WO2019101134A1 - Procédé de déchiffrement sm9 multi-distribué, support et procédé de génération de clé - Google Patents

Procédé de déchiffrement sm9 multi-distribué, support et procédé de génération de clé Download PDF

Info

Publication number
WO2019101134A1
WO2019101134A1 PCT/CN2018/116941 CN2018116941W WO2019101134A1 WO 2019101134 A1 WO2019101134 A1 WO 2019101134A1 CN 2018116941 W CN2018116941 W CN 2018116941W WO 2019101134 A1 WO2019101134 A1 WO 2019101134A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
calculate
key generation
encryption key
bit
Prior art date
Application number
PCT/CN2018/116941
Other languages
English (en)
Chinese (zh)
Inventor
何德彪
马米米
谢翔
孙立林
李升林
Original Assignee
云图有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 云图有限公司 filed Critical 云图有限公司
Publication of WO2019101134A1 publication Critical patent/WO2019101134A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test

Definitions

  • the present invention relates to the field of cryptography, and in particular, to a SM9 decryption method and medium based on multiple parties.
  • Digital signature cryptography-based digital signature and encryption and decryption technology is a key technology to achieve message confidentiality, integrity and non-repudiation. It has been widely used in network communication, e-commerce and e-government. However, its security depends mainly on the protection of the key. Once the key is compromised, security cannot be discussed.
  • Secret sharing provides a new idea for solving key management problems and plays a key role in the secure storage and transmission of secret data. Secret sharing uses an algorithm to divide the secret into several shares. Only when a certain number of shares are put together, the secret can be reconstructed by a certain algorithm, and less than this number of shares cannot reconstruct the secret. This number is called As a threshold. In the (t,n) threshold signature scheme, the secret is divided into n shares, and even if the attacker steals t-1 shares, a valid signature cannot be generated.
  • the existing key segmentation is mostly poor in security protection, and the existing decryption scheme tends to have more interactions, and the user's computational complexity is relatively high, which cannot meet the low latency and less interaction required in the big data environment. Application requirements.
  • the object of the present invention is to solve the above problems, and provide a multi-distributed SM9 decryption method, a medium and a key generation method, in which multiple communication parties do not leak their own partial encryption keys, and cannot obtain a complete encryption key. In the case, the decryption process of the message is completed together.
  • the technical solution of the present invention is as follows:
  • the present invention discloses a key generation method, including:
  • hid,q)+ke, if t 1 0, regenerates the master key, calculates and publicizes the encrypted master public key, and updates the Have the user's encryption key, otherwise calculate the second temporary variable among them Representing the inverse of t 1 modulo q, ie
  • ke denotes the master private key
  • hid the key generation center selects the encryption key generation function identifier expressed by one byte
  • q is the order of the cyclic group and q>2 191 is the prime number
  • the ID is the identity identifier of the user
  • H 1 () represents a cryptographic function derived from a cryptographic hash function;
  • Step 2 The key generation center randomly selects d 1 , d 2 ,..., d n-1 ⁇ [1,q-1], and calculates among them Representing the inverse of d i modulo q, ie Where [1, q-1] represents a set of integers not less than 1 and not greater than q-1;
  • Step 3 The Key Generation Center sets the first part of the encryption key. Second part encryption key And so on, the n-1 part encryption key Part n encryption key Wherein P 2 represents a generator of the addition cycle group G 2 whose order is prime q, and [d n ]P 2 is d n times the generator P 2 ;
  • Step 4 User put Stored in device A i .
  • the system initialization phase is further included:
  • P pub-e is published, and the key generation center selects to disclose an encryption key generation function identifier hid represented by one byte, where P 1 is a generator of the addition cycle group G 1 whose order is prime q, [ke]P 1 is the ke times of the generated element P 1 .
  • the invention also discloses a computer storage medium, characterized in that a computer program is stored, and the computer program is executed to perform the following steps:
  • hid,q)+ke, if t 1 0, regenerates the master key, calculates and publicizes the encrypted master public key, and updates the Have the user's encryption key, otherwise calculate the second temporary variable among them Representing the inverse of t 1 modulo q, ie
  • ke denotes the master private key
  • hid the key generation center selects the encryption key generation function identifier expressed by one byte
  • q is the order of the cyclic group and q>2 191 is the prime number
  • the ID is the identity identifier of the user
  • H 1 () represents a cryptographic function derived from a cryptographic hash function;
  • Step 2 The key generation center randomly selects d 1 , d 2 ,..., d n-1 ⁇ [1,q-1], and calculates among them Representing the inverse of d i modulo q, ie Where [1, q-1] represents a set of integers not less than 1 and not greater than q-1;
  • Step 3 The Key Generation Center sets the first part of the encryption key. Second part encryption key And so on, the n-1 part encryption key Part n encryption key Wherein P 2 represents a generator of the addition cycle group G 2 whose order is prime q, and [d n ]P 2 is d n times the generator P 2 ;
  • Step 4 User put Stored in device A i .
  • the step of executing the computer program execution further includes the system initialization phase prior to step 1:
  • P pub-e is published, and the key generation center selects to disclose an encryption key generation function identifier hid represented by one byte, where P 1 is a generator of the addition cycle group G 1 whose order is prime q, [ke]P 1 is the ke times of the generated element P 1 .
  • the invention also discloses a multi-distributed SM9 decryption method, comprising:
  • the n-th part encryption key set for the key generation center, e( ⁇ , ⁇ ) represents a bilinear map of G 1 ⁇ G 2 ⁇ G T , and G 1 , G 2 are addition cycle groups whose order is a prime number q, G T is a multiplicative cyclic group whose order is a prime number q;
  • Step 2 After the n-1th communicating party A n-1 receives w 1 , calculate the second temporary variable And send w 2 to the n-2th communicating party A n-2 , wherein The n-1th part encryption key set for the key generation center, Representing w 1 Power, ie
  • Step 3 After the n-2th communicating party A n-2 receives w 2 , calculate the third temporary variable And send w 3 to the n-3th party A n-3 , wherein The n-2th encryption key set for the key generation center;
  • Step 4 By analogy, after receiving the w n-2 , the second communicating party A 2 calculates the n-1th temporary variable. And send w n-1 to the first communication party A 1 , wherein The second part encryption key set for the key generation center;
  • Step 5 After receiving the w n-1 , the first communication party A 1 calculates the nth temporary variable.
  • the data type of w n is converted into a bit string, and the first communication party A 1 classifies and decrypts according to the method of encrypting plaintext.
  • the decryption calculation according to the method of encrypting plaintext in step 5 further comprises:
  • K 1 ' is a full 0-bit string, report an error and exit, otherwise calculate
  • K 2_ len is the bit length of the key K 2 in the message authentication code function MAC (K 2 , Z)
  • ID represents the identity of the user as the decrypter, and can uniquely determine the user's public Key
  • Z represents a message data bit string of the message authentication code to be obtained;
  • KDF( ⁇ ) the key derivation function KDF( ⁇ )
  • the invention also discloses a computer storage medium, which stores a computer program, and executes the following steps after running the computer program:
  • the n-th part encryption key set for the key generation center, e( ⁇ , ⁇ ) represents a bilinear map of G 1 ⁇ G 2 ⁇ G T , and G 1 , G 2 are addition cycle groups whose order is a prime number q, G T is a multiplicative cyclic group whose order is a prime number q;
  • Step 2 After the n-1th communicating party A n-1 receives w 1 , calculate the second temporary variable And send w 2 to the n-2th communicating party A n-2 , wherein The n-1th part encryption key set for the key generation center, Representing w 1 Power, ie
  • Step 3 After the n-2th communicating party A n-2 receives w 2 , calculate the third temporary variable And send w 3 to the n-3th party A n-3 , wherein The n-2th encryption key set for the key generation center;
  • Step 4 By analogy, after receiving the w n-2 , the second communicating party A 2 calculates the n-1th temporary variable. And send w n-1 to the first communication party A 1 , wherein The second part encryption key set for the key generation center;
  • Step 5 After receiving the w n-1 , the first communication party A 1 calculates the nth temporary variable.
  • the data type of w n is converted into a bit string, and the first communication party A 1 classifies and decrypts according to the method of encrypting plaintext.
  • the step of performing the decryption calculation according to the method of encrypting plaintext in step 5 of the execution of the computer program further comprises:
  • K 1 ' is a full 0-bit string, report an error and exit, otherwise calculate
  • K 2_ len is the bit length of the key K 2 in the message authentication code function MAC (K 2 , Z)
  • ID represents the identity of the user as the decrypter, and can uniquely determine the user's public Key
  • Z represents a message data bit string of the message authentication code to be obtained;
  • KDF( ⁇ ) the key derivation function KDF( ⁇ )
  • the SM9 identification cryptographic algorithm is an identification cryptographic algorithm based on a bilinear pairing, which can use the user's identity to generate a public and private key pair of the user.
  • the application and management of SM9 does not require digital certificates, certificate bases or key stores. It is mainly used for digital signatures, data encryption, key exchange and identity authentication.
  • the algorithm was released in 2015 as the national password industry standard (GM/T 0044). -2016).
  • the Key Generation Center (KGC) in the present invention Based on the SM9 identification cryptographic algorithm, the Key Generation Center (KGC) in the present invention generates a corresponding partial key for the communicating party participating in the SM9 decryption system.
  • KGC Key Generation Center
  • the nth communicating party A n After receiving the key, the nth communicating party A n calculates the first temporary variable And return to A n-1 . After A n-1 receives w 1 , it calculates the second temporary variable. And return to A n-2 , and so on, until A 1 receives w n-1 , calculate the nth temporary variable The decryption calculation is performed according to the method of encrypting plaintext, and finally the plaintext M' is output.
  • the present invention devises a multi-party distributed SM9 decryption method and system, assuming that there are n communicating parties, this scheme must cooperate with each other to share and decrypt the partial private keys in the n communicating parties, and the final calculation result can be obtained. At the same time, the security of the private key is guaranteed. Compared with the prior art, the invention not only reduces the computational complexity of the user, but also improves the security of the key.
  • FIG. 1 is a flow chart showing an embodiment of a key generation method of the present invention.
  • FIG. 2 is a flow chart showing an embodiment of a multi-distributed SM9 decryption method of the present invention.
  • FIG. 3 shows a schematic diagram of an embodiment of a multi-distributed SM9 decryption method of the present invention.
  • KGC Key Generation Center. It is a trusted authority responsible for generating system parameters, master and private keys, and encryption keys.
  • G 1 , G 2 The addition cycle group whose order is prime q.
  • G T The multiplicative cyclic group whose order is prime q.
  • g u the power of u in the multiplicative group G T , ie Where u is a positive integer.
  • ID C The identity of the communicating party C, which can uniquely determine the public key of the communicating party C.
  • Mod q modulo q operation. For example, 27 (mod 5) ⁇ 2.
  • q the order of the cyclic groups G 1 , G 2 and G T , and q>2 191 is a prime number.
  • P 1 , P 2 are the generators of the groups G 1 and G 2 , respectively.
  • [u]P U times the element P in the addition group G 1 and G 2 .
  • y splicing of x and y, where x and y are bit strings or byte strings.
  • [x, y] A set of integers not less than x and not greater than y.
  • the implementation of the key generation method of the present invention is as shown in Fig. 1. The following is a detailed description of the steps of the key generation method.
  • hid,q)+ke. If t 1 0, regenerate the master key, calculate and publicize the encrypted master public key, and update the existing user. Encryption key; otherwise, calculate the second temporary variable among them Representing the inverse of t 1 modulo q, ie
  • Step S12 KGC randomly selects d 1 , d 2 , ..., d n-1 ⁇ [1, q-1], and calculates among them Representing the inverse of d i modulo q, ie
  • Step S13 KGC sets the first partial encryption key Second part encryption key And so on, the n-1 part encryption key Part n encryption key
  • Step S14 the user puts Stored in device A i .
  • the present invention also discloses a computer storage medium having a computer program thereon running the computer program to perform the steps of the key generation method as described in the foregoing embodiments. Since the steps performed are the same as those of the foregoing embodiment, they are not described herein again.
  • Step S21 The nth communication party A n extracts the bit string C 1 from the ciphertext C, converts the data type of C 1 into a point on the elliptic curve, verifies whether C 1 ⁇ G 1 is established, and if not, reports an error and exits. ; otherwise, A n calculates the first temporary variable And send w 1 to A n-1 .
  • Step S22 After receiving the w 1 , the A n-1 calculates the second temporary variable. And send w 2 to A n-2 .
  • Step S23 After receiving the w 2 by A n-2 , calculating the third temporary variable And send w 3 to A n-3 .
  • Step S24 and so on, after A 2 receives w n-2 , the n-1th temporary variable is calculated. And send w n-1 to A 1 .
  • Step S25 After A 1 receives w n-1 , the nth temporary variable is calculated. And convert the data type of w n into a bit string. A 1 is classified according to the method of encrypting plaintext for decryption calculation.
  • K 1 ' be the pre-Mlen bit of K'
  • K 2 ' be the K 2_ len bit of K'
  • K 1 ' is a full 0-bit string, report an error and exit;
  • K 1_ len K 1_ len+K 2_ len
  • K' KDF(C 1
  • the present invention also discloses a computer storage medium having a computer program thereon running the computer program to perform the steps of the multi-distributed SM9 decryption method as described in the foregoing embodiments. Since the steps performed are the same as those of the foregoing embodiment, they are not described herein again.
  • the invention has the advantages of high security, low communication cost, and the like, and the communication party must participate in the complete decryption of the message without leaking the respective keys.
  • the bilinear map calculation is relatively expensive, so in the solution of the present invention, the bilinear operation is performed by one communication party, thereby reducing the computational cost of other communication parties and reducing the number of interactions.
  • DSPs digital signal processors
  • ASICs application specific integrated circuits
  • FPGAs field programmable gate arrays
  • Programmable logic devices, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein are implemented or executed.
  • a general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
  • the processor may also be implemented as a combination of computing devices, such as a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
  • a software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
  • An exemplary storage medium is coupled to the processor to enable the processor to read and write information to/from the storage medium.
  • the storage medium can be integrated into the processor.
  • the processor and the storage medium can reside in an ASIC.
  • the ASIC can reside in the user terminal.
  • the processor and the storage medium may reside as a discrete component in the user terminal.
  • the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented as a computer program product in software, the functions may be stored on or transmitted as one or more instructions or code on a computer readable medium.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a storage medium may be any available media that can be accessed by a computer.
  • such computer readable media may comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage or other magnetic storage device, or can be used to carry or store instructions or data structures. Any other medium that is desirable for program code and that can be accessed by a computer.
  • any connection is also properly referred to as a computer readable medium.
  • the software is transmitted from a web site, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave.
  • the coaxial cable, fiber optic cable, twisted pair cable, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of the medium.
  • Disks and discs as used herein include compact discs (CDs), laser discs, optical discs, digital versatile discs (DVDs), floppy discs, and Blu-ray discs, in which disks are often reproduced magnetically. Data, and discs optically reproduce data with a laser. Combinations of the above should also be included within the scope of computer readable media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un procédé de déchiffrement SM9 multi-distribué, un support et un procédé de génération de clé. Des intervenants multiples de communication accomplissent conjointement un processus de déchiffrement de message dans des conditions de non-divulgation de leurs clés de chiffrement partielles respectives et d'impossibilité d'acquérir la clé de chiffrement complète. La solution technique comprend les étapes suivantes: un centre de génération de clés (KGC) génère une clé de chiffrement partielle correspondante pour des intervenants de communication participant à un système de déchiffrement SM9; après que les clés ont été reçues, le nième intervenant de communication An calcule une première variable temporaire (I) et renvoie la première variable temporaire (I) à An-1; et An-1, après avoir reçu w1, calcule une seconde variable temporaire (II), et renvoie la seconde variable temporaire (II) à An-2, et ainsi de suite, jusqu'à A1, après avoir reçu wn-1, calcule la nième variable temporaire (III), effectue un calcul de déchiffrement en classification selon un procédé de chiffrement de texte en clair, et délivre finalement un texte en clair M'.
PCT/CN2018/116941 2017-11-23 2018-11-22 Procédé de déchiffrement sm9 multi-distribué, support et procédé de génération de clé WO2019101134A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711183120.X 2017-11-23
CN201711183120.XA CN108418686B (zh) 2017-11-23 2017-11-23 一种多分布式的sm9解密方法与介质及密钥生成方法与介质

Publications (1)

Publication Number Publication Date
WO2019101134A1 true WO2019101134A1 (fr) 2019-05-31

Family

ID=63125356

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/116941 WO2019101134A1 (fr) 2017-11-23 2018-11-22 Procédé de déchiffrement sm9 multi-distribué, support et procédé de génération de clé

Country Status (2)

Country Link
CN (1) CN108418686B (fr)
WO (1) WO2019101134A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600948A (zh) * 2020-05-14 2020-08-28 北京安御道合科技有限公司 基于标识密码的云平台应用和数据安全处理方法、系统、存储介质、程序
CN112769557A (zh) * 2020-12-30 2021-05-07 北京宏思电子技术有限责任公司 嵌入式系统中加快sm9双线性对运算的实现方法及装置
CN112769556A (zh) * 2020-12-30 2021-05-07 北京宏思电子技术有限责任公司 嵌入式系统中加快sm9双线性对运算的实现方法及装置
CN113904768A (zh) * 2021-11-10 2022-01-07 福建师范大学 基于sm9密钥封装机制的在线离线解密方法

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418686B (zh) * 2017-11-23 2021-03-19 矩阵元技术(深圳)有限公司 一种多分布式的sm9解密方法与介质及密钥生成方法与介质
CN109194478B (zh) * 2018-11-19 2021-12-07 武汉大学 一种非对称环境下多方联合生成sm9数字签名的方法
CN109600225B (zh) * 2018-12-04 2019-10-15 北京海泰方圆科技股份有限公司 一种密钥交换方法、装置和存储介质
CN110247759B (zh) * 2019-06-03 2020-07-10 武汉理工大学 一种sm9私钥生成和使用方法及系统
CN110166239B (zh) * 2019-06-04 2023-01-06 成都卫士通信息产业股份有限公司 用户私钥生成方法、系统、可读存储介质及电子设备
CN111030801A (zh) * 2019-10-25 2020-04-17 武汉大学 一种多方分布式的sm9密钥生成、密文解密方法与介质
CN111010276A (zh) * 2019-10-25 2020-04-14 武汉大学 一种多方联合sm9密钥生成、密文解密方法与介质
CN110855425A (zh) * 2019-10-25 2020-02-28 武汉大学 一种轻量级多方协同sm9密钥生成、密文解密方法与介质
CN111106936B (zh) * 2019-11-27 2023-04-21 国家电网有限公司 一种基于sm9的属性加密方法与系统
CN111314080B (zh) * 2019-12-13 2021-04-13 北京海泰方圆科技股份有限公司 一种基于sm9算法的协同签名方法、装置、介质
CN111585759B (zh) * 2020-05-12 2023-06-09 北京华大信安科技有限公司 一种高效的基于sm9公钥加密算法的线上线下加密方法
CN112926075B (zh) * 2021-03-26 2023-01-24 成都卫士通信息产业股份有限公司 一种sm9密钥生成方法、装置、设备及存储介质
CN113141248B (zh) * 2021-04-25 2023-06-16 重庆都会信息科技有限公司 基于同态加密的门限解密方法、系统及可读存储介质
CN115549904B (zh) * 2022-10-11 2024-09-24 北京无字天书科技有限公司 密钥生成方法及相关方法、计算机设备和存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102523093A (zh) * 2011-12-16 2012-06-27 河海大学 一种带标签的基于证书密钥封装方法及系统
CN105025024A (zh) * 2015-07-22 2015-11-04 河海大学 一种基于无证书条件代理重加密系统与方法
CN108418686A (zh) * 2017-11-23 2018-08-17 矩阵元技术(深圳)有限公司 一种多分布式的sm9解密方法与介质及密钥生成方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8199917B2 (en) * 2008-10-29 2012-06-12 International Business Machines Corporation SID management for access to encrypted drives
EP2401835A4 (fr) * 2009-02-27 2014-04-23 Certicom Corp Système et procédé de communication sécurisée avec des compteurs électroniques
EP2649833A1 (fr) * 2010-12-07 2013-10-16 Telefonaktiebolaget LM Ericsson (PUBL) Procédé et appareil pour la fourniture d'un module d'identification provisoire au moyen d'un schéma à clé partagée
CN102523086B (zh) * 2011-12-07 2014-12-24 上海交通大学 一种隐私保护云存储系统中的密钥恢复方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102523093A (zh) * 2011-12-16 2012-06-27 河海大学 一种带标签的基于证书密钥封装方法及系统
CN105025024A (zh) * 2015-07-22 2015-11-04 河海大学 一种基于无证书条件代理重加密系统与方法
CN108418686A (zh) * 2017-11-23 2018-08-17 矩阵元技术(深圳)有限公司 一种多分布式的sm9解密方法与介质及密钥生成方法

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111600948A (zh) * 2020-05-14 2020-08-28 北京安御道合科技有限公司 基于标识密码的云平台应用和数据安全处理方法、系统、存储介质、程序
CN111600948B (zh) * 2020-05-14 2022-11-18 北京安御道合科技有限公司 基于标识密码的云平台应用和数据安全处理方法、系统、存储介质、程序
CN112769557A (zh) * 2020-12-30 2021-05-07 北京宏思电子技术有限责任公司 嵌入式系统中加快sm9双线性对运算的实现方法及装置
CN112769556A (zh) * 2020-12-30 2021-05-07 北京宏思电子技术有限责任公司 嵌入式系统中加快sm9双线性对运算的实现方法及装置
CN112769556B (zh) * 2020-12-30 2022-08-19 北京宏思电子技术有限责任公司 嵌入式系统中加快sm9双线性对运算的实现方法及装置
CN112769557B (zh) * 2020-12-30 2022-10-18 北京宏思电子技术有限责任公司 嵌入式系统中加快sm9双线性对运算的实现方法及装置
CN113904768A (zh) * 2021-11-10 2022-01-07 福建师范大学 基于sm9密钥封装机制的在线离线解密方法
CN113904768B (zh) * 2021-11-10 2023-05-05 福建师范大学 基于sm9密钥封装机制的在线离线解密方法

Also Published As

Publication number Publication date
CN108418686B (zh) 2021-03-19
CN108418686A (zh) 2018-08-17

Similar Documents

Publication Publication Date Title
WO2019101134A1 (fr) Procédé de déchiffrement sm9 multi-distribué, support et procédé de génération de clé
CN111106936B (zh) 一种基于sm9的属性加密方法与系统
CN108173639B (zh) 一种基于sm9签名算法的两方合作签名方法
CN111740828B (zh) 一种密钥生成方法以及装置、设备、加解密方法
Odelu et al. Provably secure authenticated key agreement scheme for smart grid
WO2019214070A1 (fr) Procédé de chiffrement pour communication d'utilisateur sur une chaîne de blocs, appareil, dispositif de terminal et support de stockage
Seo et al. An efficient certificateless encryption for secure data sharing in public clouds
JP4527358B2 (ja) 鍵供託を使用しない、認証された個別暗号システム
US8429408B2 (en) Masking the output of random number generators in key generation protocols
CN107395368B (zh) 无介质环境中的数字签名方法及解封装方法与解密方法
US20210152370A1 (en) Digital signature method, device, and system
TWI760546B (zh) 用於高安全性高速資料加密及傳輸的電腦實施系統與方法
CN112564907B (zh) 密钥生成方法及装置、加密方法及装置、解密方法及装置
CN110535626B (zh) 基于身份的量子通信服务站保密通信方法和系统
US11528127B2 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN111010276A (zh) 一种多方联合sm9密钥生成、密文解密方法与介质
Liu Public-key encryption secure against related randomness attacks for improved end-to-end security of cloud/edge computing
CN111030801A (zh) 一种多方分布式的sm9密钥生成、密文解密方法与介质
TW202025666A (zh) 用於共享公共秘密之電腦實施系統及方法
CN110855425A (zh) 一种轻量级多方协同sm9密钥生成、密文解密方法与介质
WO2023184858A1 (fr) Procédé et appareil de génération d'horodatage, dispositif électronique et support de stockage
Yu et al. Blockchain-based distributed identity cryptography key management
CN116599659B (zh) 无证书身份认证与密钥协商方法以及系统
CA2742530C (fr) Masquage de la sortie des generateurs de nombres aleatoires dans les protocoles de generation de cles cryptographiques
CN114697001B (zh) 一种基于区块链的信息加密传输方法、设备及介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18881581

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18881581

Country of ref document: EP

Kind code of ref document: A1