CN109831305B - Anti-quantum computation signcryption method and system based on asymmetric key pool - Google Patents
Anti-quantum computation signcryption method and system based on asymmetric key pool Download PDFInfo
- Publication number
- CN109831305B CN109831305B CN201910027044.6A CN201910027044A CN109831305B CN 109831305 B CN109831305 B CN 109831305B CN 201910027044 A CN201910027044 A CN 201910027044A CN 109831305 B CN109831305 B CN 109831305B
- Authority
- CN
- China
- Prior art keywords
- parameter
- key
- random number
- public key
- signcryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to an anti-quantum computation signcryption method and system based on an asymmetric key pool.A signcryptor and a verifier participating in signcryption are both provided with a key fob, and the asymmetric key pool, a public key pointer random number and a private key are stored in the key fob; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively. The present invention utilizes an independent hardware isolation device, namely a key fob, with greatly reduced potential for stealing keys by malware or malicious operations.
Description
Technical Field
The invention relates to the field of security communication, in particular to a signcryption method for realizing quantum computation resistance by using a key fob technical means.
Background
Cryptography is the core of the information security discipline. Cryptographic primitives used in cryptography to provide information security services are called cryptosystems (cryptosystems). The basic security services provided by cryptographic systems are confidentiality, Integrity, Authentication and Non-repudiation. Confidentiality means that information is used only by authorized users and cannot be revealed to unauthorized users. Integrity refers to the property of information that cannot be accidentally or deliberately deleted, modified, forged, replayed, inserted, etc., and lost during transmission or storage. Authentication is to ensure that the identity of the communicating party is authentic. Confirming the identity of an entity is referred to as entity authentication and confirming the origin of a message is referred to as message authentication. Non-repudiation is the prevention of a party to communicate repudiation of a previous offer or action. In cryptography, confidentiality can be achieved by a basic cryptographic primitive called Encryption (Encryption). Encryption can be viewed as a transformation that transforms readable plaintext information into unreadable ciphertext information. Digital signatures (Digital signatures) are also a basic cryptographic primitive that can achieve integrity, authentication, and non-repudiation. A digital signature may be viewed as a cryptographic transformation of data that allows the recipient of the data to confirm the identity of the signer and the integrity of the data. If confidentiality, integrity, authentication and non-repudiation are required to be achieved at the same time, one conventional method is to sign a message first and then encrypt it, which is called "sign first and encrypt later" method. The computation amount and the communication cost of the method are the sum of encryption and signature costs, and the efficiency is low. In 1997, zheng proposed a new cryptographic primitive to achieve these four security properties simultaneously, which he called Digital signature (Digital signing). Compared with the traditional method of signing first and then encrypting, the signing and encrypting method has the following advantages: 1) the signing and encryption are lower than the traditional method of signing and encrypting firstly in the aspects of calculation amount and communication cost; 2) signcryption allows parallel computation of some expensive cryptographic operations; 3) the signcryption scheme which is reasonably designed can achieve higher safety level; 4) signcryption can simplify the design of cryptographic protocols that require both privacy and authentication. For the minimum security parameter currently recommended (modulus 512 bits), signcryption saves 58% of the computation and 70% of the communication cost compared to using a "signature-first and encryption" method based on the discrete logarithm difficulty problem. For a relatively large security parameter (modulus 1536 bits), signcryption saves 50% of the calculation amount and 9 l% of the communication cost compared with the "signature first and encryption" method using the RSA cryptosystem. The savings in cost increase with increasing safety parameters. With the progress of the cryptoanalysis theory and technology, the cryptosystem needs larger security parameters in the future, and the signcryption system has more practical significance. Based on the above reasons, many cryptographic researchers have conducted intensive research on the working principle of signcryption, and designed many efficient and safe signcryption schemes.
Since zheng proposed signcryption primitives, signcryption has found widespread applications such as electronic payments, mobile proxy security, key management, and Ad Hoc network routing protocols. Since 1997, several effective signcryption protocols have been proposed in succession.
According to the public key authentication method, the signcryption system can be divided into a PKI-based signcryption system, an identity-based signcryption system and a certificateless signcryption system. If a signcryption scheme is combined with a signature or encryption scheme with special properties, a signcryption scheme with special properties can be designed, such as the combination of signcryption and proxy signature, namely proxy signcryption; the signcryption is combined with the ring signature and is called ring signcryption; signcryption is combined with broadcast encryption, known as broadcast encryption. If a signcryption is constructed using the idea of hybrid encryption, it is called hybrid signcryption. The hybrid signature divides the whole algorithm into two independent blocks, one is a Key Encryption Mechanism (KEM), and the other is a Data Encryption Mechanism (DEM). The two blocks are combined in a certain way to construct a complete signcryption scheme. Therefore, the signcryption system can be classified into a basic signcryption system, a signcryption system having special properties, and a mixed signcryption system.
Quantum computers have great potential in password cracking. The asymmetric (public key) encryption algorithms, such as the RSA encryption algorithm, which are mainstream today, are mostly based on two mathematical challenges, namely factorization of large integers or computation of discrete logarithms over a finite field. The difficulty of their cracking depends on the efficiency with which these problems are solved. On a traditional computer, the two mathematical problems are required to be solved, and the time is taken to be exponential (namely, the cracking time increases in exponential order along with the increase of the length of the public key), which is not acceptable in practical application. The xiuer algorithm tailored for quantum computers can perform integer factorization or discrete logarithm calculation within polynomial time (i.e. the cracking time increases at the speed of k power along with the increase of the length of a public key, wherein k is a constant irrelevant to the length of the public key), thereby providing possibility for the cracking of RSA and discrete logarithm encryption algorithms.
The prior art has the problem that in the prior art, the signcryption method based on public and private keys is not safe enough because the strong computing power of a quantum computer can calculate and break signcryption.
Disclosure of Invention
The invention provides a signcryption method with higher security, which utilizes independent hardware isolation equipment, namely a key fob, and greatly reduces the possibility of stealing a key by malicious software or malicious operation.
The invention relates to an anti-quantum computation signcryption method based on an asymmetric key pool.A signcryptor and an encryptor participating in signcryption are both provided with a key fob, and the key fob stores the asymmetric key pool, a public key pointer random number and a private key; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively;
the quantum-resistant calculation signcryption method comprises the following steps:
combining a key fob according to a public key pointer random number corresponding to the verifier to obtain a first public key and a second public key of the verifier;
generating a first intermediate parameter, a second intermediate parameter and a third intermediate parameter by using the first random number and the second random number;
encrypting the original text by using the first intermediate parameter to obtain a ciphertext;
utilizing a hash function to act on the original text and the second intermediate parameter to obtain a parameter r;
calculating by using a first random number, a parameter r and a first private key of a signcrypter to obtain a parameter s, and encrypting the parameter s by using a third intermediate parameter to obtain a parameter s';
encrypting the second random number by using a second public key of the encryptor to obtain an encrypted second random number;
and sending the random number of the public key pointer of the signcryptor, the encrypted second random number, the ciphertext, the parameter r and the parameter s' as the signcryption to the signcryptor for carrying out the signcryption.
Optionally, the generating the first, second, and third intermediate parameters by using the first random number and the second random number includes:
generating a parameter k1 and a parameter k2 by combining the first random number with the first public key of the verifier;
generating a parameter rk1, a parameter rk2, and a parameter rk3 using the second random number;
calculating the parameter k1 and the parameter rk1 to obtain a first intermediate parameter;
calculating the parameter k2 and the parameter rk2 to obtain a second intermediate parameter;
the parameter rk3 serves as a third intermediate parameter.
Optionally, the generating the parameter k1 and the parameter k2 by using the first random number in combination with the first public key of the verifier includes:
according to the formula k ═ ybxmod p calculates the parameter k, where:
yb is a first public key of a secret verifier;
x is a first random number;
p is a prime number;
and splitting the parameter k into the parameter k1 and the parameter k 2.
Optionally, the method for obtaining the parameter s by using the first random number, the parameter r, and the first private key of the signcryptor through calculation is as follows: x/(r + xa);
wherein:
x is a first random number;
xa is a first private key of the signcrypter;
r is a parameter r.
Optionally, the method for obtaining the parameter s by using the first random number, the parameter r, and the first private key of the signcryptor through calculation is as follows: s ═ x/(1+ xa ×);
wherein:
x is a first random number;
xa is a first private key of the signcrypter;
r is a parameter r.
Optionally, the quantum-resistant computational signcryption method further includes, at the encryptor:
receiving, from a signcryptor, a public key pointer random number of the signcryptor, the encrypted second random number, the ciphertext, the parameter r, and the parameter s';
decrypting by using a second private key of the encryptor to obtain a second random number;
generating a parameter rk1, a parameter rk2, and a parameter rk3 using the second random number;
decrypting the parameter s' by using the parameter rk3 as a third intermediate parameter to obtain a parameter s;
obtaining a first public key of the signcrypter by using a public key pointer random number of the signcrypter in combination with a key fob;
calculating by using the first public key of the signcrypter, the parameter r, the parameter s and the first private key of the verifier to obtain a parameter k, and splitting the parameter k into a parameter k1 and a parameter k 2;
calculating the parameter k1 and the parameter rk1 to obtain a first intermediate parameter, and decrypting the ciphertext by using the first intermediate parameter to obtain an original text;
calculating the parameter k2 and the parameter rk2 to obtain a second intermediate parameter, and acting a hash function on the original text and the second intermediate parameter to obtain a calculated parameter r;
and comparing the calculated parameter r with the parameter r from the signcrypter to obtain a corresponding secret test result.
Optionally, the method for obtaining the parameter k by using the first public key of the signcryptor, the parameter r, the parameter s, and the first private key of the verifier through calculation is as follows:
k=(ya*gr)s*xbmod p; or k ═ ya (g x ya)r)s*xb mod p;
Wherein:
ya is a first public key of a signcrypter;
r is a parameter r;
s is a parameter s;
xb is a first private key of a secret verifier;
p is a prime number;
g∈Zp *is a q-order generator, q being a prime factor of p-1.
The invention also provides an anti-quantum computation signcryption system based on the asymmetric key pool, wherein signcryptors and verification parties participating in signcryption are both provided with key fobs, and the asymmetric key pool, the public key pointer random number and the private key are stored in the key fobs; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively;
the quantum computation resisting signcryption system comprises a signcrypter configured to:
the first module is used for obtaining a first public key and a second public key of the secret verifier by combining a key fob according to a public key pointer random number corresponding to the secret verifier;
a second module for generating a first, a second and a third intermediate parameter by using the first random number and the second random number;
the third module is used for encrypting the original text by utilizing the first intermediate parameter to obtain a ciphertext;
the fourth module is used for utilizing a hash function to act on the original text and the second intermediate parameter to obtain a parameter r;
the fifth module is used for calculating by using the first random number, the parameter r and a first private key of the signcryptor to obtain a parameter s, and then encrypting the parameter s by using a third intermediate parameter to obtain a parameter s';
a sixth module, configured to encrypt the second random number by using a second public key of the verifier to obtain an encrypted second random number;
and the seventh module is used for sending the random number of the public key pointer of the signcryptor, the encrypted second random number, the ciphertext, the parameter r and the parameter s' as the signcryption to the signcryptor for carrying out the signcryption.
The invention also provides an anti-quantum computation signcryption system based on the asymmetric key pool, wherein signcryptors and verification parties participating in signcryption are both provided with key fobs, and the asymmetric key pool, the public key pointer random number and the private key are stored in the key fobs; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively;
the signcryption party and the verification party participating in signcryption respectively comprise a memory and a processor, wherein the memory stores a computer program, and the processor realizes the anti-quantum computation signcryption method when executing the computer program.
In the invention, a key fob is used for storing a private key, a public key pointer random number and an asymmetric key pool of a user, the public key used for signing or decrypting is stored in the asymmetric key pool of the key fob, the corresponding public key pointer random number is published to the outside, then important data in the signing process is encrypted by the encrypted public key, and the key fob is an independent hardware isolation device, so that the possibility of stealing the key by malicious software or malicious operation is greatly reduced. Because the quantum computer cannot calculate the encrypted important data and cannot crack to obtain the public key, the signcryption scheme is not easy to crack by the quantum computer.
Drawings
Fig. 1 is an internal structural view of a key fob according to the present invention;
FIG. 2 is a diagram showing the relationship between the random number of the public key pointer and the public key in the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For a better description and illustration of embodiments of the application, reference may be made to one or more of the drawings, but additional details or examples used in describing the drawings should not be construed as limiting the scope of any of the inventive concepts of the present application, the presently described embodiments, or the preferred versions.
It should be understood that steps may be performed in other sequences unless explicitly stated otherwise. Moreover, at least a portion of the steps may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least a portion of the sub-steps or stages of other steps.
The key fob has a user's respective private key, a public key pointer random number, and an asymmetric key pool (public key) in which public keys for all user signcryptions or signcryptions are stored, and the process of accessing the public keys in the key fob is as follows. Referring to fig. 2, a public key pointer random number ry is taken, a public key pointer function fpy is used for acting on ry to obtain a public key pointer py, and then the public key pointer is pointed to an asymmetric key pool (public key) in a key fob to obtain a public key y.
And setting the signcryption party as A and the verification party as B.
A has a first public key ya (also simply ya, and the same is used for other purposes) for signcryption and a first private key xa, wherein ya can be taken from the asymmetric key pool of the key fob according to a public key pointer random number rya;
b possesses a first public key yb and a first private key xb for signcryption, where yb can be taken from the asymmetric key pool of the key fob based on the public key pointer random number ryb.
A and B have a pair of public and private key pairs for encryption and decryption respectively, and the pair is the second public and private key pair Ea/Da of A; and B, a second public and private key pair Eb/Db.
Where Ea and ya are stored together, Da and xa are stored together;
where Eb and yb are stored together and Db and xb are stored together.
The signcryptor and the proving-cryptor use the same agreed function to perform various operations in the process.
The invention relates to an anti-quantum computation signcryption method based on an asymmetric key pool.A signcryptor and an encryptor participating in signcryption are both provided with a key fob, and the key fob stores the asymmetric key pool, a public key pointer random number and a private key; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively;
the quantum-resistant calculation signcryption method comprises the following steps:
combining a key fob according to a public key pointer random number corresponding to the verifier to obtain a first public key and a second public key of the verifier;
generating a first intermediate parameter, a second intermediate parameter and a third intermediate parameter by using the first random number and the second random number;
encrypting the original text by using the first intermediate parameter to obtain a ciphertext;
utilizing a hash function to act on the original text and the second intermediate parameter to obtain a parameter r;
calculating by using a first random number, a parameter r and a first private key of a signcrypter to obtain a parameter s, and encrypting the parameter s by using a third intermediate parameter to obtain a parameter s';
encrypting the second random number by using a second public key of the encryptor to obtain an encrypted second random number;
and sending the random number of the public key pointer of the signcryptor, the encrypted second random number, the ciphertext, the parameter r and the parameter s' as the signcryption to the signcryptor for carrying out the signcryption.
Generating a first, a second and a third intermediate parameter by using the first random number and the second random number, comprising:
generating a parameter k1 and a parameter k2 by combining the first random number with the first public key of the verifier;
generating a parameter rk1, a parameter rk2, and a parameter rk3 using the second random number;
calculating the parameter k1 and the parameter rk1 to obtain a first intermediate parameter;
calculating the parameter k2 and the parameter rk2 to obtain a second intermediate parameter;
the parameter rk3 serves as a third intermediate parameter.
Generating a parameter k1 and a parameter k2 by combining the first random number and the first public key of the verifier, comprising:
according to the formula k ═ ybxmod p calculates the parameter k, where:
yb is a first public key of a secret verifier;
x is a first random number;
p is a prime number;
and splitting the parameter k into the parameter k1 and the parameter k 2.
The method for obtaining the parameter s by utilizing the first random number, the parameter r and the first private key of the signcrypter comprises the following steps: s ═ x/(r + xa) or s ═ x/(1+ xa ×);
wherein:
x is a first random number;
xa is a first private key of the signcrypter;
r is a parameter r.
Optionally, the method for obtaining the parameter s by using the first random number, the parameter r, and the first private key of the signcryptor through calculation is as follows: wherein:
x is a first random number;
xa is a first private key of the signcrypter;
r is a parameter r.
The quantum computation resistant signcryption method further comprises, at the encryptor:
receiving, from a signcryptor, a public key pointer random number of the signcryptor, the encrypted second random number, the ciphertext, the parameter r, and the parameter s';
decrypting by using a second private key of the encryptor to obtain a second random number;
generating a parameter rk1, a parameter rk2, and a parameter rk3 using the second random number;
decrypting the parameter s' by using the parameter rk3 as a third intermediate parameter to obtain a parameter s;
obtaining a first public key of the signcrypter by using a public key pointer random number of the signcrypter in combination with a key fob;
calculating by using the first public key of the signcrypter, the parameter r, the parameter s and the first private key of the verifier to obtain a parameter k, and splitting the parameter k into a parameter k1 and a parameter k 2;
calculating the parameter k1 and the parameter rk1 to obtain a first intermediate parameter, and decrypting the ciphertext by using the first intermediate parameter to obtain an original text;
calculating the parameter k2 and the parameter rk2 to obtain a second intermediate parameter, and acting a hash function on the original text and the second intermediate parameter to obtain a calculated parameter r;
and comparing the calculated parameter r with the parameter r from the signcrypter to obtain a corresponding secret test result.
The method for obtaining the parameter k by utilizing the first public key of the signcryptor, the parameter r, the parameter s and the first private key of the verifier through calculation comprises the following steps:
k=(ya*gr)s*xbmod p; or k ═ ya (g x ya)r)s*xb mod p;
Wherein:
ya is a first public key of a signcrypter;
r is a parameter r;
s is a parameter s;
xb is a first private key of a secret verifier;
p is a prime number;
g∈Zp *is a q-order generator, q being a prime factor of p-1.
In one embodiment, a quantum computation resistant signcryption method based on an asymmetric key pool is provided, which specifically comprises the following steps:
1. when signing and sealing, the method comprises the following steps:
1.1 let p be a large prime number, q be a prime factor of p-1, g ∈ Zp *Is a q-order generator, and the parameter setting is universal as follows.
First A obtains B's public key pointer nonce ryb, A and B may communicate with each other in advance, so that A obtains public key pointer nonce ryb. A may obtain the first public key yb of B from the asymmetric key pool (public key pool) of the key fob using the public key pointer random number ryb.
1.2A takes a first random number x (which may be generated by A in advance or as needed), according to the formula k ═ ybxmod p yields the value of k, p being a selected oneAnd a large prime number as a system parameter.
The parameter k1 and the parameter k2 are then obtained by applying a function f1 (e.g., splitting a number into two segments at a length of 1: 1) to k.
A second random number ks (which may be generated by A in advance or as needed) is then applied to ks by a function f2 (e.g., splitting a number into three segments according to a length of 3:3: 4) to obtain the parameters rk1, rk2, and rk 3.
The function fk1 (e.g. two-number addition) is taken to act on k1 and rk1 to obtain k1 ', and the function fk2 (e.g. two-number multiplication) is taken to act on k2 and rk2 to obtain k 2'.
Wherein k1 'is the first intermediate parameter, k 2' is the second intermediate parameter, and rk3 is the third intermediate parameter.
A second public key Eb of B may also be obtained from the asymmetric key pool (public key pool) of the key fob using public key pointer random number ryb, and ks may be encrypted with second public key Eb of B to obtain an encrypted second random number { ks } Eb.
1.3 let A be m, and take the hash function KH to act on m and k 2' to obtain the parameter r.
If the SDSS1 signcryption scheme is selected, a function fs1 is used for acting on a first private key xa of x, r and A, and the specific formula is that x/(r + xa) is defined so as to calculate a parameter s;
if the SDSS2 signcryption scheme is chosen, the parameter s is calculated using the function fs2 to act on the first private key xa of x, r and a, with the specific formula of s ═ x/(1+ xa ×).
The signing and Encryption schemes SDSS1 and SDSS2 refer to Digital Signcryption or How to obtain Cost code (Signature & Encryption) < < code (Signature) + code (Encryption).
S is encrypted with rk3 to obtain parameter s'. M is encrypted with k 1' to obtain ciphertext c.
1.4 sends the combination { rya, { ks } Eb, c, r, s '} as a signcrypt to B, where rya is A's public key pointer random number.
2. When the decryption is the label decryption, the method comprises the following steps:
2.1B receives the signcryption rya, ks Eb, c, r, s' sent by A. Firstly, decrypting { ks } Eb by using a second private key Db of the user to obtain ks, and then, taking a function f2 which is the same as that of the signcrypter A to act on the ks to obtain rk1, rk2 and rk 3. The original s is then decrypted with rk 3.
2.2 take the first public key ya of a from the asymmetric key pool (public key) of the key fob according to rya, and then use the corresponding function fu1 or fu2 to act on ya, r, s, and xb (xb is the first private key of B) according to the signcryption scheme selected from SDSS1 or SDSS2, with the specific formula:
k=(ya*gr)s*xbmod p (SDSS1 case); or
k=(g*yar)s*xbmod p (SDSS2 case) can get k.
The same function f1 as signcrypter a is then applied to k to obtain k1 and k 2.
2.3 take the same function fk1 as signer A to act on k1 and rk1 to get k1 ', then decrypt c with k 1' to get the original text m.
2.4 take the same function fk2 as signcrypter A and act on k2 and rk2 to get k2 ', take function KH to act on original text m and k 2', compare the result with r in signcrypt, if the same can verify A identity is correct and original text m passed to B is not modified in the course of transmission.
In one embodiment, an anti-quantum computation signcryption system based on an asymmetric key pool is provided, wherein signcryptors and verifiers participating in signcryption are both configured with key fobs, and the asymmetric key pool, a public key pointer random number and a private key are stored in each key fobs; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively;
the quantum computation resisting signcryption system comprises a signcrypter configured to:
the first module is used for obtaining a first public key and a second public key of the secret verifier by combining a key fob according to a public key pointer random number corresponding to the secret verifier;
a second module for generating a first, a second and a third intermediate parameter by using the first random number and the second random number;
the third module is used for encrypting the original text by utilizing the first intermediate parameter to obtain a ciphertext;
the fourth module is used for utilizing a hash function to act on the original text and the second intermediate parameter to obtain a parameter r;
the fifth module is used for calculating by using the first random number, the parameter r and a first private key of the signcryptor to obtain a parameter s, and then encrypting the parameter s by using a third intermediate parameter to obtain a parameter s';
a sixth module, configured to encrypt the second random number by using a second public key of the verifier to obtain an encrypted second random number;
and the seventh module is used for sending the random number of the public key pointer of the signcryptor, the encrypted second random number, the ciphertext, the parameter r and the parameter s' as the signcryption to the signcryptor for carrying out the signcryption.
The generating the first, second and third intermediate parameters by using the first random number and the second random number includes:
generating a parameter k1 and a parameter k2 by combining the first random number with the first public key of the verifier;
generating a parameter rk1, a parameter rk2, and a parameter rk3 using the second random number;
calculating the parameter k1 and the parameter rk1 to obtain a first intermediate parameter;
calculating the parameter k2 and the parameter rk2 to obtain a second intermediate parameter;
the parameter rk3 serves as a third intermediate parameter.
The quantum computation-resistant signcryption system comprises a secret verifier and a secret identifier, wherein the secret identifier comprises:
an eighth module for receiving, from a signcryptor, a public key pointer random number of the signcryptor, the encrypted second random number, the ciphertext, the parameter r, and the parameter s';
the ninth module is used for obtaining a second random number by utilizing the decryption of a second private key of the password verifier;
a tenth module for generating a parameter rk1, a parameter rk2, and a parameter rk3 using the second random number;
an eleventh module, configured to decrypt the parameter s' with a parameter rk3 serving as a third intermediate parameter to obtain a parameter s;
the twelfth module is used for obtaining a first public key of the signcrypter by combining the public key pointer random number of the signcrypter with the key fob;
a thirteenth module, configured to calculate a parameter k by using the first public key of the signcrypter, the parameter r, the parameter s, and the first private key of the encryptor, and split the parameter k into a parameter k1 and a parameter k 2;
a fourteenth module, configured to perform an operation on the parameter k1 and the parameter rk1 to obtain a first intermediate parameter, and decrypt the ciphertext with the first intermediate parameter to obtain an original text;
a fifteenth module, configured to perform operation on the parameter k2 and the parameter rk2 to obtain a second intermediate parameter, and apply a hash function to the original text and the second intermediate parameter to obtain a calculated parameter r;
and the sixteenth module is used for comparing the calculated parameter r with the parameter r from the signcrypter to obtain a corresponding secret verification result.
For specific limitations of the quantum computation resistant signcryption system, reference may be made to the above limitations of the quantum computation resistant signcryption method, which are not described herein again. The various modules described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device, namely an asymmetric key pool based quantum computing resistant signcryption system, is provided, the computer device may be a terminal, and its internal structure may include a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement the above-described anti-quantum computation signcryption method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
In one embodiment, an anti-quantum computation signcryption system based on an asymmetric key pool is provided, wherein signcryptors and verification parties participating in signcryption are both provided with key fobs, and the asymmetric key pool, a public key pointer random number and a private key are stored in each key fobs; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively;
the signcryption party and the verification party participating in signcryption respectively comprise a memory and a processor, wherein the memory stores a computer program, and the processor realizes the anti-quantum computation signcryption method when executing the computer program.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples are merely illustrative of several embodiments of the present invention, and the description thereof is more specific and detailed, but not to be construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the appended claims.
Claims (8)
1. The quantum computation resistant signcryption method based on the asymmetric key pool is characterized in that signcryptors and verification parties participating in signcryption are both provided with key fobs, and the asymmetric key pool, a public key pointer random number and a private key are stored in the key fobs; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively;
the quantum-resistant calculation signcryption method comprises the following steps:
combining a key fob according to a public key pointer random number corresponding to the verifier to obtain a first public key and a second public key of the verifier;
generating a first, a second and a third intermediate parameter by using the first random number and the second random number, comprising:
generating a parameter k1 and a parameter k2 by combining the first random number with the first public key of the verifier;
generating a parameter rk1, a parameter rk2, and a parameter rk3 using the second random number;
calculating the parameter k1 and the parameter rk1 to obtain a first intermediate parameter;
calculating the parameter k2 and the parameter rk2 to obtain a second intermediate parameter;
the parameter rk3 is used as a third intermediate parameter;
encrypting the original text by using the first intermediate parameter to obtain a ciphertext;
utilizing a hash function to act on the original text and the second intermediate parameter to obtain a parameter r;
calculating by using a first random number, a parameter r and a first private key of a signcrypter to obtain a parameter s, and encrypting the parameter s by using a third intermediate parameter to obtain a parameter s';
encrypting the second random number by using a second public key of the encryptor to obtain an encrypted second random number;
and sending the random number of the public key pointer of the signcryptor, the encrypted second random number, the ciphertext, the parameter r and the parameter s' as the signcryption to the signcryptor for carrying out the signcryption.
2. The asymmetric-key-pool-based quantum computation resistant signcryption method of claim 1, wherein generating the parameter k1 and the parameter k2 using the first random number in combination with the first public key of the verifier comprises:
according to the formula k ═ ybxmod p calculates the parameter k, where:
yb is a first public key of a secret verifier;
x is a first random number;
p is a prime number;
and splitting the parameter k into the parameter k1 and the parameter k 2.
3. The asymmetric-key-pool-based quantum computation resistant signcryption method of claim 2, wherein the way to compute the parameter s using the first random number, the parameter r, and the first private key of the signcryptor is: x/(r + xa);
wherein:
x is a first random number;
xa is a first private key of the signcrypter;
r is a parameter r.
4. The asymmetric-key-pool-based quantum computation resistant signcryption method of claim 2, wherein the way to compute the parameter s using the first random number, the parameter r, and the first private key of the signcryptor is: s ═ x/(1+ xa ×);
wherein:
x is a first random number;
xa is a first private key of the signcrypter;
r is a parameter r.
5. The asymmetric-key-pool-based quantum computation signcryption method of claim 3 or 4, further comprising, at a verifier:
receiving, from a signcryptor, a public key pointer random number of the signcryptor, the encrypted second random number, the ciphertext, the parameter r, and the parameter s';
decrypting by using a second private key of the encryptor to obtain a second random number;
generating a parameter rk1, a parameter rk2, and a parameter rk3 using the second random number;
decrypting the parameter s' by using the parameter rk3 as a third intermediate parameter to obtain a parameter s;
obtaining a first public key of the signcrypter by using a public key pointer random number of the signcrypter in combination with a key fob;
calculating by using the first public key of the signcrypter, the parameter r, the parameter s and the first private key of the verifier to obtain a parameter k, and splitting the parameter k into a parameter k1 and a parameter k 2;
calculating the parameter k1 and the parameter rk1 to obtain a first intermediate parameter, and decrypting the ciphertext by using the first intermediate parameter to obtain an original text;
calculating the parameter k2 and the parameter rk2 to obtain a second intermediate parameter, and acting a hash function on the original text and the second intermediate parameter to obtain a calculated parameter r;
and comparing the calculated parameter r with the parameter r from the signcrypter to obtain a corresponding secret test result.
6. The quantum computation resistant signcryption method based on the asymmetric key pool as claimed in claim 5, wherein the way of obtaining the parameter k by computing with the first public key of the signcryptor, the parameter r, the parameter s and the first private key of the verifier is as follows:
k=(ya*gr)s*xbmod p; or k ═ ya (g x ya)r)s*xbmod p;
Wherein:
ya is a first public key of a signcrypter;
r is a parameter r;
s is a parameter s;
xb is a first private key of a secret verifier;
p is a prime number;
g∈Zpis a q-order generator, q is a prime factor of p-1.
7. The quantum computation resisting signcryption system based on the asymmetric key pool is characterized in that signcryptors and verification parties participating in signcryption are both provided with key fobs, and the asymmetric key pool, a public key pointer random number and a private key are stored in the key fobs; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively;
the quantum computation resisting signcryption system comprises a signcrypter configured to:
the first module is used for obtaining a first public key and a second public key of the secret verifier by combining a key fob according to a public key pointer random number corresponding to the secret verifier;
a second module, configured to generate a first, a second, and a third intermediate parameter using the first random number and the second random number, including:
generating a parameter k1 and a parameter k2 by combining the first random number with the first public key of the verifier;
generating a parameter rk1, a parameter rk2, and a parameter rk3 using the second random number;
calculating the parameter k1 and the parameter rk1 to obtain a first intermediate parameter;
calculating the parameter k2 and the parameter rk2 to obtain a second intermediate parameter;
the parameter rk3 is used as a third intermediate parameter;
the third module is used for encrypting the original text by utilizing the first intermediate parameter to obtain a ciphertext;
the fourth module is used for utilizing a hash function to act on the original text and the second intermediate parameter to obtain a parameter r;
the fifth module is used for calculating by using the first random number, the parameter r and a first private key of the signcryptor to obtain a parameter s, and then encrypting the parameter s by using a third intermediate parameter to obtain a parameter s';
a sixth module, configured to encrypt the second random number by using a second public key of the verifier to obtain an encrypted second random number;
and the seventh module is used for sending the random number of the public key pointer of the signcryptor, the encrypted second random number, the ciphertext, the parameter r and the parameter s' as the signcryption to the signcryptor for carrying out the signcryption.
8. The quantum computation resisting signcryption system based on the asymmetric key pool is characterized in that signcryptors and verification parties participating in signcryption are both provided with key fobs, and the asymmetric key pool, a public key pointer random number and a private key are stored in the key fobs; the private keys comprise a first private key used for signing and encrypting and a second private key used for encrypting and transmitting, the public key pointer random number can be combined with the asymmetric key pool to obtain a first public key corresponding to the first private key and a second public key corresponding to the second private key, and the asymmetric key pool stores the first public key and the second public key corresponding to all users respectively;
the signcryptors and the verifiers participating in signcryption respectively comprise a memory and a processor, wherein the memory stores a computer program, and the processor realizes the quantum computation resistant signcryption method according to any one of claims 1 to 6 when executing the computer program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910027044.6A CN109831305B (en) | 2019-01-11 | 2019-01-11 | Anti-quantum computation signcryption method and system based on asymmetric key pool |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910027044.6A CN109831305B (en) | 2019-01-11 | 2019-01-11 | Anti-quantum computation signcryption method and system based on asymmetric key pool |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109831305A CN109831305A (en) | 2019-05-31 |
CN109831305B true CN109831305B (en) | 2021-11-16 |
Family
ID=66860901
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910027044.6A Active CN109831305B (en) | 2019-01-11 | 2019-01-11 | Anti-quantum computation signcryption method and system based on asymmetric key pool |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109831305B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110517040A (en) * | 2019-07-02 | 2019-11-29 | 如般量子科技有限公司 | Anti- quantum calculation block chain secure transactions method, system and equipment based on group's unsymmetrical key pond |
CN110620780B (en) * | 2019-09-26 | 2021-10-22 | 如般量子科技有限公司 | Anti-quantum computation two-dimensional code authentication method and system based on asymmetric key pool and timestamp |
CN113438236B (en) * | 2021-06-24 | 2022-11-18 | 国网河南省电力公司 | Data full link tracing monitoring method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051902A (en) * | 2006-06-16 | 2007-10-10 | 上海交通大学 | Agent signcryption method and system |
CN102970138A (en) * | 2011-08-29 | 2013-03-13 | 汤姆森特许公司 | Signcryption method and device and corresponding signcryption verification method and device |
CN105024994A (en) * | 2015-05-29 | 2015-11-04 | 西北工业大学 | Secure certificateless hybrid signcryption method without pairing |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014098807A1 (en) * | 2012-12-18 | 2014-06-26 | Empire Technology Development Llc | Schemes for signcryption |
US20170365193A1 (en) * | 2016-06-18 | 2017-12-21 | Lior Malka | Mutable secure communication |
-
2019
- 2019-01-11 CN CN201910027044.6A patent/CN109831305B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051902A (en) * | 2006-06-16 | 2007-10-10 | 上海交通大学 | Agent signcryption method and system |
CN102970138A (en) * | 2011-08-29 | 2013-03-13 | 汤姆森特许公司 | Signcryption method and device and corresponding signcryption verification method and device |
CN105024994A (en) * | 2015-05-29 | 2015-11-04 | 西北工业大学 | Secure certificateless hybrid signcryption method without pairing |
Also Published As
Publication number | Publication date |
---|---|
CN109831305A (en) | 2019-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4527358B2 (en) | An authenticated individual cryptographic system that does not use key escrow | |
CN111314089B (en) | SM 2-based two-party collaborative signature method and decryption method | |
CN104270249B (en) | It is a kind of from the label decryption method without certificate environment to identity-based environment | |
Thabit et al. | A Novel Effective Lightweight Homomorphic Cryptographic Algorithm for data security in cloud computing | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN104301108B (en) | It is a kind of from identity-based environment to the label decryption method without certificate environment | |
Mangipudi et al. | A secure identification and key agreement protocol with user anonymity (SIKA) | |
NZ535698A (en) | An cryptosystem involving generating an isogeny that maps points from one elliptic curve onto another elliptic curve and publishing a public key corresponding to the isogeny | |
CN109936456B (en) | Anti-quantum computation digital signature method and system based on private key pool | |
JP2013539295A (en) | Authenticated encryption of digital signatures with message recovery | |
CN109462481A (en) | It is a kind of that decryption method is signed based on hideing for asymmetric Bilinear map | |
CN109921905B (en) | Anti-quantum computation key negotiation method and system based on private key pool | |
CN109831305B (en) | Anti-quantum computation signcryption method and system based on asymmetric key pool | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
Hahn et al. | Trustworthy delegation toward securing mobile healthcare cyber-physical systems | |
CN117879833A (en) | Digital signature generation method based on improved elliptic curve | |
CN106453253B (en) | A kind of hideing for efficient identity-based signs decryption method | |
CN108809996B (en) | Integrity auditing method for duplicate deletion stored data with different popularity | |
CN110048852B (en) | Quantum communication service station digital signcryption method and system based on asymmetric key pool | |
CN109787772B (en) | Anti-quantum computation signcryption method and system based on symmetric key pool | |
CN110519214B (en) | Application system short-distance energy-saving communication method, system and equipment based on online and offline signature and auxiliary verification signature | |
CN109787773B (en) | Anti-quantum computation signcryption method and system based on private key pool and Elgamal | |
Purevjav et al. | Email encryption using hybrid cryptosystem based on Android | |
CN116743358A (en) | Repudiation multi-receiver authentication method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |