门部件里,系统随机选取m组球心数据(ci,1,ci,2,...,ci,n)满足ci,j∈Fq,1≤i≤m,1≤j≤n;
(5)在公钥变换部件里,初始化中心映射F=(f1,...,fm),即由m个fi构成中心映射。令fi=(x1-ci,1)2+(x2-ci,2)2+...+(xn-ci,n)2,1≤i≤m,其中(ci,1,ci,2,...,ci,n)是在陷门部件里系统随机选取的m组球心数据。最后令P=TοFοS(x1,...xn)即为对应的公钥映射。
(6)以上相关映射的数据在系统初始化之后是存储在存储器里,在系统工作过程中,它们是由调度器控制和调度到各个相应的部件里进行相关操作的。
初始化完成后,系统就可以正式使用。
一种基于超球面的多变量公钥加密/解密方法,包含以下顺序的步骤:
(1)加密过程:
a、当选择器处于开状态时,系统的加密模块工作,选择器与处理器的调度 器相连,其中,处理器包含调度器、Hash探测器和存储器,待加密的明文(x1′,...,xn′)∈Fn传输到处理器后,Hash探测器计算其杂凑值(h1′,...,hj′)=Hash(x1′,...,xn′),得到明文杂凑冗余数据(h1′,...,hj′),其中Hash(·)是密码学上安全的单向函数,然后将明文及其杂凑冗余数据存储在存储器里;
b、将该明文(x1′,...,xn′)传输至公钥变换部件中,公钥变换部件将数据代入公钥映射P(x1,...,xn)里,即分别计算各个多变量多项式p1(x1′,...,xn′),...,pm(x1′,...,xn′)的值,其值分别记为y1′,...,yn′,数据(y1′,...,yn′)就是加密后的密文;
c、密文(y1′,...,yn′)随后传输到处理器中存储,处理器再将密文(y1′,...,yn′)与明文杂凑冗余数据(h1′,...,hj′)一起传输给其他用户的解密模块;
(2)解密过程:
a、当选择器处于闭状态时,系统的解密模块工作,收到其他用户发来的密文(y1′,...,ym′)和明文杂凑冗余数据(h1′,...,hj′)后,处理器先将明文杂凑冗余数据(h1′,...,hj′)存储,再将密文(y1′,...,ym′)传输给仿射变换求逆部件一进行仿射变换求逆运算
Figure PCTCN2015070255-appb-000013
b、然后将
Figure PCTCN2015070255-appb-000014
传输给陷门部件,分别进行线性方程组构建、线性方程组求解操作,即线性方程组构建部件利用预先分配在陷门部件里的m组数据(ci,1,ci,2,...,ci,n)以及
Figure PCTCN2015070255-appb-000015
联立构建方程组(I)。形式如下:
Figure PCTCN2015070255-appb-000016
把(I)扩展成:
Figure PCTCN2015070255-appb-000017
对(II)式,第一式减第二式,...,第m-1式减第m式,得:
Figure PCTCN2015070255-appb-000018
写成矩阵形式,得:
Figure PCTCN2015070255-appb-000019
(IV)式即为线性方程组构建部件构建的关于
Figure PCTCN2015070255-appb-000020
的线性方程组;然后线性方程组求解部件利用高斯消元法对(IV)进行求解,此解为一组或多组,设为d组,将该解集记为
Figure PCTCN2015070255-appb-000021
c、再将所得数据传输到仿射变换求逆部件二进行仿射变换求逆运算
Figure PCTCN2015070255-appb-000022
d、最终将(xi1′,...,xin′)传输到处理器,处理器计算(xi1′,...,xin′)的杂凑值,若某组i的数据(xi1′,...,xin′)的杂凑值与明文杂凑冗余数据(h1′,...,hj′)相等,则将该组数据(xi1′,...,xin′)作为解密后的明文输出;若对于所有的i都有(xi1′,...,xin′)≠(h1′,...,hj′),则处理器向用户输出解密错误的警告信息。
下面以一个具体的例子来详细介绍系统的初始化过程:
(1)所有部件的运算都是基于阶为q=3的有限域F上,其中,基域F包含3个元素,这些元素分别为{0,1,2},域上定义的加法、乘法为整数的加法、乘法之后mod 3;
(2)系统里的方程个数为m=3,变量个数为n=2;
(3)在仿射变换求逆部件一里,初始化
Figure PCTCN2015070255-appb-000023
在仿射变换求逆部件二里,初始化
Figure PCTCN2015070255-appb-000024
(4)在陷门部件里,随机取三组“球心”,(1,2),(2,1),(0,1);
(5)在公钥变换部件里,首先中心映射F分别是:
Figure PCTCN2015070255-appb-000025
Figure PCTCN2015070255-appb-000026
Figure PCTCN2015070255-appb-000027
容易通过式子P=TοFοS(x1,...,xn)得到公钥变换P的具体式,其分别包括以下3个式子:
p1(x1,x2)=x2
Figure PCTCN2015070255-appb-000028
p3(x1,x2)=x1
在系统初始化之后,下面将详细地描述对于明文(1,2)的加密和它的解密。另外,为了简单地说明整个加密和解密的过程,不失一般性可设明文(1,2)的杂凑值为(1,1,1)。
加密过程:
(1)选择器处于开状态;
(2)对于待加密的明文M=(1,2),处理器调用Hash探测器计算它的杂凑值(1,1,1)=Hash(M),即得到明文杂凑冗余数据(1,1,1),并将明文数据(1,2)和它的明文杂凑冗余数据(1,1,1)存储于存储器里,然后,处理器将明文(1,2)传输给公钥变换部件;
(3)公钥变换部件接收到数据后,与处理器进行交互,调用函数P,并分别计算p1(1,2),p2(1,2),p3(1,2),得到结果(2,2,1),并将它返回存储器中;
(4)处理器将数据(2,2,1)作为明文(1,2)的密文,然后将密文(2,2,1)和它的明文杂凑冗余数据(1,1,1)一起输出给用户(或设备);
解密过程:
(1)选择器处于闭状态;
(2)对于待解密的数据(2,2,1)和它的明文杂凑冗余数据(1,1,1),输入端把它们传输给处理器并存于存储器中,然后处理器将密文数据(2,2,1)传输给仿射变换求逆部件一;
(3)仿射变换求逆部件一收到数据(2,2,1)后,先与处理器进行交互,调用程序并计算T-1(2,2,1)=(1,1,1),然后将结果(1,1,1)传给陷门部件;
(4)陷门部件收到数据(1,1,1)后,先与处理器进行交互,然后调用线性方程组构建子部件,该子部件利用调度器预先分配在陷门部件里的3组球心数据(1,2),(2,1),(0,1)以及(1,1,1)联立构建方程组,即
Figure PCTCN2015070255-appb-000029
把上面的三个式子展开,可得到:
Figure PCTCN2015070255-appb-000030
上述第一式减第二式,第二式减第三式,得:
Figure PCTCN2015070255-appb-000031
即为该子部件构建的线性方程组,之后陷门部件调用线性方程组求解子部件,求解出方程组关于未知变量的解,即
Figure PCTCN2015070255-appb-000032
最后陷门部件将此解集(1,1)传输给仿射变换求逆部件二;
(5)仿射变换求逆部件二收到数据集(1,1)后,与处理器进行交互,运行程序并计算S-1(1,1),得到结果(1,2),最后将此数据集返回给存储器;
(6)处理器调用Hash探测器,计算数据(1,2)的杂凑值,发现数据(1,2)的杂 凑值为(1,1,1),即Hash(1,2)=(1,1,1),它等于存储器里的明文杂凑冗余数据(1,1,1);
(7)处理器将数据(1,2)作为解密后的明文输出给用户(或设备)。
上述实施例为本发明较简单的实施方式,但本发明的实施方式并不受上述实施例的限制,本发明推荐的系统参数为:q=31,n=34和m=35,其安全级别可高于280,其他的任何未背离本发明的精神实质与原理下所作的改变、修饰、替代、组合、简化,均应为等效的置换方式,都包含在本发明的保护范围之内。

Claims (9)

  1. 一种基于超球面的多变量公钥加密/解密系统,其特征在于,包含:
    A、加密模块,用于对待加密的明文进行加密处理,形成密文、完成加密,其包括处理器、公钥变换部件,待加密的明文传输到处理器后,处理器存储明文,然后将明文数据传输至公钥变换部件中,通过将明文数据分别代入多变量多项式,得到加密后的密文,密文随后被传输到处理器中存储,处理器再将密文传输给其他用户的解密模块;
    B、解密模块,用于对其他用户发来的密文数据进行解密处理,形成明文、完成解密,其包括处理器、仿射变换求逆部件一、陷门部件和仿射变换求逆部件二,其中陷门部件包含线性方程组构建部件和线性方程组求解部件,收到密文数据后,处理器先将密文传输给仿射变换求逆部件一进行仿射变换求逆运算,然后传输到陷门部件的线性方程组构建部件和线性方程组求解部件,分别进行线性方程组构建运算、线性方程组求解运算,将多项式求逆运算所得的一组解传输到仿射变换求逆部件二进行仿射变换求逆运算,最终传输到处理器,对传输过来的一组或多组数据,处理器分别计算每组数据的杂凑值,若所得的某组数据杂凑值与预先存储在处理器中的明文杂凑冗余数据相等,则将该组数据作为解密后的明文存储并输出;若都不满足,处理器向用户输出解密错误的警告信息。
  2. 根据权利要求1所述的基于超球面的多变量公钥加密/解密系统,其特征在于,还包含选择器,其与处理器相连,当选择器处于开状态时,系统的加密模块工作,当选择器处于闭状态时,系统的解密模块工作。
  3. 根据权利要求2所述的基于超球面的多变量公钥加密/解密系统,其特征在于,所述的处理器包含与选择器相连的调度器,选择器的开状态、闭状态由处理器中的调度器识别、处理,存储在处理器中的数据由调度器控制、调度到各个相应的部件进行相应的操作。
  4. 根据权利要求1所述的基于超球面的多变量公钥加密/解密系统,其特征在于,所述的处理器还包含Hash探测器、存储器,处理器中计算数据的杂凑值由Hash探测器完成,处理器中存储数据由存储器完成。
  5. 一种基于超球面的多变量公钥加密/解密方法,包含以下顺序的步骤:
    (1)加密过程:
    a、待加密的明文传输到处理器后,处理器计算其杂凑值,得到明文杂凑冗余数据,并存储明文和明文杂凑冗余数据;
    b、将明文数据传输至公钥变换部件中,通过将明文数据代入多变量多项式,得到加密后的密文;
    c、密文随后传输到处理器中存储,处理器将密文与明文杂凑冗余数据一起传输给其他用户的解密模块;
    (2)解密过程:
    a、收到其他用户发来的密文和明文杂凑冗余数据后,处理器先将明文杂凑冗余数据存储,再将密文传输给仿射变换求逆部件一进行仿射变换求逆运算;
    b、然后将求逆后的数据传输到陷门部件的线性方程组构建部件和线性方程组求解部件,分别进行线性方程组的构建和线性方程组的求解操作,线性方程组求解操作得一组或多组解;
    c、上述得到的解将传输到仿射变换求逆部件二进行仿射变换求逆运算;
    d、最终传输到处理器,对传输过来的一组或多组的数据,处理器分别计算每组数据的杂凑值,若某组数据的杂凑值与处理器存储的明文杂凑冗余数据相等,则将该组数据作为解密后的明文存储并输出;若都不满足,处理器向用户输出解密错误的警告信息。
  6. 根据权利要求5所述的基于超球面的多变量公钥加密/解密方法,其特征在于,
    所述的步骤(1)加密过程包含:
    a、待加密的明文(x1′,...,xn′)∈Fn传输到处理器后,处理器计算其杂凑值(h1′,...,hj′)=Hash(x1′,...,xn′),得到明文杂凑冗余数据(h1′,...,hj′),其中Hash(·)是密码学上安全的单向函数,存储明文和明文杂凑冗余数据;
    b、将明文(x1′,...,xn′)数据传输至公钥变换部件中,公钥变换部件将明文数据代入公钥映射P(x1,...,xn),即分别计算各个多变量多项式p1(x1′,...,xn′),...,pm(x1′,...,xn′)的值,其值分别记为y1′,...,ym′,(y1′,...,ym′)就是加密后的密文;
    c、密文(y1′,...,ym′)随后传输到处理器中存储,处理器将密文(y1′,...,ym′)和明文杂凑冗余数据(h1′,...,hj′)一起传输给其他用户的解密模块;
    步骤(2)解密过程包含:
    a、收到其他用户发来的密文(y1′,...,ym′)和明文杂凑冗余数据(h1′,...,hj′)后,处理器先将明文杂凑冗余数据(h1′,...,hj′)存储,再将密文(y1′,...,ym′)传输给仿射变换求逆部件一进行仿射变换求逆运算
    Figure PCTCN2015070255-appb-100001
    b、接着将
    Figure PCTCN2015070255-appb-100002
    传输给陷门部件,分别进行线性方程组构建、线性方程 组求解操作,即线性方程组构建部件利用调度器预先分配在陷门部件里的m组数据(ci,1,ci,2,...,ci,n)以及
    Figure PCTCN2015070255-appb-100003
    联立构建方程组,具体如下:
    Figure PCTCN2015070255-appb-100004
    记为式子一,将式子一扩展成式子二:
    Figure PCTCN2015070255-appb-100005
    式子一减式子二得式子三:
    Figure PCTCN2015070255-appb-100006
    将式子三转换成矩阵形式,得式子四:
    Figure PCTCN2015070255-appb-100007
    式子四即为线性方程组构建部件构建的关于
    Figure PCTCN2015070255-appb-100008
    的线性方程组;然后线性方程组求解部件利用高斯消元法对式子四进行求解,此解为一组或多组,设为d组,将该解集记为
    Figure PCTCN2015070255-appb-100009
    c、再将所得数据传输到仿射变换求逆部件二进行仿射变换求逆运算
    Figure PCTCN2015070255-appb-100010
    d、最终将(xi1′,...,xin′)传输到处理器,处理器计算(xi1′,...,xin′)的杂凑值,若某组i的数据(xi1′,...,xin′)的杂凑值与明文杂凑冗余数据(h1′,...,hj′)相等,则将该组数据(xi1′,...,xin′)作为解密后的明文输出;若对于所有的i都有(xi1′,...,xin′)≠(h1′,...,hj′),则处理器向用户输出解密错误的警告信息。
  7. 根据权利要求5所述的基于超球面的多变量公钥加密/解密方法,其特征在于,在步骤(1)加密过程之前还包含以下步骤:当选择器处于开状态时,系统的加密模块工作,其中选择器与处理器相连;
    在步骤(2)解密过程之前还包含以下步骤:当选择器处于闭状态时,系统 的解密模块工作,其中选择器与处理器相连。
  8. 根据权利要求7所述的基于超球面的多变量公钥加密/解密方法,其特征在于,所述的处理器包含与选择器相连的调度器,选择器的开状态、闭状态由处理器中的调度器识别、处理,存储在处理器中的数据由调度器控制、调度到各个相应的部件进行相应的操作。
  9. 根据权利要求5所述的基于超球面的多变量公钥加密/解密方法,其特征在于,所述的处理器还包含Hash探测器、存储器,处理器中计算数据的杂凑值由Hash探测器完成,处理器中存储数据由存储器完成。
PCT/CN2015/070255 2014-01-13 2015-01-07 一种基于超球面的多变量公钥加密/解密系统及方法 WO2015103977A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP15735039.8A EP3096488B1 (en) 2014-01-13 2015-01-07 Hypersphere-based multivariable public key encryption/decryption system and method
US15/111,365 US10142105B2 (en) 2014-01-13 2015-01-07 Hypersphere-based multivariable public key encryption/decryption system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410015211.2A CN103780382B (zh) 2014-01-13 2014-01-13 一种基于超球面的多变量公钥加密/解密系统及方法
CN201410015211.2 2014-01-13

Publications (1)

Publication Number Publication Date
WO2015103977A1 true WO2015103977A1 (zh) 2015-07-16

Family

ID=50572257

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/070255 WO2015103977A1 (zh) 2014-01-13 2015-01-07 一种基于超球面的多变量公钥加密/解密系统及方法

Country Status (4)

Country Link
US (1) US10142105B2 (zh)
EP (1) EP3096488B1 (zh)
CN (1) CN103780382B (zh)
WO (1) WO2015103977A1 (zh)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103490897B (zh) * 2013-09-17 2017-04-05 华南理工大学 一种多变量公钥签名/验证系统及签名/验证方法
CN103780382B (zh) * 2014-01-13 2017-01-18 华南理工大学 一种基于超球面的多变量公钥加密/解密系统及方法
CN104009848B (zh) * 2014-05-26 2017-09-29 华南理工大学 一种混合型的多变量数字签名系统及方法
CN106330463B (zh) * 2016-09-09 2019-08-20 华南理工大学 一种多变量公钥的签名系统和方法
US11991271B2 (en) 2018-07-31 2024-05-21 International Business Machines Corporation System and method for quantum resistant public key encryption
CN109981217A (zh) * 2019-01-28 2019-07-05 北京交通大学 一种基于交织分片的安全数据传输方法
US11232210B2 (en) * 2019-03-26 2022-01-25 Western Digital Technologies, Inc. Secure firmware booting
CN110855425A (zh) * 2019-10-25 2020-02-28 武汉大学 一种轻量级多方协同sm9密钥生成、密文解密方法与介质
CN113032810A (zh) * 2021-04-07 2021-06-25 工银科技有限公司 信息处理方法、装置、电子设备、介质和程序产品
CN113657322B (zh) * 2021-08-23 2022-06-17 广东君略科技咨询有限公司 一种基于公钥可密文比对的人脸识别方法和系统

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1870499A (zh) * 2005-01-11 2006-11-29 丁津泰 产生新的多变量公钥密码系统的方法
CN103457726A (zh) * 2013-08-26 2013-12-18 华南理工大学 基于矩阵的多变量公钥加密方法
CN103490897A (zh) * 2013-09-17 2014-01-01 华南理工大学 一种多变量公钥签名/验证系统及签名/验证方法
CN103490883A (zh) * 2013-09-17 2014-01-01 华南理工大学 一种多变量公钥加密/解密系统及加密/解密方法
CN103501227A (zh) * 2013-10-23 2014-01-08 西安电子科技大学 一种改进的多变量公钥密码加解密方案
CN103780383A (zh) * 2014-01-13 2014-05-07 华南理工大学 一种基于超球面的多变量公钥签名/验证系统及方法
CN103780382A (zh) * 2014-01-13 2014-05-07 华南理工大学 一种基于超球面的多变量公钥加密/解密系统及方法

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3788246B2 (ja) * 2001-02-13 2006-06-21 日本電気株式会社 匿名復号システム及び匿名復号方法
WO2005098796A1 (ja) * 2004-03-31 2005-10-20 Nec Corporation 暗号方式の安全性を保証するパディング適用方法
JP4842276B2 (ja) * 2004-11-11 2011-12-21 サーティコム コーポレーション 楕円曲線上の新しいトラップドア1方向性関数と、その、より短い署名及び非対称暗号化への応用
JP5341878B2 (ja) * 2008-04-09 2013-11-13 パナソニック株式会社 署名及び検証方法、署名生成装置並びに署名検証装置
CN101488849B (zh) * 2009-02-18 2010-12-01 华南理工大学 一种基于n维球面的群组密钥管理方法

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1870499A (zh) * 2005-01-11 2006-11-29 丁津泰 产生新的多变量公钥密码系统的方法
CN103457726A (zh) * 2013-08-26 2013-12-18 华南理工大学 基于矩阵的多变量公钥加密方法
CN103490897A (zh) * 2013-09-17 2014-01-01 华南理工大学 一种多变量公钥签名/验证系统及签名/验证方法
CN103490883A (zh) * 2013-09-17 2014-01-01 华南理工大学 一种多变量公钥加密/解密系统及加密/解密方法
CN103501227A (zh) * 2013-10-23 2014-01-08 西安电子科技大学 一种改进的多变量公钥密码加解密方案
CN103780383A (zh) * 2014-01-13 2014-05-07 华南理工大学 一种基于超球面的多变量公钥签名/验证系统及方法
CN103780382A (zh) * 2014-01-13 2014-05-07 华南理工大学 一种基于超球面的多变量公钥加密/解密系统及方法

Also Published As

Publication number Publication date
EP3096488B1 (en) 2019-01-02
EP3096488A4 (en) 2017-08-23
EP3096488A1 (en) 2016-11-23
US10142105B2 (en) 2018-11-27
US20170222807A1 (en) 2017-08-03
CN103780382B (zh) 2017-01-18
CN103780382A (zh) 2014-05-07

Similar Documents

Publication Publication Date Title
WO2015103977A1 (zh) 一种基于超球面的多变量公钥加密/解密系统及方法
CN110363030B (zh) 用于执行基于格的密码操作的方法和处理设备
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
JP5496410B2 (ja) 類似度算出システム及び類似度算出装置及びコンピュータプログラム及び類似度算出方法
US9998445B2 (en) Authentication system
US10129029B2 (en) Proofs of plaintext knowledge and group signatures incorporating same
US9077539B2 (en) Server-aided multi-party protocols
US9590807B2 (en) Identity based public key cryptosystem
WO2015103932A1 (zh) 一种基于超球面的多变量公钥签名/验证系统及方法
US10461923B2 (en) Multivariate signature method for resisting key recovery attack
WO2015039397A1 (zh) 一种多变量公钥加密/解密系统及加密/解密方法
US11418334B2 (en) Protecting modular inversion operation from external monitoring attacks
Chowdhury et al. Physical security in the post-quantum era: A survey on side-channel analysis, random number generators, and physically unclonable functions
Huang et al. Block-Level Message-Locked Encryption with Polynomial Commitment for IoT Data.
Tahir et al. A scheme for the generation of strong icmetrics based session key pairs for secure embedded system applications
Bellare et al. Defending against key exfiltration: efficiency improvements for big-key cryptography via large-alphabet subkey prediction
Fanfara et al. Usage of asymmetric encryption algorithms to enhance the security of sensitive data in secure communication
Ogunleye et al. Elliptic Curve Cryptography Performance Evaluation for Securing Multi-Factor Systems in a Cloud Computing Environment
Ugbedeojo et al. RSA and Elliptic Curve Encryption System: A Systematic Literature Review
Chao et al. Fast key generation for Gentry-style homomorphic encryption
JP6602210B2 (ja) 認証システム及び方法
Ye et al. Efficient Lattice‐Based Ring Signature Scheme without Trapdoors for Machine Learning
Chapman Using Graphic Based Systems to Improve Cryptographic Algorithms
KR102187267B1 (ko) 타원곡선에 기반한 초 특이성 디피-헬만 암호 교환 방법 및 장치
CN118400197B (zh) 一种基于格的抗量子密文等值测试公钥加密方法及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15735039

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 15111365

Country of ref document: US

REEP Request for entry into the european phase

Ref document number: 2015735039

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2015735039

Country of ref document: EP