CN115834175A - Quantum key-based group chat encryption method, message transmitting and receiving equipment and system - Google Patents
Quantum key-based group chat encryption method, message transmitting and receiving equipment and system Download PDFInfo
- Publication number
- CN115834175A CN115834175A CN202211433869.6A CN202211433869A CN115834175A CN 115834175 A CN115834175 A CN 115834175A CN 202211433869 A CN202211433869 A CN 202211433869A CN 115834175 A CN115834175 A CN 115834175A
- Authority
- CN
- China
- Prior art keywords
- key
- message
- quantum
- ciphertext
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a group chat encryption method based on quantum keys, message receiving and transmitting equipment and a system, comprising the following steps: applying a temporary symmetric key to a quantum cryptography management service system as an encryption key to encrypt plaintext information to be sent into a message ciphertext; the message ciphertext is assembled into ciphertext information according to a message protocol and then broadcast for a receiver to decrypt; performing KDF ratchet operation in the same message generation, and when a group member sends a new message, performing hash operation by using the latest temporary symmetric key and ciphertext information to generate a temporary symmetric key required by the current message sending; and determining the algebraic increment of the messages based on the time window and the number of the messages in the time window, and repeatedly executing the steps. The invention has forward safety and backward safety, and adopts an end-to-end message encryption mode to protect the safety of message data and ensure the safety of the message data.
Description
Technical Field
The invention relates to the technical field of password security application, in particular to a group chat encryption method based on a quantum key, message receiving and sending equipment and a system.
Background
With the development of internet technology, a large amount of data is transmitted in a network, and meanwhile, network attacks are becoming more severe, including the problem of identity authentication of a data transmitting and receiving entity, the problem of content stealing in the data transmission and storage processes, the problem of information tampering possibly existing in the data transmission process, and the like. Therefore, the privacy protection of data becomes one of the important factors to be considered by technicians, and the adopted data security technology includes using TLS protocol in the aspect of channel encryption, using end-to-end encryption technology in the aspect of source encryption, and the like.
At present, it is mature to adopt an end-to-end encryption protocol in one-to-one chat to protect data security. However, for group messages in an instant messaging scenario, an end-to-end method is adopted to establish an end-to-end encryption channel between each member in the group and all other members in the group to encrypt the group messages, and the method brings the problems of huge number of group keys and high key management complexity; and the conventional mode of one group-one key is not safe enough, and the data security of instant messaging group chat cannot be guaranteed.
In the related art, chinese patent application publication No. CN111478911A describes an instant messaging encryption method using a lightweight key exchange algorithm, which includes steps S1: before the communication parties establish a call, the call direction server acquires the uploaded key information of the receiving party and negotiates a primary symmetric key through the uploaded key information; s2: the calling party uses the primary symmetric key to carry out communication encryption ratchet operation; s3: after encrypting the information by using the primary information encryption key, the calling party sends the information together with the key information of the calling party to the receiving party; s4: after receiving, the receiver also carries out communication encryption ratchet operation to obtain a primary symmetric key and a primary information encryption key, and uses the primary information encryption key to carry out decryption to obtain information so as to complete the first communication; s5: and in the subsequent Nth communication, both parties respectively carry out communication encryption ratchet operation by using the (N-1) level symmetric key to obtain an N level symmetric key and an (N-1) level information encryption key, and the both parties use the (N-1) level information encryption key to encrypt and decrypt information so as to complete the N times of communication. However, in the scheme, only the (N-1) level symmetric key is used for carrying out communication encryption ratchet operation, and the safety is not enough.
Chinese patent application publication No. CN114401151A describes a group message encryption method, apparatus, device and storage medium, the method comprising: receiving a master key ciphertext and a validity period interval sent by a master client, wherein the master key ciphertext is generated based on a random master key and a set attribute strategy; decrypting the master key ciphertext based on authentication parameters associated with the attribute strategy to obtain the random master key, and calculating based on the random master key to obtain a one-time encryption key under the condition that the current timestamp meets the validity interval; and encrypting and assembling message data based on the one-time encryption key to obtain ciphertext information and then broadcasting. However, if the set time interval is large, too many messages are consumed in generations, and a main key can be decrypted once, so that backward safety is not satisfied.
Disclosure of Invention
The technical problem to be solved by the invention is how to ensure the data security of instant messaging group chat.
The invention solves the technical problems through the following technical means:
the invention provides a group chat encryption method based on a quantum key, which comprises the following steps after a group is established:
s10, when a sender sends a message for the first time in a current message generation, a vector sub-password management service system applies a temporary symmetric key as an encryption key, and encrypts plaintext information to be sent into a message ciphertext by using the encryption key;
s20, the message ciphertext is assembled into ciphertext information according to a message protocol and then broadcast for decryption by a receiving party, wherein the message ciphertext comprises the encryption key, the message algebra of the group and the message ciphertext;
s30, performing KDF ratchet operation in the same message generation, and when a group member sends a new message for the Nth time, performing hash operation by using the temporary symmetric key for the (N-1) times and the plaintext information for the (N-1) times to generate a temporary symmetric key required by sending the message for the Nth time, wherein N is more than or equal to 2;
s40, determining the algebraic increment of the messages based on the time window and the number of the messages in the time window, and repeatedly executing the steps S10-S30.
The invention adopts an improved KDF ratchet algorithm to provide FS (forward security), adopts a self-defined generation algorithm based on a time window and a message number to provide PCS (backward security) by combining the true randomness of a quantum true random key; and an end-to-end message encryption mode is adopted to protect the safety of message data, the message is transmitted in a ciphertext mode and stored in the ciphertext mode, the encryption key is a quantum true random key generated by a quantum cipher management service system, even if the message is intercepted, an attacker only can obtain the ciphertext and cannot obtain the information, and therefore the safety of the message data is guaranteed.
Further, in step S10, the sending side applies for the temporary symmetric key as an encryption key to the quantum cryptography management service system, and encrypts plaintext information to be sent into a message ciphertext by using the encryption key, including:
sending a first key application to the quantum cryptography management service system, wherein the first key application carries information including a group ID, a message algebra, a password sequence i and a key KA with the key sequence i i SM3 digest of, said key KA i A filling key which is pre-filled into a built-in security chip of a sender;
receiving a first encryption key ciphertext and a password sequence m returned by the quantum password management service system, wherein the first encryption key ciphertext is a charging key KA adopting the password sequence m m Encrypting a temporary symmetric key K, wherein the temporary symmetric key K is a random key generated by a quantum random number generator, the charging key is a quantum key stored by a quantum exchange cipher machine, and the key KA is i And a charging key KA m Is a symmetric key;
charging key using key sequence mKA m Decrypting the first encryption key ciphertext to obtain the temporary symmetric key K as the encryption key;
and symmetrically encrypting the plaintext information to be sent by using the encryption key to obtain the message ciphertext.
Further, in step S20, the format of the message protocol is: is there a CSP: GEN001: xxx, wherein? CSP denotes an encryption key, GEN001 denotes a message generation number of the group, and xxx denotes a message ciphertext.
Further, when the ciphertext information is generated into a fragment, the method further comprises:
the format of the message protocol used for assembling the subsequent message ciphertext is as follows: is there a CSP | GEN001: xxx.
Further, in step S40, determining the message algebra increase based on the time window and the number of messages in the time window includes:
judging whether the number of the messages in the time window reaches the preset maximum number of the messages;
if yes, increasing 1 for the message algebra, and resetting the time window and the message count;
if not, judging whether a message exists in the message generation or not when the time window expires;
if so, increasing the message algebra by 1, otherwise, increasing the message algebra by 0, and then resetting the time window and the message count.
Further, before the step S10, the method further includes:
the group members log in the instant messaging application for authorization through authenticating the face or the fingerprint;
group members respectively use a GB/T15843.2 standard to perform entity authentication based on a symmetric key through a filling key in a built-in security chip of each group member and the quantum cryptography management service system.
Further, after the receiving side receives the ciphertext information, the method further comprises:
receiving the quantum cryptography management serviceThe system sends a second key application, wherein the second key application carries information including a group ID, a message algebra, a password sequence j and a key KB with the password sequence j j In SM3, wherein said key KB j A charging key which is pre-charged into a built-in security chip of a receiver;
receiving a second encryption key ciphertext and a password sequence n returned by the quantum password management service system, wherein the second encryption key ciphertext is a charging key KB adopting the password sequence n n Encrypting an encryption key K, wherein the encryption key K is a key corresponding to the group ID and the message algebra, and the charging key KB n For quantum keys stored in quantum exchange ciphers, and for charging keys KB n And a key KB j Is a symmetric key;
using a corresponding filling key KB of the cipher sequence n n And decrypting the second encryption key ciphertext to obtain an encryption key K and decrypting the ciphertext information to obtain a message plaintext.
Further, after the receiving side obtains the message plaintext message0 for the first time, the method further includes:
the receiver uses the encryption key K and the message plaintext message0 to carry out Hash operation, generates a primary temporary symmetric key based on KDF, encrypts the message plaintext message1 by using the primary temporary symmetric key and then sends the encrypted message to the group;
and the sender uses the encryption key K and the message plaintext message0 to carry out Hash operation to obtain the primary temporary symmetric key, and uses the primary temporary symmetric key to decrypt the message plaintext 1 to obtain the plaintext of the message 1.
In addition, the present invention also provides a message transmitting and receiving device, comprising:
the key application module is used for applying a temporary symmetric key as an encryption key to the quantum cryptography management service system and encrypting plaintext information to be sent into a message ciphertext by using the encryption key;
the ciphertext broadcasting module is used for broadcasting the message ciphertext after the message ciphertext is assembled into ciphertext information according to a message protocol for a receiver to decrypt, wherein the message ciphertext comprises the encryption key, the message algebra of the group and the message ciphertext;
the KDF ratchet module is used for KDF ratchet operation in the same message generation, and when the group members send new messages, the latest temporary symmetric key and the ciphertext information are used for carrying out Hash operation to generate a temporary symmetric key required by the current message sending;
and the message algebra stepping module is used for determining the message algebra increase based on the time window and the number of messages in the time window and executing the key application module.
In addition, the invention also provides a group chat encryption system based on the quantum key, and the system comprises: instant messaging system, quantum password management service system and a plurality of messaging equipment, each messaging equipment embeds there is the security chip, the security chip respectively with quantum password management service system connects, and each messaging equipment passes through instant messaging system connects, quantum password management service system is connected with quantum random number generator through quantum exchange cipher machine, wherein:
the quantum random number generator is used for generating a quantum key;
the quantum exchange cipher machine is used for receiving and storing the quantum key sent by the quantum random number generator;
the quantum cipher management service system is used for performing identity authentication on each message transmitting-receiving device and calling a quantum key in the quantum exchange cipher machine to provide the quantum key for each security chip;
the instant communication system is used for providing the receiving and sending messages for each message receiving and sending device;
the messaging device comprises:
the key application module is used for applying a temporary symmetric key as an encryption key to the quantum cryptography management service system and encrypting plaintext information to be sent into a message ciphertext by using the encryption key;
the ciphertext broadcasting module is used for broadcasting the message ciphertext after the message ciphertext is assembled into ciphertext information according to a message protocol for a receiver to decrypt, wherein the message ciphertext comprises the encryption key, the message algebra of the group and the message ciphertext;
the KDF ratchet module is used for KDF ratchet operation in the same message generation, and when the group members send new messages, the latest temporary symmetric key and the ciphertext information are used for carrying out Hash operation to generate a temporary symmetric key required by the current message sending;
and the message algebra stepping module is used for determining the message algebra increase based on the time window and the number of the messages in the time window and executing the key application module.
The invention has the advantages that:
(1) The invention adopts an improved KDF ratchet algorithm to provide FS (forward security), adopts a self-defined generation algorithm based on a time window and a message number to provide PCS (backward security) by combining the true randomness of a quantum true random key; and an end-to-end message encryption mode is adopted to protect the safety of message data, the message is transmitted in a ciphertext mode and stored in the ciphertext mode, the encryption key is a quantum true random key generated by a quantum cipher management service system, even if the message is intercepted, an attacker only can obtain the ciphertext and cannot obtain the information, and therefore the safety of the message data is guaranteed.
(2) The whole life cycle of the temporary symmetric key is transmitted by a key ciphertext, the key plaintext is obtained by decrypting through the pre-filled quantum key, and the filled key of the transmitting party and the receiving party is protected by the encryption chip, so that the key safety is guaranteed.
(3) Reducing group encryption complexity: the public key of each member does not need to be stored among the group members, the encrypted message is sent by a user-defined protocol, and compared with the traditional mode, the interactive process that a key signature needs to be sent independently for each member is saved; promote encryption and decryption efficiency: the encryption and decryption efficiency is improved by adopting quantum symmetric encryption, compared with the traditional group encryption which mainly adopts DH and ECDH to generate a shared key, more calculation power can be saved by adopting asymmetric encryption modes such as RSA, ECC and the like; third party issuance and certification without digital certificates: the certificateless authentication method is provided, and the participation of a third party is reduced: the entity authentication protocol based on the symmetric password is used for entity authentication of both sides of the user, a third party issuing a certificate is not needed, the number of participants in the process is reduced, and the risk of the three-party protocol is reduced.
(4) Easy to realize, the commonality is strong, ductility is good: the quantum security chip is a feasible existing technology, the security authentication based on the quantum symmetric key is also a realizable technology, the temporary symmetric key for encrypting the message can be generated by using a quantum random number, the technology is mature, and the security is high; the instant messaging system is few in self-improvement places, safety is improved mainly by increasing a quantum key service system, universality is high, the instant messaging system can be integrated on a quantum safety service platform, a functional interface is provided for the outside, and ductility is good.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a schematic flowchart of a group chat encryption method based on quantum keys according to a first embodiment of the present invention;
FIG. 2 is a flow chart illustrating the subdivision step S10 in the first embodiment of the present invention;
FIG. 3 is a flow chart illustrating the subdivision steps of the decryption process of the receiving party in the first embodiment of the present invention;
fig. 4 is a schematic diagram of KDF ratcheting process in a first embodiment of the invention;
FIG. 5 is a flow chart illustrating the subdivision step of step S40 in the first embodiment of the present invention;
FIG. 6 is a schematic diagram illustrating an entity identity authentication process according to a first embodiment of the present invention;
fig. 7 is a schematic structural diagram of a messaging device according to a second embodiment of the present invention;
fig. 8 is a schematic structural diagram of a group chat encryption system based on quantum keys according to a third embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a first embodiment of the present invention provides a group chat encryption method based on a quantum key, where after a group is established, the method includes the following steps:
s10, when a sender sends a message for the first time in a current message generation, a vector sub-password management service system applies a temporary symmetric key as an encryption key, and encrypts plaintext information to be sent into a message ciphertext by using the encryption key;
the quantum cryptography switch is connected with a quantum random number generator, the quantum random number generator is used for generating a quantum key, the quantum cryptography switch receives and stores the quantum key sent by the quantum random number generator, and the quantum cryptography management service system is directly connected with the quantum cryptography switch and is used for providing an encryption key.
S20, the message ciphertext is assembled into ciphertext information according to a message protocol and then broadcast for a receiving party to decrypt, wherein the message ciphertext comprises the encryption key, the message algebra of the group and the message ciphertext;
it should be noted that, the public key of each member does not need to be stored between the group members, and the encrypted message is sent in a custom protocol, which saves the interaction process of separately sending a key signature for each member compared with the conventional method.
S30, performing KDF ratchet operation in the same message generation, and when a group member sends a new message for the Nth time, performing Hash operation by using the temporary symmetric key for the (N-1) times and the plaintext information for the (N-1) times to generate a temporary symmetric key required when the message is sent for the Nth time, wherein N is more than or equal to 2;
s40, determining the algebraic increase of the messages based on the time window and the number of the messages in the time window, and repeatedly executing the steps S10-S30.
The embodiment of the invention adopts an improved Key Derivation Function (KDF) based ratchet algorithm to provide FS (forward security), adopts a self-defined generation algorithm based on a time window and a message number to provide PCS (backward security) in combination with the true randomness of a quantum true random Key; and an end-to-end message encryption mode is adopted to protect the safety of message data, the message is transmitted in a ciphertext mode and stored in the ciphertext mode, the encryption key is a quantum true random key generated by a quantum cipher management service system, even if the message is intercepted, an attacker only can obtain the ciphertext and cannot obtain the information, and therefore the safety of the message data is guaranteed.
In addition, in the embodiment, the temporary symmetric key of (N-1) times in the current message generation and the plaintext hash of the message of (N-1) times are used for ratchet, which is equivalent to using a quantum key as salt, so that compared with the traditional communication encryption ratchet operation only using the (N-1) level symmetric key, the security is increased; besides the time interval, the embodiment also sets the limit of the number of messages, thereby avoiding the problem that if the set time interval is large, too many messages in the generation can be decrypted by decrypting the master key once, and the backward safety is not satisfied.
In one embodiment, as shown in fig. 2, the step S10: the method comprises the following steps that a sending direction quantum cryptography management service system applies for a temporary symmetric key as an encryption key, and encrypts plaintext information to be sent into a message ciphertext by using the encryption key, and specifically comprises the following steps:
s11, sending a first key application to the quantum password management service system, wherein the first key application carries information including a group ID, a message algebra, a password sequence i and a key KA with the key sequence i i SM3 digest of, said key KA i A filling key which is pre-filled into a built-in security chip of a sender;
it should be noted that the safety chip built in the sender is a feasible existing technology, the technology is mature, and the safety is high; and the encryption key can obtain the group key only by using the quantum charging key until the application of the quantum cryptography management service system KMS, which is equivalent to one more layer of identity authentication, and the security is improved.
Specifically, after receiving a first key application, the quantum cryptography management service system verifies whether a key SM3 digest of a sequence i in the quantum cryptography management service system is equal to an entry parameter, and if so, uses a quantum random number generator to generate a safe random temporary symmetric key K, and finds a charge key KA with a cryptographic sequence m by the quantum cryptography management service system through a quantum secure key stored by a quantum exchange cryptographic machine m Using the charging key KA m And encrypting the plaintext information of the temporary symmetric key K to generate an encrypted first encryption key ciphertext KEK, and sending the first encryption key ciphertext KEK and the cipher sequence m to the sender by the quantum cipher management service system.
S12, receiving a first encryption key ciphertext and a password sequence m returned by the quantum password management service system, wherein the first encryption key ciphertext is a charging key KA adopting the password sequence m m Encrypting a temporary symmetric key K, wherein the temporary symmetric key K is a random key generated by a quantum random number generator, the charging key is a quantum key stored by a quantum exchange cipher machine, and the key KA is i And a charging key KA m Is a symmetric key;
it should be noted that the charging key stored in the security chip and the charging key stored in the quantum cryptography switch are symmetric keys, the quantum symmetric key can prevent security threats brought by future quantum computers and quantum algorithms, the encryption and decryption efficiency is improved by adopting quantum symmetric encryption, and compared with the traditional group encryption, shared keys mainly based on DH and ECDH are generated, and more calculation power can be saved by asymmetric encryption methods such as RSA and ECC.
S13, charging key KA using key sequence m m Decrypting the first encryption key ciphertext to obtain the temporary symmetric key K as the encryption key;
s14, symmetrically encrypting the plaintext information P to be sent by using the encryption key to obtain the message ciphertext C = E K (P)。
It should be noted that the full life cycle of the temporary symmetric key is transmitted by a key ciphertext, a key plaintext is obtained by decrypting the pre-filled quantum key, and the filled key of the transceiver is protected by an encryption chip, so that the security of the key is guaranteed; and more computing power is saved by adopting quantum symmetric encryption.
In an embodiment, in the step S20, the format of the message protocol is: is there a CSP: GEN001: xxx, wherein? CSP denotes an encryption key, GEN001 denotes a message generation number of a group, and xxx denotes a message ciphertext.
It should be noted that, in this embodiment, the public key of each member does not need to be stored between the group members, and the encrypted message is sent in a custom protocol, which saves the interaction process of separately sending the key signature for each member compared with the conventional manner, and reduces the interaction cost of sending the key signature for many times.
In one embodiment, when the ciphertext information is generated into a fragment, the method further comprises:
the format of the message protocol used for assembling the subsequent message ciphertext is as follows: is there a CSP | GEN001: xxx, where | represents a connector; representing separators.
It should be noted that, if the length of the message ciphertext is too long, a fragment is generated, and the format of the subsequent message is? CSP | GEN001: xxx.
The embodiment solves the problem of too long ciphertext message through fragmentation, and if the subsequent fragments do not carry? CSP | GEN001 "message header, the recipient does not know the message generation or ratchets as a new message, creating confusion.
In an embodiment, as shown in fig. 3, after the receiving side receives the ciphertext information, the method further includes:
the receiving side sends a second key application to the quantum password management service system, wherein the second key application carries information including a group ID, a message algebra, a password sequence j and a key KB with the password sequence j j In SM3, wherein said key KB j A charging key which is pre-charged into a built-in security chip of a receiver;
it should be noted that the quantum cryptography management service system inquires the storage in the systemSelecting a quantum key corresponding to a built-in security chip ID of a receiver, selecting a key corresponding to a password sequence j to calculate SM3 abstract and reference pair verification effectiveness, inquiring a group ID and a temporary symmetric key K corresponding to a message algebra after verification is passed, and finding a charging key KB with a password sequence n by the quantum security key stored by a quantum exchange password machine by the quantum password management service system n Using a charging key KB n And encrypting the plaintext of the temporary symmetric key K to obtain a second encryption key ciphertext KEK ', and returning the second encryption key ciphertext KEK' and the password sequence n to the receiving party by the quantum password management service system.
Receiving a second encryption key ciphertext and a password sequence n returned by the quantum password management service system, wherein the second encryption key ciphertext is a charging key KB adopting the password sequence as n n Encrypting an encryption key K, wherein the encryption key K is a key corresponding to the group ID and the message algebra, and the charging key KB n For quantum keys stored in quantum exchange ciphers, and for charging keys KB n And a key KB j Is a symmetric key;
using a corresponding filling key KB of the cipher sequence n n And decrypting the second encryption key ciphertext to obtain an encryption key K and decrypting the ciphertext information C to obtain a message plaintext P.
It should be noted that, as shown in fig. 4, when KDF ratcheting operation is performed in the same message generation and group member communication is performed, the method specifically includes the following steps:
(1) When a sender sends a message for the first time, plaintext information message0 is encrypted by using a temporary symmetric key K obtained by applying to the quantum cryptography management service by using a current message algebra, and the message0 is obtained by decrypting the temporary symmetric key K obtained by applying to the quantum cryptography management service by group members;
(2) The receiver uses the temporary symmetric key K and the plaintext information message0 to carry out Hash operation, generates a temporary symmetric key1 based on KDF, encrypts the plaintext information message1 by using the temporary symmetric key1 and then sends the encrypted plaintext information message1 to the group;
(3) The sender uses the temporary symmetric key K and the plaintext information message0 to perform Hash operation to obtain a temporary symmetric key1, and uses the temporary symmetric key1 to decrypt to obtain the plaintext information message1;
(4) The sender uses the temporary symmetric key1 and the plaintext information message2 to perform Hash operation, generates a temporary symmetric key2 based on KDF, encrypts the plaintext information message2 by using the temporary symmetric key2 and sends the encrypted plaintext information message2 to the group;
(5) The sender uses the temporary symmetric key2 and the plaintext information message3 to perform hash operation, generates a temporary symmetric key3 based on the KDF, encrypts the plaintext information message3 by using the temporary symmetric key3, and sends the encrypted plaintext information message3 to the group.
The acquisition of the temporary symmetric key adopted by the KDF ratchet operation in the embodiment needs the charging key used by the terminal to be acquired after KMS authentication; and the group key in the generation serves as salt in the subsequent ratchet process, so that the safety is improved.
In one embodiment, as shown in fig. 5, the step S40: determining the algebraic increase of the messages based on the time window and the number of the messages in the time window, specifically comprising the following steps:
s41, judging whether the number of the messages in the time window reaches the preset maximum number of the messages, if so, executing a step S42, otherwise, executing a step S43;
s42, increasing 1 for the message algebra, and resetting the time window and the message count;
s43, judging whether the time window arrives, if so, executing a step S41, and if not, executing a step S44;
s44, judging whether a message exists in the message generation, if so, executing a step S42, otherwise, executing a step S45;
and S45, increasing 0 for the message algebra.
It should be noted that, for example, the time window is set to 10 minutes, the maximum number of messages is 1000, and if the number of messages in 10 minutes is greater than 1000, the message generation +1 or the message generation +1 exceeds 10 minutes; for offline messages, a maximum of 24 hours is reserved.
In the embodiment, a self-defined generation algorithm based on a time window and a message number is combined with the true randomness of a quantum random number to provide PCS (backward security), and the combination of a time interval and message generation counting avoids the problem that if the set time interval is large, too many messages can be decrypted in generation, and the backward security is not satisfied because a main key can decrypt a lot of messages once; in addition, the randomness of the quantum is provable, and is stronger and higher in safety compared with other random numbers.
In an embodiment, as shown in fig. 6, before the step S10, the method further includes performing identity authentication of an entity, where the specific process is as follows:
s1, performing login authorization of the instant messaging application by group members through face or fingerprint authentication, and logging in the instant messaging application;
and S2, the group members respectively perform entity authentication by using a GB/T15843.2 standard based on a symmetric key through a filling key in a built-in security chip and the quantum cryptography management service system.
It should be noted that, the group members use the quantum security chip to perform identity authentication, and meanwhile, the client of the instant messaging system on the messaging device needs to perform MFA dual-factor authentication of a human face or a fingerprint, so as to ensure the authenticity of the identity.
The quantum security chip is a feasible existing technology, the security authentication based on the quantum symmetric key is also a realizable technology, the technology is mature, and the security is high.
It should be noted that, an end-to-end message encryption mode is adopted to protect the security of message data, messages are transmitted in a ciphertext mode and stored in the ciphertext mode, and an encryption key is a quantum true random key generated by a quantum cipher management service system. Even if the message is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information, and the data security is ensured.
Therefore, the group chat encryption method based on the quantum key provided by the embodiment has the following advantages:
(1) Data security for instant messaging group chat
Forward security and backward security are combined: the generation strategy of the temporary symmetric key is based on a quantum key distribution technology, and provides absolute security guarantee which cannot be intercepted and cracked by calculation based on three principles of uncertainty, measurement collapse and unclonable in quantum mechanics; the terminal is required to use the pre-charging key to the KMS to obtain a temporary symmetric key, the temporary symmetric key is generated based on a quantum random number generated by a quantum random number generator, extreme security is provided, FS (forward security) and PCS (backward security) are considered, an improved KDF ratchet algorithm is adopted to provide FS (forward security), and a self-defined time window and message number-based generation algorithm is adopted to provide PCS (backward security) in combination with true randomness of the quantum random number.
Security of message data: and protecting the data security of the message by adopting an end-to-end message encryption mode, transmitting the message in a ciphertext mode, storing the message in the ciphertext mode, and using an encryption key as a quantum true random key generated by a quantum cipher management service system. Even if the message is intercepted, an attacker can only obtain the ciphertext and cannot obtain the information, so that the safety of the message data is ensured.
Security of the key: the full life cycle of the key is that the key ciphertext is transmitted, the key plaintext is obtained through decryption of the pre-filled quantum key, and the filled key is protected by the encryption chip, so that the security of the key is ensured.
The method can prevent the security threat brought by future quantum computers and quantum algorithms: for example, the problem of breaking public key cryptographic algorithm based on the big factorization problem is solved: using quantum symmetric keys, cannot be deciphered by factorization; the method can prevent the security threat brought by quantum computers appearing in the future: the quantum security password is used for encryption transmission, and the transmission process is completely safe and credible theoretically; the method prevents the threat of quantum algorithm which possibly appears in the future to the existing cryptosystem: the quantum security password is used for encrypted transmission, and the quantum security password is a true random number generated by a quantum random number generator and cannot be deciphered through an algorithm.
(2) The group encryption complexity is reduced, the problem of low encryption processing efficiency caused by high key management complexity and large number of keys is solved, and the usability is improved.
Reducing group encryption complexity: the public key of each member does not need to be stored among the group members, the encrypted message is sent by a user-defined protocol, and compared with the traditional mode, the interactive process that the key signature needs to be sent separately for each member is saved.
Promote encryption and decryption efficiency: compared with the traditional group encryption which mainly adopts DH and ECDH to generate a shared key, the quantum symmetric encryption is adopted to improve the encryption and decryption efficiency, and more calculation power can be saved by adopting the asymmetric encryption modes such as RSA, ECC and the like.
Third-party issuance and certification without digital certificates: the entity authentication protocol based on the symmetric password is used for entity authentication of both sides of the user, a third party for issuing a certificate is not needed, the number of participants in the process is reduced, and the risk of the three-party protocol is reduced.
(3) Easy to realize, strong universality and good ductility
The development technology is easy to realize: the quantum security chip is a feasible existing technology, the security authentication based on the quantum symmetric key is also a realizable technology, the temporary symmetric key for encrypting the message can be generated by using a quantum random number, the technology is mature, and the security is high.
The commonality is strong, ductility is good: the instant messaging system is few in self-improvement places, safety is improved mainly by increasing a quantum key service system, universality is high, the instant messaging system can be integrated on a quantum safety service platform, a functional interface is provided for the outside, and ductility is good.
(4) The economic benefit is excellent
The calculation power is saved: the adoption of quantum symmetric encryption saves more computing power.
And (3) reducing interaction: the protocol format is customized, and the interaction cost of sending the key signature for many times is reduced.
The improvement cost is low: can reform transform on current system, the platform side does not have transformation volume almost, and the application end dock can, and the transformation cost is low.
Further, as shown in fig. 7, a second embodiment of the present invention proposes a messaging device including:
a key application module 10, configured to apply, by the vector sub-cipher management service system, a temporary symmetric key as an encryption key when a message is first sent in a current message generation, and encrypt plaintext information to be sent into a message ciphertext using the encryption key;
a ciphertext broadcasting module 20, configured to assemble the message ciphertext into ciphertext information according to a message protocol, and broadcast the ciphertext information for a receiving party to decrypt, where the message ciphertext includes the encryption key, the message generation number of the group, and the message ciphertext;
the KDF ratchet module 30 is used for KDF ratchet operation in the same message generation, and when a group member sends a new message for the Nth time, the temporary symmetric key for the (N-1) times and the plaintext information for the (N-1) times are used for carrying out Hash operation to generate a temporary symmetric key required by the current message sending;
and the message algebra stepping module 40 is used for determining the message algebra increase based on the time window and the number of messages in the time window and executing the key application module.
The embodiment of the invention adopts an improved Key Derivation Function (KDF) based ratchet algorithm to provide FS (forward security), adopts a self-defined generation algorithm based on a time window and a message number to provide PCS (backward security) in combination with the true randomness of a quantum true random Key; and an end-to-end message encryption mode is adopted to protect the safety of message data, the message is transmitted in a ciphertext mode and stored in the ciphertext mode, the encryption key is a quantum true random key generated by a quantum cipher management service system, even if the message is intercepted, an attacker only can obtain the ciphertext and cannot obtain the information, and therefore the safety of the message data is guaranteed.
In one embodiment, the key application module 10 includes:
a key application sending unit, configured to send a first key application to the quantum cryptography management service system, where the first key application carries information including a group ID, a message algebra, a cryptographic sequence i, and a key KA with the cryptographic sequence i i SM3 digest of, said key KA i A filling key which is pre-filled into a built-in security chip of a sender;
specifically, after receiving a first key application, the quantum cryptography management service system verifies a key of a sequence i in the quantum cryptography management service systemWhether the SM3 abstract is equal to the input parameter or not, if so, a quantum random number generator is used for generating a safe random temporary symmetric key K, and the quantum password management service system searches a charging key KA with the password sequence being m through a quantum secure key stored in a quantum exchange password machine m Using the charging key KA m And encrypting the plaintext information of the temporary symmetric key K to generate an encrypted first encryption key ciphertext KEK, and sending the first encryption key ciphertext KEK and the password sequence m to the sender by the quantum password management service system.
A key information receiving unit, configured to receive a first encryption key ciphertext and a cipher sequence m returned by the quantum cryptography management service system, where the first encryption key ciphertext is a charging key KA with the cipher sequence m m Encrypting a temporary symmetric key K, wherein the temporary symmetric key K is a random key generated by a quantum random number generator, the charging key is a quantum key stored by a quantum exchange cipher machine, and the key KA is i And a charging key KA m Is a symmetric key;
a key decryption unit for using a charging key KA having a key sequence m m Decrypting the first encryption key ciphertext to obtain the temporary symmetric key K as the encryption key;
a plaintext encryption unit, configured to symmetrically encrypt the plaintext information P to be sent by using the encryption key to obtain the message ciphertext C = E K (P)。
It should be noted that the full life cycle of the temporary symmetric key is transmitted by a key ciphertext, a key plaintext is obtained by decrypting the pre-filled quantum key, and the filled key of the transceiver is protected by an encryption chip, so that the security of the key is guaranteed; and more computing power is saved by adopting quantum symmetric encryption.
In one embodiment, the format of the message protocol adopted by the ciphertext broadcast module 20 is: is there a CSP: GEN001: xxx, wherein? CSP denotes an encryption key, GEN001 denotes a message generation number of a group, and xxx denotes a message ciphertext.
It should be noted that, in this embodiment, the public key of each member does not need to be stored between the group members, and the encrypted message is sent in a custom protocol, which saves the interaction process of separately sending the key signature for each member compared with the conventional manner, and reduces the interaction cost of sending the key signature for many times.
In one embodiment, the messaging device further comprises a ciphertext decryption unit, which when acting as a recipient, comprises:
the key application sending unit is also used for receiving a second key application sent by the quantum password management service system, wherein the second key application carries information including a group ID, a message algebra, a password sequence j and a key KB with the password sequence j j In SM3, wherein said key KB j A charging key which is pre-charged into a built-in security chip of a receiver;
it should be noted that, the quantum cryptography management service system queries a quantum key corresponding to a receiver built-in security chip ID stored in the system, selects a key corresponding to a cipher sequence j to calculate an SM3 digest and access reference pair verification validity, queries a temporary symmetric key K corresponding to a group ID and a message algebra after verification is passed, and finds a charging key KB with a cipher sequence n by using a quantum security key stored in a quantum exchange cipher machine n Using a padding key KB n And encrypting the plaintext of the temporary symmetric key K to obtain a second encryption key ciphertext KEK ', and returning the second encryption key ciphertext KEK' and the password sequence n to the receiving party by the quantum password management service system.
The key information receiving unit is further configured to receive a second encryption key ciphertext and a password sequence n returned by the quantum password management service system, where the second encryption key ciphertext is a charging key KB using the password sequence n n Encrypting an encryption key K, wherein the encryption key K is a key corresponding to the group ID and the message algebra, and the charging key KB n For quantum keys stored in quantum exchange ciphers, and for charging keys KB n And a key KB j Is a symmetric key;
the cipher text decryption unit is used for using a charging key KB corresponding to the cipher sequence n n And decrypting the second encryption key ciphertext to obtain an encryption key K and decrypting the ciphertext information C to obtain a message plaintext P.
After the receiver obtains the message plaintext message0 for the first time, the method further includes:
the receiver uses the encryption key K and the message plaintext message0 to carry out Hash operation, generates a primary temporary symmetric key based on KDF, encrypts the message plaintext message1 by using the primary temporary symmetric key and then sends the encrypted message to the group;
and the sender uses the encryption key K and the message plaintext message0 to carry out Hash operation to obtain the primary temporary symmetric key, and uses the primary temporary symmetric key to decrypt the message plaintext 1 to obtain the plaintext of the message 1.
In one embodiment, the KDF ratcheting process is performed as follows:
when a sender sends a message for the first time, encrypting plaintext information message0 by using a temporary symmetric key K obtained by applying to the quantum cryptography management service by using a current message algebra, and decrypting the message0 by applying to the quantum cryptography management service by group members to obtain the temporary symmetric key K;
the receiver performs Hash operation by using the temporary symmetric key K and the plaintext information message0, generates a temporary symmetric key1 based on the KDF, encrypts the plaintext information message1 by using the temporary symmetric key1 and then sends the encrypted plaintext information message1 to the group;
the sender uses the temporary symmetric key K and the plaintext information message0 to perform Hash operation to obtain a temporary symmetric key1, and uses the temporary symmetric key1 to decrypt to obtain the plaintext information message1;
the sender uses the temporary symmetric key1 and the plaintext information message2 to perform Hash operation, generates a temporary symmetric key2 based on KDF, encrypts the plaintext information message2 by using the temporary symmetric key2 and sends the encrypted plaintext information message2 to the group;
the sender uses the temporary symmetric key2 and the plaintext information message3 to perform hash operation, generates a temporary symmetric key3 based on the KDF, encrypts the plaintext information message3 by using the temporary symmetric key3, and sends the encrypted plaintext information message3 to the group.
In an embodiment, the message algebra stepping module 40 is specifically configured to perform the following steps:
judging whether the number of messages is larger than the set maximum number of messages in generation, if so, replacing the messages by +1, and resetting the message count and the time window; if the maximum number of messages is not exceeded, judging whether the time window is reached again, if the time window is reached, judging whether the in-band has messages again, if the in-band has messages, substituting the messages for +1, if the in-band has no messages, substituting the messages for +0, and resetting the message count and the time window.
In an embodiment, the messaging device further comprises an entity authentication module for performing the steps of:
the group members log in the instant messaging application for authorization through authenticating the face or the fingerprint;
group members respectively use GB/T15843.2 standard to perform entity authentication based on a symmetric key through a charging key in a built-in security chip and the quantum cryptography management service system.
It should be noted that other embodiments or methods of implementing the messaging device of the present invention can refer to the first embodiment of the method described above, and are not redundant here.
In addition, as shown in fig. 8, a third embodiment of the present invention further provides a group chat encryption system based on a quantum key, where the system includes: the system comprises an instant messaging system 3, a quantum password management service system 2 and a plurality of message transmitting and receiving devices 1, wherein a security chip 50 is arranged in each message transmitting and receiving device 1, the security chip 50 is respectively connected with the quantum password management service system 2, each message transmitting and receiving device 1 is connected with the instant messaging system 3, the quantum password management service system 2 is connected with a quantum random number generator 5 through a quantum exchange cipher machine 4, and the method comprises the following steps:
the quantum random number generator 5 is used for generating a quantum key;
the quantum exchange cipher machine 4 is used for receiving and storing the quantum key sent by the quantum random number generator;
the quantum cryptography management service system 2 is configured to perform identity authentication on each of the messaging devices and call a quantum key in the quantum exchange cryptographic machine to provide a quantum key for each of the security chips;
the instant messaging system 3 is configured to provide a message for each of the messaging devices;
the messaging device 1 comprises:
a key application module 10, configured to apply, by the vector sub-cipher management service system, a temporary symmetric key as an encryption key when a message is first sent in a current message generation, and encrypt plaintext information to be sent into a message ciphertext using the encryption key;
a ciphertext broadcasting module 20, configured to assemble the message ciphertext into ciphertext information according to a message protocol, and broadcast the ciphertext information for a receiving party to decrypt, where the message ciphertext includes the encryption key, the message generation number of the group, and the message ciphertext;
the KDF ratchet module 30 is used for KDF ratchet operation in the same message generation, and when a group member sends a new message for the Nth time, the temporary symmetric key for the (N-1) times and the plaintext information for the (N-1) times are used for carrying out Hash operation to generate a temporary symmetric key required by the current message sending;
and the message algebra stepping module 40 is used for determining the message algebra increase based on the time window and the number of messages in the time window and executing the key application module.
The embodiment of the invention adopts an improved Key Derivation Function (KDF) based ratchet algorithm to provide FS (forward security), adopts a self-defined generation algorithm based on a time window and a message number to provide PCS (backward security) in combination with the true randomness of a quantum true random Key; and an end-to-end message encryption mode is adopted to protect the safety of message data, the message is transmitted in a ciphertext mode and stored in the ciphertext mode, the encryption key is a quantum true random key generated by a quantum cipher management service system, even if the message is intercepted, an attacker only can obtain the ciphertext and cannot obtain the information, and therefore the safety of the message data is guaranteed.
It should be noted that, the security chip includes but is not limited to SIM card or usb disk, the security key in the security chip is pre-embedded, the security chip is pre-filled by the quantum key filling machine when issuing a card, the used security chip has a pre-set quantum password, that is, the principle is: the security chip is initialized before use (pre-filling cipher), the security chip is filled with quantum security keys through a quantum cipher filling machine, and the keys filled in each security chip and the keys preset in the quantum exchange cipher machine are symmetric keys (namely keys corresponding to one). Each security chip has an ID number of the security chip, each quantum key has a serial number of the security chip, and the corresponding key can be found in the quantum exchange crypto engine only by providing the number of the quantum security chip and the serial number of the quantum key.
The message receiving and sending device is used for receiving and sending messages, the safety chip is internally or externally connected with the message receiving and sending device, the message receiving and sending device comprises but is not limited to a mobile phone and fixed equipment such as a computer, a user needs to be bound with the safety chip in advance, and only the bound user can use the message receiving and sending device with the safety chip.
It should be noted that the output of the quantum cryptography exchange is connected with a quantum key filling machine 6, which is used for filling the quantum key filling machine with quantum keys.
Further, the work flow of the group chat encryption system based on the quantum key in this embodiment is as follows:
(1) The group members use the quantum security chip to perform identity authentication, and simultaneously, the IM system needs to perform MFA double-factor authentication of human faces or fingerprints at the client side on the message transmitting and receiving equipment.
(2) The first message sent after the group is established is identified as a first generation, the encryption key of the first message is a temporary symmetric key K applied by a sender by using a charging key in a quantum security chip to a quantum cryptography management service system, the temporary symmetric key K is generated by calling a quantum random number by a quantum exchange cryptographic machine, the temporary symmetric key plaintext K is encrypted by the charging key of the quantum security chip and then returns to the sender together with the charging key number, the sender calls the quantum security chip of the sender to decrypt a temporary symmetric key ciphertext (KEK) into the temporary symmetric key plaintext K, and then the temporary symmetric key plaintext K is sentThe sending party encrypts plaintext information P to be sent into a message ciphertext by using the temporary symmetric key K and the encrypted message (C = E) K And (P)), finally, the ciphertext information is assembled according to the user-defined message protocol and then broadcast. The protocol format is? CSP: GEN001: xxx, are? CSP, representing encrypted message; GEN001, representing the message generation of the group; xxx: a ciphertext representing the message; if a message is too long to generate fragments, the format of the subsequent message is? CSP | GEN001: xxx.
(3) The receiving party decrypts the message, the message receiving party needs to carry the group, the generation of the message and the charging key in the quantum encryption chip of the receiving party to vector the quantum encryption management service system to apply for the temporary symmetric key K, the quantum encryption management service system calls a quantum exchange cipher machine to encrypt the temporary symmetric key plaintext K through the charging key of the quantum security chip of the receiving party (KEK ') and return the encrypted temporary symmetric key plaintext K together with the number of the charging key, the receiving party calls the number K ' corresponding to the number of the quantum security chip of the receiving party to decrypt the temporary symmetric key ciphertext (KEK ') into the temporary symmetric key plaintext K, and then the message ciphertext C is decrypted into the plaintext P through the temporary symmetric key.
(4) When KDF ratchet wheel in the same message generation and group member sends new message, the temporary encryption key is the one passing the last temporary encryption key K n-1 Hash generation K with message content n Meanwhile, the IM system ensures the sequence of the asynchronous messages by using the message queue.
(5) The step condition of the message generation is based on the time window and the message number, if the message number in the time window reaches the maximum message number configured in advance, the message generation is +1, and the time window and the message count are reset at the same time; and if the time window is expired, substituting the message by +1, resetting the time window and the message count at the same time, and if no new message exists in the new time window, substituting the message by +0. After the message generation +1, the encryption and decryption process of the message repeats the steps (2) to (5).
It should be noted that other embodiments or implementations of the messaging device of the present invention can refer to the second embodiment described above, and no redundancy is necessary here.
It should be noted that the logic and/or steps shown in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (10)
1. A group chat encryption method based on quantum keys is characterized in that after a group is established, the method comprises the following steps:
s10, when a sender sends a message for the first time in a current message generation, a vector sub-password management service system applies a temporary symmetric key as an encryption key, and encrypts plaintext information to be sent into a message ciphertext by using the encryption key;
s20, the message ciphertext is assembled into ciphertext information according to a message protocol and then broadcast for a receiving party to decrypt, wherein the message ciphertext comprises the encryption key, the message algebra of the group and the message ciphertext;
s30, performing KDF ratchet operation in the same message generation, and when a group member sends a new message for the Nth time, performing hash operation by using the temporary symmetric key for the (N-1) times and the plaintext information for the (N-1) times to generate a temporary symmetric key required by sending the message for the Nth time, wherein N is more than or equal to 2;
s40, determining the algebraic increase of the messages based on the time window and the number of the messages in the time window, and repeatedly executing the steps S10-S30.
2. The group chat encrypting method based on the quantum key as claimed in claim 1, wherein in the step S10, the sending party applies for a temporary symmetric key as the encryption key to the quantum cryptography management service system, and encrypts the plaintext information to be sent into the message ciphertext by using the encryption key, including:
sending a first key application to the quantum password management service system, wherein the first key application carries information including a group ID, a message algebra, a password sequence i and a key KA with the key sequence i i SM3 digest of, said key KA i A filling key which is pre-filled into a built-in security chip of a sender;
receiving a first encryption key ciphertext and a password sequence m returned by the quantum password management service system, wherein the first encryption key ciphertext is a charging key KA adopting the password sequence m m Encrypting a temporary symmetric key K, wherein the temporary symmetric key K is a random key generated by a quantum random number generator, the charging key is a quantum key stored by a quantum exchange cipher machine, and the key KA is i And a charging key KA m Is a symmetric key;
charging key KA using key sequence m m Decrypting the first encryption key ciphertext to obtain the temporary symmetric key K as the encryption key;
and symmetrically encrypting the plaintext information to be sent by using the encryption key to obtain the message ciphertext.
3. The quantum key-based group chat encryption method according to claim 1, wherein in the step S20, the message protocol is in a format of: is there a CSP: GEN001: xxx, wherein? CSP denotes an encryption key, GEN001 denotes a message generation number of a group, and xxx denotes a message ciphertext.
4. The quantum key based group chat encryption method of claim 3, wherein when the ciphertext information is generated into fragments, the method further comprises:
the format of the message protocol used for assembling the subsequent message ciphertext is as follows: is it a question of CSP | GEN001: xxx.
5. The quantum key-based group chat encrypting method of claim 1, wherein the step S40 of determining the algebraic addition of the message based on the time window and the number of messages in the time window comprises:
judging whether the number of the messages in the time window reaches the preset maximum number of the messages;
if yes, increasing 1 for the message algebra, and resetting the time window and the message count;
if not, judging whether a message exists in the message generation or not when the time window expires;
if so, increasing the message algebra by 1, otherwise, increasing the message algebra by 0, and then resetting the time window and the message count.
6. The quantum key based group chat encryption method of claim 1, wherein before the step S10, the method further comprises:
the group members log in the instant messaging application for authorization through authenticating the face or the fingerprint;
group members respectively use a GB/T15843.2 standard to perform entity authentication based on a symmetric key through a filling key in a built-in security chip of each group member and the quantum cryptography management service system.
7. The quantum key based group chat encryption method of claim 1, wherein after the recipient receives the ciphertext information, the method further comprises:
the receiving side sends a second key application to the quantum password management service system, wherein the second key application carries information including a group ID, a message algebra, a password sequence j and a key KB with the password sequence j j In SM3, wherein said key KB j A charging key which is pre-charged into a built-in security chip of a receiver;
receiving a second encryption key ciphertext and a password sequence n returned by the quantum password management service system, wherein the second encryption key ciphertext is a charging key KB adopting the password sequence n n Encrypting an encryption key K, wherein the encryption key K is a key corresponding to the group ID and the message algebra, and the charging key KB n For quantum keys stored in quantum exchange ciphers, and for charging keys KB n And a key KB j Is a symmetric key;
using a corresponding filling key KB of the cipher sequence n n And decrypting the second encryption key ciphertext to obtain an encryption key K and decrypting the ciphertext information to obtain a message plaintext.
8. The quantum key based group chat encryption method of claim 7, wherein after the receiver first obtains a message plaintext message0, the method further comprises:
the receiver uses the encryption key K and the message plaintext message0 to carry out Hash operation, generates a primary temporary symmetric key based on KDF, encrypts the message plaintext message1 by using the primary temporary symmetric key and then sends the encrypted message to the group;
and the sender uses the encryption key K and the message plaintext message0 to carry out Hash operation to obtain the primary temporary symmetric key, and uses the primary temporary symmetric key to decrypt the message plaintext 1 to obtain the plaintext of the message 1.
9. A messaging device, the device comprising:
the device comprises a key application module, a vector sub-password management service system and a message sending module, wherein the key application module is used for applying a temporary symmetric key as an encryption key by the vector sub-password management service system when a message is sent for the first time in a current message generation, and encrypting plaintext information to be sent into a message ciphertext by using the encryption key;
the ciphertext broadcasting module is used for broadcasting the message ciphertext after the message ciphertext is assembled into ciphertext information according to a message protocol for a receiver to decrypt, wherein the message ciphertext comprises the encryption key, the message algebra of the group and the message ciphertext;
the KDF ratchet module is used for KDF ratchet operation in the same message generation, and when the group members send new messages for the Nth time, the temporary symmetric key for the (N-1) times and the plaintext information for the (N-1) times are used for carrying out Hash operation to generate a temporary symmetric key required by the current message sending;
and the message algebra stepping module is used for determining the message algebra increase based on the time window and the number of messages in the time window and executing the key application module.
10. A quantum key based group chat encryption system, the system comprising: the system comprises an instant messaging system, a quantum password management service system and a plurality of message transmitting and receiving devices, wherein a security chip is arranged in each message transmitting and receiving device, the security chip is respectively connected with the quantum password management service system, each message transmitting and receiving device is connected with the instant messaging system, the quantum password management service system is connected with a quantum random number generator through a quantum exchange password machine, and the method comprises the following steps:
the quantum random number generator is used for generating a quantum key;
the quantum exchange cipher machine is used for receiving and storing the quantum key sent by the quantum random number generator;
the quantum cipher management service system is used for performing identity authentication on each message transmitting-receiving device and calling a quantum key in the quantum exchange cipher machine to provide the quantum key for each security chip;
the instant communication system is used for providing the receiving and sending messages for each message receiving and sending device;
the messaging device comprises:
the device comprises a key application module, a vector sub-password management service system and a message sending module, wherein the key application module is used for applying a temporary symmetric key as an encryption key by the vector sub-password management service system when a message is sent for the first time in a current message generation, and encrypting plaintext information to be sent into a message ciphertext by using the encryption key;
the ciphertext broadcasting module is used for broadcasting the message ciphertext after the message ciphertext is assembled into ciphertext information according to a message protocol for a receiver to decrypt, wherein the message ciphertext comprises the encryption key, the message algebra of the group and the message ciphertext;
the KDF ratchet module is used for KDF ratchet operation in the same message generation, and when the group members send new messages for the Nth time, the temporary symmetric key for the (N-1) times and the plaintext information for the (N-1) times are used for carrying out Hash operation to generate a temporary symmetric key required by the current message sending;
and the message algebra stepping module is used for determining the message algebra increase based on the time window and the number of messages in the time window and executing the key application module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211433869.6A CN115834175A (en) | 2022-11-16 | 2022-11-16 | Quantum key-based group chat encryption method, message transmitting and receiving equipment and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211433869.6A CN115834175A (en) | 2022-11-16 | 2022-11-16 | Quantum key-based group chat encryption method, message transmitting and receiving equipment and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115834175A true CN115834175A (en) | 2023-03-21 |
Family
ID=85528394
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211433869.6A Pending CN115834175A (en) | 2022-11-16 | 2022-11-16 | Quantum key-based group chat encryption method, message transmitting and receiving equipment and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115834175A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN118353627A (en) * | 2024-05-15 | 2024-07-16 | 海南即客科技有限公司 | Group chat encryption method, system, equipment and medium based on quantum key |
-
2022
- 2022-11-16 CN CN202211433869.6A patent/CN115834175A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN118353627A (en) * | 2024-05-15 | 2024-07-16 | 海南即客科技有限公司 | Group chat encryption method, system, equipment and medium based on quantum key |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10785019B2 (en) | Data transmission method and apparatus | |
CN107947913B (en) | Anonymous authentication method and system based on identity | |
US12010216B2 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
CN104821944A (en) | Hybrid encryption network data security method and system | |
CN112804205A (en) | Data encryption method and device and data decryption method and device | |
CN107483429B (en) | A kind of data ciphering method and device | |
KR20010090167A (en) | Method for mutual authentication and key exchange based on the user's password and apparatus thereof | |
CN111953479B (en) | Data processing method and device | |
US11528127B2 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
CN109962924B (en) | Group chat construction method, group message sending method, group message receiving method and system | |
CN115766119A (en) | Communication method, communication apparatus, communication system, and storage medium | |
CN1472914A (en) | High performance and quick public pin encryption | |
CN112422276B (en) | Method and system for realizing multi-party key agreement | |
CN115567207A (en) | Method and system for realizing multicast data encryption and decryption by quantum key distribution | |
CA2819211A1 (en) | Data encryption | |
CN111049738B (en) | E-mail data security protection method based on hybrid encryption | |
CN107104888B (en) | Safe instant messaging method | |
CN115834175A (en) | Quantum key-based group chat encryption method, message transmitting and receiving equipment and system | |
CN114070549B (en) | Key generation method, device, equipment and storage medium | |
Azaim et al. | Design and implementation of encrypted SMS on Android smartphone combining ECDSA-ECDH and AES | |
CN114422114B (en) | Time-controlled encryption method and system based on multi-time server | |
Purevjav et al. | Email encryption using hybrid cryptosystem based on Android | |
CN116318739A (en) | Electronic data exchange method and system | |
CN114070550B (en) | Information processing method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |