Nothing Special   »   [go: up one dir, main page]

CN112422276B - Method and system for realizing multi-party key agreement - Google Patents

Method and system for realizing multi-party key agreement Download PDF

Info

Publication number
CN112422276B
CN112422276B CN202011212830.2A CN202011212830A CN112422276B CN 112422276 B CN112422276 B CN 112422276B CN 202011212830 A CN202011212830 A CN 202011212830A CN 112422276 B CN112422276 B CN 112422276B
Authority
CN
China
Prior art keywords
key
information
agreement
negotiation
generating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011212830.2A
Other languages
Chinese (zh)
Other versions
CN112422276A (en
Inventor
彭金辉
雷宗华
刘武忠
李鑫
李顶占
卫志刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN202011212830.2A priority Critical patent/CN112422276B/en
Publication of CN112422276A publication Critical patent/CN112422276A/en
Application granted granted Critical
Publication of CN112422276B publication Critical patent/CN112422276B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method and a system for realizing multi-party key agreement. The method comprises the following steps: member A1Generating key parameters
Figure DDA0002759388760000011
Then through
Figure DDA0002759388760000012
Generating key negotiation information with member information
Figure DDA0002759388760000013
And sent to member A2(ii) a Member A2Generating random numbers
Figure DDA0002759388760000014
Computing
Figure DDA0002759388760000015
By passing
Figure DDA0002759388760000016
Generating key negotiation information with member information
Figure DDA0002759388760000017
And sent to member A3(ii) a So continuing, member AmGenerating random numbers
Figure DDA0002759388760000018
Calculating to obtain a secret key; computing
Figure DDA0002759388760000019
By passing
Figure DDA00027593887600000110
Generating key negotiation information with member information
Figure DDA00027593887600000111
And sent to member Am‑1(ii) a So continuing, the key negotiation information is transmitted in sequence, and finally the member A1And calculating to obtain the key. The invention can effectively realize the key agreement of multi-party members, and selects a safe elliptic curve, and the difficulty of discrete logarithm on the elliptic curve can effectively ensure the security of the key parameter in the communication process on the basis of the safe elliptic curve.

Description

Method and system for realizing multi-party key agreement
Technical Field
The invention relates to the technical field of network communication security, in particular to a method and a system for realizing multi-party key agreement.
Background
With the global informatization, the emergence and development of digital communication systems, the human society has changed greatly. Before data interaction is needed between two devices of a digital communication system, in order to ensure the security of the data interaction, a secure communication mechanism needs to be established between the two devices, and the secure communication between the two devices is usually realized by encrypting and decrypting content to be communicated by using session keys of the two parties.
At present, DH (Diffie-Hellman) key agreement is implemented to let two communicating parties exchange mutual information on communication to jointly calculate the same session key, even if a part of the transmitted information is intercepted, the session key cannot be calculated according to the information, because another part of the information for calculating the session key is at the receiving party, and the receiving party does not disclose the part of the information, the intermediate party does not have enough information to obtain the session key, and further, the communication ciphertext after the decryption.
However, when the number of communication members exceeds two, the complexity of key agreement is greatly increased, more information needs to be exchanged between the members, so the security of the information exchange and key agreement process is crucial, once the exchange information is leaked, the key is cracked, therefore, how to design a multi-party key agreement method can effectively ensure the security of the information exchange between the key agreement members, and safely and efficiently realize the key agreement between a plurality of members is a problem which is urgently needed to be solved at present.
Disclosure of Invention
The invention provides a method and a system for realizing multi-party key agreement, aiming at the problem that the current key agreement method can not effectively ensure the safety of information exchange of key agreement members when the communication members exceed two parties.
In a first aspect, the present invention provides a method for implementing multi-party key agreement, which includes m key agreement members { A }1,A2,…,Am-said method comprising: a forward transmission process and a reverse transmission process;
the forward transmission process comprises the following steps:
key agreement member A1Generating random numbers
Figure GDA0003482378580000011
Then generating key parameters
Figure GDA0003482378580000012
By passing
Figure GDA0003482378580000013
Generating key negotiation information with member information
Figure GDA0003482378580000021
And sends to the key agreement member A2(ii) a G is a base point with a prime number n of an order on the elliptic curve;
key agreement member A2Generating random numbers
Figure GDA0003482378580000022
Calculating key parameters
Figure GDA0003482378580000023
By passing
Figure GDA0003482378580000024
Generating key negotiation information with member information
Figure GDA0003482378580000025
And sends to the key agreement member A3
Continuing so, key agreement member AiGenerating random numbers
Figure GDA0003482378580000026
Negotiating Member A based on a Keyi-1Key parameter of
Figure GDA0003482378580000027
Calculating its key parameters
Figure GDA0003482378580000028
Key parameter of the member negotiating with its previous (i-1) keys, key parameter of itself
Figure GDA0003482378580000029
Generating key negotiation information with member information
Figure GDA00034823785800000210
And sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
key agreement member AmGenerating random numbers
Figure GDA00034823785800000211
Calculating a secret key
Figure GDA00034823785800000212
Computing
Figure GDA00034823785800000213
Figure GDA00034823785800000214
The reverse transmission process comprises:
key agreement member AmBy passing
Figure GDA00034823785800000215
Generating key negotiation information with member information
Figure GDA00034823785800000216
And sends to the key agreement member Am-1
Key agreement member Am-1Calculating a secret key
Figure GDA00034823785800000217
Computing
Figure GDA00034823785800000218
Figure GDA00034823785800000219
By passing
Figure GDA00034823785800000220
Generating key negotiation information with member information
Figure GDA00034823785800000221
And sends to the key agreement member Am-2
Continuing so, key agreement member AjCalculating a secret key
Figure GDA00034823785800000222
Computing
Figure GDA00034823785800000223
By passing
Figure GDA00034823785800000224
Generating key negotiation information with member information
Figure GDA00034823785800000225
And sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
key agreement member A2Calculating a secret key
Figure GDA00034823785800000226
Computing
Figure GDA0003482378580000031
By passing
Figure GDA0003482378580000032
Generating key negotiation information with member information
Figure GDA0003482378580000033
And sends to the key agreement member A1
Key agreement member A1Calculating a secret key
Figure GDA0003482378580000034
Further, still include:
before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member, performing digest, signature and encryption processing on the key negotiation information;
correspondingly, after each key negotiation member receives the ciphertext, the received ciphertext is decrypted, signed and integrity verified, and then the key or the key parameter is calculated.
Further, the digest, signature, and encryption processing on the key agreement information specifically includes: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
the decrypting, signature verification and integrity verification of the received ciphertext specifically comprises: the method comprises the steps of firstly decrypting a received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then using public keys of all key negotiation members to verify the signature information, carrying out hash operation on the key negotiation information through a hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.
Further, the key agreement information also includes a timestamp when the sender sends the information to the receiver;
correspondingly, after receiving the timestamp, the receiver first verifies the timestamp and then calculates the key or key parameters.
Further, the member information refers to ID information of a key agreement member as both communication parties.
Further, each key agreement member does not save each result of the intermediate calculation in the key agreement process, and only saves the generated random number.
In a second aspect, the present invention provides a system for implementing multi-party key agreement, including:
a first random number generation module for key negotiation member A1Generating random numbers
Figure GDA0003482378580000035
A first calculation module for generating key parameters
Figure GDA0003482378580000036
G is a base point with a prime number n of an order on the elliptic curve; a first key negotiation information generation module for passing through
Figure GDA0003482378580000037
Generating key negotiation information with member information
Figure GDA0003482378580000038
And sent to the key agreementBusiness member A2
A second random number generation module for key negotiation member A2Generating random numbers
Figure GDA0003482378580000041
A second calculation module for calculating key parameters
Figure GDA0003482378580000042
A second key agreement information generation module for passing through
Figure GDA0003482378580000043
Figure GDA0003482378580000044
Generating key negotiation information with member information
Figure GDA0003482378580000045
And sends to the key agreement member A3
The ith random number generation module is used for the key negotiation member AiGenerating random numbers
Figure GDA0003482378580000046
An ith calculation module for negotiating the member A according to the keyi-1Key parameter of
Figure GDA0003482378580000047
Calculating its key parameters
Figure GDA0003482378580000048
An ith key agreement information generation module for passing the key parameters of its previous (i-1) key agreement members, its own key parameters
Figure GDA0003482378580000049
Generating key negotiation information with member information
Figure GDA00034823785800000410
And sent to the next keyNegotiation Member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
the mth random number generation module is used for the key negotiation member AmGenerating random numbers
Figure GDA00034823785800000411
An mth calculation module for calculating the obtained key
Figure GDA00034823785800000412
Computing
Figure GDA00034823785800000413
The mth key negotiation information generation module is used for the key negotiation member AmBy passing
Figure GDA00034823785800000414
Figure GDA00034823785800000415
Generating key negotiation information with member information
Figure GDA00034823785800000416
And sends to the key agreement member Am-1
M-1 th calculation module for key agreement member Am-1Calculating a secret key
Figure GDA00034823785800000417
Computing
Figure GDA00034823785800000418
Figure GDA00034823785800000419
M-1 key agreement information generation module for passing through
Figure GDA00034823785800000420
Figure GDA00034823785800000421
And member informationGenerating key agreement information
Figure GDA00034823785800000422
And sends to the key agreement member Am-2
A jth calculation module for key negotiation member AjCalculating a secret key
Figure GDA00034823785800000423
Computing
Figure GDA00034823785800000424
Figure GDA00034823785800000425
By passing
Figure GDA00034823785800000426
Generating key negotiation information with member information
Figure GDA00034823785800000427
And sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
a second calculation module for key agreement member A2Calculating a secret key
Figure GDA0003482378580000051
Computing
Figure GDA0003482378580000052
A second key agreement information generation module for passing through
Figure GDA0003482378580000053
Generating key negotiation information with member information
Figure GDA0003482378580000054
And sends to the key agreement member A1
A first calculation module for key agreement member A1Calculating a secret key
Figure GDA0003482378580000055
Further, still include: the first security module is used for performing digest, signature and encryption processing on the key negotiation information before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member; and after each key negotiation member receives the ciphertext, decrypting, checking the signature and verifying the integrity of the received ciphertext.
Further, the first security module is specifically configured to:
performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
and the encryption and decryption module is specifically configured to decrypt the received ciphertext through an encryption and decryption algorithm to obtain signature information and key agreement information, then verify the signature information using the public key of each key agreement member, perform hash operation on the key agreement information through the hash algorithm to generate a second hash operation result, and compare the first hash operation result with the second hash operation result to verify the integrity of the key agreement information.
Further, the key agreement information also includes a timestamp when the sender sends the information to the receiver; correspondingly, the system further comprises:
and the second safety module is used for verifying the time stamp after the receiving party receives the time stamp.
The invention has the beneficial effects that:
(1) the invention can divide the process of the key agreement of many parties into two processes of forward and backward, transmit the information that the member of subsequent key agreement needs sequentially, thus realize the key agreement of many parties effectively, and choose a safe elliptic curve, on the basis of the safe elliptic curve, the difficulty of the discrete logarithm on the elliptic curve can guarantee the security of the key parameter in the communication process effectively;
(2) in the process of multi-party key agreement, a fresh factor timestamp is added into each key agreement message of communication, so that each message interaction in the key agreement communication is ensured to be a fresh message, and replay attack of an old message is prevented;
(3) in the interactive process of key agreement, the invention adopts the signature technology for the key agreement information sent each time, so that an intermediate attacker cannot generate an effective signature of the message sent by a real communication main body, and cannot falsely succeed;
(4) the invention adopts a hash function technology and an encryption technology, in the interactive process of key agreement, for the key agreement information sent each time, a sender sends the information and simultaneously sends summary information of the information, and encrypts the information, and a receiver also generates the summary information of the information after receiving the information and compares the summary information with the received summary information to ensure that the key agreement information is not falsified by an attacker in the communication process;
(5) the invention provides a key negotiation process that the identity of a sender is in the first place and the information of a receiver is in the last place in the key negotiation information, so as to ensure that an information receiver can distinguish whether the information is the reflection of the message sent by the receiver.
Drawings
Fig. 1 is a flow chart of forward transmission in a method for implementing multi-party key agreement according to an embodiment of the present invention;
fig. 2 is a reverse transmission flow chart in a method for implementing multi-party key agreement according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
the embodiment of the invention provides a method for realizing multi-party key agreement, which comprises m key agreement members { A }1,A2,…,AmThe method comprises a forward transmission process and a reverse transmission process; wherein:
the forward transmission process comprises the following steps:
key agreement member A1Generating random numbers
Figure GDA0003482378580000061
Then generating key parameters
Figure GDA0003482378580000062
By passing
Figure GDA0003482378580000063
Generating key negotiation information with member information
Figure GDA0003482378580000064
And sends to the key agreement member A2(ii) a G is a base point with a prime number n of an order on the elliptic curve; random number
Figure GDA0003482378580000071
Key agreement member A2Generating random numbers
Figure GDA0003482378580000072
Calculating key parameters
Figure GDA0003482378580000073
By passing
Figure GDA0003482378580000074
Generating key negotiation information with member information
Figure GDA0003482378580000075
And sends to the key agreement member A3(ii) a Random number
Figure GDA0003482378580000076
Continuing so, key agreement member AiGenerating random numbers
Figure GDA0003482378580000077
Negotiating Member A based on a Keyi-1Key parameter of
Figure GDA0003482378580000078
Calculating its key parameters
Figure GDA0003482378580000079
Key parameter of the member negotiating with its previous (i-1) keys, key parameter of itself
Figure GDA00034823785800000710
Generating key negotiation information with member information
Figure GDA00034823785800000711
And sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer; random number
Figure GDA00034823785800000712
Key agreement member AmGenerating random numbers
Figure GDA00034823785800000713
Calculating a secret key
Figure GDA00034823785800000714
Computing
Figure GDA00034823785800000715
Figure GDA00034823785800000716
The reverse transmission process comprises:
key agreement member AmBy passing
Figure GDA00034823785800000717
Generating key negotiation information with member information
Figure GDA00034823785800000718
And sends to the key agreement member Am-1
Key agreement member Am-1Calculating a secret key
Figure GDA00034823785800000719
Computing
Figure GDA00034823785800000720
Figure GDA00034823785800000721
By passing
Figure GDA00034823785800000722
Generating key negotiation information with member information
Figure GDA00034823785800000723
And sends to the key agreement member Am-2
Continuing so, key agreement member AjCalculating a secret key
Figure GDA00034823785800000724
Computing
Figure GDA00034823785800000725
By passing
Figure GDA00034823785800000726
Generating key negotiation information with member information
Figure GDA00034823785800000727
And sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
key agreement member A2Calculating a secret key
Figure GDA00034823785800000728
Computing
Figure GDA00034823785800000729
By passing
Figure GDA00034823785800000730
Generating key negotiation information with member information
Figure GDA00034823785800000731
And sends to the key agreement member A1
Key agreement member A1Calculating a secret key
Figure GDA0003482378580000081
The method for realizing the multi-party key agreement provided by the embodiment of the invention can divide the process of the multi-party key agreement into a forward process and a reverse process, and sequentially transmit information required by subsequent key agreement members, thereby effectively realizing the key agreement of the multi-party members; and by selecting a safe elliptic curve, on the basis of the safe elliptic curve, the difficulty of discrete logarithm on the elliptic curve can effectively ensure the security of the key parameter in the communication process.
Example 2:
on the basis of the foregoing embodiment 1, an embodiment of the present invention provides another implementation method for multi-party key agreement, which is different from the foregoing embodiment 1 in that the method further includes the following steps:
before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member, performing digest, signature and encryption processing on the key negotiation information;
specifically, the digest, signature, and encryption processing on the key agreement information specifically includes: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
for example, negotiate Member A with a KeyiNegotiating a Key with Member AjTransmitted key agreement information
Figure GDA0003482378580000082
For example, the process specifically comprises: negotiating information on a key by a hashing algorithm H (m)
Figure GDA0003482378580000083
After Hash operation, generate
Figure GDA0003482378580000084
Then passing through a signature algorithm
Figure GDA0003482378580000085
Negotiating Member A Using a KeyiPrivate key of
Figure GDA0003482378580000086
Signature generation for hash operation result
Figure GDA0003482378580000087
Sign information
Figure GDA0003482378580000088
And key agreement information
Figure GDA0003482378580000089
By encryption or decryption algorithms
Figure GDA00034823785800000810
Performing encryption processing to generate ciphertext
Figure GDA00034823785800000811
Correspondingly, after each key negotiation member receives the ciphertext, the received ciphertext is decrypted, signed and integrity verified, and then the key or the key parameter is calculated.
Specifically, the decrypting, signature verification, and integrity verification of the received ciphertext specifically includes: the method comprises the steps of firstly decrypting a received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then using public keys of all key negotiation members to verify the signature information, carrying out hash operation on the key negotiation information through a hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.
For example, negotiate Member A with a KeyjReceiving the key negotiation member AiCiphertext of transmission
Figure GDA0003482378580000091
For example, the process specifically comprises: firstly, through an encryption and decryption algorithm
Figure GDA0003482378580000092
For received cipher text
Figure GDA0003482378580000093
Obtain signature information after decryption
Figure GDA0003482378580000094
And key agreement information
Figure GDA0003482378580000095
Then negotiate member A using the keyiOf (2) a public key
Figure GDA0003482378580000096
For signature information
Figure GDA0003482378580000097
Checking the signature and negotiating information about the key by means of a hash algorithm H (m)
Figure GDA0003482378580000098
Also after Hash operation, generate
Figure GDA0003482378580000099
And the obtained result of the hash operation
Figure GDA00034823785800000910
Comparing and verifying the key agreement information
Figure GDA00034823785800000911
The integrity of (c).
In the method for implementing multi-party key agreement provided by the embodiment of the invention, in the interactive process of key agreement, for the key agreement information sent each time, a middle attacker cannot generate an effective signature of the message sent by a real communication main body by adopting a signature technology, so that the secret key agreement information cannot be pretended to be successful. And by adopting a hash function technology and an encryption technology, in the interactive process of key agreement, for the key agreement information sent each time, the sender sends the information and simultaneously sends the summary information of the information, and encrypts the information, and after the receiver receives the information, the receiver also generates the summary information of the information and compares the summary information with the received summary information, so that the key agreement information can be ensured not to be falsified by an attacker in the communication process.
Example 3:
on the basis of the foregoing embodiment 1 or embodiment 2, an embodiment of the present invention further provides a method for implementing multi-party key agreement, which is different from the foregoing embodiment 1 or embodiment 2 in that:
the key negotiation information also comprises a timestamp when the sender sends information to the receiver;
for example, negotiate Member A with a KeyiNegotiating a Key with Member AjTransmitted key agreement information
Figure GDA00034823785800000912
For example, at this time, the key negotiates member AiAs the sender, the key agreement member AjAs the receiver, the key agreementBusiness information
Figure GDA00034823785800000913
Comprising a key agreement member AiNegotiating a Key with Member AjTime stamp for sending information
Figure GDA00034823785800000914
Correspondingly, after receiving the timestamp, the receiver first verifies the timestamp and then calculates the key or key parameters.
For example, negotiate Member A with a KeyjReceiving the key negotiation member AiTimestamp of transmission
Figure GDA00034823785800000915
For example, at this time, the key negotiates member AjReceipt time stamp
Figure GDA00034823785800000916
Then, the authentication timestamp is obtained
Figure GDA00034823785800000917
Whether the freshness of (d) meets the requirements.
In the method for implementing multi-party key agreement provided by the embodiment of the invention, in the process of multi-party key agreement, a fresh factor timestamp is added into each key agreement message in communication, so that each message interaction in the key agreement communication can be ensured to be a fresh message, and the replay attack of an old message is prevented.
In the foregoing embodiments, as an implementable manner, the member information is specifically ID information of a key agreement member as both communication parties; for example, negotiate Member A with a KeyiNegotiating a Key with Member AjTransmitted key agreement information
Figure GDA0003482378580000101
For example, in generating key agreement information
Figure GDA0003482378580000102
The member information according to the time is a member A for key negotiationiID information of (2) and Key Agreement Member AjID information of (2).
As an implementation manner, in the key agreement information, the ID information of the appointed sender is before, and the ID information of the receiver is after; thus, it can be ensured that the information receiver can distinguish whether the information is a reflection of the message sent by the receiver.
As an implementable manner, each key agreement member does not save each result of the intermediate calculation in the key agreement process, and only saves the generated random number. For example, for key agreement member AiKeeping only random numbers
Figure GDA0003482378580000103
Is not preserved
Figure GDA0003482378580000104
Its previous (i-1) key agreement members' key parameters.
Example 4:
when the members of the key agreement are four parties A, B, C and D, the scheme flow of the key agreement is as follows:
1.1A → B: a generating a random number raCalculating
KA=raG,mAB=IDA||IDB||KA||TAB
Then the message is sent
Figure GDA0003482378580000105
Sending the data to B;
1.2B → C: b receives the message
Figure GDA0003482378580000106
Decrypting messages, verifying signatures, verifying messages mABIntegrity of, verifying timestamp TABThe freshness of (1). B generating a random number rbCalculating
K′B=rbKA=rbraG,mBC=IDB||IDC||KA||K′B||TBC
Then the message is sent
Figure GDA0003482378580000107
Sending the data to C;
1.3C → D: c receiving the message
Figure GDA0003482378580000108
Decrypting messages, verifying signatures, verifying messages mBCIntegrity of, verifying timestamp TBCThe freshness of (1). C generating a random number rcCalculating
KC=rcKB=rcrbraG,mCD=IDC||IDD||KA||K′B||K′C||TCD
Then the message is sent
Figure GDA0003482378580000109
Sending the data to D;
2.1D → C: d receiving the message
Figure GDA0003482378580000111
Decrypting messages, verifying signatures, verifying messages mCDIntegrity of, verifying timestamp TCDThe freshness of (1). D generating a random number rdCalculating
KABCD=rdK'C=[rarbrcrd]G,KD=rdG,
Figure GDA0003482378580000112
Figure GDA0003482378580000113
Then the message is sent
Figure GDA0003482378580000114
Sending the data to C;
2.2C → B: c receiving the message
Figure GDA0003482378580000115
Decrypting messages, verifying signatures, verifying messages mDCIntegrity of, verifying timestamp TDCThe freshness of (1). Computing
Figure GDA0003482378580000116
Figure GDA0003482378580000117
Then the message is sent
Figure GDA0003482378580000118
Sending the data to B;
2.3B → A: b receives the message
Figure GDA0003482378580000119
Decrypting messages, verifying signatures, verifying messages mCBIntegrity of, verifying timestamp TCBThe freshness of (1). Computing
Figure GDA00034823785800001110
Figure GDA00034823785800001111
Then the message is sent
Figure GDA00034823785800001112
Sending the signal to A;
2.4A receive message
Figure GDA00034823785800001113
Decrypting messages, verifyingCertificate signature and verification message mBAIntegrity of, verifying timestamp TBAThe freshness of (1). Computing
Figure GDA00034823785800001114
Wherein, IDA、IDB、IDC、IDDThe IDs of members A, B, C, D, respectively; g is a base point with prime number n on the order of the elliptic curve E; r isa、rb、rc、rdIs a random number, ra、rb、rc
Figure GDA00034823785800001115
For cryptographic algorithms, here KijFor encryption and decryption keys, i can be member A, B, C, D, and j can also be member A, B, C, D; t isijFor time stamp, i can be member A, B, C, D, j can also be member A, B, C, D; h (m) is a secure hash function. Sigi(m) elliptic curve-based signature algorithm for member i, which may be member A, B, C, D; kABCDConference key negotiated for member A, B, C, D.
The key agreement process of the embodiment of the invention stipulates that the identity of the sender is prior and the information of the receiver is later in the key agreement information, so as to ensure that an information receiver can distinguish whether the information is the reflection of the message sent by the receiver.
Example 5:
as shown in fig. 1 and 2, when the member performing key agreement is a1、A2、……Am-1、AmThe specific implementation process is as follows:
A1→A2:A1generating random numbers
Figure GDA0003482378580000121
Computing
Figure GDA0003482378580000122
Then the message is sent
Figure GDA0003482378580000123
Is sent to A2
A2→A3:A2Receiving a message
Figure GDA0003482378580000124
Decrypting messages, verifying signatures, verifying messages
Figure GDA0003482378580000125
Integrity of, verifying the timestamp
Figure GDA0003482378580000126
The freshness of (1). A. the2Generating random numbers
Figure GDA0003482378580000127
Computing
Figure GDA0003482378580000128
Then the message is sent
Figure GDA0003482378580000129
Is sent to A3
A3→A4:A3Receiving a message
Figure GDA00034823785800001210
Decrypting messages, verifying signatures, verifying messages
Figure GDA00034823785800001211
Integrity of, verifying the timestamp
Figure GDA00034823785800001212
The freshness of (1). A. the3Generating random numbers
Figure GDA00034823785800001213
Computing
Figure GDA00034823785800001214
Then the message is sent
Figure GDA00034823785800001215
Is sent to A4
A4→A5:A4Receiving a message
Figure GDA00034823785800001216
Decrypting messages, verifying signatures, verifying messages
Figure GDA00034823785800001217
Integrity of, verifying the timestamp
Figure GDA00034823785800001218
The freshness of (1). A. the4Generating random numbers
Figure GDA00034823785800001219
Computing
Figure GDA00034823785800001220
Then the message is sent
Figure GDA00034823785800001221
Is sent to A5
…………
Am-1→Am:Am-1Receiving a message
Figure GDA00034823785800001222
Decrypting messages, verifying signatures, verifying messages
Figure GDA0003482378580000131
Integrity of, verifying the timestamp
Figure GDA0003482378580000132
The freshness of (1). A. them-1Generating random numbers
Figure GDA0003482378580000133
Computing
Figure GDA0003482378580000134
Figure GDA0003482378580000135
Then the message is sent
Figure GDA0003482378580000136
Is sent to Am
Am→Am-1:AmReceiving a message
Figure GDA0003482378580000137
Decrypting messages, verifying signatures, verifying messages
Figure GDA0003482378580000138
Integrity of, verifying the timestamp
Figure GDA0003482378580000139
The freshness of (1). A. themGenerating random numbers
Figure GDA00034823785800001310
Computing
Figure GDA00034823785800001311
Figure GDA00034823785800001312
Figure GDA00034823785800001313
Figure GDA00034823785800001314
Then the message is sent
Figure GDA00034823785800001315
Is sent to Am-1
Am-1→Am-2:Am-1Receiving a message
Figure GDA00034823785800001316
Decrypting messages, verifying signatures, verifying messages
Figure GDA00034823785800001317
Integrity of, verifying the timestamp
Figure GDA00034823785800001318
The freshness of (1). Computing
Figure GDA00034823785800001319
Figure GDA00034823785800001320
Figure GDA00034823785800001321
Figure GDA00034823785800001322
Then the message is sent
Figure GDA00034823785800001323
Is sent to Am-2
…………
A3→A2:A3Receiving a message
Figure GDA00034823785800001324
Decrypting messages, verifying signatures, verifying messages
Figure GDA0003482378580000141
Integrity of, verifying the timestamp
Figure GDA0003482378580000142
The freshness of (1). Computing
Figure GDA0003482378580000143
Figure GDA0003482378580000144
Figure GDA0003482378580000145
Then the message is sent
Figure GDA0003482378580000146
Is sent to A2
A2→A1:A2Receiving a message
Figure GDA0003482378580000147
Decrypting messages, verifying signatures, verifying messages
Figure GDA0003482378580000148
Integrity of, verifying the timestamp
Figure GDA0003482378580000149
The freshness of (1). Computing
Figure GDA00034823785800001410
Figure GDA00034823785800001411
Figure GDA00034823785800001412
Then the message is sent
Figure GDA00034823785800001413
Is sent to A1
A1Receiving a message
Figure GDA00034823785800001414
Decrypting messages, verifying signatures, verifying messages
Figure GDA00034823785800001415
Integrity of, verifying the timestamp
Figure GDA00034823785800001416
The freshness of (1). Computing
Figure GDA00034823785800001417
It should be noted that, in the key agreement process, each key agreement member does not need to store the intermediate variables of the calculation, but only stores the generated random numbers
Figure GDA00034823785800001418
And (4) finishing.
Example 6:
when the group member is taken as a unit to carry out key negotiation, the conditions of two parties, three parties and multiple parties also exist, the three-party member key negotiation scheme based on the elliptic curve is used for establishing the three-party group member key exchange scheme based on the elliptic curve, and the conditions of the two parties and the multiple parties can be established according to the reference.
Assuming that the group members are { a1, a2, A3, a4, a5, B1, B2, B3, C1, C2}, grouping the members according to the relevant attributes of the group members, assuming that the members can be divided into A, B, C three groups, a ═ { a1, a2, A3, a4, a5}, B ═ { B1, B2, B3}, C ═ C1, C2}, and selecting A, B, C three groups as a1, B1, C1, respectively.
The three-party group member key exchange scheme based on the elliptic curve is established according to the following process.
Step1:
1.1 for group a, since group a has 5 bit members, a key between the 5 bit members in group a can be established according to the elliptic curve-based multi-party member key agreement scheme in embodiment 5, and is denoted as a _ CK;
1.2 for group B, because group B has 3-bit members, a key between 3-bit members in group B can be established according to the elliptic curve-based three-party member key agreement scheme in embodiment 5, and is denoted as B _ CK;
1.3 for group C, since group C has 2-bit members, a key between 2-bit members in group C can be established according to the elliptic curve-based two-party member key agreement scheme in embodiment 5, and is denoted as C _ CK;
Step2:
2.1, representing three group members of A1, B1 and C1 by A, B, C groups, and establishing keys among A1, B1 and C1, which are denoted as ABC _ CK, according to the elliptic curve-based three-party member key agreement scheme in embodiment 5;
2.2 remember mA=IDA1||ABC_CK||TAHere IDA1ID of A1, TAFor time stamping, A1 broadcasts the message in a broadcast form
Figure GDA0003482378580000151
Sending the ABC _ CK to the members of the group A, and obtaining ABC _ CK through respective calculation of the members;
2.3 note mB=IDB1||ABC_CK||TBHere IDB1ID of B1, TBFor time stamping, B1 is communicatedThe form of broadcasting is to send the message
Figure GDA0003482378580000152
Sending the ABC _ CK to the members of the group B, and obtaining ABC _ CK through respective calculation of the members;
2.4 note mC=IDC1||ABC_CK||TCHere IDC1ID of C1, TCFor time stamping, C1 broadcasts the message in a form of a broadcast
Figure GDA0003482378580000153
And sending the ABC _ CK to the members of the group C, and obtaining ABC _ CK by the respective calculation of the members.
Example 7:
corresponding to the above method for implementing multi-party key agreement, an embodiment of the present invention further provides a system for implementing multi-party key agreement, including: the device comprises a plurality of random number generation modules, a plurality of calculation modules and a plurality of key negotiation information generation modules;
a first random number generation module for key negotiation member A1Generating random numbers
Figure GDA0003482378580000154
A first calculation module for generating key parameters
Figure GDA0003482378580000155
G is a base point with a prime number n of an order on the elliptic curve; a first key negotiation information generation module for passing through
Figure GDA0003482378580000156
Generating key negotiation information with member information
Figure GDA0003482378580000157
And sends to the key agreement member A2
A second random number generation module for key negotiation member A2Generating random numbers
Figure GDA0003482378580000161
A second calculation module forCalculating key parameters
Figure GDA0003482378580000162
A second key agreement information generation module for passing through
Figure GDA0003482378580000163
Figure GDA0003482378580000164
Generating key negotiation information with member information
Figure GDA0003482378580000165
And sends to the key agreement member A3
The ith random number generation module is used for the key negotiation member AiGenerating random numbers
Figure GDA0003482378580000166
An ith calculation module for negotiating the member A according to the keyi-1Key parameter of
Figure GDA0003482378580000167
Calculating its key parameters
Figure GDA0003482378580000168
An ith key agreement information generation module for passing the key parameters of its previous (i-1) key agreement members, its own key parameters
Figure GDA0003482378580000169
Generating key negotiation information with member information
Figure GDA00034823785800001610
And sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
the mth random number generation module is used for the key negotiation member AmGenerating random numbers
Figure GDA00034823785800001611
An mth calculation module for calculating the obtained key
Figure GDA00034823785800001612
Computing
Figure GDA00034823785800001613
The mth key negotiation information generation module is used for the key negotiation member AmBy passing
Figure GDA00034823785800001614
Figure GDA00034823785800001615
Generating key negotiation information with member information
Figure GDA00034823785800001616
And sends to the key agreement member Am-1
M-1 th calculation module for key agreement member Am-1Calculating a secret key
Figure GDA00034823785800001617
Computing
Figure GDA00034823785800001618
Figure GDA00034823785800001619
M-1 key agreement information generation module for passing through
Figure GDA00034823785800001620
Figure GDA00034823785800001621
Generating key negotiation information with member information
Figure GDA00034823785800001622
And sends to the key agreement member Am-2
A jth calculation module for key negotiation member AjCalculating a secret key
Figure GDA00034823785800001623
Computing
Figure GDA00034823785800001624
Figure GDA00034823785800001625
By passing
Figure GDA00034823785800001626
Generating key negotiation information with member information
Figure GDA00034823785800001627
And sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
a second calculation module for key agreement member A2Calculating a secret key
Figure GDA0003482378580000171
Computing
Figure GDA0003482378580000172
A second key agreement information generation module for passing through
Figure GDA0003482378580000173
Generating key negotiation information with member information
Figure GDA0003482378580000174
And sends to the key agreement member A1
A first calculation module for key agreement member A1Calculating a secret key
Figure GDA0003482378580000175
The system for realizing the multi-party key agreement provided by the embodiment of the invention can divide the process of the multi-party key agreement into a forward process and a reverse process, and sequentially transmit information required by subsequent key agreement members, thereby effectively realizing the key agreement of the multi-party members; and by selecting a safe elliptic curve, on the basis of the safe elliptic curve, the difficulty of discrete logarithm on the elliptic curve can effectively ensure the security of the key parameter in the communication process.
Example 8:
on the basis of the foregoing embodiment 7, an embodiment of the present invention further provides a system for implementing multi-party key agreement, which is different from the foregoing embodiment 7 in that the system further includes a first security module and a second security module; wherein:
the first security module is used for performing digest, signature and encryption processing on the key negotiation information before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member; and the system is used for decrypting, checking and verifying the integrity of the received ciphertext after each key negotiation member receives the ciphertext.
Specifically, the digest, signature, and encryption processing are performed on the key agreement information, specifically: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; and encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext.
Decrypting, checking and integrity verifying the received ciphertext, specifically comprising: decrypting the received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then verifying the signature information by using the public key of each key negotiation member, performing hash operation on the key negotiation information through the hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.
In order to prevent replay attack of the old message, the key negotiation information also comprises a time stamp when the sender sends the information to the receiver; thus, the second security module is configured to verify the timestamp after the receiving party receives the timestamp.
It should be noted that the system for implementing multi-party key agreement provided by the present invention is for implementing the above method embodiments, and the functions thereof may specifically refer to the above method embodiments, and are not described herein again.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A method for realizing multi-party key agreement is characterized in that m key agreement members { A }1,A2,…,Am-said method comprising: a forward transmission process and a reverse transmission process;
the forward transmission process comprises the following steps:
key agreement member A1Generating random numbers
Figure FDA0003482378570000011
Then generating key parameters
Figure FDA0003482378570000012
By passing
Figure FDA0003482378570000013
Generating key negotiation information with member information
Figure FDA0003482378570000014
And sends to the key agreement member A2(ii) a G is a base point with a prime number n of an order on the elliptic curve;
key agreement member A2Generating randomNumber of
Figure FDA0003482378570000015
Calculating key parameters
Figure FDA0003482378570000016
By passing
Figure FDA0003482378570000017
Generating key negotiation information with member information
Figure FDA0003482378570000018
And sends to the key agreement member A3
Continuing so, key agreement member AiGenerating random numbers
Figure FDA0003482378570000019
Negotiating Member A based on a Keyi-1Key parameter of
Figure FDA00034823785700000110
Calculating its key parameters
Figure FDA00034823785700000111
Key parameter of the member negotiating with its previous (i-1) keys, key parameter of itself
Figure FDA00034823785700000112
Generating key negotiation information with member information
Figure FDA00034823785700000113
And sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
key agreement member AmGenerating random numbers
Figure FDA00034823785700000114
Calculating a secret key
Figure FDA00034823785700000115
Computing
Figure FDA00034823785700000116
Figure FDA00034823785700000117
The reverse transmission process comprises:
key agreement member AmBy passing
Figure FDA00034823785700000118
Generating key negotiation information with member information
Figure FDA00034823785700000119
And sends to the key agreement member Am-1
Key agreement member Am-1Calculating a secret key
Figure FDA00034823785700000120
Computing
Figure FDA00034823785700000121
Figure FDA00034823785700000122
By passing
Figure FDA00034823785700000123
Generating key negotiation information with member information
Figure FDA00034823785700000124
And sends to the key agreement member Am-2
Continuing so, key agreement member AjCalculating a secret key
Figure FDA00034823785700000125
Computing
Figure FDA0003482378570000021
By passing
Figure FDA0003482378570000022
Generating key negotiation information with member information
Figure FDA0003482378570000023
And sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
key agreement member A2Calculating a secret key
Figure FDA0003482378570000024
Computing
Figure FDA0003482378570000025
By passing
Figure FDA0003482378570000026
Generating key negotiation information with member information
Figure FDA0003482378570000027
And sends to the key agreement member A1
Key agreement member A1Calculating a secret key
Figure FDA0003482378570000028
2. The method of claim 1, further comprising:
before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member, performing digest, signature and encryption processing on the key negotiation information;
correspondingly, after each key negotiation member receives the ciphertext, the received ciphertext is decrypted, signed and integrity verified, and then the key or the key parameter is calculated.
3. The method of claim 2,
the digest, signature and encryption processing of the key negotiation information specifically includes: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
the decrypting, signature verification and integrity verification of the received ciphertext specifically comprises: the method comprises the steps of firstly decrypting a received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then using public keys of all key negotiation members to verify the signature information, carrying out hash operation on the key negotiation information through a hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.
4. The method according to any one of claims 1-3, wherein the key agreement information further includes a timestamp when the sender sends the information to the receiver;
correspondingly, after receiving the timestamp, the receiver first verifies the timestamp and then calculates the key or key parameters.
5. The method according to claim 1, wherein the member information refers to ID information of a key agreement member as both parties of communication.
6. The method of claim 1, wherein each key agreement member does not save each result of the intermediate calculation during the key agreement process, but only saves the generated random number.
7. A system for implementing multi-party key agreement is characterized by comprising:
a first random number generation module for key negotiation member A1Generating random numbers
Figure FDA0003482378570000031
A first calculation module for generating key parameters
Figure FDA0003482378570000032
G is a base point with a prime number n of an order on the elliptic curve; a first key negotiation information generation module for passing through
Figure FDA0003482378570000033
Generating key negotiation information with member information
Figure FDA0003482378570000034
And sends to the key agreement member A2
A second random number generation module for key negotiation member A2Generating random numbers
Figure FDA0003482378570000035
A second calculation module for calculating key parameters
Figure FDA0003482378570000036
A second key agreement information generation module for passing through
Figure FDA0003482378570000037
Figure FDA0003482378570000038
Generating key negotiation information with member information
Figure FDA0003482378570000039
And sends to the key agreement member A3
The ith random number generation module is used for the key negotiation member AiGenerating random numbers
Figure FDA00034823785700000310
An ith calculation module for negotiating the member A according to the keyi-1Key parameter of
Figure FDA00034823785700000311
Calculating its key parameters
Figure FDA00034823785700000312
An ith key agreement information generation module for passing the key parameters of its previous (i-1) key agreement members, its own key parameters
Figure FDA00034823785700000313
Generating key negotiation information with member information
Figure FDA00034823785700000314
And sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
the mth random number generation module is used for the key negotiation member AmGenerating random numbers
Figure FDA00034823785700000315
An mth calculation module for calculating the obtained key
Figure FDA00034823785700000316
Computing
Figure FDA00034823785700000317
The mth key negotiation information generation module is used for the key negotiation member AmBy passing
Figure FDA00034823785700000318
Figure FDA00034823785700000319
Generating key negotiation information with member information
Figure FDA00034823785700000320
And sends to the key agreement member Am-1
M-1 th calculation module for key agreement member Am-1Calculating a secret key
Figure FDA00034823785700000321
Computing
Figure FDA00034823785700000322
Figure FDA00034823785700000323
M-1 key agreement information generation module for passing through
Figure FDA00034823785700000324
Figure FDA0003482378570000041
Generating key negotiation information with member information
Figure FDA0003482378570000042
And sends to the key agreement member Am-2
A jth calculation module for key negotiation member AjCalculating a secret key
Figure FDA0003482378570000043
Computing
Figure FDA0003482378570000044
Figure FDA0003482378570000045
By passing
Figure FDA0003482378570000046
Generating key negotiation information with member information
Figure FDA0003482378570000047
And sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
a second calculation module for key agreement member A2Calculating a secret key
Figure FDA0003482378570000048
Computing
Figure FDA0003482378570000049
A second key agreement information generation module for passing through
Figure FDA00034823785700000410
Generating key negotiation information with member information
Figure FDA00034823785700000411
And sends to the key agreement member A1
A first calculation module for key agreement member A1Calculating a secret key
Figure FDA00034823785700000412
8. The system of claim 7, further comprising:
the first security module is used for performing digest, signature and encryption processing on the key negotiation information before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member; and after each key negotiation member receives the ciphertext, decrypting, checking the signature and verifying the integrity of the received ciphertext.
9. The system of claim 8, wherein the first security module is specifically configured to:
performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
and the encryption and decryption module is specifically configured to decrypt the received ciphertext through an encryption and decryption algorithm to obtain signature information and key agreement information, then verify the signature information using the public key of each key agreement member, perform hash operation on the key agreement information through the hash algorithm to generate a second hash operation result, and compare the first hash operation result with the second hash operation result to verify the integrity of the key agreement information.
10. The system according to any one of claims 7-9, wherein the key agreement information further includes a time stamp of when the sender sends information to the receiver; correspondingly, the system further comprises:
and the second safety module is used for verifying the time stamp after the receiving party receives the time stamp.
CN202011212830.2A 2020-11-04 2020-11-04 Method and system for realizing multi-party key agreement Active CN112422276B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011212830.2A CN112422276B (en) 2020-11-04 2020-11-04 Method and system for realizing multi-party key agreement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011212830.2A CN112422276B (en) 2020-11-04 2020-11-04 Method and system for realizing multi-party key agreement

Publications (2)

Publication Number Publication Date
CN112422276A CN112422276A (en) 2021-02-26
CN112422276B true CN112422276B (en) 2022-03-25

Family

ID=74827497

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011212830.2A Active CN112422276B (en) 2020-11-04 2020-11-04 Method and system for realizing multi-party key agreement

Country Status (1)

Country Link
CN (1) CN112422276B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113242122B (en) * 2021-04-15 2022-11-25 哈尔滨工业大学 Encryption method based on DH and RSA encryption algorithm
CN113722750B (en) * 2021-07-20 2024-03-19 南京航空航天大学 Authentication encryption and group key based network-on-chip security domain construction method
CN113660083B (en) * 2021-08-12 2023-08-04 云南电网有限责任公司信息中心 Symmetric key generation method based on shared knowledge

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000022775A1 (en) * 1998-10-09 2000-04-20 Deutsche Telekom Ag Method for establishing a common cryptographic key for n subscribers
CN101291214A (en) * 2007-04-19 2008-10-22 华为技术有限公司 Group cipher key generating method, system and apparatus
CN101321053A (en) * 2007-06-08 2008-12-10 华为技术有限公司 Group cipher key generating method, system and apparatus
CN102111266A (en) * 2009-12-28 2011-06-29 航天信息股份有限公司 Method for generating group keys based on elliptic curve
CN103634104A (en) * 2013-11-26 2014-03-12 常州大学 Three-party authentication key agreement protocol generating method based on certificates

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100966071B1 (en) * 2007-12-18 2010-06-28 한국전자통신연구원 Method for multi-party-key agreement using bilinear map and system therefor

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000022775A1 (en) * 1998-10-09 2000-04-20 Deutsche Telekom Ag Method for establishing a common cryptographic key for n subscribers
CN101291214A (en) * 2007-04-19 2008-10-22 华为技术有限公司 Group cipher key generating method, system and apparatus
CN101321053A (en) * 2007-06-08 2008-12-10 华为技术有限公司 Group cipher key generating method, system and apparatus
CN102111266A (en) * 2009-12-28 2011-06-29 航天信息股份有限公司 Method for generating group keys based on elliptic curve
CN103634104A (en) * 2013-11-26 2014-03-12 常州大学 Three-party authentication key agreement protocol generating method based on certificates

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Diffie-Hellman Key Distribution Extended to Group Communication";Michael Steiner等;《Proceedings of the 3rd ACM conference on Computer and communications security》;19960131;全文 *

Also Published As

Publication number Publication date
CN112422276A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
CN107947913B (en) Anonymous authentication method and system based on identity
CN108199835B (en) Multi-party combined private key decryption method
CN101238677B (en) Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved safety
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
US11870891B2 (en) Certificateless public key encryption using pairings
CN112422276B (en) Method and system for realizing multi-party key agreement
CN110020524B (en) Bidirectional authentication method based on smart card
CN111049647B (en) Asymmetric group key negotiation method based on attribute threshold
CN107342977A (en) Suitable for the information security method of point-to-point instant messaging
CN113972981B (en) SM2 cryptographic algorithm-based efficient threshold signature method
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN111049738B (en) E-mail data security protection method based on hybrid encryption
JPH09312643A (en) Key sharing method and ciphering communication method
CN114553441B (en) Electronic contract signing method and system
CN116318702A (en) Multi-particle GHZ state-based semi-quantum ring signature method and device
CN113242129B (en) End-to-end data confidentiality and integrity protection method based on lattice encryption
CN114978488A (en) SM2 algorithm-based collaborative signature method and system
WO2020042023A1 (en) Instant messaging data encryption method and apparatus
CN111565108B (en) Signature processing method, device and system
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
CN114268441B (en) Quantum security application method, client device, server device and system
CN114422114B (en) Time-controlled encryption method and system based on multi-time server
CN114070550B (en) Information processing method, device, equipment and storage medium
CN115834175A (en) Quantum key-based group chat encryption method, message transmitting and receiving equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant