WO2021057073A1 - Private key generation and use method, apparatus and device in asymmetric key - Google Patents

Private key generation and use method, apparatus and device in asymmetric key Download PDF

Info

Publication number
WO2021057073A1
WO2021057073A1 PCT/CN2020/093966 CN2020093966W WO2021057073A1 WO 2021057073 A1 WO2021057073 A1 WO 2021057073A1 CN 2020093966 W CN2020093966 W CN 2020093966W WO 2021057073 A1 WO2021057073 A1 WO 2021057073A1
Authority
WO
WIPO (PCT)
Prior art keywords
private key
user private
user
components
encryption
Prior art date
Application number
PCT/CN2020/093966
Other languages
French (fr)
Chinese (zh)
Inventor
潘无穷
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021057073A1 publication Critical patent/WO2021057073A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • This application relates to the field of data security technology, and in particular to a method, device and equipment for generating and using a private key in an asymmetric key.
  • the key has an extremely important position in a cryptographic system.
  • the encryption system only the user who has the legal key can perform the decryption operation; in the signature system, only the user who has the legal key can generate a valid signature.
  • the cryptosystem in use now consists of an algorithm and a key. Under the premise that the algorithm of the cryptosystem is public, the security of the cryptosystem completely depends on the security of the key.
  • digital signature and encryption and decryption technologies based on public key cryptography have been widely used in identity authentication, e-commerce and other fields, and become an important tool to ensure information security. Among them, the security of the key (private key) is to ensure these applications The foundation of security.
  • a hardware cryptographic module and/or a software cryptographic module can be used to protect the key.
  • hardware cryptographic modules are suitable for protecting key parts of important systems, and for other parts, software cryptographic modules are more suitable.
  • the application range of software cryptographic modules is wider.
  • cryptographic application scenarios are extremely wide. There are a large number of application scenarios that are not suitable for using hardware cryptographic modules. For example, mobile terminals cannot deploy hardware cryptographic modules due to size limitations; Internet Information Center due to the rapid deployment of products The hardware cryptographic module cannot be fully deployed due to the demand. Compared with traditional hardware cryptographic modules, software cryptographic modules have the advantages of low cost and easy deployment.
  • the software cryptographic module of the prior art can use distributed means to protect the key.
  • the key is divided into several components and stored in multiple different physical devices. Each cryptographic operation must be completed by the cooperation of these devices.
  • the limitation of these methods is that the key is scattered on multiple other devices that are connected to the user side, which has a high system construction cost, and when the key components stored on different devices are used, the difference between each storage device The interaction process between the two is complicated, the number of communication is numerous, and the communication cost is relatively high.
  • the embodiments of the present application provide a method, device, and equipment for generating and using a private key in an asymmetric key, which are used to ensure the security of the storage of the private key while reducing the amount of communication between servers when the private key is used. Communication interaction, reducing communication costs and reducing communication delays.
  • An embodiment of this specification provides a method for generating a private key in an asymmetric key, including: obtaining an asymmetric key generation request; generating a user private key according to the asymmetric key generation request, and the user private key includes Multiple user private key components; using a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components Using different predetermined encryption methods to encrypt; storing the multiple user private key component ciphertexts in the same device.
  • An embodiment of this specification provides a method for using a private key in an asymmetric key, including: obtaining more than a predetermined number of user private key component cipher texts from the same device, wherein the user private key component cipher text is based on the above Obtained by the asymmetric key generation method; using a predetermined decryption method to decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than a predetermined number, wherein the predetermined decryption The method corresponds to the encryption method used when the user private key component ciphertext to be decrypted is encrypted; the corresponding user private key component plaintext greater than a predetermined number is used to execute the target operation, wherein the predetermined number represents the The minimum number of user private key components required to perform the target operation among the plurality of user private key components.
  • the device for generating a private key in an asymmetric key includes: a request obtaining module, configured to obtain an asymmetric key generation request; and a generating module, configured to generate a request according to the asymmetric key, Generate a user private key, the user private key includes a plurality of user private key components; the encryption module is used to use a predetermined encryption method to encrypt the plurality of user private key components to obtain corresponding multiple user private key components Wherein at least two of the plurality of user private key components are encrypted by using different predetermined encryption methods; the storage module is used to store the ciphertext of the plurality of user private key components in the same device.
  • An apparatus for using a private key in an asymmetric key includes: a key acquisition module, which is used to obtain more than a predetermined number of user private key component ciphertexts from the same device, and the user private key component ciphertext The text is obtained according to the asymmetric key generation method described above; the decryption module is used to use a predetermined decryption algorithm to decrypt the cipher text of the user private key component greater than a predetermined number, and obtain the corresponding user private key greater than the predetermined number.
  • Key component plaintext wherein the predetermined decryption method corresponds to the predetermined decryption method used when the user private key component ciphertext to be decrypted is encrypted; the arithmetic module is used to use the corresponding user private key greater than a predetermined number
  • the component is plaintext for performing a target operation, wherein the predetermined number represents the number of user private key components required to perform the target operation among the plurality of user private key components.
  • the device for generating a private key in an asymmetric key includes: at least one processor; and a memory communicatively connected with the at least one processor; The instructions executed by the at least one processor, the instructions are executed by the at least one processor, so that the at least one processor can: obtain an asymmetric key generation request; generate an asymmetric key generation request according to the asymmetric key generation request; User private key, the user private key includes multiple user private key components; using a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein At least two of the multiple user private key components are encrypted using different predetermined encryption methods; and the multiple user private key components are stored in the same device in cipher text.
  • the device for using a private key in an asymmetric key includes: at least one processor; and a memory communicatively connected with the at least one processor; The instructions executed by the at least one processor, the instructions are executed by the at least one processor, so that the at least one processor can: obtain a user private key component ciphertext greater than a predetermined number from the same device, wherein the The user private key component ciphertext is obtained according to the asymmetric key generation method described above; the predetermined decryption method is used to decrypt the user private key component ciphertext greater than a predetermined number, and the corresponding user private key component cipher text greater than a predetermined number is obtained.
  • the predetermined decryption method corresponds to the encryption method used when the user private key component ciphertext to be decrypted is encrypted; using the corresponding user private key component plaintext greater than a predetermined number to perform the target operation , wherein the predetermined number represents the minimum number of user private key components required to perform the target operation among the plurality of user private key components.
  • a method for generating a private key in an asymmetric key is provided. Specifically, according to the obtained asymmetric key generation request, multiple user private key components are generated, and then different predetermined encryption algorithms are used to encrypt the multiple users
  • the private key component is used to obtain multiple user private key component ciphertexts, and then the multiple user private key component ciphertexts are stored in the same device.
  • the method uses re-encryption instead of realizing the protection of the private key components. Specifically, different components are used.
  • the encryption method is used to encrypt multiple user private key components, so that different decryption methods need to be used to decrypt different components, similar to storing the private key components separately on different devices, to achieve the purpose of risk dispersion. Therefore, since there is no need to use multiple physical devices to store the private key component, the construction cost of the private key protection system is reduced; and when the private key needs to be used, there is no need to communicate between multiple physical devices that store the private key component. Instead, the private key component is obtained in the same device. Under the condition of ensuring the security of the user's private key component, the communication overhead during the use of the private key is reduced, the communication cost is reduced, and the communication delay is also reduced.
  • Fig. 1 is a flowchart of a method for generating a private key in an asymmetric key provided by an embodiment of this specification
  • FIG. 2 is a schematic diagram of the principle of a method for generating a user's private key provided by an embodiment of this specification
  • FIG. 3 is a flowchart of a method for using a private key in an asymmetric key provided by an embodiment of this specification
  • FIG. 4 is a schematic diagram of the asymmetric key generation method provided by the embodiment of this specification.
  • Figure 5 is a schematic diagram of a method for digital signature using a private key provided by an embodiment of the specification
  • FIG. 6 is a sequence diagram of a digital signature verification process using an asymmetric key according to an embodiment of the specification
  • Fig. 7 is a schematic diagram of a method for decrypting information using a private key provided by an embodiment of the specification
  • FIG. 8 is a sequence diagram of a process of information encryption and decryption using an asymmetric key provided by an embodiment of this specification
  • FIG. 9 is a schematic structural diagram of a private key generating device in an asymmetric key corresponding to FIG. 1 provided by an embodiment of the specification;
  • FIG. 10 is a schematic structural diagram of a device for using a private key in an asymmetric key corresponding to FIG. 3 according to an embodiment of the specification;
  • FIG. 11 is a schematic structural diagram of a private key generating and using device in an asymmetric key provided by an embodiment of this specification.
  • the password module is a software and hardware module with security functions such as key protection and password calculation.
  • the software cryptographic module Compared with the traditional hardware cryptographic module, the software cryptographic module has a wider application range, and has the advantages of low cost and convenient deployment.
  • the current demand for software key protection is strong.
  • the software does not have an independent operating environment, once the operating system where the software is located is compromised, the attacker can obtain the software’s hard disk storage data, runtime memory, etc., through which sensitive information such as keys can generally be recovered.
  • the commonly used methods of protecting keys include threshold cipher algorithm and white box cipher algorithm.
  • Threshold cipher algorithm The threshold cipher algorithm is evolved on the basis of the secret sharing algorithm. (t,n) Secret sharing is to divide a secret into n parts, each in charge of n individuals, and at least t+1 participants can recover the secret. If you use a secret sharing method to keep the key, you can ensure the security of the key in the storage process, but the key still needs to be restored before it can be calculated during use, and the restored plaintext key may still be intercepted by an attacker . Threshold cryptographic algorithms can alleviate this problem. The biggest difference from the secret sharing algorithm is that the threshold cipher algorithm is still in the form of key components during the use of the key, and there is no need to recover the complete key.
  • the (t,n) threshold cryptographic algorithm is to split a private key into n parts, which are controlled by n individuals. At least t+1 participants can perform cryptographic operations based on the private key. Any t participants No information about the above results can be obtained, and no information about the private key and the components of the private key will be disclosed during the cryptographic operation.
  • the commonly used threshold cryptographic algorithm is an implementation of the standard cryptographic algorithm, which is equivalent to the standard cryptographic algorithm.
  • the white box cryptographic algorithm is a cryptographic algorithm that can ensure the security of the key in a white box attack environment.
  • the environment where the execution of the program is completely visible to the attacker is called the white box attack environment.
  • the white box cryptographic algorithm will be used in conjunction with the code obfuscation technology to further prevent attackers from recovering the key from the cryptographic algorithm.
  • the white-box cipher algorithm is to white-box the original key to obtain the white-box key.
  • the white-box key can exist in the form of a lookup table.
  • the original key is 16 bytes
  • the original key is white-boxed and becomes for example
  • the 300kB lookup table is equivalent to dispersing the 16-byte key in the 300kB data to achieve the effect of hiding.
  • white-box cryptographic algorithms only support symmetric cryptographic algorithms. This is because the implementation principles of symmetric cryptographic algorithms and asymmetric cryptographic algorithms are different, and there are technical obstacles to white-boxing asymmetric cryptographic algorithms.
  • the white box cryptographic algorithm design and implementation of SM4 algorithm shows an example of a white box cryptographic algorithm based on SM4, but the implementation of the white box cryptographic algorithm in the embodiments of the present application can be various and is not limited to
  • the SM4 algorithm for example, can also be based on various symmetric cryptographic algorithms such as the AES algorithm, the DES algorithm, and the 3DES algorithm, which is not specifically limited in this application.
  • Fig. 1 is a flowchart of a method for generating a private key in an asymmetric key provided by an embodiment of this specification. From a program point of view, the execution body of the process can be a program or an application client loaded on an application server.
  • the method for generating a private key in an asymmetric key includes the following steps:
  • the basic process of data encryption is to process the original plaintext file or data according to a certain algorithm to make it into a character or bit set that cannot be understood without decryption. It is usually called "ciphertext”. Achieve the purpose of protecting data from being stolen and read by unauthorized persons.
  • the reverse process of encryption is decryption, that is, the process of transforming the encoded information into its original data.
  • Encryption algorithms are divided into symmetric encryption algorithms and asymmetric encryption algorithms. Among them, the encryption and decryption keys of the symmetric encryption algorithm are the same, and the encryption key and the decryption key of the asymmetric encryption algorithm are different.
  • Asymmetric encryption algorithm also known as public key encryption algorithm. It requires two keys, called asymmetric keys, of which one is called a public key, that is, a public key, and the other is called a private key, that is, a private key. If the public key is used to encrypt the data, only the corresponding private key can be used to decrypt it. If the private key is used to encrypt the data, only the corresponding public key can be used to decrypt it. For example, Party A generates a pair of keys and discloses one of them as a public key to others. Party B who obtains the public key uses the public key to encrypt the confidential information before sending it to Party A, and Party A uses its own Another private key (private key) is stored to decrypt the encrypted information.
  • asymmetric keys of which one is called a public key, that is, a public key, and the other is called a private key, that is, a private key.
  • the asymmetric key generation request is obtained, that is, a request to generate a private key and a public key is obtained.
  • the obtaining of an asymmetric key generation request may refer to obtaining a request for instructing to generate a private key and a corresponding public key.
  • S120 Generate a user private key according to the asymmetric key generation request, where the user private key includes multiple user private key components.
  • a (t, n) secret sharing or (t, n) threshold cryptographic algorithm can be used to generate multiple user private key components. For example, if (t,n) secret sharing is used, the user private key plaintext is generated first, and then the user private key plaintext is split into n copies. At least t+1 components are required to recover the original user private key Plaintext. For example, if the (t, n) threshold cryptographic algorithm is used, n user private key components are directly generated as the user private key, and at least t+1 components of them can participate in the cryptographic operation based on the user private key.
  • the user's private key plaintext is neither generated nor restored when used, that is, the user's private key does not appear in complete plaintext from beginning to end, but exists in the form of key components.
  • using the (t, n) threshold cryptographic algorithm to generate the user private key is more secure.
  • the (t, n) threshold cryptographic algorithm is used to directly generate the user private key component as the user private key.
  • generating the user private key according to the asymmetric key generation request specifically includes: generating the user private key by using an asymmetric threshold cryptographic algorithm according to the asymmetric key generation request.
  • the use of an asymmetric threshold cryptographic algorithm to generate a user private key may specifically include: generating a user private key according to a threshold cryptographic algorithm based on a standard asymmetric cryptographic algorithm.
  • the standard asymmetric cryptographic algorithm may be SM2 algorithm, ECC (Elliptic Curve Cryptography) algorithm, RSA algorithm or DSA (Digital Signature Algorithm, digital signature algorithm), but is not limited to this.
  • the user private key can be generated according to the SM2-based (t, n) threshold cryptographic algorithm.
  • the user private key can include n user private key components, and any t+1 components can be used directly to achieve The function of the user's private key.
  • t+1 components can be used directly to perform cryptographic operations based on the private key, that is to say, there is no need to recover the user's private key plaintext in this process, but in the form of private key components Perform cryptographic calculations. Therefore, in the process of using the user's private key, only the private key component will actually appear, instead of the complete user's private key that is transferred and used in the memory. This solves the problem that the complete user's private key exists in the memory. The problem increases the difficulty for the attacker to obtain the plaintext of the user’s private key.
  • S130 Use a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components use different predetermined Encryption method to encrypt.
  • the predetermined encryption algorithm may be any known standard symmetric encryption algorithm or its improved algorithm, for example, SM4 algorithm, AES (Advanced Encryption Standard, Advanced Encryption Standard) algorithm, DES (Data Encryption Standard, data encryption standard) ) Algorithm, 3DES (Triple DES, Triple Data Encryption Standard) algorithm or their improved algorithm, but not limited to this.
  • the key used in the encryption process of the predetermined encryption method may include a fixed character string, a random character string, user terminal device information, or a combination thereof, and a white box key may also be used, but is not limited to this.
  • At least two of the plurality of user private key components are encrypted using different predetermined encryption methods, which means that all the components of the plurality of user private key components are encrypted in different ways.
  • the advantage of this scheme is that when an attacker wants to recover the user's private key component plaintext through the user's private key component ciphertext, he cannot crack all ciphertexts by one method, which increases the number of users who can be cracked by the attacker. The difficulty of the private key component in plaintext.
  • S140 Store the multiple user private key component ciphertexts in the same device.
  • the user private key component ciphertext is stored on the same device.
  • the advantage of this setting is that when the user private key component needs to be used for cryptographic operations, it only needs to be obtained and decrypted on the same device to meet the predetermined number
  • the user component ciphertext without the need for communication interaction between the servers, reduces the communication overhead of the system, and avoids the communication delay caused by this.
  • the same device may be a device that generates the user's private key component, or may be a device different from the device that generates the user's private key component.
  • the device storing the cipher text of the user private key component may be a user terminal device that is in communication with the server.
  • the device storing the cipher text of the private key component may be the user terminal.
  • the storing the plurality of user private key component ciphertexts in the same device may specifically include: storing the plurality of user private key component ciphertexts in a device that requires the use of the user private key in.
  • the device that requires the use of the user's private key may be a user terminal, specifically, a terminal device such as a payment machine, an IOT device (Internet of Things device), and a mobile phone.
  • a terminal device such as a payment machine, an IOT device (Internet of Things device), and a mobile phone.
  • IOT device Internet of Things device
  • the terminal device is inconvenient to directly connect with the physical device as the server, and if it is connected through the cloud, in the process of using the private key, a large data communication overhead will be generated, and there will be a communication delay.
  • This application directly stores the private key components of each user on the user terminal. On the one hand, it reduces the communication overhead between servers when using the private key, and on the other hand, it reduces the user’s need to obtain the private key from the cloud when using the private key.
  • the communication overhead between the terminal and the cloud server reduces the communication delay.
  • the user private key component ciphertext can be stored in different storage areas in the user terminal memory, and each storage area can store at least one user private key component ciphertext.
  • each storage area can store at least one user private key component ciphertext.
  • the private key is divided into multiple private key components and stored on multiple servers that are in communication with the user terminal.
  • the user terminal needs to use the private key, it is necessary to store the private key components on the user terminal and the server and each For multiple communications between servers, the communication overhead is high and communication delays are prone to occur.
  • This application provides a method for generating a private key in an asymmetric key. Specifically, according to the obtained asymmetric key generation request, multiple user private key components are generated, and then different predetermined encryption algorithms are used to encrypt the multiple Multiple user private key components to obtain multiple user private key component ciphertexts, and then store the multiple user private key component ciphertexts in the same device.
  • the method uses re-encryption instead of realizing the protection of the private key components.
  • different components are used.
  • the encryption method is used to encrypt multiple user private key components, so that different decryption methods need to be used to decrypt different components, similar to storing the private key components separately on different devices, to achieve the purpose of risk dispersion. Therefore, since there is no need to use multiple physical devices to store the private key component, the construction cost of the private key protection system is reduced; and when the private key needs to be used, there is no need to communicate between multiple physical devices that store the private key component. Instead, the private key component is obtained through different decryption methods in the same device. Under the condition of ensuring the security of the user's private key component, the communication overhead during the use of the private key is reduced, the communication cost is reduced, and the communication delay is also reduced.
  • the embodiments of this specification also provide some specific implementation schemes of the private key generation method in the above-mentioned asymmetric key, which will be described below.
  • the threshold cryptographic algorithm can ensure that the key is always present in components during the process of key generation and use, and is generally divided into 3 to 5 key components, so that the attacker cannot obtain a complete key in one place.
  • the shortcoming of the threshold cipher algorithm is that the number of keys to be dispersed is limited. Once an attacker obtains more than a predetermined number of key components, the key can be recovered. In contrast, the keys of the white box cipher algorithm are completely dispersed in the algorithm realization process, and the degree of dispersion is much higher than that of the threshold cipher algorithm. Even for some white box cryptographic algorithms, even if an attacker obtains all the key scattered information, he cannot recover the key.
  • using a predetermined encryption method to encrypt the multiple user private key components may specifically include: using a white box encryption algorithm to perform the encryption on the multiple user private key components encryption.
  • the white box cryptographic algorithm can include the white box encryption algorithm used for encryption and the corresponding white box decryption algorithm used for decryption. Its purpose is to protect the key in the white box attack environment and prevent attackers from executing the cryptographic software. Extract the key information from.
  • White-box cryptographic algorithm can refer to a new algorithm that can resist attacks in a white-box attack environment, or it can refer to a pure white-box design based on an existing cryptographic algorithm.
  • the white-box encryption algorithm based on the standard symmetric encryption algorithm that is, based on the existing standard symmetric encryption algorithm, is designed through white-box cipher technology, and certain characteristics of the algorithm are used to hide the key, making the white-box attack Under the environment, the function of the original algorithm is not changed, but the security in the white box attack environment can be achieved, and the security of the original algorithm is not damaged.
  • the commonly used white box cipher algorithm is an implementation of the standard cipher algorithm, which is equivalent to the standard cipher algorithm, that is, for the same plaintext, the ciphertext generated by the standard symmetric encryption algorithm and the corresponding white box encryption algorithm Consistent.
  • said adopting a white box encryption algorithm to encrypt the plurality of user private key components may specifically include: adopting a white box encryption algorithm based on a standard symmetric encryption algorithm to perform encryption on the plurality of user private key components encryption.
  • the standard symmetric encryption algorithm may be SM4 algorithm, AES algorithm, DES algorithm or 3DES algorithm, but it is not limited thereto.
  • the attacker can use the same method to break all the key components.
  • different white box encryption algorithms can be used to protect different key components, so that the degree of protection of the key components is strengthened, and the difficulty for an attacker to break through multiple threshold key components is increased.
  • At least two of the plurality of user private key components are encrypted using different predetermined encryption methods, which may specifically include: for any user private key component in a user private key, using the same
  • the other user private key components in the one user private key component are encrypted with different white box encryption algorithms.
  • n different white box encryption algorithms can be used to respectively encrypt the n user private key components, where one user private key component uses a white box
  • the encryption algorithm is used for encryption, and different user private key components use different white box encryption algorithms.
  • the different white box encryption algorithms may be white box encryption algorithms constructed using different white box methods.
  • different white box cipher design methods can be used to design the white box encryption algorithm, for example, a look-up table method, a method of inserting a scrambled item, a method of multivariate cipher, etc. can be used.
  • the main idea of the look-up table method is: for a cryptographic algorithm, given a specific key, the mapping from plaintext to ciphertext is determined, and then the mapping from plaintext to ciphertext is scrambled and encrypted, The subsequent mapping is expressed in the form of a look-up table, and finally, the execution process of the cryptographic algorithm is realized through the look-up table.
  • the different white box encryption algorithms may be white box encryption algorithms constructed based on different standard symmetric encryption algorithms.
  • SM4 white box encryption algorithm AES white box encryption algorithm, DES white box encryption algorithm, etc.
  • the SM4 white-box encryption algorithm can be a white-box design based on the original SM4 algorithm.
  • the SM4 algorithm has a packet length of 128 bits and a key length of 128 bits, using 32 rounds of non-linear iteration results, and the decryption process
  • the structure is similar to the encryption process, but the order of using the round keys is reversed.
  • the key information of the SM4 white box encryption algorithm is hidden in the lookup table, and the security of the algorithm lies in the difficulty of analyzing the key information from the lookup table or recovering the input and output codes.
  • the different white box encryption algorithms may be white box encryption algorithms based on the same standard encryption algorithm but using different design parameters. For example, all can be based on the SM4 white box encryption algorithm, but in the white box implementation process, a different number of lookup tables can be used, different system parameters and/or fixed parameters can be used, and/or different white box keys can be used .
  • the key obtained by dispersing the original key used for encryption and decryption in the standard cryptographic algorithm is called the white box key.
  • a white box key refers to a key used for encryption or decryption in a white box environment. The white box key carries the information of the original key and replaces the original key to complete the function of encryption and decryption.
  • the white box key needs to be performed in a secure environment to ensure the security of the white box key and the original key.
  • the white box key can be generated in the server, and then the white box key and the algorithm program are packaged and transmitted to the terminal device for encrypting the user's private key component, that is, the white box key.
  • the key generation environment is different from its use environment to ensure the security of the original key used to generate the white box key.
  • each threshold key component has a different person in charge, so as to achieve the effect of risk dispersion; analogously, in the embodiment of this application, although each threshold component is equalized in order to reduce communication interaction It is stored in a communication terminal (for example, the user terminal), and at the same time, different white box cryptographic algorithms and/or white box keys can be used for protection through each threshold key component, so as to achieve a certain degree of risk dispersion effect.
  • the method for generating a private key in the aforementioned asymmetric key may further include: obtaining another asymmetric key generation request; generating another user private key according to the another asymmetric key generation request,
  • the other user private key includes multiple user private key components; for any user private key component in the another user private key, the same one used for one user private key component in the one user private key is used
  • the white box encryption algorithm is used for encryption, and each user private key component in the other user private key adopts a different white box encryption algorithm.
  • the number of user private key components in the other user private key is the same as the number of user private key components in the one user private key.
  • each user private key may include n user private key components, and the (m, n)th user private key component may be used to represent the m-th user private key.
  • the n-th user private key component; the p-th white-box encryption algorithm among n different white-box encryption algorithms can be used for the (1, p)-th user private key component to the (m, p)-th user private key component Encryption; where m and n are positive integers, p is a positive integer not greater than n, and take any value from 1 to n for p, and perform the above encryption method.
  • n different white box encryption algorithms can be used to perform all the user private key components of the user private key. Encryption, n groups of user private key component ciphertexts are obtained; the m user private key component ciphertexts in each group of user private key component ciphertexts respectively correspond to a private key component in each user's private key.
  • Fig. 2 is a schematic diagram of the principle of a method for generating a user private key provided by an embodiment of this specification.
  • each user private key can be split into n components
  • the private key component mn in Figure 2 is the (m, n)th above.
  • the user private key component is used to represent the nth component of the m user private keys.
  • the second private key component in user private key 1 can be represented by private key component 1-2.
  • the names of the private key component 1-1, the private key component 1-2, and the private key component 1-3 in the private key 1 are only for the purpose of distinguishing, to illustrate that there are multiple different in the private key 1.
  • the component is not intended to constitute a restriction on each component, and its naming method is not limited to this.
  • n different white box encryption algorithms may be used to encrypt all user private key components.
  • the n white box encryption algorithms may be based on the same standard symmetric encryption algorithm, but use different white box keys.
  • they may all be based on the SM4 standard encryption algorithm, but use different original keys for encryption, that is, use different white box keys for encryption.
  • Figure 2 shows a situation where different white box keys are used to encrypt each private key component in a user's private key.
  • a white box key equivalent to the number of private key components of each user’s private key can be used to encrypt the corresponding private key component, so that all private key components in the user’s private key are mutually exclusive.
  • the white box key is different.
  • p can be 1, 2 and 3.
  • p 1, that is, the first white box encryption algorithm among the three white box encryption algorithms is used to encrypt the private key component 1-1 in the private key 1;
  • p 2 that is, three white box encryption algorithms are used.
  • the second white-box encryption algorithm in the algorithm encrypts the private key component 1-2 in the private key 1;
  • the private key components 1-3 in are encrypted.
  • each user private key can include With 3 private key components, 3 white box encryption algorithms can be used to encrypt these 3 components; p can be 1, 2, and 3.
  • p 1, that is, the first white-box encryption algorithm among the three white-box encryption algorithms is used, and the private key component 1-1 in the private key 1, the private key component 2-1 in the private key 2, and the private key
  • the private key component 3-1 in the key 3 and the private key component 4-1 in the private key 4 are encrypted
  • the private key component 1-2 in the private key 2, the private key component 2-2 in the private key 3, the private key component 3-2 in the private key 3, and the private key component 4-2 in the private key 4 are encrypted
  • p 3 That is, the third white-box encryption algorithm among the three white-box encryption algorithms is used to compare the private key components 1-3 in the private key 1, the private key components 2-3 in the private key 2, and the private key in the private key 3.
  • Component 3-3, private key component 4-3 in private key 4 are encrypted.
  • the white box key is usually used as the service key to encrypt the service data, that is, the service key is bound to the white box, which makes it difficult to update the service key. Specifically, when the service key needs to be updated, the white box key must be updated. In addition, if different white box keys are used to protect different business data, a white box key equivalent to the number of business data is required, and the white box key file is usually large, which will take up more storage. space.
  • the key management system needs to store 100 white box keys, which will occupy more storage space; and when When the service key needs to be updated, the corresponding white box key needs to be updated.
  • the white box key is used to encrypt and protect the user key components, instead of using the white box key to directly protect user data.
  • the white box key in this application is used to encrypt business data
  • the white box key is used to encrypt and protect the components of the user key.
  • this application uses a white box key to encrypt the key components. The number of white box keys used is small and the storage space is small.
  • a user key has 3 key components, and each The components are encrypted using different white box keys. Only 3 white box keys need to be stored in the key management system; assuming that there are 100 business data to be encrypted, 100 user keys are used correspondingly, and each user password
  • the key includes 3 key components, and the three components of each user key are respectively encrypted using the aforementioned 3 white box keys.
  • a new method for protecting asymmetric keys is proposed, that is, the white box encryption technology is applied to private key protection.
  • This application combines the threshold cipher algorithm and the white box cipher algorithm, and takes advantage of the flexible key update of the threshold cipher algorithm and the high degree of key dispersion of the white box cipher algorithm to design a brand new key protection technology. Compared with the traditional threshold cipher scheme, this scheme strengthens the security of key storage through the use of white box cipher algorithm; and through the use of different white box keys/algorithms, it achieves a certain degree of risk dispersion effect.
  • This scheme combines the threshold cipher algorithm and the white box cipher algorithm, and proposes a new software key protection method, which overcomes the shortcomings of weak protection of the threshold cipher algorithm key component and the inconvenience of the white box cipher key update and mass use. Both sex and convenience have been improved.
  • the key is first dispersed through a threshold algorithm, and then encrypted through the white box.
  • the solution includes at least two kinds of keys-user key and white box key.
  • the user key is used to protect user data in the form of a threshold component
  • the white box key is used to encrypt and protect the user. Key component.
  • the white box key is not used to directly protect user data. This is also the difference between our use of the white box key in the past.
  • different white box keys/algorithms are used for protection through different threshold components, which makes the protection of threshold components diversified and achieves a certain degree of risk dispersion effect.
  • the embodiment of this specification also provides a method for using an asymmetric key corresponding to the method for generating a private key in the asymmetric key.
  • Fig. 3 is a flowchart of a method for using a private key in an asymmetric key provided by an embodiment of this specification. From a program point of view, the execution body of the process can be a program or an application client loaded on an application server.
  • the method for using an asymmetric key may include the following steps:
  • S210 Obtain a user private key component ciphertext greater than a predetermined number from the same device, the user private key component ciphertext obtained according to the private key generation method in the aforementioned user asymmetric key.
  • the user's asymmetric key usage method and the execution subject of the generation method may be the same or different.
  • the user's private key can be generated on the client, and the user's private key can be used for cryptographic operations on the client.
  • the acquisition of more than a predetermined number of user private key component ciphertexts from the same device may be obtained from a device different from the user private key using terminal, or it may be obtained from the user private key component ciphertext.
  • S220 Use a predetermined decryption method to decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than a predetermined number, wherein the predetermined decryption method is encrypted with the user private key component to be decrypted. Corresponds to the predetermined encryption method used when the text is encrypted.
  • the predetermined decryption method may be a white box decryption algorithm, specifically, a white box decryption algorithm corresponding to the white box encryption algorithm used when the user key component is encrypted. More specifically, when the white box encryption algorithm is a white box encryption algorithm based on SM4, the corresponding white box decryption algorithm based on SM4 is used for decryption. More specifically, the white box encryption key used in encryption can be obtained by dispersing the original key in the implementation of the SM4 encryption algorithm, and the white box decryption key used in decryption can be obtained by dispersing the original key in the SM4 decryption algorithm. Obtained during the implementation process, where the original keys used for encryption and decryption are the same, and the SM4 encryption algorithm corresponds to the SM4 decryption algorithm.
  • the predetermined number represents the minimum number of user private key components required to perform the target operation among the plurality of user private key components.
  • the (t, n) threshold encryption algorithm if the key is divided into n shares, t+1 shares of the key can be used for cryptographic operations.
  • the corresponding user private key component plaintext greater than a predetermined number is used to perform the target operation.
  • the user private key component plaintext is not used to generate complete Instead of directly using multiple user private key components in plaintext to perform cryptographic operations, such as digital signatures, information decryption, etc.
  • the advantage of this scheme is that in the process of using the private key, it always exists in the form of the key component, and the complete user private key plaintext will not appear in the memory, that is, the user is always protected in the form of the user private key component.
  • the private key makes it impossible for an attacker to directly obtain the user's private key by cracking the private key use process, which improves the security of the user's private key during use.
  • the method further includes: generating a user public key based on the multiple user private key components; The user’s public key.
  • Fig. 4 is a schematic diagram of the asymmetric key generation method provided by the embodiment of the specification.
  • the asymmetric key includes a corresponding private key and public key. After the user's private key is split into multiple components, each component is encrypted using a white box encryption algorithm to obtain the user's private key component ciphertext, and then store it.
  • the use of the corresponding plaintext of user private key components greater than a predetermined number to perform the target operation may specifically include: using the greater than a predetermined number of users
  • the private key component is signed in plain text, and the signature result is obtained.
  • Fig. 5 is a schematic diagram of a method for digital signature using a private key provided by an embodiment of the specification. Specifically, when it is necessary to use the private key for digital signature, obtain the private key component ciphertext greater than a predetermined number from the data storage location, and decrypt the private key component ciphertext using the corresponding white box decryption algorithm to obtain the corresponding private key Component plaintext, and then directly use the obtained private key component plaintext for digital signature, and get the signature result.
  • FIG. 6 is a sequence diagram of a digital signature verification process using an asymmetric key provided by an embodiment of the specification.
  • FIG. 7 shows a method of generating and using a private key at the first communicating party, for example, a method of generating and using a private key at a user terminal.
  • the private key and public key can also be generated on the server, then the private key is encrypted and stored in the user terminal, and the private key is used in the user terminal to perform cryptographic operations.
  • the process of using an asymmetric key for digital signature verification may specifically include: the first communicating party generates a user private key component and a user public key, and encrypts the user private key component to obtain a cipher text of the user private key component ; When it is necessary to use the private key to sign, the first communicating party decrypts the user private key component ciphertext greater than a predetermined number to obtain the corresponding user private key component plaintext greater than the predetermined number, and then uses the user who is greater than the predetermined number The private key component is in plain text and digitally signed.
  • the steps of the first communicating party broadcasting the public key and the second communicating party receiving the public key can be at any stage after the first communicating party generates the public key and before the second communicating party uses the public key, and is not limited to the steps shown in the figure. Timing shown.
  • the use of the corresponding plaintext of user private key components greater than a predetermined number to perform the target operation may specifically include: using the greater than a predetermined number of users
  • the private key component decrypts the information to be decrypted in plain text to obtain the decrypted result, where the information to be decrypted is information obtained after encryption using the user public key corresponding to the user private key.
  • Fig. 7 is a schematic diagram of a method for decrypting information using a private key provided by an embodiment of the specification. Specifically, when it is necessary to use the private key to decrypt the information encrypted by the corresponding public key, obtain the private key component ciphertext greater than a predetermined number from the data storage location, and use the corresponding white box decryption algorithm to decrypt the private key component Ciphertext, obtain the corresponding private key component plaintext, and then directly use the obtained private key component plaintext to decrypt the information, and obtain the decryption result.
  • FIG. 8 is a sequence diagram of a process of information encryption and decryption using an asymmetric key provided by an embodiment of the specification.
  • FIG. 8 shows a method of generating and using a private key at the first communicating party, for example, a method of generating and using a private key at a user terminal.
  • the private key and public key can also be generated on the server, then the private key is encrypted and stored in the user terminal, and the private key is used in the user terminal to perform cryptographic operations.
  • the process of using an asymmetric key to encrypt and decrypt information specifically includes: the first communicating party generates a user private key component and a user public key, and encrypts the user private key component to obtain a cipher text of the user private key component; And the first communicating party broadcasts the public key.
  • the second communicating party receives the public key broadcast by the first communicating party; when the second communicating party needs to send encrypted information to the first communicating party, the public key received from the first communicating party can be used.
  • the key encrypts the information; and sends the encrypted information to the first communicating party.
  • the first communicating party receives the encrypted information sent by the second communicating party, decrypting the stored user private key component ciphertext greater than a predetermined number to obtain the corresponding user private key greater than the predetermined number. Key component plaintext; and using the user private key component plaintext greater than a predetermined number to decrypt the encrypted information.
  • a threshold cryptographic algorithm is used for asymmetric key generation, and a private key is used for signature, decryption and other operations.
  • a threshold cryptographic algorithm is first used to generate multiple private key components, and then each threshold private key component is encrypted and stored using a white box cryptographic algorithm.
  • white box cryptographic algorithm When it is necessary to use the private key to perform operations, first use the white box key to decrypt the threshold private key component, and then use the threshold cryptographic algorithm to perform private key operations such as signature and decryption.
  • the solution of the present application just provides a stronger security guarantee during the key storage, and meets the security requirements very well. Specifically, when the key is stored, the key is protected by a threshold cipher algorithm and a white box cipher algorithm; when the key is used (in memory), the key is protected by a threshold cipher algorithm.
  • FIG. 9 is a schematic structural diagram of a private key generation device in an asymmetric key corresponding to FIG. 1 provided by an embodiment of the specification.
  • the asymmetric key generation device may include:
  • the request obtaining module 310 is used to obtain an asymmetric key generation request
  • the generating module 320 is configured to generate a user private key according to the asymmetric key generation request, where the user private key includes multiple user private key components;
  • the encryption module 330 is configured to use a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components Use different predetermined encryption methods to encrypt;
  • the storage module 340 is configured to store the ciphertexts of the multiple user private key components in the same device.
  • the generating module 320 is specifically configured to use an asymmetric threshold cryptographic algorithm to generate a user private key according to the asymmetric key generation request.
  • the encryption module 330 is specifically configured to use different white box encryption algorithms to encrypt the multiple user private key components.
  • the encryption module 330 is specifically configured to: for any user private key component in a user private key, use a white box encryption algorithm that is different from other user private key components in the user private key. encryption.
  • the encryption module 330 is specifically configured to: there are m user private keys, each user private key includes n user private key components, and the (m, n)th user private key component represents the mth user private key component.
  • the encryption algorithm encrypts the (1, p)-th user private key component to the (m, p)-th user private key component; where m and n are positive integers, and p is a positive integer not greater than n.
  • the storage module 340 is specifically configured to store the multiple user private key component ciphertexts in a device that has a use requirement for the user private key.
  • the storage module 340 may be a storage module in the user terminal.
  • the request obtaining module 310, the generating module 320, the encryption module 330, and the storage module 340 may all be provided in the user terminal.
  • multiple user private key components can be generated at the user terminal, and then the multiple user private key components can be encrypted and stored.
  • FIG. 10 is a schematic structural diagram of a private key using device in an asymmetric key corresponding to FIG. 3 provided by an embodiment of this specification.
  • the asymmetric key using device may include:
  • the key acquisition module 410 is configured to acquire more than a predetermined number of user private key component ciphertexts from the same device, and the user private key component ciphertext is generated according to the private key generation method in the above-mentioned asymmetric key;
  • the decryption module 420 is configured to use a predetermined decryption algorithm to decrypt the ciphertext of the user private key component greater than the predetermined number to obtain the corresponding user private key component plaintext greater than the predetermined number, wherein the predetermined decryption method corresponds to the user to be decrypted Corresponding to the predetermined decryption method used when the private key component ciphertext is encrypted;
  • the arithmetic module 430 is configured to use the corresponding plaintext of the user private key component greater than a predetermined number to perform the target calculation,
  • the predetermined number represents the number of user private key components required to execute the target operation among the plurality of user private key components.
  • the arithmetic module 430 is specifically configured to: use the user private key components greater than a predetermined number to sign in plain text to obtain a signature result.
  • the arithmetic module 430 is specifically configured to: decrypt the information to be decrypted in plaintext using the user private key component greater than a predetermined number to obtain a decryption result, wherein the information to be decrypted is used with the user's private key The information obtained after encryption of the user's public key corresponding to the key.
  • the embodiment of this specification also provides a device corresponding to the method of generating and using the private key in the above-mentioned asymmetric key.
  • FIG. 11 is a schematic structural diagram of a device for generating and/or using a private key in an asymmetric key according to an embodiment of the specification.
  • the device 500 may include:
  • At least one processor 510 and,
  • a memory 530 communicatively connected with the at least one processor; wherein,
  • the memory 530 stores instructions 520 executable by the at least one processor 510, and the instructions are executed by the at least one processor 510, so that the at least one processor 510 can:
  • a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components use different predetermined encryption methods To encrypt;
  • the ciphertexts of the multiple user private key components are stored in the same device.
  • the device 500 may include:
  • At least one processor 510 and,
  • a memory 530 communicatively connected with the at least one processor; wherein,
  • the memory 530 stores instructions 520 executable by the at least one processor 510, and the instructions are executed by the at least one processor 510, so that the at least one processor can:
  • a predetermined decryption method decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than a predetermined number, wherein the predetermined decryption method and the user private key component ciphertext to be decrypted are Corresponding to the encryption method used during encryption;
  • the predetermined number represents the minimum number of user private key components required to perform the target operation among the plurality of user private key components.
  • the devices, equipment, and methods provided in the embodiments of this specification are corresponding. Therefore, the devices and equipment also have beneficial technical effects similar to the corresponding methods. Since the beneficial technical effects of the methods have been described in detail above, they will not be omitted here. To repeat the beneficial technical effects of corresponding devices and equipment.
  • the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow).
  • hardware improvements for example, improvements in circuit structures such as diodes, transistors, switches, etc.
  • software improvements improvements in method flow.
  • the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure.
  • Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by the hardware entity module.
  • a programmable logic device for example, a Field Programmable Gate Array (Field Programmable Gate Array, FPGA)
  • PLD Programmable Logic Device
  • FPGA Field Programmable Gate Array
  • HDL Hardware Description Language
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • HDCal JHDL
  • Lava Lava
  • Lola MyHDL
  • PALASM RHDL
  • VHDL Very-High-Speed Integrated Circuit Hardware Description Language
  • Verilog Verilog
  • the controller can be implemented in any suitable manner.
  • the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as part of the memory control logic.
  • controllers in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application-specific integrated circuits, programmable logic controllers, and embedded logic.
  • the same function can be realized in the form of a microcontroller or the like. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
  • a typical implementation device is a computer.
  • the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
  • the embodiments of the present invention can be provided as a method, a system, or a computer program product. Therefore, the present invention may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • This application may be described in the general context of computer-executable instructions executed by a computer, such as a program module.
  • program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types.
  • This application can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Provided are a private key generation and use method, apparatus and device in an asymmetric key. The private key generation and use method in an asymmetric key comprises: acquiring an asymmetric key generation request; generating a user private key according to the asymmetric key generation request, wherein the user private key comprises a plurality of user private key components; encrypting the plurality of user private key components by using a pre-determined encryption method to obtain a plurality of corresponding user private key component ciphertexts, wherein at least two of the plurality of user private key components are encrypted by using different pre-determined encryption methods; and storing the plurality of user private key component ciphertexts in the same device.

Description

一种非对称密钥中的私钥生成和使用方法、装置和设备Method, device and equipment for generating and using private key in asymmetric key 技术领域Technical field
本申请涉及数据安全技术领域,尤其涉及一种非对称密钥中的私钥生成和使用方法、装置和设备。This application relates to the field of data security technology, and in particular to a method, device and equipment for generating and using a private key in an asymmetric key.
背景技术Background technique
密钥在一个密码系统中具有异常重要的地位。在加密系统中,只有掌握合法的密钥的用户才能执行解密操作;在签名系统中,只有掌握合法密钥的用户才能产生有效的签名。现在使用的密码体制由算法和密钥组成,在密码体制的算法公开的前提下,密码体制的安全性就完全依赖于密钥的安全性。目前,基于公钥密码学的数字签名和加解密技术已经广泛应用于身份认证、电子商务等领域,成为保证信息安全的重要工具,而其中,密钥(私钥)的安全性是保证这些应用安全的基础。The key has an extremely important position in a cryptographic system. In the encryption system, only the user who has the legal key can perform the decryption operation; in the signature system, only the user who has the legal key can generate a valid signature. The cryptosystem in use now consists of an algorithm and a key. Under the premise that the algorithm of the cryptosystem is public, the security of the cryptosystem completely depends on the security of the key. At present, digital signature and encryption and decryption technologies based on public key cryptography have been widely used in identity authentication, e-commerce and other fields, and become an important tool to ensure information security. Among them, the security of the key (private key) is to ensure these applications The foundation of security.
通常可以使用硬件密码模块和/或软件密码模块来保护密钥。一般来说,硬件密码模块适合于防护重要系统中的关键部分,除此之外的部分,更适合采用软件密码模块。软件密码模块的应用范围更广,目前密码应用场景极其广泛,有大量的应用场景不适合使用硬件密码模块,例如,移动终端由于体积限制而无法部署硬件密码模块;互联网信息中心由于产品的快速部署需求而无法全面部署硬件密码模块。与传统的硬件密码模块相比,软件密码模块具有成本低、部署方便的优点。Generally, a hardware cryptographic module and/or a software cryptographic module can be used to protect the key. Generally speaking, hardware cryptographic modules are suitable for protecting key parts of important systems, and for other parts, software cryptographic modules are more suitable. The application range of software cryptographic modules is wider. At present, cryptographic application scenarios are extremely wide. There are a large number of application scenarios that are not suitable for using hardware cryptographic modules. For example, mobile terminals cannot deploy hardware cryptographic modules due to size limitations; Internet Information Center due to the rapid deployment of products The hardware cryptographic module cannot be fully deployed due to the demand. Compared with traditional hardware cryptographic modules, software cryptographic modules have the advantages of low cost and easy deployment.
为了提高密钥保护的安全性,现有技术的软件密码模块可以使用分布式手段来保护密钥。具体地,将密钥分成若干个分量,分别存放在多个不同的物理设备中,每一个密码操作必须这些设备共同协作才能完成。这些方法的局限性在于,将密钥分散在与用户端通信连接的多个其他设备上,具有较高的系统建设成本,并且当使用存储在不同设备上的密钥分量时,各个存储设备之间的交互过程复杂、通信次数繁多、通讯成本较高。In order to improve the security of key protection, the software cryptographic module of the prior art can use distributed means to protect the key. Specifically, the key is divided into several components and stored in multiple different physical devices. Each cryptographic operation must be completed by the cooperation of these devices. The limitation of these methods is that the key is scattered on multiple other devices that are connected to the user side, which has a high system construction cost, and when the key components stored on different devices are used, the difference between each storage device The interaction process between the two is complicated, the number of communication is numerous, and the communication cost is relatively high.
发明内容Summary of the invention
有鉴于此,本申请实施例提供了一种非对称密钥中的私钥生成和使用方法、装置和设备,用于在保证私钥存储安全性的同时,减少私钥使用时服务器之间的通信交互,降低通讯成本,减少通讯延迟。In view of this, the embodiments of the present application provide a method, device, and equipment for generating and using a private key in an asymmetric key, which are used to ensure the security of the storage of the private key while reducing the amount of communication between servers when the private key is used. Communication interaction, reducing communication costs and reducing communication delays.
为解决上述技术问题,本说明书实施例是这样实现的:In order to solve the above technical problems, the embodiments of this specification are implemented as follows:
本说明书实施例提供的一种非对称密钥中的私钥生成方法,包括:获取非对称密钥生成请求;根据所述非对称密钥生成请求,生成用户私钥,所述用户私钥包括多个用户私钥分量;采用预定加密方法,对所述多个用户私钥分量进行加密,得到相应的多个用户私钥分量密文,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密;将所述多个用户私钥分量密文存储在同一设备。An embodiment of this specification provides a method for generating a private key in an asymmetric key, including: obtaining an asymmetric key generation request; generating a user private key according to the asymmetric key generation request, and the user private key includes Multiple user private key components; using a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components Using different predetermined encryption methods to encrypt; storing the multiple user private key component ciphertexts in the same device.
本说明书实施例提供的一种非对称密钥中的私钥使用方法,包括:从同一设备获取大于预定数量的用户私钥分量密文,其中,所述用户私钥分量密文是根据上文所述的非对称密钥生成方法得到的;采用预定解密方法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的加密方法相对应;使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的最低个数。An embodiment of this specification provides a method for using a private key in an asymmetric key, including: obtaining more than a predetermined number of user private key component cipher texts from the same device, wherein the user private key component cipher text is based on the above Obtained by the asymmetric key generation method; using a predetermined decryption method to decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than a predetermined number, wherein the predetermined decryption The method corresponds to the encryption method used when the user private key component ciphertext to be decrypted is encrypted; the corresponding user private key component plaintext greater than a predetermined number is used to execute the target operation, wherein the predetermined number represents the The minimum number of user private key components required to perform the target operation among the plurality of user private key components.
本说明书实施例提供的一种非对称密钥中的私钥生成装置,包括:请求获取模块,用于获取非对称密钥生成请求;生成模块,用于根据所述非对称密钥生成请求,生成用户私钥,所述用户私钥包括多个用户私钥分量;加密模块,用于采用预定加密方法,对所述多个用户私钥分量进行加密,得到相应的多个用户私钥分量密文,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密;存储模块,用于将所述多个用户私钥分量密文存储在同一设备。The device for generating a private key in an asymmetric key provided by an embodiment of this specification includes: a request obtaining module, configured to obtain an asymmetric key generation request; and a generating module, configured to generate a request according to the asymmetric key, Generate a user private key, the user private key includes a plurality of user private key components; the encryption module is used to use a predetermined encryption method to encrypt the plurality of user private key components to obtain corresponding multiple user private key components Wherein at least two of the plurality of user private key components are encrypted by using different predetermined encryption methods; the storage module is used to store the ciphertext of the plurality of user private key components in the same device.
本说明书实施例提供的一种非对称密钥中的私钥使用装置,包括:密钥获取模块,用于从同一设备获取大于预定数量的用户私钥分量密文,所述用户私钥分量密文是根据上文所述的非对称密钥生成方法得到的;解密模块,用于采用预定解密算法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的预定解密方法相对应;运算模块,用于使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的个数。An apparatus for using a private key in an asymmetric key provided by an embodiment of this specification includes: a key acquisition module, which is used to obtain more than a predetermined number of user private key component ciphertexts from the same device, and the user private key component ciphertext The text is obtained according to the asymmetric key generation method described above; the decryption module is used to use a predetermined decryption algorithm to decrypt the cipher text of the user private key component greater than a predetermined number, and obtain the corresponding user private key greater than the predetermined number. Key component plaintext, wherein the predetermined decryption method corresponds to the predetermined decryption method used when the user private key component ciphertext to be decrypted is encrypted; the arithmetic module is used to use the corresponding user private key greater than a predetermined number The component is plaintext for performing a target operation, wherein the predetermined number represents the number of user private key components required to perform the target operation among the plurality of user private key components.
本说明书实施例提供的一种非对称密钥中的私钥生成设备,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处 理器能够:获取非对称密钥生成请求;根据所述非对称密钥生成请求,生成用户私钥,所述用户私钥包括多个用户私钥分量;采用预定加密方法,对所述多个用户私钥分量进行加密,得到相应的多个用户私钥分量密文,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密;将所述多个用户私钥分量密文存储在同一设备。The device for generating a private key in an asymmetric key provided by an embodiment of this specification includes: at least one processor; and a memory communicatively connected with the at least one processor; The instructions executed by the at least one processor, the instructions are executed by the at least one processor, so that the at least one processor can: obtain an asymmetric key generation request; generate an asymmetric key generation request according to the asymmetric key generation request; User private key, the user private key includes multiple user private key components; using a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein At least two of the multiple user private key components are encrypted using different predetermined encryption methods; and the multiple user private key components are stored in the same device in cipher text.
本说明书实施例提供的一种非对称密钥中的私钥使用设备,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够:从同一设备获取大于预定数量的用户私钥分量密文,其中,所述用户私钥分量密文是根据上文所述的非对称密钥生成方法得到的;采用预定解密方法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的加密方法相对应;使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的最低个数。The device for using a private key in an asymmetric key provided by an embodiment of this specification includes: at least one processor; and a memory communicatively connected with the at least one processor; The instructions executed by the at least one processor, the instructions are executed by the at least one processor, so that the at least one processor can: obtain a user private key component ciphertext greater than a predetermined number from the same device, wherein the The user private key component ciphertext is obtained according to the asymmetric key generation method described above; the predetermined decryption method is used to decrypt the user private key component ciphertext greater than a predetermined number, and the corresponding user private key component cipher text greater than a predetermined number is obtained. Key component plaintext, wherein the predetermined decryption method corresponds to the encryption method used when the user private key component ciphertext to be decrypted is encrypted; using the corresponding user private key component plaintext greater than a predetermined number to perform the target operation , Wherein the predetermined number represents the minimum number of user private key components required to perform the target operation among the plurality of user private key components.
本说明书实施例采用的上述至少一个技术方案能够达到以下有益效果:The above at least one technical solution adopted in the embodiment of this specification can achieve the following beneficial effects:
提供了一种非对称密钥中的私钥生成方法,具体地,根据获取的非对称密钥生成请求,生成多个用户私钥分量,然后采用不同的预定加密算法,加密所述多个用户私钥分量以得到多个用户私钥分量密文,然后将所述多个用户私钥分量密文存储在同一设备中。该方法生成分散的用户私钥分量之后,不是将用户私钥的私钥分量分别存储在多个设备上,而是通过再次加密的方式来代替实现对私钥分量的保护,具体地,使用不同的加密方法来对多个用户私钥分量进行加密,使得需要通过不同的解密方法来解密不同的分量,类似于将私钥分量分开存储在不同设备上,实现了风险分散的目的。由此,由于无需使用多个物理设备来存储私钥分量,降低了私钥保护系统建设成本;并且,当需要使用私钥时,无需在存储私钥分量的多个物理设备之间进行通信,而是在同一设备中获得私钥分量,在保证用户私钥分量安全的情况下,减少了私钥使用过程中的通信开销,降低了通讯成本,也减少了通信延迟。A method for generating a private key in an asymmetric key is provided. Specifically, according to the obtained asymmetric key generation request, multiple user private key components are generated, and then different predetermined encryption algorithms are used to encrypt the multiple users The private key component is used to obtain multiple user private key component ciphertexts, and then the multiple user private key component ciphertexts are stored in the same device. After the method generates the scattered user private key components, instead of storing the private key components of the user private key on multiple devices, it uses re-encryption instead of realizing the protection of the private key components. Specifically, different components are used. The encryption method is used to encrypt multiple user private key components, so that different decryption methods need to be used to decrypt different components, similar to storing the private key components separately on different devices, to achieve the purpose of risk dispersion. Therefore, since there is no need to use multiple physical devices to store the private key component, the construction cost of the private key protection system is reduced; and when the private key needs to be used, there is no need to communicate between multiple physical devices that store the private key component. Instead, the private key component is obtained in the same device. Under the condition of ensuring the security of the user's private key component, the communication overhead during the use of the private key is reduced, the communication cost is reduced, and the communication delay is also reduced.
附图说明Description of the drawings
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described here are used to provide a further understanding of the application and constitute a part of the application. The exemplary embodiments and descriptions of the application are used to explain the application, and do not constitute an improper limitation of the application. In the attached picture:
图1为本说明书实施例提供的非对称密钥中的私钥生成方法的流程图;Fig. 1 is a flowchart of a method for generating a private key in an asymmetric key provided by an embodiment of this specification;
图2为本说明书实施例提供的用户私钥生成方法的原理示意图;2 is a schematic diagram of the principle of a method for generating a user's private key provided by an embodiment of this specification;
图3为本说明书实施例提供的非对称密钥中的私钥使用方法的流程图;3 is a flowchart of a method for using a private key in an asymmetric key provided by an embodiment of this specification;
图4为本说明书实施例提供的非对称密钥生成方法的原理图;FIG. 4 is a schematic diagram of the asymmetric key generation method provided by the embodiment of this specification;
图5为本说明书实施例提供的使用私钥进行数字签名的方法的原理图;Figure 5 is a schematic diagram of a method for digital signature using a private key provided by an embodiment of the specification;
图6为本说明书实施例提供的使用非对称密钥进行数字签名验证过程的时序图;FIG. 6 is a sequence diagram of a digital signature verification process using an asymmetric key according to an embodiment of the specification;
图7为本说明书实施例提供的使用私钥进行信息解密的方法的原理图;Fig. 7 is a schematic diagram of a method for decrypting information using a private key provided by an embodiment of the specification;
图8为本说明书实施例提供的使用非对称密钥进行信息加解密过程的时序图;FIG. 8 is a sequence diagram of a process of information encryption and decryption using an asymmetric key provided by an embodiment of this specification;
图9为本说明书实施例提供的对应于图1的一种非对称密钥中的私钥生成装置的结构示意图;FIG. 9 is a schematic structural diagram of a private key generating device in an asymmetric key corresponding to FIG. 1 provided by an embodiment of the specification;
图10为本说明书实施例提供的对应于图3的一种非对称密钥中的私钥使用装置的结构示意图;FIG. 10 is a schematic structural diagram of a device for using a private key in an asymmetric key corresponding to FIG. 3 according to an embodiment of the specification;
图11为本说明书实施例提供的一种非对称密钥中的私钥生成和使用设备的结构示意图。FIG. 11 is a schematic structural diagram of a private key generating and using device in an asymmetric key provided by an embodiment of this specification.
具体实施方式detailed description
为使本申请的目的、技术方案和优点更加清楚,下面将结合本申请具体实施例及相应的附图对本申请技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the objectives, technical solutions, and advantages of the present application clearer, the technical solutions of the present application will be described clearly and completely in conjunction with specific embodiments of the present application and the corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of the present application, rather than all the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
为了便于理解本申请实施例中提及的技术方案,下面先对本申请中涉及的若干技术术语进行简要说明。In order to facilitate the understanding of the technical solutions mentioned in the embodiments of the present application, a brief description of several technical terms involved in the present application will be given below.
软件密码模块:密码模块是具有密钥保护和密码计算等安全功能的软硬件模块。通常将采用软件保护密钥的模块叫做软件密码模块。由于与传统的硬件密码模块相比,软件密码模块应用范围更广,且具有成本低、部署方便的优点,当前的软件密钥保护需求强烈。与此同时,使用软件密码模块进行密钥保护困难重重。具体地,软件由于没有一个独立的运行环境,一旦软件所在的操作系统被攻陷,攻击者就能获得软件的硬盘存储数据、运行时内存等等,通过这些内容一般可以恢复出密钥等敏感信息。目前常用的保护密钥的方法有门限密码算法和白盒密码算法等。Software password module: The password module is a software and hardware module with security functions such as key protection and password calculation. Usually the module that uses the software protection key is called the software cryptographic module. Compared with the traditional hardware cryptographic module, the software cryptographic module has a wider application range, and has the advantages of low cost and convenient deployment. The current demand for software key protection is strong. At the same time, it is difficult to use software cryptographic modules for key protection. Specifically, because the software does not have an independent operating environment, once the operating system where the software is located is compromised, the attacker can obtain the software’s hard disk storage data, runtime memory, etc., through which sensitive information such as keys can generally be recovered. . At present, the commonly used methods of protecting keys include threshold cipher algorithm and white box cipher algorithm.
门限密码算法:门限密码算法是在秘密分享算法的基础上演化而来的。(t,n)秘密分享,是将一个秘密拆成n份,分别由n个人掌管,至少要t+1个参与者才能恢复秘密。如果使用秘密分享方法来保管密钥,可以保证密钥在存储过程中的安全,但是密钥在使用过程中仍然需要先恢复然后才能运算,而恢复出来的明文密钥仍有可能被攻击者截获。门限密码算法能够缓解这一问题。与秘密分享算法最大的不同是,门限密码算法在密钥的使用过程仍然以密钥分量的形式进行的,不需要恢复出完整密钥。具体地,(t,n)门限密码算法,是将一个私钥拆成n份,分别由n个人掌管,至少要t+1个参与者才能基于私钥进行密码运算,任何t个参与者都不能得到关于以上结果的任何信息,并且在密码运算过程中不泄露私钥和私钥分量的任何信息。另外,通常使用的门限密码算法是标准密码算法的一种实现方式,与标准密码算法是等价的。Threshold cipher algorithm: The threshold cipher algorithm is evolved on the basis of the secret sharing algorithm. (t,n) Secret sharing is to divide a secret into n parts, each in charge of n individuals, and at least t+1 participants can recover the secret. If you use a secret sharing method to keep the key, you can ensure the security of the key in the storage process, but the key still needs to be restored before it can be calculated during use, and the restored plaintext key may still be intercepted by an attacker . Threshold cryptographic algorithms can alleviate this problem. The biggest difference from the secret sharing algorithm is that the threshold cipher algorithm is still in the form of key components during the use of the key, and there is no need to recover the complete key. Specifically, the (t,n) threshold cryptographic algorithm is to split a private key into n parts, which are controlled by n individuals. At least t+1 participants can perform cryptographic operations based on the private key. Any t participants No information about the above results can be obtained, and no information about the private key and the components of the private key will be disclosed during the cryptographic operation. In addition, the commonly used threshold cryptographic algorithm is an implementation of the standard cryptographic algorithm, which is equivalent to the standard cryptographic algorithm.
白盒密码算法:白盒密码算法是能够在白盒攻击环境下保证密钥安全的密码算法,其中,将程序的执行对攻击者完全可见的环境称为白盒攻击环境。一般,白盒密码算法会配合代码混淆技术使用,进一步防止攻击者从密码算法中恢复出密钥。白盒密码算法是将原始密钥进行白盒化得到白盒密钥,白盒密钥可以以查找表的形式存在,假设原始密钥为16字节,将原始密钥白盒化之后成为例如300kB的查找表,也就相当于将16字节的密钥分散在300kB的数据中,以达到隐藏的效果。一般来说,白盒密码算法只支持对称密码算法,这是由于对称密码算法与非对称密码算法的实现原理不同,将非对称密码算法进行白盒化存在技术障碍。为了更清楚地了解白盒密码算法的原理,可以参考肖雅莹等在中国密码学会2009年会的论文“白盒密码及SM4算法的白盒实现”以及电子科技大学的尚培的硕士学位论文“SM4算法的白盒密码算法设计与实现”中示出的基于SM4的白盒密码算法的示例,但是本申请的实施例中白盒密码算法的实现方式可以是多种多样的,并不限于基于SM4算法,例如,也可以基于AES算法、DES算法、3DES算法等等各种对称密码算法,本申请对此并不作具体限定。White box cryptographic algorithm: The white box cryptographic algorithm is a cryptographic algorithm that can ensure the security of the key in a white box attack environment. The environment where the execution of the program is completely visible to the attacker is called the white box attack environment. Generally, the white box cryptographic algorithm will be used in conjunction with the code obfuscation technology to further prevent attackers from recovering the key from the cryptographic algorithm. The white-box cipher algorithm is to white-box the original key to obtain the white-box key. The white-box key can exist in the form of a lookup table. Assuming that the original key is 16 bytes, the original key is white-boxed and becomes for example The 300kB lookup table is equivalent to dispersing the 16-byte key in the 300kB data to achieve the effect of hiding. Generally speaking, white-box cryptographic algorithms only support symmetric cryptographic algorithms. This is because the implementation principles of symmetric cryptographic algorithms and asymmetric cryptographic algorithms are different, and there are technical obstacles to white-boxing asymmetric cryptographic algorithms. In order to have a clearer understanding of the principle of the white box cryptographic algorithm, you can refer to the paper "White box cryptography and SM4 algorithm white box realization" by Xiao Yaying and others at the 2009 Annual Conference of the Chinese Cryptographic Society, and the master's thesis of Shang Pei of the University of Electronic Science and Technology of China. The white box cryptographic algorithm design and implementation of SM4 algorithm shows an example of a white box cryptographic algorithm based on SM4, but the implementation of the white box cryptographic algorithm in the embodiments of the present application can be various and is not limited to The SM4 algorithm, for example, can also be based on various symmetric cryptographic algorithms such as the AES algorithm, the DES algorithm, and the 3DES algorithm, which is not specifically limited in this application.
以下结合附图,详细说明本申请各实施例提供的技术方案。The technical solutions provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.
图1为本说明书实施例提供的非对称密钥中的私钥生成方法的流程图。从程序角度而言,流程的执行主体可以为搭载于应用服务器的程序或应用客户端。Fig. 1 is a flowchart of a method for generating a private key in an asymmetric key provided by an embodiment of this specification. From a program point of view, the execution body of the process can be a program or an application client loaded on an application server.
如图1所示,根据实施例的非对称密钥中的私钥生成方法包括以下步骤:As shown in FIG. 1, the method for generating a private key in an asymmetric key according to an embodiment includes the following steps:
S110:获取非对称密钥生成请求。S110: Obtain an asymmetric key generation request.
数据加密的基本过程,就是对原来为明文的文件或数据按某种算法进行处理,使其 成为不经解密就无法理解的字符或比特集,通常称为“密文”,通过这样的途径来达到保护数据不被非法人窃取、阅读的目的。加密的逆过程为解密,即将该编码信息转化为其原来数据的过程。加密算法分对称加密算法和非对称加密算法,其中,对称加密算法的加密与解密密钥相同,非对称加密算法的加密密钥与解密密钥不同。The basic process of data encryption is to process the original plaintext file or data according to a certain algorithm to make it into a character or bit set that cannot be understood without decryption. It is usually called "ciphertext". Achieve the purpose of protecting data from being stolen and read by unauthorized persons. The reverse process of encryption is decryption, that is, the process of transforming the encoded information into its original data. Encryption algorithms are divided into symmetric encryption algorithms and asymmetric encryption algorithms. Among them, the encryption and decryption keys of the symmetric encryption algorithm are the same, and the encryption key and the decryption key of the asymmetric encryption algorithm are different.
非对称加密算法,又称为公开密钥加密算法。它需要两个密钥,称为非对称密钥,其中,一个称为公开密钥(public key),即公钥,另一个称为私有密钥(private key),即私钥。如果使用公钥对数据进行加密,只有用对应的私钥才能进行解密。如果使用私钥对数据进行加密,只有用对应的公钥才能进行解密。例如,甲方生成一对密钥并将其中的一把作为公钥向其它人公开,得到该公钥的乙方使用该公钥对机密信息进行加密后再发送给甲方,甲方再使用自己保存的另一把专用密钥(私钥),对加密后的信息进行解密。Asymmetric encryption algorithm, also known as public key encryption algorithm. It requires two keys, called asymmetric keys, of which one is called a public key, that is, a public key, and the other is called a private key, that is, a private key. If the public key is used to encrypt the data, only the corresponding private key can be used to decrypt it. If the private key is used to encrypt the data, only the corresponding public key can be used to decrypt it. For example, Party A generates a pair of keys and discloses one of them as a public key to others. Party B who obtains the public key uses the public key to encrypt the confidential information before sending it to Party A, and Party A uses its own Another private key (private key) is stored to decrypt the encrypted information.
根据实施例,所述获取非对称密钥生成请求,即,获取生成私钥和公钥的请求。根据实施例,所述获取非对称密钥生成请求可以指获取用于指示生成私钥和相应公钥的请求。According to an embodiment, the asymmetric key generation request is obtained, that is, a request to generate a private key and a public key is obtained. According to an embodiment, the obtaining of an asymmetric key generation request may refer to obtaining a request for instructing to generate a private key and a corresponding public key.
S120:根据所述非对称密钥生成请求,生成用户私钥,所述用户私钥包括多个用户私钥分量。S120: Generate a user private key according to the asymmetric key generation request, where the user private key includes multiple user private key components.
可选地,可以采用(t,n)秘密分享或(t,n)门限密码算法来生成多个用户私钥分量。例如,如果采用(t,n)秘密分享,则先生成用户私钥明文,然后将该用户私钥明文拆分为n份,至少需要其中的t+1个分量可以恢复出初始的用户私钥明文。例如,如果采用(t,n)门限密码算法,直接生成n个用户私钥分量作为用户私钥,其中的至少t+1个分量参与可以实现基于该用户私钥的密码运算,在这一过程中,既不生成用户私钥明文,使用时也无需恢复出用户私钥明文,即用户私钥自始至终都未曾出现完整的明文,而是以密钥分量的形式存在。显然,使用(t,n)门限密码算法生成用户私钥的安全性更高,在本申请中,优选地,使用(t,n)门限密码算法来直接生成用户私钥分量作为用户私钥。Optionally, a (t, n) secret sharing or (t, n) threshold cryptographic algorithm can be used to generate multiple user private key components. For example, if (t,n) secret sharing is used, the user private key plaintext is generated first, and then the user private key plaintext is split into n copies. At least t+1 components are required to recover the original user private key Plaintext. For example, if the (t, n) threshold cryptographic algorithm is used, n user private key components are directly generated as the user private key, and at least t+1 components of them can participate in the cryptographic operation based on the user private key. In this process In, the user's private key plaintext is neither generated nor restored when used, that is, the user's private key does not appear in complete plaintext from beginning to end, but exists in the form of key components. Obviously, using the (t, n) threshold cryptographic algorithm to generate the user private key is more secure. In this application, preferably, the (t, n) threshold cryptographic algorithm is used to directly generate the user private key component as the user private key.
根据实施例,所述根据所述非对称密钥生成请求,生成用户私钥,具体包括:根据所述非对称密钥生成请求,采用非对称门限密码算法,生成用户私钥。According to an embodiment, generating the user private key according to the asymmetric key generation request specifically includes: generating the user private key by using an asymmetric threshold cryptographic algorithm according to the asymmetric key generation request.
根据实施例,所述采用非对称门限密码算法,生成用户私钥,具体可以包括:根据基于标准非对称密码算法的门限密码算法,生成用户私钥。其中,所述标准非对称密码算法可以是SM2算法、ECC(Elliptic Curves Cryptography,椭圆曲线密码编码学)算法、 RSA算法或DSA(Digital Signature Algorithm,数字签名算法),但是不限于此。According to an embodiment, the use of an asymmetric threshold cryptographic algorithm to generate a user private key may specifically include: generating a user private key according to a threshold cryptographic algorithm based on a standard asymmetric cryptographic algorithm. Wherein, the standard asymmetric cryptographic algorithm may be SM2 algorithm, ECC (Elliptic Curve Cryptography) algorithm, RSA algorithm or DSA (Digital Signature Algorithm, digital signature algorithm), but is not limited to this.
可选地,可以根据基于SM2的(t,n)门限密码算法,生成用户私钥,所述用户私钥可以包括n个用户私钥分量,使用其中的任意t+1个分量就可以直接实现用户私钥的功能。具体地,当使用用户私钥时,可以直接使用t+1个分量来基于私钥进行密码运算,也就是说,在这个过程中无需恢复出用户私钥明文,而是以私钥分量的形式进行密码运算。由此,在用户私钥的使用过程中,实际上只会出现私钥分量,而不会出现在内存中传递并使用的完整的用户私钥,这解决了完整用户私钥存在于内存之中的问题,增加了攻击者获取用户私钥明文的难度。Optionally, the user private key can be generated according to the SM2-based (t, n) threshold cryptographic algorithm. The user private key can include n user private key components, and any t+1 components can be used directly to achieve The function of the user's private key. Specifically, when the user's private key is used, t+1 components can be used directly to perform cryptographic operations based on the private key, that is to say, there is no need to recover the user's private key plaintext in this process, but in the form of private key components Perform cryptographic calculations. Therefore, in the process of using the user's private key, only the private key component will actually appear, instead of the complete user's private key that is transferred and used in the memory. This solves the problem that the complete user's private key exists in the memory. The problem increases the difficulty for the attacker to obtain the plaintext of the user’s private key.
S130:采用预定加密方法,对所述多个用户私钥分量进行加密,得到相应的多个用户私钥分量密文,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密。S130: Use a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components use different predetermined Encryption method to encrypt.
具体地,所述预定加密算法,可以是任何已知的标准对称加密算法或其改进算法,例如,SM4算法、AES(Advanced Encryption Standard,高级加密标准)算法、DES(Data Encryption Standard,数据加密标准)算法、3DES(Triple DES,三重数据加密标准)算法或它们的改进算法,但是不限于此。所述预定加密方法的加密过程使用的密钥可以包括固定字符串、随机字符串、用户终端设备信息或者它们的组合,也可以使用白盒密钥,但是不限于此。Specifically, the predetermined encryption algorithm may be any known standard symmetric encryption algorithm or its improved algorithm, for example, SM4 algorithm, AES (Advanced Encryption Standard, Advanced Encryption Standard) algorithm, DES (Data Encryption Standard, data encryption standard) ) Algorithm, 3DES (Triple DES, Triple Data Encryption Standard) algorithm or their improved algorithm, but not limited to this. The key used in the encryption process of the predetermined encryption method may include a fixed character string, a random character string, user terminal device information, or a combination thereof, and a white box key may also be used, but is not limited to this.
具体地,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密,意思是,所述多个用户私钥分量中的所有分量被加密的方式不完全相同。该方案的优势在于,当攻击者想要通过用户私钥分量密文来恢复出用户私钥分量明文时,不能通过一种方法破解所有的密文,增加了攻击者破解出满足数量要求的用户私钥分量明文的难度。Specifically, at least two of the plurality of user private key components are encrypted using different predetermined encryption methods, which means that all the components of the plurality of user private key components are encrypted in different ways. The advantage of this scheme is that when an attacker wants to recover the user's private key component plaintext through the user's private key component ciphertext, he cannot crack all ciphertexts by one method, which increases the number of users who can be cracked by the attacker. The difficulty of the private key component in plaintext.
S140:将所述多个用户私钥分量密文存储在同一设备。S140: Store the multiple user private key component ciphertexts in the same device.
在传统的多分量密钥保护方案中,将密钥分量中的至少一部分分散在不同的服务器上,并且可以使用诸如密码机、USB Key等的密码设备来保护各服务器上的分量。在本申请的方案中,将用户私钥分量密文存储在同一设备上,该设置的优势在于,当需要使用用户私钥分量进行密码运算时,只需在同一设备上获取并解密满足预定数量的用户分量密文,而无需进行各服务器之间的通信交互,减少了系统的通信开销,避免了由此导致的通信延迟。In the traditional multi-component key protection scheme, at least part of the key components are scattered on different servers, and cryptographic devices such as cryptographic machines, USB Keys, etc. can be used to protect the components on each server. In the solution of this application, the user private key component ciphertext is stored on the same device. The advantage of this setting is that when the user private key component needs to be used for cryptographic operations, it only needs to be obtained and decrypted on the same device to meet the predetermined number The user component ciphertext, without the need for communication interaction between the servers, reduces the communication overhead of the system, and avoids the communication delay caused by this.
具体地,所述同一设备可以是生成用户私钥分量的设备,也可以是与生成用户私钥 分量的设备不同的设备。例如,如果在服务器上生成用户私钥分量,那么存储用户私钥分量密文的设备可以是与该服务器通信连接的用户终端设备。例如,如果在用户终端上生成用户私钥分量,那么存储私钥分量密文的设备可以是该用户终端。Specifically, the same device may be a device that generates the user's private key component, or may be a device different from the device that generates the user's private key component. For example, if the user private key component is generated on the server, the device storing the cipher text of the user private key component may be a user terminal device that is in communication with the server. For example, if the user private key component is generated on the user terminal, the device storing the cipher text of the private key component may be the user terminal.
根据实施例,所述将所述多个用户私钥分量密文存储在同一设备,具体可以包括:将所述多个用户私钥分量密文存储在对所述用户私钥具有使用需求的设备中。According to an embodiment, the storing the plurality of user private key component ciphertexts in the same device may specifically include: storing the plurality of user private key component ciphertexts in a device that requires the use of the user private key in.
具体地,所述对所述用户私钥具有使用需求的设备可以是用户终端,具体地,可以是例如支付机具、IOT设备(物联网设备)、手机等终端设备。在现有技术中,尽管可以将用户私钥拆分为若干份并存储在不同的存储设备上,但是也需要引入额外的服务器,不便于系统的部署及用户的使用;尤其是,有的用户终端设备不便于与作为服务器的物理设备直接连接,而如果通过云端连接的方式,在私钥使用过程中,会产生较大的数据通信开销,并且会有通信延迟。本申请直接将各个用户私钥分量存储在用户终端上,一方面减少了使用私钥时服务器彼此之间的通信开销,另一方面减少了使用私钥时为了从云端获取私钥而发生在用户终端与云端服务器之间的通信开销,减少了通信延迟。Specifically, the device that requires the use of the user's private key may be a user terminal, specifically, a terminal device such as a payment machine, an IOT device (Internet of Things device), and a mobile phone. In the prior art, although the user's private key can be split into several copies and stored on different storage devices, it is also necessary to introduce additional servers, which is not convenient for system deployment and user use; especially, some users The terminal device is inconvenient to directly connect with the physical device as the server, and if it is connected through the cloud, in the process of using the private key, a large data communication overhead will be generated, and there will be a communication delay. This application directly stores the private key components of each user on the user terminal. On the one hand, it reduces the communication overhead between servers when using the private key, and on the other hand, it reduces the user’s need to obtain the private key from the cloud when using the private key. The communication overhead between the terminal and the cloud server reduces the communication delay.
根据实施例,可以将用户私钥分量密文存储在用户终端内存的不同存储区域处,每个存储区域可以存储至少一个用户私钥分量密文。通过将用户私钥分量密文进行分散存储,可以一定程度上提高攻击者获取预定数量的用户私钥分量密文,从而解密出预定数量的用户私钥分量明文的难度。According to an embodiment, the user private key component ciphertext can be stored in different storage areas in the user terminal memory, and each storage area can store at least one user private key component ciphertext. By distributing the ciphertext of the user private key component, it is possible to increase the difficulty for an attacker to obtain a predetermined number of user private key component ciphertext, thereby decrypting the predetermined number of user private key component plaintext.
在现有技术中,将私钥分成多个私钥分量分别存储在与用户端通信连接的多个服务器上,当用户终端需要使用私钥时,需要在用户终端与服务器以及各个存储私钥分量的服务器之间进行多次通信,通信开销大,且易发生通信延迟。本申请提供了一种非对称密钥中的私钥生成方法,具体地,根据获取的非对称密钥生成请求,生成多个用户私钥分量,然后采用不同的预定加密算法,加密所述多个用户私钥分量以得到多个用户私钥分量密文,然后将所述多个用户私钥分量密文存储在同一设备中。该方法生成分散的用户私钥分量之后,不是将用户私钥的私钥分量分别存储在多个设备上,而是通过再次加密的方式来代替实现对私钥分量的保护,具体地,使用不同的加密方法来对多个用户私钥分量进行加密,使得需要通过不同的解密方法来解密不同的分量,类似于将私钥分量分开存储在不同设备上,实现了风险分散的目的。由此,由于无需使用多个物理设备来存储私钥分量,降低了私钥保护系统建设成本;并且,当需要使用私钥时,无需在存储私钥分量的多个物理设备之间进行通信,而是在同一设备中通过不同的解密方法来获得私钥分量,在保证用户私钥分量安全的情况下,减少了私钥使用过程中的通信开销,降 低了通讯成本,也减少了通信延迟。In the prior art, the private key is divided into multiple private key components and stored on multiple servers that are in communication with the user terminal. When the user terminal needs to use the private key, it is necessary to store the private key components on the user terminal and the server and each For multiple communications between servers, the communication overhead is high and communication delays are prone to occur. This application provides a method for generating a private key in an asymmetric key. Specifically, according to the obtained asymmetric key generation request, multiple user private key components are generated, and then different predetermined encryption algorithms are used to encrypt the multiple Multiple user private key components to obtain multiple user private key component ciphertexts, and then store the multiple user private key component ciphertexts in the same device. After the method generates the scattered user private key components, instead of storing the private key components of the user private key on multiple devices, it uses re-encryption instead of realizing the protection of the private key components. Specifically, different components are used. The encryption method is used to encrypt multiple user private key components, so that different decryption methods need to be used to decrypt different components, similar to storing the private key components separately on different devices, to achieve the purpose of risk dispersion. Therefore, since there is no need to use multiple physical devices to store the private key component, the construction cost of the private key protection system is reduced; and when the private key needs to be used, there is no need to communicate between multiple physical devices that store the private key component. Instead, the private key component is obtained through different decryption methods in the same device. Under the condition of ensuring the security of the user's private key component, the communication overhead during the use of the private key is reduced, the communication cost is reduced, and the communication delay is also reduced.
本说明书实施例还提供了上述非对称密钥中的私钥生成方法的一些具体实施方案,下面进行说明。The embodiments of this specification also provide some specific implementation schemes of the private key generation method in the above-mentioned asymmetric key, which will be described below.
通常,门限密码算法能够保证密钥生成和使用过程中始终以分量存在,一般分为3至5个密钥分量,使得攻击者无法在一处获得完整的密钥。然而,门限密码算法的不足是密钥分散的数量有限,一旦攻击者获得大于预定数量的密钥分量,则能够恢复出密钥。与之相比,白盒密码算法的密钥完全分散在算法实现过程中,其分散程度要远高于门限密码算法。甚至,对于部分白盒密码算法能够做到攻击者即使获得所有的密钥分散信息,也无法恢复出密钥。Generally, the threshold cryptographic algorithm can ensure that the key is always present in components during the process of key generation and use, and is generally divided into 3 to 5 key components, so that the attacker cannot obtain a complete key in one place. However, the shortcoming of the threshold cipher algorithm is that the number of keys to be dispersed is limited. Once an attacker obtains more than a predetermined number of key components, the key can be recovered. In contrast, the keys of the white box cipher algorithm are completely dispersed in the algorithm realization process, and the degree of dispersion is much higher than that of the threshold cipher algorithm. Even for some white box cryptographic algorithms, even if an attacker obtains all the key scattered information, he cannot recover the key.
根据本申请的实施例,在S130中,所述采用预定加密方法,对所述多个用户私钥分量进行加密,具体可以包括:采用白盒加密算法,对所述多个用户私钥分量进行加密。According to an embodiment of the present application, in S130, using a predetermined encryption method to encrypt the multiple user private key components may specifically include: using a white box encryption algorithm to perform the encryption on the multiple user private key components encryption.
白盒密码算法,可以包括用于加密的白盒加密算法和用于解密的对应的白盒解密算法,其目的是为了在白盒攻击环境中保护密钥,防止攻击者在密码软件的执行过程中抽取出密钥信息。白盒密码算法可以指一种新的能够抵抗白盒攻击环境下的攻击的算法,也可以指单纯的在已有的密码算法的基础上进行的白盒设计。具体地,其中,基于标准对称加密算法的白盒加密算法,即基于已有的标准对称加密算法通过白盒密码技术进行设计,利用算法中的某些特性来隐藏密钥,使得在白盒攻击环境下,不改变原算法的功能但是能够达到在白盒攻击环境下的安全,并保持原算法的安全性不被破坏。通常使用的白盒密码算法是标准密码算法一种实现方式,与标准密码算法是等价的,即,对于相同的明文,由标准对称加密算法与使用相应的白盒加密算法所生成的密文相一致。The white box cryptographic algorithm can include the white box encryption algorithm used for encryption and the corresponding white box decryption algorithm used for decryption. Its purpose is to protect the key in the white box attack environment and prevent attackers from executing the cryptographic software. Extract the key information from. White-box cryptographic algorithm can refer to a new algorithm that can resist attacks in a white-box attack environment, or it can refer to a pure white-box design based on an existing cryptographic algorithm. Specifically, the white-box encryption algorithm based on the standard symmetric encryption algorithm, that is, based on the existing standard symmetric encryption algorithm, is designed through white-box cipher technology, and certain characteristics of the algorithm are used to hide the key, making the white-box attack Under the environment, the function of the original algorithm is not changed, but the security in the white box attack environment can be achieved, and the security of the original algorithm is not damaged. The commonly used white box cipher algorithm is an implementation of the standard cipher algorithm, which is equivalent to the standard cipher algorithm, that is, for the same plaintext, the ciphertext generated by the standard symmetric encryption algorithm and the corresponding white box encryption algorithm Consistent.
可选地,所述采用白盒加密算法,对所述多个用户私钥分量进行加密,具体可以包括:采用基于标准对称加密算法的白盒加密算法,对所述多个用户私钥分量进行加密。其中,所述标准对称加密算法可以是SM4算法、AES算法、DES算法或3DES算法,但是不限于此。Optionally, said adopting a white box encryption algorithm to encrypt the plurality of user private key components may specifically include: adopting a white box encryption algorithm based on a standard symmetric encryption algorithm to perform encryption on the plurality of user private key components encryption. Wherein, the standard symmetric encryption algorithm may be SM4 algorithm, AES algorithm, DES algorithm or 3DES algorithm, but it is not limited thereto.
如果一个用户密钥的不同密钥分量采用相同的防护方式,对于攻击者来说,可以采用同样的方式攻破所有的密钥分量。鉴于此,可以分别使用不同的白盒加密算法来保护不同的密钥分量,以使得对密钥分量的保护程度加强,使得攻击者攻破多个门限密钥分量的难度答复提升。If the different key components of a user key adopt the same protection method, the attacker can use the same method to break all the key components. In view of this, different white box encryption algorithms can be used to protect different key components, so that the degree of protection of the key components is strengthened, and the difficulty for an attacker to break through multiple threshold key components is increased.
根据本申请的实施例,所述多个用户私钥分量中的至少两个采用不同的预定加密方 法来加密,具体可以包括:对于一个用户私钥中的任意一个用户私钥分量,采用与所述一个用户私钥分量中的其它用户私钥分量不同的白盒加密算法进行加密。换句话说,若用户私钥包括n个用户私钥分量,可以采用n个不同的白盒加密算法分别对所述n个用户私钥分量进行加密,其中,一个用户私钥分量采用一个白盒加密算法进行加密,不同的用户私钥分量采用的白盒加密算法不同。According to an embodiment of the present application, at least two of the plurality of user private key components are encrypted using different predetermined encryption methods, which may specifically include: for any user private key component in a user private key, using the same The other user private key components in the one user private key component are encrypted with different white box encryption algorithms. In other words, if the user private key includes n user private key components, n different white box encryption algorithms can be used to respectively encrypt the n user private key components, where one user private key component uses a white box The encryption algorithm is used for encryption, and different user private key components use different white box encryption algorithms.
可选地,所述不同的白盒加密算法可以是采用不同的白盒化方法来构建的白盒加密算法。具体地,可以使用不同的白盒密码的设计方法来设计白盒加密算法,例如,可以使用查找表的方式、插入扰乱项的方式、多变量密码的方式等。其中,查找表方式的主要思想是:对于一个密码算法,给定一个特定的密钥后,明文到密文的映射也就确定了,然后把明文到密文的映射进行置乱编码,将加密后的映射用查找表的形式表示,最终,密码算法的执行过程就通过查找表格来实现。Optionally, the different white box encryption algorithms may be white box encryption algorithms constructed using different white box methods. Specifically, different white box cipher design methods can be used to design the white box encryption algorithm, for example, a look-up table method, a method of inserting a scrambled item, a method of multivariate cipher, etc. can be used. Among them, the main idea of the look-up table method is: for a cryptographic algorithm, given a specific key, the mapping from plaintext to ciphertext is determined, and then the mapping from plaintext to ciphertext is scrambled and encrypted, The subsequent mapping is expressed in the form of a look-up table, and finally, the execution process of the cryptographic algorithm is realized through the look-up table.
可选地,所述不同的白盒加密算法可以是分别基于不同的标准对称加密算法构建的白盒加密算法。具体地,可以使用SM4白盒加密算法、AES白盒加密算法、DES白盒加密算法等。例如,SM4白盒加密算法可以是在原本SM4算法的基础上做的白盒设计,其中,SM4算法的分组长度是128比特,密钥长度是128比特,采用32轮非线性迭代结果,解密过程与加密过程的结构相似,但是轮密钥的使用顺序相反。具体地,SM4白盒加密算法的密钥信息隐藏在查找表中,其算法的安全性在于基于从查找表中分析出密钥信息或者恢复出输入输出编码的难度。Optionally, the different white box encryption algorithms may be white box encryption algorithms constructed based on different standard symmetric encryption algorithms. Specifically, SM4 white box encryption algorithm, AES white box encryption algorithm, DES white box encryption algorithm, etc. can be used. For example, the SM4 white-box encryption algorithm can be a white-box design based on the original SM4 algorithm. The SM4 algorithm has a packet length of 128 bits and a key length of 128 bits, using 32 rounds of non-linear iteration results, and the decryption process The structure is similar to the encryption process, but the order of using the round keys is reversed. Specifically, the key information of the SM4 white box encryption algorithm is hidden in the lookup table, and the security of the algorithm lies in the difficulty of analyzing the key information from the lookup table or recovering the input and output codes.
可选地,所述不同的白盒加密算法可以是基于相同的标准加密算法,但是分别使用不同的设计参数的白盒加密算法。例如,可以均基于SM4白盒加密算法,但是在白盒实现过程中,可以使用不同数量的查找表,可以使用不同的系统参数和/或固定参数,并且/或者可以使用不同的白盒密钥。将用于加密和解密的原始密钥分散在标准密码算法中得到的密钥,称为白盒密钥。白盒密钥是指一种在白盒环境下加密或者解密使用的密钥,白盒密钥携带了原始密钥的信息,并代替原始密钥完成加密、解密的功能,同时即使被分析也不能得到原始密钥。白盒密钥需要在安全的环境下进行,以保证白盒密钥和原始密钥的安全性。根据实施例,在本申请中,可以在服务器中生成白盒密钥,然后将白盒密钥与算法程序打包后传输到终端设备上,以用于加密用户私钥分量,即,白盒密钥的生成环境不同于其使用环境,以保证生成白盒密钥的原始密钥的安全性。Optionally, the different white box encryption algorithms may be white box encryption algorithms based on the same standard encryption algorithm but using different design parameters. For example, all can be based on the SM4 white box encryption algorithm, but in the white box implementation process, a different number of lookup tables can be used, different system parameters and/or fixed parameters can be used, and/or different white box keys can be used . The key obtained by dispersing the original key used for encryption and decryption in the standard cryptographic algorithm is called the white box key. A white box key refers to a key used for encryption or decryption in a white box environment. The white box key carries the information of the original key and replaces the original key to complete the function of encryption and decryption. At the same time, even if it is analyzed Unable to get the original key. The white box key needs to be performed in a secure environment to ensure the security of the white box key and the original key. According to an embodiment, in this application, the white box key can be generated in the server, and then the white box key and the algorithm program are packaged and transmitted to the terminal device for encrypting the user's private key component, that is, the white box key. The key generation environment is different from its use environment to ensure the security of the original key used to generate the white box key.
门限密码算法的设计初衷是每个门限密钥分量都有不同的掌管者,从而达到风险分散的效果;类比地,在本申请的实施例中,尽管为了减少通信交互而将每个门限分量均 存储在一个通信端(例如,用户端),同时,可以通过每个门限密钥分量使用不同的白盒密码算法和/或白盒密钥来进行保护,以达到了一定程度上的风险分散的效果。The original intention of the threshold cipher algorithm is that each threshold key component has a different person in charge, so as to achieve the effect of risk dispersion; analogously, in the embodiment of this application, although each threshold component is equalized in order to reduce communication interaction It is stored in a communication terminal (for example, the user terminal), and at the same time, different white box cryptographic algorithms and/or white box keys can be used for protection through each threshold key component, so as to achieve a certain degree of risk dispersion effect.
根据实施例,上述非对称密钥中的私钥生成方法还可以包括:获取另一非对称密钥生成请求;根据所述另一非对称密钥生成请求,生成另一用户私钥,所述另一用户私钥包括多个用户私钥分量;对于所述另一用户私钥中的任意一个用户私钥分量,采用与所述一个用户私钥中的一个用户私钥分量所采用的相同的白盒加密算法来加密,所述另一用户私钥中的每个用户私钥分量采用的白盒加密算法不同。其中,所述另一用户私钥中的用户私钥分量的数量与所述一个用户私钥中的用户私钥分量的数量相同。According to an embodiment, the method for generating a private key in the aforementioned asymmetric key may further include: obtaining another asymmetric key generation request; generating another user private key according to the another asymmetric key generation request, The other user private key includes multiple user private key components; for any user private key component in the another user private key, the same one used for one user private key component in the one user private key is used The white box encryption algorithm is used for encryption, and each user private key component in the other user private key adopts a different white box encryption algorithm. Wherein, the number of user private key components in the other user private key is the same as the number of user private key components in the one user private key.
具体地,所述用户私钥可以为m个,每个用户私钥均可以包括n个用户私钥分量,可以使用第(m,n)用户私钥分量来表示第m个用户私钥中的第n个用户私钥分量;可以采用n个不同的白盒加密算法中的第p个白盒加密算法对第(1,p)用户私钥分量至第(m,p)用户私钥分量进行加密;其中,m、n为正整数,p是不大于n的正整数,对于p取1至n中的任意值,执行上述加密方法。Specifically, there may be m user private keys, and each user private key may include n user private key components, and the (m, n)th user private key component may be used to represent the m-th user private key. The n-th user private key component; the p-th white-box encryption algorithm among n different white-box encryption algorithms can be used for the (1, p)-th user private key component to the (m, p)-th user private key component Encryption; where m and n are positive integers, p is a positive integer not greater than n, and take any value from 1 to n for p, and perform the above encryption method.
换句话说,当有m个用户私钥、每个用户私钥均被拆分为n个分量时,可以采用n个不同的白盒加密算法对全部所述用户私钥的用户私钥分量进行加密,得到n组用户私钥分量密文;每组用户私钥分量密文中的m个用户私钥分量密文分别对应于各个用户私钥中的一个私钥分量。In other words, when there are m user private keys, and each user private key is split into n components, n different white box encryption algorithms can be used to perform all the user private key components of the user private key. Encryption, n groups of user private key component ciphertexts are obtained; the m user private key component ciphertexts in each group of user private key component ciphertexts respectively correspond to a private key component in each user's private key.
图2为本说明书实施例提供的用户私钥生成方法的原理示意图。Fig. 2 is a schematic diagram of the principle of a method for generating a user private key provided by an embodiment of this specification.
参照图2,具体地,例如有m个用户私钥需要保护,其中,每个用户私钥可以拆分为n个分量,图2中的私钥分量m-n即上文中的第(m,n)用户私钥分量,用于表示m个用户私钥中的第n个分量。例如,用户私钥1中的第2个私钥分量,可以用私钥分量1-2来表示。在此,例如私钥1中的私钥分量1-1、私钥分量1-2和私钥分量1-3等的命名,只是为了区分的目的,以说明私钥1中具有多个不同的分量,并不意图构成对各个分量的限制,其命名方式不限于此。Referring to Figure 2, specifically, for example, there are m user private keys that need to be protected, where each user private key can be split into n components, and the private key component mn in Figure 2 is the (m, n)th above. The user private key component is used to represent the nth component of the m user private keys. For example, the second private key component in user private key 1 can be represented by private key component 1-2. Here, for example, the names of the private key component 1-1, the private key component 1-2, and the private key component 1-3 in the private key 1 are only for the purpose of distinguishing, to illustrate that there are multiple different in the private key 1. The component is not intended to constitute a restriction on each component, and its naming method is not limited to this.
具体地,可以采用n个不同的白盒加密算法对所有用户私钥分量进行加密,例如,所述n个白盒加密算法可以基于相同的标准对称加密算法,但是使用不同的白盒密钥。例如,对于不同的分量,可以均是基于SM4标准加密算法、但是使用不同的原始密钥进行加密,即,使用不同的白盒密钥进行加密。图2中示出了使用不同的白盒密钥来加密一个用户私钥中的各个私钥分量的情形。具体地,例如,可以采用与每个用户私钥的 私钥分量的数量相当的白盒密钥来对相应的私钥分量进行加密,以使得该用户私钥中的所有私钥分量彼此使用的白盒密钥不同。Specifically, n different white box encryption algorithms may be used to encrypt all user private key components. For example, the n white box encryption algorithms may be based on the same standard symmetric encryption algorithm, but use different white box keys. For example, for different components, they may all be based on the SM4 standard encryption algorithm, but use different original keys for encryption, that is, use different white box keys for encryption. Figure 2 shows a situation where different white box keys are used to encrypt each private key component in a user's private key. Specifically, for example, a white box key equivalent to the number of private key components of each user’s private key can be used to encrypt the corresponding private key component, so that all private key components in the user’s private key are mutually exclusive. The white box key is different.
作为示例,假设图2中m=1,n=3,即,有1个用户私钥(私钥1)需要加密,该用户私钥包括3个私钥分量,可以使用3个白盒加密算法来加密这3个分量,p可以取1、2和3。具体地,p=1即,采用3个白盒加密算法中第1个白盒加密算法,对私钥1中的私钥分量1-1进行加密;p=2即,采用3个白盒加密算法中第2个白盒加密算法,对私钥1中的私钥分量1-2进行加密;p=3即,采用3个白盒加密算法中第3个白盒加密算法,对私钥1中的私钥分量1-3进行加密。As an example, assume that m=1 and n=3 in Figure 2, that is, there is 1 user private key (private key 1) that needs to be encrypted. The user private key includes 3 private key components, and 3 white box encryption algorithms can be used. To encrypt these 3 components, p can be 1, 2 and 3. Specifically, p = 1, that is, the first white box encryption algorithm among the three white box encryption algorithms is used to encrypt the private key component 1-1 in the private key 1; p = 2 that is, three white box encryption algorithms are used The second white-box encryption algorithm in the algorithm encrypts the private key component 1-2 in the private key 1; p=3 that is, the third white-box encryption algorithm among the three white-box encryption algorithms is used to encrypt the private key 1. The private key components 1-3 in are encrypted.
作为示例,假设图2中m=4,n=3,即,有4个用户私钥(私钥1、私钥2、私钥3和私钥4)需要加密,每个用户私钥可以包括3个私钥分量,可以使用3个白盒加密算法来加密这3个分量;p可以取1、2和3。具体地,p=1即,采用3个白盒加密算法中第1个白盒加密算法,对私钥1中的私钥分量1-1、私钥2中的私钥分量2-1、私钥3中的私钥分量3-1、私钥4中的私钥分量4-1进行加密;p=2即,采用3个白盒加密算法中第2个白盒加密算法,对私钥1中的私钥分量1-2、私钥2中的私钥分量2-2、私钥3中的私钥分量3-2、私钥4中的私钥分量4-2进行加密;p=3即,采用3个白盒加密算法中第3个白盒加密算法,对私钥1中的私钥分量1-3、私钥2中的私钥分量2-3、私钥3中的私钥分量3-3、私钥4中的私钥分量4-3进行加密。As an example, suppose m=4 and n=3 in Figure 2, that is, there are 4 user private keys (private key 1, private key 2, private key 3, and private key 4) that need to be encrypted, and each user private key can include With 3 private key components, 3 white box encryption algorithms can be used to encrypt these 3 components; p can be 1, 2, and 3. Specifically, p = 1, that is, the first white-box encryption algorithm among the three white-box encryption algorithms is used, and the private key component 1-1 in the private key 1, the private key component 2-1 in the private key 2, and the private key The private key component 3-1 in the key 3 and the private key component 4-1 in the private key 4 are encrypted; p=2 that is, the second white-box encryption algorithm among the three white-box encryption algorithms is used, and the private key 1 The private key component 1-2 in the private key 2, the private key component 2-2 in the private key 3, the private key component 3-2 in the private key 3, and the private key component 4-2 in the private key 4 are encrypted; p=3 That is, the third white-box encryption algorithm among the three white-box encryption algorithms is used to compare the private key components 1-3 in the private key 1, the private key components 2-3 in the private key 2, and the private key in the private key 3. Component 3-3, private key component 4-3 in private key 4 are encrypted.
在传统的白盒密钥使用过程中,通常使用白盒密钥作为业务密钥来加密业务数据,即业务密钥与白盒的实现绑定,使得业务密钥的更新不易。具体地,当需要更新业务密钥时,必须更新白盒密钥。另外,如果对于不同的业务数据均使用不同的白盒密钥进行保护,则需要与业务数据的数量相当的白盒密钥,而白盒密钥文件通常较大,这会占用较多的存储空间。例如,有100个通信数据需要保护,相应的100业务密钥均需要实现为白盒密钥,则密钥管理系统需要存储100个白盒密钥,会占用较多的存储空间;并且,当需要更新业务密钥时,则需要更新相应的白盒密钥。In the traditional white box key use process, the white box key is usually used as the service key to encrypt the service data, that is, the service key is bound to the white box, which makes it difficult to update the service key. Specifically, when the service key needs to be updated, the white box key must be updated. In addition, if different white box keys are used to protect different business data, a white box key equivalent to the number of business data is required, and the white box key file is usually large, which will take up more storage. space. For example, if there are 100 communication data that need to be protected, and the corresponding 100 business keys need to be implemented as white box keys, the key management system needs to store 100 white box keys, which will occupy more storage space; and when When the service key needs to be updated, the corresponding white box key needs to be updated.
在本申请中,使用白盒密钥来加密保护用户密钥分量,而不是使用白盒密钥来直接保护用户数据,这是本申请中白盒密钥与现有技术中白盒密钥的使用方式的显著不同之处。具体地,在本申请中,使用用户密钥来加密业务数据,再使用白盒密钥来加密保护用户密钥的分量。一方面,当需要更新业务密钥时,无需更新白盒密钥,避免了传统白盒密钥使用过程中密钥更新困难的问题。另一方面,本申请使用白盒密钥来加密密钥分量,使用的白盒密钥数量少,占用的存储空间少,具体地:例如一个用户密钥具有3个 密钥分量,并且每个分量使用不同的白盒密钥来加密,密钥管理系统中仅需要存储3个白盒密钥即可;假设有100个业务数据需要加密,对应使用100个用户密钥,而每个用户密钥包括3个密钥分量,每个用户密钥中的三个分量均使用前述3个白盒密钥来分别加密。另外,本申请中,通过将白盒密码算法与门限密码算法相结合,提出一种新的用于保护非对称密钥的方法,即,将白盒加密技术应用于私钥保护。In this application, the white box key is used to encrypt and protect the user key components, instead of using the white box key to directly protect user data. This is the difference between the white box key in this application and the white box key in the prior art. Significant differences in usage. Specifically, in this application, the user key is used to encrypt business data, and the white box key is used to encrypt and protect the components of the user key. On the one hand, when the service key needs to be updated, there is no need to update the white box key, which avoids the problem of difficulty in key update in the process of using traditional white box keys. On the other hand, this application uses a white box key to encrypt the key components. The number of white box keys used is small and the storage space is small. Specifically: for example, a user key has 3 key components, and each The components are encrypted using different white box keys. Only 3 white box keys need to be stored in the key management system; assuming that there are 100 business data to be encrypted, 100 user keys are used correspondingly, and each user password The key includes 3 key components, and the three components of each user key are respectively encrypted using the aforementioned 3 white box keys. In addition, in this application, by combining the white box cipher algorithm with the threshold cipher algorithm, a new method for protecting asymmetric keys is proposed, that is, the white box encryption technology is applied to private key protection.
本申请结合门限密码算法和白盒密码算法,同时利用了门限密码算法的密钥更新灵活的优点与白盒密码算法的密钥分散程度高的优点,设计了一种全新的密钥保护技术。相比于传统的门限密码方案,本方案通过白盒密码算法的运用,加强了密钥存储时的安全性;并且通过使用不同的白盒密钥/算法,达到了一定程度上的风险分散的效果。本方案结合门限密码算法和白盒密码算法,提出了一种新的软件密钥保护方式,克服了门限密码算法密钥分量保护较弱和白盒密码密钥更新和大量使用不便的缺点,安全性和便利性都有提升。This application combines the threshold cipher algorithm and the white box cipher algorithm, and takes advantage of the flexible key update of the threshold cipher algorithm and the high degree of key dispersion of the white box cipher algorithm to design a brand new key protection technology. Compared with the traditional threshold cipher scheme, this scheme strengthens the security of key storage through the use of white box cipher algorithm; and through the use of different white box keys/algorithms, it achieves a certain degree of risk dispersion effect. This scheme combines the threshold cipher algorithm and the white box cipher algorithm, and proposes a new software key protection method, which overcomes the shortcomings of weak protection of the threshold cipher algorithm key component and the inconvenience of the white box cipher key update and mass use. Both sex and convenience have been improved.
根据本申请的实施例,密钥首先经过门限算法进行分散,然后再通过白盒进行加密。根据本申请的实施例,方案中至少包括两种密钥——用户密钥和白盒密钥,其中,使用用户密钥以门限分量的形式来保护用户数据,使用白盒密钥加密保护用户密钥分量。本申请中不使用白盒密钥直接保护用户数据,这也是我们与以往白盒密钥使用方式的不同之处。并且,通过不同的门限分量使用不同的白盒密钥/算法进行保护,使得门限分量的保护具备多样性,取得了一定程度上的风险分散的效果。According to the embodiment of the present application, the key is first dispersed through a threshold algorithm, and then encrypted through the white box. According to the embodiment of the present application, the solution includes at least two kinds of keys-user key and white box key. Among them, the user key is used to protect user data in the form of a threshold component, and the white box key is used to encrypt and protect the user. Key component. In this application, the white box key is not used to directly protect user data. This is also the difference between our use of the white box key in the past. In addition, different white box keys/algorithms are used for protection through different threshold components, which makes the protection of threshold components diversified and achieves a certain degree of risk dispersion effect.
基于同样的思路,本说明书实施例还提供了与非对称密钥中的私钥生成方法对应的非对称密钥使用方法。图3为本说明书实施例提供的非对称密钥中的私钥使用方法的流程图。从程序角度而言,流程的执行主体可以为搭载于应用服务器的程序或应用客户端。Based on the same idea, the embodiment of this specification also provides a method for using an asymmetric key corresponding to the method for generating a private key in the asymmetric key. Fig. 3 is a flowchart of a method for using a private key in an asymmetric key provided by an embodiment of this specification. From a program point of view, the execution body of the process can be a program or an application client loaded on an application server.
如图3所示,在非对称密钥中的私钥生成方法中的S140之后,根据实施例的非对称密钥使用方法可以包括以下步骤:As shown in FIG. 3, after S140 in the method for generating a private key in an asymmetric key, the method for using an asymmetric key according to an embodiment may include the following steps:
S210:从同一设备获取大于预定数量的用户私钥分量密文,所述用户私钥分量密文是根据前述用户非对称密钥中的私钥生成方法得到的。S210: Obtain a user private key component ciphertext greater than a predetermined number from the same device, the user private key component ciphertext obtained according to the private key generation method in the aforementioned user asymmetric key.
根据实施例,用户非对称密钥使用方法与生成方法的执行主体可以相同或不同。例如,可以在服务器上生成用户私钥,在客户端使用用户私钥进行密码运算。又例如,可以在客户端生成用户私钥,并在客户端使用用户私钥进行密码运算。According to the embodiment, the user's asymmetric key usage method and the execution subject of the generation method may be the same or different. For example, you can generate a user's private key on the server, and use the user's private key to perform cryptographic operations on the client. For another example, the user's private key can be generated on the client, and the user's private key can be used for cryptographic operations on the client.
根据实施例,所述从同一设备获取大于预定数量的用户私钥分量密文,可以是从与 用户私钥使用终端不同的一个设备处获取用户私钥分量密文,也可以是从用户私钥使用终端的本地存储器中获取所述用户私钥分量密文。According to an embodiment, the acquisition of more than a predetermined number of user private key component ciphertexts from the same device may be obtained from a device different from the user private key using terminal, or it may be obtained from the user private key component ciphertext. Obtain the ciphertext of the user private key component from the local storage of the terminal.
S220:采用预定解密方法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的预定加密方法相对应。S220: Use a predetermined decryption method to decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than a predetermined number, wherein the predetermined decryption method is encrypted with the user private key component to be decrypted. Corresponds to the predetermined encryption method used when the text is encrypted.
根据实施例,所述预定解密方法可以是白盒解密算法,具体地,可以是与用户密钥分量被加密时使用的白盒加密算法相对应的白盒解密算法。更具体地,当白盒加密算法是基于SM4的白盒加密算法时,解密时使用与之相对应的基于SM4的白盒解密算法。更具体地,加密时使用的白盒加密密钥可以是将原始密钥分散在SM4加密算法实现过程中得到的,解密时使用的白盒解密密钥可以是将原始密钥分散在SM4解密算法实现过程中得到的,其中,用于加密和解密的原始密钥相同,SM4加密算法与SM4解密算法相对应。According to an embodiment, the predetermined decryption method may be a white box decryption algorithm, specifically, a white box decryption algorithm corresponding to the white box encryption algorithm used when the user key component is encrypted. More specifically, when the white box encryption algorithm is a white box encryption algorithm based on SM4, the corresponding white box decryption algorithm based on SM4 is used for decryption. More specifically, the white box encryption key used in encryption can be obtained by dispersing the original key in the implementation of the SM4 encryption algorithm, and the white box decryption key used in decryption can be obtained by dispersing the original key in the SM4 decryption algorithm. Obtained during the implementation process, where the original keys used for encryption and decryption are the same, and the SM4 encryption algorithm corresponds to the SM4 decryption algorithm.
S230:使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算。S230: Use the corresponding user private key component plaintext greater than a predetermined number to execute the target calculation.
其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的最低个数。具体地,例如,对于(t,n)门限加密算法,如果将密钥分成n份,则使用其中的t+1份即可用于进行密码运算。Wherein, the predetermined number represents the minimum number of user private key components required to perform the target operation among the plurality of user private key components. Specifically, for example, for the (t, n) threshold encryption algorithm, if the key is divided into n shares, t+1 shares of the key can be used for cryptographic operations.
根据实施例,在非对称密钥使用方法中,使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,需要说明的是,在此并不通过用户私钥分量明文来生成完整的用户私钥分量,而是直接使用多个用户私钥分量明文来进行密码运算,例如进行数字签名、信息解密等。这一方案的优势在于,在私钥的使用过程中,始终以密钥分量的形式存在,在内存中不会出现完整的用户私钥明文,即,始终以用户私钥分量的形式来保护用户私钥,使得攻击者无法通过破解私钥使用过程来直接得到用户私钥,提高了用户私钥在使用过程中的安全性。According to an embodiment, in the asymmetric key usage method, the corresponding user private key component plaintext greater than a predetermined number is used to perform the target operation. It should be noted that the user private key component plaintext is not used to generate complete Instead of directly using multiple user private key components in plaintext to perform cryptographic operations, such as digital signatures, information decryption, etc. The advantage of this scheme is that in the process of using the private key, it always exists in the form of the key component, and the complete user private key plaintext will not appear in the memory, that is, the user is always protected in the form of the user private key component. The private key makes it impossible for an attacker to directly obtain the user's private key by cracking the private key use process, which improves the security of the user's private key during use.
根据实施例,在前述非对称密钥生成方法中,采用非对称门限密码算法,生成用户私钥之后,所述方法还包括:基于所述多个用户私钥分量,生成用户公钥;广播所述用户公钥。According to an embodiment, in the foregoing asymmetric key generation method, after an asymmetric threshold cryptographic algorithm is used to generate a user private key, the method further includes: generating a user public key based on the multiple user private key components; The user’s public key.
图4为本说明书实施例提供的非对称密钥生成方法的原理图。所述非对称密钥包括对应的私钥和公钥。用户私钥被拆分为多个分量之后,每个分量使用白盒加密算法进行加密,得到用户私钥分量密文,然后进行存储。Fig. 4 is a schematic diagram of the asymmetric key generation method provided by the embodiment of the specification. The asymmetric key includes a corresponding private key and public key. After the user's private key is split into multiple components, each component is encrypted using a white box encryption algorithm to obtain the user's private key component ciphertext, and then store it.
根据可选的实施例,在前述非对称密钥使用方法中,所述使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,具体可以包括:使用所述大于预定数量的用户私钥分量明文进行签名,得到签名结果。According to an optional embodiment, in the foregoing method for using asymmetric keys, the use of the corresponding plaintext of user private key components greater than a predetermined number to perform the target operation may specifically include: using the greater than a predetermined number of users The private key component is signed in plain text, and the signature result is obtained.
图5为本说明书实施例提供的使用私钥进行数字签名的方法的原理图。具体地,当需要使用私钥进行数字签名时,从数据存储位置中获取大于预定数量的私钥分量密文,使用对应的白盒解密算法解密所述私钥分量密文,得到相应的私钥分量明文,然后直接使用得到的私钥分量明文进行数字签名,得到签名结果。Fig. 5 is a schematic diagram of a method for digital signature using a private key provided by an embodiment of the specification. Specifically, when it is necessary to use the private key for digital signature, obtain the private key component ciphertext greater than a predetermined number from the data storage location, and decrypt the private key component ciphertext using the corresponding white box decryption algorithm to obtain the corresponding private key Component plaintext, and then directly use the obtained private key component plaintext for digital signature, and get the signature result.
为了更清楚地说明使用私钥进行数字签名以及使用相应的公钥进行签名验证的过程,提供了图6及相关描述。In order to more clearly illustrate the process of using the private key for digital signature and using the corresponding public key for signature verification, Figure 6 and related descriptions are provided.
图6为本说明书实施例提供的使用非对称密钥进行数字签名验证过程的时序图。作为示例,图7示出了在第一通信方生成并使用私钥的方法,例如,在用户终端生成和使用私钥的方法。本申请的方案不限于此,私钥和公钥也可以是在服务器上生成,然后将私钥加密并存储在用户终端,并且在用户终端使用该私钥进行密码运算。Fig. 6 is a sequence diagram of a digital signature verification process using an asymmetric key provided by an embodiment of the specification. As an example, FIG. 7 shows a method of generating and using a private key at the first communicating party, for example, a method of generating and using a private key at a user terminal. The solution of the present application is not limited to this, the private key and public key can also be generated on the server, then the private key is encrypted and stored in the user terminal, and the private key is used in the user terminal to perform cryptographic operations.
参照图6,使用非对称密钥进行数字签名验证的过程具体可以包括:第一通信方生成用户私钥分量和用户公钥,并加密所述用户私钥分量,得到用户私钥分量的密文;当需要使用所述私钥进行签名时,第一通信方解密大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,然后使用所述大于预定数量的用户私钥分量明文,进行数字签名。6, the process of using an asymmetric key for digital signature verification may specifically include: the first communicating party generates a user private key component and a user public key, and encrypts the user private key component to obtain a cipher text of the user private key component ; When it is necessary to use the private key to sign, the first communicating party decrypts the user private key component ciphertext greater than a predetermined number to obtain the corresponding user private key component plaintext greater than the predetermined number, and then uses the user who is greater than the predetermined number The private key component is in plain text and digitally signed.
在上述过程中,还包括:第一通信方广播所述公钥,相应地,第二通信方可以获取所述公钥;当第二通信方接收到由所述第一通信方发送的所述签名结果后,第二通信方使用由第一通信方广播的所述用户公钥,验证所述签名结果。在此,第一通信方广播公钥和第二通信方接收公钥的步骤,可以在第一通信方产生公钥之后、第二通信方使用公钥之前的任何阶段,而不限于图中所示出的时序。In the above process, it further includes: the first communicating party broadcasts the public key, and accordingly, the second communicating party can obtain the public key; when the second communicating party receives the public key sent by the first communicating party After the signature result, the second communication party uses the user public key broadcast by the first communication party to verify the signature result. Here, the steps of the first communicating party broadcasting the public key and the second communicating party receiving the public key can be at any stage after the first communicating party generates the public key and before the second communicating party uses the public key, and is not limited to the steps shown in the figure. Timing shown.
根据可选的实施例,在前述非对称密钥使用方法中,所述使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,具体可以包括:使用所述大于预定数量的用户私钥分量明文对待解密信息进行解密,得到解密结果,其中,所述待解密信息是使用与所述用户私钥对应的用户公钥加密后得到的信息。According to an optional embodiment, in the foregoing method for using asymmetric keys, the use of the corresponding plaintext of user private key components greater than a predetermined number to perform the target operation may specifically include: using the greater than a predetermined number of users The private key component decrypts the information to be decrypted in plain text to obtain the decrypted result, where the information to be decrypted is information obtained after encryption using the user public key corresponding to the user private key.
图7为本说明书实施例提供的使用私钥进行信息解密的方法的原理图。具体地,当需要使用私钥对由相应公钥加密后的信息进行解密时,从数据存储位置中获取大于预定 数量的私钥分量密文,使用对应的白盒解密算法解密所述私钥分量密文,得到相应的私钥分量明文,然后直接使用得到的私钥分量明文进行信息解密,得到解密结果。Fig. 7 is a schematic diagram of a method for decrypting information using a private key provided by an embodiment of the specification. Specifically, when it is necessary to use the private key to decrypt the information encrypted by the corresponding public key, obtain the private key component ciphertext greater than a predetermined number from the data storage location, and use the corresponding white box decryption algorithm to decrypt the private key component Ciphertext, obtain the corresponding private key component plaintext, and then directly use the obtained private key component plaintext to decrypt the information, and obtain the decryption result.
为了更清楚地描述使用公钥进行信息加密并使用对应的私钥进行信息解密的过程,提供了图8及相关描述。In order to more clearly describe the process of using the public key for information encryption and using the corresponding private key for information decryption, Figure 8 and related descriptions are provided.
图8为本说明书实施例提供的使用非对称密钥进行信息加解密过程的时序图。作为示例,图8示出了在第一通信方生成并使用私钥的方法,例如,在用户终端生成和使用私钥的方法。本申请的方案不限于此,私钥和公钥也可以是在服务器上生成,然后将私钥加密并存储在用户终端,并且在用户终端使用该私钥进行密码运算。Fig. 8 is a sequence diagram of a process of information encryption and decryption using an asymmetric key provided by an embodiment of the specification. As an example, FIG. 8 shows a method of generating and using a private key at the first communicating party, for example, a method of generating and using a private key at a user terminal. The solution of the present application is not limited to this, the private key and public key can also be generated on the server, then the private key is encrypted and stored in the user terminal, and the private key is used in the user terminal to perform cryptographic operations.
参照图8,使用非对称密钥进行信息加解密的过程具体包括,第一通信方生成用户私钥分量和用户公钥,并加密所述用户私钥分量,得到用户私钥分量的密文;并且第一通信方广播所述公钥。8, the process of using an asymmetric key to encrypt and decrypt information specifically includes: the first communicating party generates a user private key component and a user public key, and encrypts the user private key component to obtain a cipher text of the user private key component; And the first communicating party broadcasts the public key.
在上述过程中,还包括:第二通信方接收第一通信方所广播的公钥;当第二通信方需要向第一通信方发送加密的信息时,可以使用从第一通信方接收的公钥对信息进行加密;并将加密后的信息发送至第一通信方。In the above process, it also includes: the second communicating party receives the public key broadcast by the first communicating party; when the second communicating party needs to send encrypted information to the first communicating party, the public key received from the first communicating party can be used. The key encrypts the information; and sends the encrypted information to the first communicating party.
在上述过程中,还包括:当第一通信方接收到第二通信方发送的加密后的信息时,解密存储的大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文;并使用所述大于预定数量的用户私钥分量明文,解密所述加密后的信息。In the above process, it also includes: when the first communicating party receives the encrypted information sent by the second communicating party, decrypting the stored user private key component ciphertext greater than a predetermined number to obtain the corresponding user private key greater than the predetermined number. Key component plaintext; and using the user private key component plaintext greater than a predetermined number to decrypt the encrypted information.
上述示例仅示出了本申请的私钥的使用方法的一些具体实施方式,但是私钥的使用方法不限于此。例如,还可以用于进行密钥交换等。在此不做具体限定。The above examples only show some specific implementations of the method of using the private key of the present application, but the method of using the private key is not limited to this. For example, it can also be used for key exchange. There is no specific limitation here.
根据本申请的非对称密钥生成和使用方法,使用门限密码算法进行非对称密钥生成,并使用私钥进行签名、解密等操作。具体地,私钥生成时,首先使用门限密码算法生成多个私钥分量,然后每个门限私钥分量使用白盒密码算法进行加密存储。在需要使用私钥进行运算时,首先使用白盒密钥解密门限私钥分量,然后使用门限密码算法进行签名、解密等私钥运算。According to the asymmetric key generation and use method of this application, a threshold cryptographic algorithm is used for asymmetric key generation, and a private key is used for signature, decryption and other operations. Specifically, when the private key is generated, a threshold cryptographic algorithm is first used to generate multiple private key components, and then each threshold private key component is encrypted and stored using a white box cryptographic algorithm. When it is necessary to use the private key to perform operations, first use the white box key to decrypt the threshold private key component, and then use the threshold cryptographic algorithm to perform private key operations such as signature and decryption.
通常,由于攻击者获取存储文件的要更容易,且内存中的密钥数据通常使用完即擦除,存在时间很短,所以密钥在存储时(即,硬盘中)的安全需求比运行时(即,内存中)要求更高。鉴于此,本申请的方案恰好在密钥存储时提供了更强的安全保障,非常好的符合了安全需求。具体地,密钥在存储时,密钥受门限密码算法、白盒密码算法两层保护;在密钥被使用时(内存中),密钥受门限密码算法保护。Generally, because it is easier for an attacker to obtain storage files, and the key data in the memory is usually erased after use, and the existence time is very short, so the security requirements of the key when it is stored (that is, in the hard disk) are more secure than when it is running. (That is, in memory) the requirements are higher. In view of this, the solution of the present application just provides a stronger security guarantee during the key storage, and meets the security requirements very well. Specifically, when the key is stored, the key is protected by a threshold cipher algorithm and a white box cipher algorithm; when the key is used (in memory), the key is protected by a threshold cipher algorithm.
基于同样的思路,本说明书实施例还提供了上述非对称密钥生成方法对应的装置。图9为本说明书实施例提供的对应于图1的一种非对称密钥中的私钥生成装置的结构示意图。Based on the same idea, the embodiment of this specification also provides a device corresponding to the above-mentioned asymmetric key generation method. FIG. 9 is a schematic structural diagram of a private key generation device in an asymmetric key corresponding to FIG. 1 provided by an embodiment of the specification.
如图9所示,该非对称密钥生成装置可以包括:As shown in Figure 9, the asymmetric key generation device may include:
请求获取模块310,用于获取非对称密钥生成请求;The request obtaining module 310 is used to obtain an asymmetric key generation request;
生成模块320,用于根据所述非对称密钥生成请求,生成用户私钥,所述用户私钥包括多个用户私钥分量;The generating module 320 is configured to generate a user private key according to the asymmetric key generation request, where the user private key includes multiple user private key components;
加密模块330,用于采用预定加密方法,对所述多个用户私钥分量进行加密,得到相应的多个用户私钥分量密文,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密;The encryption module 330 is configured to use a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components Use different predetermined encryption methods to encrypt;
存储模块340,用于将所述多个用户私钥分量密文存储在同一设备。The storage module 340 is configured to store the ciphertexts of the multiple user private key components in the same device.
可选地,所述生成模块320,具体用于:根据所述非对称密钥生成请求,采用非对称门限密码算法,生成用户私钥。Optionally, the generating module 320 is specifically configured to use an asymmetric threshold cryptographic algorithm to generate a user private key according to the asymmetric key generation request.
可选地,所述加密模块330,具体用于:采用不同的白盒加密算法,对所述多个用户私钥分量进行加密。Optionally, the encryption module 330 is specifically configured to use different white box encryption algorithms to encrypt the multiple user private key components.
可选地,所述加密模块330,具体用于:对于一个用户私钥中的任意一个用户私钥分量,采用与所述一个用户私钥中的其它用户私钥分量不同的白盒加密算法进行加密。Optionally, the encryption module 330 is specifically configured to: for any user private key component in a user private key, use a white box encryption algorithm that is different from other user private key components in the user private key. encryption.
可选地,所述加密模块330,具体用于:所述用户私钥为m个,每个用户私钥均包括n个用户私钥分量,第(m,n)用户私钥分量表示第m个用户私钥中的第n个用户私钥分量;采用n个不同的白盒加密算法对所有用户私钥分量进行加密;采用所述n个不同的白盒加密算法中的第p个白盒加密算法,对第(1,p)用户私钥分量至第(m,p)用户私钥分量进行加密;其中,m、n为正整数,p为不大于n的正整数。Optionally, the encryption module 330 is specifically configured to: there are m user private keys, each user private key includes n user private key components, and the (m, n)th user private key component represents the mth user private key component. The nth user private key component among the user private keys; n different white-box encryption algorithms are used to encrypt all user private key components; the p-th white box among the n different white-box encryption algorithms is used The encryption algorithm encrypts the (1, p)-th user private key component to the (m, p)-th user private key component; where m and n are positive integers, and p is a positive integer not greater than n.
可选地,所述存储模块340,具体用于:将所述多个用户私钥分量密文存储在对所述用户私钥具有使用需求的设备中。也就是说,所述存储模块340可以是用户终端中的存储模块。Optionally, the storage module 340 is specifically configured to store the multiple user private key component ciphertexts in a device that has a use requirement for the user private key. In other words, the storage module 340 may be a storage module in the user terminal.
可选地,所述请求获取模块310、所述生成模块320、所述加密模块330和所述存储模块340可以均设置在用户终端。也就是说,可以在用户终端生成多个用户私钥分量,然后加密并存储所述多个用户私钥分量。Optionally, the request obtaining module 310, the generating module 320, the encryption module 330, and the storage module 340 may all be provided in the user terminal. In other words, multiple user private key components can be generated at the user terminal, and then the multiple user private key components can be encrypted and stored.
基于同样的思路,本说明书实施例还提供了上述非对称密钥使用方法对应的装置。图10为本说明书实施例提供的对应于图3的一种非对称密钥中的私钥使用装置的结构示意图。Based on the same idea, the embodiment of this specification also provides a device corresponding to the above-mentioned asymmetric key usage method. FIG. 10 is a schematic structural diagram of a private key using device in an asymmetric key corresponding to FIG. 3 provided by an embodiment of this specification.
如图10所示,该非对称密钥使用装置可以包括:As shown in FIG. 10, the asymmetric key using device may include:
密钥获取模块410,用于从同一设备获取大于预定数量的用户私钥分量密文,所述用户私钥分量密文是根据上述非对称密钥中的私钥生成方法生成的;The key acquisition module 410 is configured to acquire more than a predetermined number of user private key component ciphertexts from the same device, and the user private key component ciphertext is generated according to the private key generation method in the above-mentioned asymmetric key;
解密模块420,用于采用预定解密算法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的预定解密方法相对应;The decryption module 420 is configured to use a predetermined decryption algorithm to decrypt the ciphertext of the user private key component greater than the predetermined number to obtain the corresponding user private key component plaintext greater than the predetermined number, wherein the predetermined decryption method corresponds to the user to be decrypted Corresponding to the predetermined decryption method used when the private key component ciphertext is encrypted;
运算模块430,用于使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,The arithmetic module 430 is configured to use the corresponding plaintext of the user private key component greater than a predetermined number to perform the target calculation,
其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的个数。Wherein, the predetermined number represents the number of user private key components required to execute the target operation among the plurality of user private key components.
可选地,所述运算模块430,具体用于:使用所述大于预定数量的用户私钥分量明文进行签名,得到签名结果。Optionally, the arithmetic module 430 is specifically configured to: use the user private key components greater than a predetermined number to sign in plain text to obtain a signature result.
可选地,所述运算模块430,具体用于:使用所述大于预定数量的用户私钥分量明文对待解密信息进行解密,得到解密结果,其中,所述待解密信息是使用与所述用户私钥对应的用户公钥加密后得到的信息。Optionally, the arithmetic module 430 is specifically configured to: decrypt the information to be decrypted in plaintext using the user private key component greater than a predetermined number to obtain a decryption result, wherein the information to be decrypted is used with the user's private key The information obtained after encryption of the user's public key corresponding to the key.
基于同样的思路,本说明书实施例还提供了上述非对称密钥中的私钥生成和使用方法对应的设备。Based on the same idea, the embodiment of this specification also provides a device corresponding to the method of generating and using the private key in the above-mentioned asymmetric key.
图11为本说明书实施例提供的一种非对称密钥中的私钥生成和/或使用设备的结构示意图。如图11所示,设备500可以包括:FIG. 11 is a schematic structural diagram of a device for generating and/or using a private key in an asymmetric key according to an embodiment of the specification. As shown in FIG. 11, the device 500 may include:
至少一个处理器510;以及,At least one processor 510; and,
与所述至少一个处理器通信连接的存储器530;其中,A memory 530 communicatively connected with the at least one processor; wherein,
所述存储器530存储有可被所述至少一个处理器510执行的指令520,所述指令被所述至少一个处理器510执行,以使所述至少一个处理器510能够:The memory 530 stores instructions 520 executable by the at least one processor 510, and the instructions are executed by the at least one processor 510, so that the at least one processor 510 can:
获取非对称密钥生成请求;Obtain an asymmetric key generation request;
根据所述非对称密钥生成请求,生成用户私钥,所述用户私钥包括多个用户私钥分量;Generating a user private key according to the asymmetric key generation request, where the user private key includes multiple user private key components;
采用预定加密方法,对所述多个用户私钥分量进行加密,得到相应的多个用户私钥分量密文,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密;Using a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components use different predetermined encryption methods To encrypt;
将所述多个用户私钥分量密文存储在同一设备。The ciphertexts of the multiple user private key components are stored in the same device.
根据实施例,设备500可以包括:According to an embodiment, the device 500 may include:
至少一个处理器510;以及,At least one processor 510; and,
与所述至少一个处理器通信连接的存储器530;其中,A memory 530 communicatively connected with the at least one processor; wherein,
所述存储器530存储有可被所述至少一个处理器510执行的指令520,所述指令被所述至少一个处理器510执行,以使所述至少一个处理器能够:The memory 530 stores instructions 520 executable by the at least one processor 510, and the instructions are executed by the at least one processor 510, so that the at least one processor can:
从同一设备获取大于预定数量的用户私钥分量密文,其中,所述用户私钥分量密文是根据前述用户非对称密钥中的私钥生成方法得到的;Obtaining more than a predetermined number of user private key component ciphertexts from the same device, wherein the user private key component ciphertext is obtained according to the aforementioned private key generation method in the user asymmetric key;
采用预定解密方法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的加密方法相对应;Using a predetermined decryption method, decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than a predetermined number, wherein the predetermined decryption method and the user private key component ciphertext to be decrypted are Corresponding to the encryption method used during encryption;
使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,Use the corresponding plaintext of the user private key component greater than a predetermined number to execute the target calculation,
其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的最低个数。Wherein, the predetermined number represents the minimum number of user private key components required to perform the target operation among the plurality of user private key components.
将理解的是,虽然本文中使用了术语“第一”、“第二”、“第三”等、“1-1/第(1,1)”、“1-2/第(1,2)”、“1-3/第(1,3)”等来描述各种部分,但是这些部分不应受这些术语的限制。这些术语仅用于将一个部分与另一个部分区分开。因此,在不脱离本文的教导的情况下,在此讨论的“第一……”也可以被称作“第二……”;“1-1/第(1,1)……”也可以被称作“1-2/第(1,2)……”。It will be understood that although the terms "first", "second", "third", etc., "1-1/第(1,1)", "1-2/第(1,2) are used herein, )", "1-3/第(1,3)", etc., to describe various parts, but these parts should not be limited by these terms. These terms are only used to distinguish one part from another. Therefore, without departing from the teaching of this article, the "first..." discussed here can also be referred to as "second..."; "1-1/第(1,1)..." can also be It is called "1-2/section (1,2)...".
上述对本说明书特定实施例进行了描述,在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The above describes specific embodiments of this specification. In some cases, the actions or steps described in the claims can be executed in a different order from the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于装置、设备实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the device and equipment embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and the relevant parts can be referred to the part of the description of the method embodiments.
本说明书实施例提供的装置、设备与方法是对应的,因此,装置、设备也具有与对应方法类似的有益技术效果,由于上面已经对方法的有益技术效果进行了详细说明,因此,这里不再赘述对应装置、设备的有益技术效果。The devices, equipment, and methods provided in the embodiments of this specification are corresponding. Therefore, the devices and equipment also have beneficial technical effects similar to the corresponding methods. Since the beneficial technical effects of the methods have been described in detail above, they will not be omitted here. To repeat the beneficial technical effects of corresponding devices and equipment.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow). However, with the development of technology, the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by the hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (for example, a Field Programmable Gate Array (Field Programmable Gate Array, FPGA)) is such an integrated circuit whose logic function is determined by the user's programming of the device. It is programmed by the designer to "integrate" a digital system on a PLD, without requiring the chip manufacturer to design and manufacture a dedicated integrated circuit chip. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly realized with "logic compiler" software, which is similar to the software compiler used in program development and writing, but before compilation The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL), and there is not only one type of HDL, but many types, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description), etc., currently most commonly used It is VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be clear to those skilled in the art that only a little logic programming of the method flow in the above-mentioned hardware description languages and programming into an integrated circuit can easily obtain the hardware circuit that implements the logic method flow.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微 控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller can be implemented in any suitable manner. For example, the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as part of the memory control logic. Those skilled in the art also know that, in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application-specific integrated circuits, programmable logic controllers, and embedded logic. The same function can be realized in the form of a microcontroller or the like. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units explained in the above embodiments may be implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
为了描述的方便,描述以上装置时以功能分为各种单元分别描述。当然,在实施本申请时可以把各单元的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, when describing the above device, the functions are divided into various units and described separately. Of course, when implementing this application, the functions of each unit can be implemented in the same one or more software and/or hardware.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention can be provided as a method, a system, or a computer program product. Therefore, the present invention may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方 框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in a computer readable medium, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or they also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
本申请可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本申请,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。This application may be described in the general context of computer-executable instructions executed by a computer, such as a program module. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. This application can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
以上所述仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The foregoing descriptions are only examples of the present application, and are not used to limit the present application. For those skilled in the art, this application can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the scope of the claims of this application.

Claims (16)

  1. 一种非对称密钥中的私钥生成方法,包括:A method for generating a private key in an asymmetric key, including:
    获取非对称密钥生成请求;Obtain an asymmetric key generation request;
    根据所述非对称密钥生成请求,生成用户私钥,所述用户私钥包括多个用户私钥分量;Generating a user private key according to the asymmetric key generation request, where the user private key includes multiple user private key components;
    采用预定加密方法,对所述多个用户私钥分量进行加密,得到相应的多个用户私钥分量密文,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密;Using a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components use different predetermined encryption methods To encrypt;
    将所述多个用户私钥分量密文存储在同一设备。The ciphertexts of the multiple user private key components are stored in the same device.
  2. 根据权利要求1所述的方法,其中,所述根据所述非对称密钥生成请求,生成用户私钥,具体包括:The method according to claim 1, wherein the generating a user private key according to the asymmetric key generation request specifically includes:
    根据所述非对称密钥生成请求,采用非对称门限密码算法,生成用户私钥。According to the asymmetric key generation request, an asymmetric threshold cryptographic algorithm is used to generate the user's private key.
  3. 根据权利要求1所述的方法,其中,所述采用预定加密方法,对所述多个用户私钥分量进行加密,具体包括:The method according to claim 1, wherein said using a predetermined encryption method to encrypt the plurality of user private key components specifically includes:
    采用白盒加密算法,对所述多个用户私钥分量进行加密。The white box encryption algorithm is used to encrypt the multiple user private key components.
  4. 根据权利要求3所述的方法,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密,具体包括:The method according to claim 3, wherein at least two of the plurality of user private key components are encrypted using different predetermined encryption methods, which specifically includes:
    对于一个用户私钥中的任意一个用户私钥分量,采用与所述一个用户私钥中的其它用户私钥分量不同的白盒加密算法进行加密。For any user private key component in a user private key, a white box encryption algorithm different from other user private key components in the user private key is used for encryption.
  5. 根据权利要求4所述的方法,所述方法还包括:The method according to claim 4, further comprising:
    获取另一非对称密钥生成请求;Obtain another asymmetric key generation request;
    根据所述另一非对称密钥生成请求,生成另一用户私钥,所述另一用户私钥包括多个用户私钥分量;Generating another user private key according to the another asymmetric key generation request, where the another user private key includes multiple user private key components;
    对于所述另一用户私钥中的任意一个用户私钥分量,采用与所述一个用户私钥中的一个用户私钥分量所采用的相同的白盒加密算法来加密,所述另一用户私钥中的每个用户私钥分量采用的白盒加密算法不同,For any user private key component in the other user private key, the same white-box encryption algorithm used by one user private key component in the one user private key is used to encrypt, and the other user private key Each user’s private key component in the key uses a different white-box encryption algorithm.
    其中,所述另一用户私钥中的用户私钥分量的数量与所述一个用户私钥中的用户私钥分量的数量相同。Wherein, the number of user private key components in the other user private key is the same as the number of user private key components in the one user private key.
  6. 根据权利要求1所述的方法,其中,将所述多个用户私钥分量密文存储在同一设备,具体包括:The method according to claim 1, wherein storing the multiple user private key component ciphertexts in the same device specifically includes:
    将所述多个用户私钥分量密文存储在对所述用户私钥具有使用需求的设备中。The plurality of user private key component ciphertexts are stored in a device that has usage requirements for the user private key.
  7. 根据权利要求1所述的方法,所述将所述多个用户私钥分量密文存储在同一设 备之后,还包括:The method according to claim 1, after storing the plurality of user private key component ciphertexts in the same device, the method further comprises:
    从所述同一设备获取大于预定数量的用户私钥分量密文;Obtaining a user private key component ciphertext greater than a predetermined number from the same device;
    采用预定解密方法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的预定加密方法相对应;Using a predetermined decryption method, decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than a predetermined number, wherein the predetermined decryption method and the user private key component ciphertext to be decrypted are Corresponding to the predetermined encryption method used during encryption;
    使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,Use the corresponding plaintext of the user private key component greater than a predetermined number to execute the target calculation,
    其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的最低个数。Wherein, the predetermined number represents the minimum number of user private key components required to perform the target operation among the plurality of user private key components.
  8. 根据权利要求7所述的方法,其中,所述使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,具体包括:The method according to claim 7, wherein said using the corresponding plaintext of user private key components greater than a predetermined number to perform the target operation specifically comprises:
    使用所述大于预定数量的用户私钥分量明文进行签名,得到签名结果。Use the user private key components greater than the predetermined number to sign in plain text, and obtain the signature result.
  9. 根据权利要求7所述的方法,其中,所述使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,具体包括:The method according to claim 7, wherein said using the corresponding plaintext of user private key components greater than a predetermined number to perform the target operation specifically comprises:
    使用所述大于预定数量的用户私钥分量明文对待解密信息进行解密,得到解密结果,Use the user private key component plaintext greater than the predetermined number to decrypt the information to be decrypted to obtain the decryption result,
    其中,所述待解密信息是使用与所述用户私钥对应的用户公钥加密后得到的信息。Wherein, the information to be decrypted is information obtained after encryption using a user public key corresponding to the user private key.
  10. 一种非对称密钥中的私钥使用方法,包括:A method for using the private key in an asymmetric key, including:
    从同一设备获取大于预定数量的用户私钥分量密文,其中,所述用户私钥分量密文是根据权利要求1至6中任一项所述的方法得到的;Obtaining more than a predetermined number of user private key component ciphertexts from the same device, wherein the user private key component ciphertext is obtained according to the method according to any one of claims 1 to 6;
    采用预定解密方法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的加密方法相对应;Using a predetermined decryption method, decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than a predetermined number, wherein the predetermined decryption method and the user private key component ciphertext to be decrypted are Corresponding to the encryption method used during encryption;
    使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,Use the corresponding plaintext of the user private key component greater than a predetermined number to execute the target calculation,
    其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的最低个数。Wherein, the predetermined number represents the minimum number of user private key components required to perform the target operation among the plurality of user private key components.
  11. 一种非对称密钥中的私钥生成装置,包括:A device for generating a private key in an asymmetric key includes:
    请求获取模块,用于获取非对称密钥生成请求;The request obtaining module is used to obtain the asymmetric key generation request;
    生成模块,用于根据所述非对称密钥生成请求,生成用户私钥,所述用户私钥包括多个用户私钥分量;A generating module, configured to generate a user private key according to the asymmetric key generation request, where the user private key includes multiple user private key components;
    加密模块,用于采用预定加密方法,对所述多个用户私钥分量进行加密,得到相应的多个用户私钥分量密文,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密;The encryption module is used to encrypt the multiple user private key components using a predetermined encryption method to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components adopt Different predetermined encryption methods to encrypt;
    存储模块,用于将所述多个用户私钥分量密文存储在同一设备。The storage module is used to store the ciphertexts of the multiple user private key components in the same device.
  12. 根据权利要求11所述的装置,其中,所述生成模块,具体用于:The device according to claim 11, wherein the generating module is specifically configured to:
    根据所述非对称密钥生成请求,采用非对称门限密码算法,生成用户私钥。According to the asymmetric key generation request, an asymmetric threshold cryptographic algorithm is used to generate the user's private key.
  13. 根据权利要求11所述的装置,其中,所述加密模块,具体用于:The device according to claim 11, wherein the encryption module is specifically configured to:
    采用不同的白盒加密算法,对所述多个用户私钥分量进行加密。Use different white box encryption algorithms to encrypt the multiple user private key components.
  14. 一种非对称密钥中的私钥使用装置,包括:A device for using a private key in an asymmetric key includes:
    密钥获取模块,用于从同一设备获取大于预定数量的用户私钥分量密文,所述用户私钥分量密文是根据权利要求1至6中任一项所述的方法得到的;The key acquisition module is configured to acquire more than a predetermined number of user private key component ciphertexts from the same device, the user private key component ciphertext being obtained according to the method of any one of claims 1 to 6;
    解密模块,用于采用预定解密算法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的预定解密方法相对应;The decryption module is used to use a predetermined decryption algorithm to decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than the predetermined number, wherein the predetermined decryption method is consistent with the user private key component to be decrypted. Corresponding to the predetermined decryption method used when the key component ciphertext is encrypted;
    运算模块,用于使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的个数。The operation module is configured to use the corresponding plaintext of user private key components greater than a predetermined number to perform a target operation, where the predetermined number represents the user private key components required to perform the target operation among the plurality of user private key components. The number of key components.
  15. 一种非对称密钥中的私钥生成设备,包括:A private key generating device in an asymmetric key, including:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够:The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can:
    获取非对称密钥生成请求;Obtain an asymmetric key generation request;
    根据所述非对称密钥生成请求,生成用户私钥,所述用户私钥包括多个用户私钥分量;Generating a user private key according to the asymmetric key generation request, where the user private key includes multiple user private key components;
    采用预定加密方法,对所述多个用户私钥分量进行加密,得到相应的多个用户私钥分量密文,其中,所述多个用户私钥分量中的至少两个采用不同的预定加密方法来加密;Using a predetermined encryption method to encrypt the multiple user private key components to obtain corresponding multiple user private key component ciphertexts, wherein at least two of the multiple user private key components use different predetermined encryption methods To encrypt;
    将所述多个用户私钥分量密文存储在同一设备。The ciphertexts of the multiple user private key components are stored in the same device.
  16. 一种非对称密钥中的私钥使用设备,包括:A private key using device in an asymmetric key, including:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够:The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can:
    从同一设备获取大于预定数量的用户私钥分量密文,其中,所述用户私钥分量密文 是根据权利要求1至6中任一项所述的方法得到的;Obtaining more than a predetermined number of user private key component ciphertexts from the same device, wherein the user private key component ciphertext is obtained according to the method according to any one of claims 1 to 6;
    采用预定解密方法,解密所述大于预定数量的用户私钥分量密文,得到相应的大于预定数量的用户私钥分量明文,其中,所述预定解密方法与待解密的用户私钥分量密文被加密时所采用的加密方法相对应;Using a predetermined decryption method, decrypt the user private key component ciphertext greater than a predetermined number to obtain a corresponding user private key component plaintext greater than a predetermined number, wherein the predetermined decryption method and the user private key component ciphertext to be decrypted are Corresponding to the encryption method used during encryption;
    使用所述相应的大于预定数量的用户私钥分量明文,执行目标运算,Use the corresponding plaintext of the user private key component greater than a predetermined number to execute the target calculation,
    其中,所述预定数量表示所述多个用户私钥分量中执行所述目标运算所需的用户私钥分量的最低个数。Wherein, the predetermined number represents the minimum number of user private key components required to perform the target operation among the plurality of user private key components.
PCT/CN2020/093966 2019-09-24 2020-06-02 Private key generation and use method, apparatus and device in asymmetric key WO2021057073A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910902373.0 2019-09-24
CN201910902373.0A CN110650010B (en) 2019-09-24 2019-09-24 Method, device and equipment for generating and using private key in asymmetric key

Publications (1)

Publication Number Publication Date
WO2021057073A1 true WO2021057073A1 (en) 2021-04-01

Family

ID=69011105

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/093966 WO2021057073A1 (en) 2019-09-24 2020-06-02 Private key generation and use method, apparatus and device in asymmetric key

Country Status (3)

Country Link
CN (1) CN110650010B (en)
TW (1) TWI736271B (en)
WO (1) WO2021057073A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114268434A (en) * 2021-12-28 2022-04-01 晋商博创(北京)科技有限公司 Asymmetric password authentication method, device and storage medium
CN114329518A (en) * 2021-12-10 2022-04-12 奇安信科技集团股份有限公司 Encryption and decryption method and device for software cryptographic module account

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018047399A1 (en) * 2016-09-08 2018-03-15 Nec Corporation Network function virtualization system and verifying method
CN110650010B (en) * 2019-09-24 2022-04-29 支付宝(杭州)信息技术有限公司 Method, device and equipment for generating and using private key in asymmetric key
CN111628863B (en) * 2020-05-29 2021-02-09 北京海泰方圆科技股份有限公司 Data signature method and device, electronic equipment and storage medium
CN111934860B (en) * 2020-08-06 2024-01-05 山东省计算中心(国家超级计算济南中心) Implementation method and system for mobile terminal key storage
CN112418853A (en) * 2020-09-22 2021-02-26 上海哔哩哔哩科技有限公司 Transaction data encryption method and device based on block chain
CN113051623A (en) * 2021-03-11 2021-06-29 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
TWI821824B (en) * 2021-12-16 2023-11-11 上銀科技股份有限公司 Method and system of automatically loading of parameters, and serving-end server and client-end server thereof
TWI796885B (en) * 2021-12-21 2023-03-21 龍華科技大學 Industrial internet of things and safe communication method thereof
TWI800315B (en) * 2022-03-21 2023-04-21 銓安智慧科技股份有限公司 Data file transmission and access rights management system and method
CN117278986B (en) * 2023-11-23 2024-03-15 浙江小遛信息科技有限公司 Data processing method and data processing equipment for sharing travel

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9667416B1 (en) * 2014-12-18 2017-05-30 EMC IP Holding Company LLC Protecting master encryption keys in a distributed computing environment
US20170222805A1 (en) * 2016-02-03 2017-08-03 Cocoon Data Holdings Pty Limited Escrow key fragmentation system
CN108494551A (en) * 2018-03-16 2018-09-04 数安时代科技股份有限公司 Processing method, system, computer equipment and storage medium based on collaboration key
CN110650010A (en) * 2019-09-24 2020-01-03 支付宝(杭州)信息技术有限公司 Method, device and equipment for generating and using private key in asymmetric key

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI418198B (en) * 2006-01-24 2013-12-01 Stepnexus Holdings Method and system for personalizing smart cards using asymmetric key cryptography
US8595507B2 (en) * 2011-02-16 2013-11-26 Novell, Inc. Client-based authentication
CN105933113A (en) * 2016-06-13 2016-09-07 北京三未信安科技发展有限公司 Secret key backup recovering method and system, and related devices
EP3334083A1 (en) * 2016-12-08 2018-06-13 Gemalto SA Method of rsa signature or decryption protected using a homomorphic encryption
MX2019008264A (en) * 2017-01-09 2020-01-27 Arris Entpr Llc Homomorphic white box system and method for using same.
CN106850220B (en) * 2017-02-22 2021-01-01 腾讯科技(深圳)有限公司 Data encryption method, data decryption method and device
CN109560927B (en) * 2018-11-21 2022-05-03 创新先进技术有限公司 Equipment fingerprint implementation method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9667416B1 (en) * 2014-12-18 2017-05-30 EMC IP Holding Company LLC Protecting master encryption keys in a distributed computing environment
US20170222805A1 (en) * 2016-02-03 2017-08-03 Cocoon Data Holdings Pty Limited Escrow key fragmentation system
CN108494551A (en) * 2018-03-16 2018-09-04 数安时代科技股份有限公司 Processing method, system, computer equipment and storage medium based on collaboration key
CN110650010A (en) * 2019-09-24 2020-01-03 支付宝(杭州)信息技术有限公司 Method, device and equipment for generating and using private key in asymmetric key

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114329518A (en) * 2021-12-10 2022-04-12 奇安信科技集团股份有限公司 Encryption and decryption method and device for software cryptographic module account
CN114268434A (en) * 2021-12-28 2022-04-01 晋商博创(北京)科技有限公司 Asymmetric password authentication method, device and storage medium

Also Published As

Publication number Publication date
CN110650010A (en) 2020-01-03
CN110650010B (en) 2022-04-29
TWI736271B (en) 2021-08-11
TW202113646A (en) 2021-04-01

Similar Documents

Publication Publication Date Title
WO2021057073A1 (en) Private key generation and use method, apparatus and device in asymmetric key
US10785019B2 (en) Data transmission method and apparatus
US11880831B2 (en) Encryption system, encryption key wallet and method
EP3091690B1 (en) Rsa decryption using multiplicative secret sharing
CN111130803B (en) Method, system and device for digital signature
US20120124366A1 (en) System and method for a derivation function for key per page
Tayde et al. File encryption, decryption using AES algorithm in android phone
US11063743B2 (en) Method of RSA signature of decryption protected using assymetric multiplicative splitting
JP2016523391A (en) Method and apparatus for encrypting plaintext data
US11101980B2 (en) System and method for adding and comparing integers encrypted with quasigroup operations in AES counter mode encryption
WO2018165835A1 (en) Cloud ciphertext access control method and system
CN114175572A (en) System and method for performing equality and subordination operations on encrypted data using quasigroup operations
US20240063999A1 (en) Multi-party cryptographic systems and methods
US20190149332A1 (en) Zero-knowledge architecture between multiple systems
US20170302444A1 (en) System and methods for keyed communications channel encryption and decryption
KR20170047853A (en) Apparatus and method for providing drm service, apparatus and method for playing contents using drm service
TWI565285B (en) A cryptographic device, a memory system, a decoding device, a cryptographic method, a decoding method, a cryptographic program product and a decoding program product
CN107483387A (en) A kind of method of controlling security and device
CN109617876A (en) Data encryption, decryption method and system based on Http agreement
US11496287B2 (en) Privacy preserving fully homomorphic encryption with circuit verification
US11909893B2 (en) Composite encryption across cryptographic algorithms
EP3737033B1 (en) Apparatus and method for sharing data
Rao et al. Application of elliptical curve cryptography in empowering cloud data security
Singh et al. Security of Data with 3DES & Watermarking Algorithm
Sumathi et al. Sensitive data protection in cloud–based on modified elliptic curve cryptographic technique

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20867399

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20867399

Country of ref document: EP

Kind code of ref document: A1