CN112422276B - Method and system for realizing multi-party key agreement - Google Patents
Method and system for realizing multi-party key agreement Download PDFInfo
- Publication number
- CN112422276B CN112422276B CN202011212830.2A CN202011212830A CN112422276B CN 112422276 B CN112422276 B CN 112422276B CN 202011212830 A CN202011212830 A CN 202011212830A CN 112422276 B CN112422276 B CN 112422276B
- Authority
- CN
- China
- Prior art keywords
- key
- information
- agreement
- negotiation
- generating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a system for realizing multi-party key agreement. The method comprises the following steps: member A1Generating key parametersThen throughGenerating key negotiation information with member informationAnd sent to member A2(ii) a Member A2Generating random numbersComputingBy passingGenerating key negotiation information with member informationAnd sent to member A3(ii) a So continuing, member AmGenerating random numbersCalculating to obtain a secret key; computingBy passingGenerating key negotiation information with member informationAnd sent to member Am‑1(ii) a So continuing, the key negotiation information is transmitted in sequence, and finally the member A1And calculating to obtain the key. The invention can effectively realize the key agreement of multi-party members, and selects a safe elliptic curve, and the difficulty of discrete logarithm on the elliptic curve can effectively ensure the security of the key parameter in the communication process on the basis of the safe elliptic curve.
Description
Technical Field
The invention relates to the technical field of network communication security, in particular to a method and a system for realizing multi-party key agreement.
Background
With the global informatization, the emergence and development of digital communication systems, the human society has changed greatly. Before data interaction is needed between two devices of a digital communication system, in order to ensure the security of the data interaction, a secure communication mechanism needs to be established between the two devices, and the secure communication between the two devices is usually realized by encrypting and decrypting content to be communicated by using session keys of the two parties.
At present, DH (Diffie-Hellman) key agreement is implemented to let two communicating parties exchange mutual information on communication to jointly calculate the same session key, even if a part of the transmitted information is intercepted, the session key cannot be calculated according to the information, because another part of the information for calculating the session key is at the receiving party, and the receiving party does not disclose the part of the information, the intermediate party does not have enough information to obtain the session key, and further, the communication ciphertext after the decryption.
However, when the number of communication members exceeds two, the complexity of key agreement is greatly increased, more information needs to be exchanged between the members, so the security of the information exchange and key agreement process is crucial, once the exchange information is leaked, the key is cracked, therefore, how to design a multi-party key agreement method can effectively ensure the security of the information exchange between the key agreement members, and safely and efficiently realize the key agreement between a plurality of members is a problem which is urgently needed to be solved at present.
Disclosure of Invention
The invention provides a method and a system for realizing multi-party key agreement, aiming at the problem that the current key agreement method can not effectively ensure the safety of information exchange of key agreement members when the communication members exceed two parties.
In a first aspect, the present invention provides a method for implementing multi-party key agreement, which includes m key agreement members { A }1,A2,…,Am-said method comprising: a forward transmission process and a reverse transmission process;
the forward transmission process comprises the following steps:
key agreement member A1Generating random numbersThen generating key parametersBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member A2(ii) a G is a base point with a prime number n of an order on the elliptic curve;
key agreement member A2Generating random numbersCalculating key parametersBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member A3;
Continuing so, key agreement member AiGenerating random numbersNegotiating Member A based on a Keyi-1Key parameter ofCalculating its key parametersKey parameter of the member negotiating with its previous (i-1) keys, key parameter of itselfGenerating key negotiation information with member informationAnd sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
The reverse transmission process comprises:
key agreement member AmBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member Am-1;
Key agreement member Am-1Calculating a secret keyComputing By passingGenerating key negotiation information with member informationAnd sends to the key agreement member Am-2;
Continuing so, key agreement member AjCalculating a secret keyComputingBy passingGenerating key negotiation information with member informationAnd sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
key agreement member A2Calculating a secret keyComputingBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member A1;
Further, still include:
before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member, performing digest, signature and encryption processing on the key negotiation information;
correspondingly, after each key negotiation member receives the ciphertext, the received ciphertext is decrypted, signed and integrity verified, and then the key or the key parameter is calculated.
Further, the digest, signature, and encryption processing on the key agreement information specifically includes: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
the decrypting, signature verification and integrity verification of the received ciphertext specifically comprises: the method comprises the steps of firstly decrypting a received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then using public keys of all key negotiation members to verify the signature information, carrying out hash operation on the key negotiation information through a hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.
Further, the key agreement information also includes a timestamp when the sender sends the information to the receiver;
correspondingly, after receiving the timestamp, the receiver first verifies the timestamp and then calculates the key or key parameters.
Further, the member information refers to ID information of a key agreement member as both communication parties.
Further, each key agreement member does not save each result of the intermediate calculation in the key agreement process, and only saves the generated random number.
In a second aspect, the present invention provides a system for implementing multi-party key agreement, including:
a first random number generation module for key negotiation member A1Generating random numbersA first calculation module for generating key parametersG is a base point with a prime number n of an order on the elliptic curve; a first key negotiation information generation module for passing throughGenerating key negotiation information with member informationAnd sent to the key agreementBusiness member A2;
A second random number generation module for key negotiation member A2Generating random numbersA second calculation module for calculating key parametersA second key agreement information generation module for passing through Generating key negotiation information with member informationAnd sends to the key agreement member A3;
The ith random number generation module is used for the key negotiation member AiGenerating random numbersAn ith calculation module for negotiating the member A according to the keyi-1Key parameter ofCalculating its key parametersAn ith key agreement information generation module for passing the key parameters of its previous (i-1) key agreement members, its own key parametersGenerating key negotiation information with member informationAnd sent to the next keyNegotiation Member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
the mth random number generation module is used for the key negotiation member AmGenerating random numbersAn mth calculation module for calculating the obtained keyComputingThe mth key negotiation information generation module is used for the key negotiation member AmBy passing Generating key negotiation information with member informationAnd sends to the key agreement member Am-1;
M-1 th calculation module for key agreement member Am-1Calculating a secret keyComputing M-1 key agreement information generation module for passing through And member informationGenerating key agreement informationAnd sends to the key agreement member Am-2;
A jth calculation module for key negotiation member AjCalculating a secret keyComputing By passingGenerating key negotiation information with member informationAnd sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
a second calculation module for key agreement member A2Calculating a secret keyComputingA second key agreement information generation module for passing throughGenerating key negotiation information with member informationAnd sends to the key agreement member A1;
Further, still include: the first security module is used for performing digest, signature and encryption processing on the key negotiation information before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member; and after each key negotiation member receives the ciphertext, decrypting, checking the signature and verifying the integrity of the received ciphertext.
Further, the first security module is specifically configured to:
performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
and the encryption and decryption module is specifically configured to decrypt the received ciphertext through an encryption and decryption algorithm to obtain signature information and key agreement information, then verify the signature information using the public key of each key agreement member, perform hash operation on the key agreement information through the hash algorithm to generate a second hash operation result, and compare the first hash operation result with the second hash operation result to verify the integrity of the key agreement information.
Further, the key agreement information also includes a timestamp when the sender sends the information to the receiver; correspondingly, the system further comprises:
and the second safety module is used for verifying the time stamp after the receiving party receives the time stamp.
The invention has the beneficial effects that:
(1) the invention can divide the process of the key agreement of many parties into two processes of forward and backward, transmit the information that the member of subsequent key agreement needs sequentially, thus realize the key agreement of many parties effectively, and choose a safe elliptic curve, on the basis of the safe elliptic curve, the difficulty of the discrete logarithm on the elliptic curve can guarantee the security of the key parameter in the communication process effectively;
(2) in the process of multi-party key agreement, a fresh factor timestamp is added into each key agreement message of communication, so that each message interaction in the key agreement communication is ensured to be a fresh message, and replay attack of an old message is prevented;
(3) in the interactive process of key agreement, the invention adopts the signature technology for the key agreement information sent each time, so that an intermediate attacker cannot generate an effective signature of the message sent by a real communication main body, and cannot falsely succeed;
(4) the invention adopts a hash function technology and an encryption technology, in the interactive process of key agreement, for the key agreement information sent each time, a sender sends the information and simultaneously sends summary information of the information, and encrypts the information, and a receiver also generates the summary information of the information after receiving the information and compares the summary information with the received summary information to ensure that the key agreement information is not falsified by an attacker in the communication process;
(5) the invention provides a key negotiation process that the identity of a sender is in the first place and the information of a receiver is in the last place in the key negotiation information, so as to ensure that an information receiver can distinguish whether the information is the reflection of the message sent by the receiver.
Drawings
Fig. 1 is a flow chart of forward transmission in a method for implementing multi-party key agreement according to an embodiment of the present invention;
fig. 2 is a reverse transmission flow chart in a method for implementing multi-party key agreement according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
the embodiment of the invention provides a method for realizing multi-party key agreement, which comprises m key agreement members { A }1,A2,…,AmThe method comprises a forward transmission process and a reverse transmission process; wherein:
the forward transmission process comprises the following steps:
key agreement member A1Generating random numbersThen generating key parametersBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member A2(ii) a G is a base point with a prime number n of an order on the elliptic curve; random number
Key agreement member A2Generating random numbersCalculating key parametersBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member A3(ii) a Random number
Continuing so, key agreement member AiGenerating random numbersNegotiating Member A based on a Keyi-1Key parameter ofCalculating its key parametersKey parameter of the member negotiating with its previous (i-1) keys, key parameter of itselfGenerating key negotiation information with member informationAnd sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer; random number
The reverse transmission process comprises:
key agreement member AmBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member Am-1;
Key agreement member Am-1Calculating a secret keyComputing By passingGenerating key negotiation information with member informationAnd sends to the key agreement member Am-2;
Continuing so, key agreement member AjCalculating a secret keyComputingBy passingGenerating key negotiation information with member informationAnd sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
key agreement member A2Calculating a secret keyComputingBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member A1;
The method for realizing the multi-party key agreement provided by the embodiment of the invention can divide the process of the multi-party key agreement into a forward process and a reverse process, and sequentially transmit information required by subsequent key agreement members, thereby effectively realizing the key agreement of the multi-party members; and by selecting a safe elliptic curve, on the basis of the safe elliptic curve, the difficulty of discrete logarithm on the elliptic curve can effectively ensure the security of the key parameter in the communication process.
Example 2:
on the basis of the foregoing embodiment 1, an embodiment of the present invention provides another implementation method for multi-party key agreement, which is different from the foregoing embodiment 1 in that the method further includes the following steps:
before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member, performing digest, signature and encryption processing on the key negotiation information;
specifically, the digest, signature, and encryption processing on the key agreement information specifically includes: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
for example, negotiate Member A with a KeyiNegotiating a Key with Member AjTransmitted key agreement informationFor example, the process specifically comprises: negotiating information on a key by a hashing algorithm H (m)After Hash operation, generateThen passing through a signature algorithmNegotiating Member A Using a KeyiPrivate key ofSignature generation for hash operation resultSign informationAnd key agreement informationBy encryption or decryption algorithmsPerforming encryption processing to generate ciphertext
Correspondingly, after each key negotiation member receives the ciphertext, the received ciphertext is decrypted, signed and integrity verified, and then the key or the key parameter is calculated.
Specifically, the decrypting, signature verification, and integrity verification of the received ciphertext specifically includes: the method comprises the steps of firstly decrypting a received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then using public keys of all key negotiation members to verify the signature information, carrying out hash operation on the key negotiation information through a hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.
For example, negotiate Member A with a KeyjReceiving the key negotiation member AiCiphertext of transmissionFor example, the process specifically comprises: firstly, through an encryption and decryption algorithmFor received cipher textObtain signature information after decryptionAnd key agreement informationThen negotiate member A using the keyiOf (2) a public keyFor signature informationChecking the signature and negotiating information about the key by means of a hash algorithm H (m)Also after Hash operation, generateAnd the obtained result of the hash operationComparing and verifying the key agreement informationThe integrity of (c).
In the method for implementing multi-party key agreement provided by the embodiment of the invention, in the interactive process of key agreement, for the key agreement information sent each time, a middle attacker cannot generate an effective signature of the message sent by a real communication main body by adopting a signature technology, so that the secret key agreement information cannot be pretended to be successful. And by adopting a hash function technology and an encryption technology, in the interactive process of key agreement, for the key agreement information sent each time, the sender sends the information and simultaneously sends the summary information of the information, and encrypts the information, and after the receiver receives the information, the receiver also generates the summary information of the information and compares the summary information with the received summary information, so that the key agreement information can be ensured not to be falsified by an attacker in the communication process.
Example 3:
on the basis of the foregoing embodiment 1 or embodiment 2, an embodiment of the present invention further provides a method for implementing multi-party key agreement, which is different from the foregoing embodiment 1 or embodiment 2 in that:
the key negotiation information also comprises a timestamp when the sender sends information to the receiver;
for example, negotiate Member A with a KeyiNegotiating a Key with Member AjTransmitted key agreement informationFor example, at this time, the key negotiates member AiAs the sender, the key agreement member AjAs the receiver, the key agreementBusiness informationComprising a key agreement member AiNegotiating a Key with Member AjTime stamp for sending information
Correspondingly, after receiving the timestamp, the receiver first verifies the timestamp and then calculates the key or key parameters.
For example, negotiate Member A with a KeyjReceiving the key negotiation member AiTimestamp of transmissionFor example, at this time, the key negotiates member AjReceipt time stampThen, the authentication timestamp is obtainedWhether the freshness of (d) meets the requirements.
In the method for implementing multi-party key agreement provided by the embodiment of the invention, in the process of multi-party key agreement, a fresh factor timestamp is added into each key agreement message in communication, so that each message interaction in the key agreement communication can be ensured to be a fresh message, and the replay attack of an old message is prevented.
In the foregoing embodiments, as an implementable manner, the member information is specifically ID information of a key agreement member as both communication parties; for example, negotiate Member A with a KeyiNegotiating a Key with Member AjTransmitted key agreement informationFor example, in generating key agreement informationThe member information according to the time is a member A for key negotiationiID information of (2) and Key Agreement Member AjID information of (2).
As an implementation manner, in the key agreement information, the ID information of the appointed sender is before, and the ID information of the receiver is after; thus, it can be ensured that the information receiver can distinguish whether the information is a reflection of the message sent by the receiver.
As an implementable manner, each key agreement member does not save each result of the intermediate calculation in the key agreement process, and only saves the generated random number. For example, for key agreement member AiKeeping only random numbersIs not preservedIts previous (i-1) key agreement members' key parameters.
Example 4:
when the members of the key agreement are four parties A, B, C and D, the scheme flow of the key agreement is as follows:
1.1A → B: a generating a random number raCalculating
KA=raG,mAB=IDA||IDB||KA||TAB;
1.2B → C: b receives the messageDecrypting messages, verifying signatures, verifying messages mABIntegrity of, verifying timestamp TABThe freshness of (1). B generating a random number rbCalculating
K′B=rbKA=rbraG,mBC=IDB||IDC||KA||K′B||TBC
1.3C → D: c receiving the messageDecrypting messages, verifying signatures, verifying messages mBCIntegrity of, verifying timestamp TBCThe freshness of (1). C generating a random number rcCalculating
KC=rcKB=rcrbraG,mCD=IDC||IDD||KA||K′B||K′C||TCD
2.1D → C: d receiving the messageDecrypting messages, verifying signatures, verifying messages mCDIntegrity of, verifying timestamp TCDThe freshness of (1). D generating a random number rdCalculating
2.2C → B: c receiving the messageDecrypting messages, verifying signatures, verifying messages mDCIntegrity of, verifying timestamp TDCThe freshness of (1). Computing
2.3B → A: b receives the messageDecrypting messages, verifying signatures, verifying messages mCBIntegrity of, verifying timestamp TCBThe freshness of (1). Computing
2.4A receive messageDecrypting messages, verifyingCertificate signature and verification message mBAIntegrity of, verifying timestamp TBAThe freshness of (1). Computing
Wherein, IDA、IDB、IDC、IDDThe IDs of members A, B, C, D, respectively; g is a base point with prime number n on the order of the elliptic curve E; r isa、rb、rc、rdIs a random number, ra、rb、rc、For cryptographic algorithms, here KijFor encryption and decryption keys, i can be member A, B, C, D, and j can also be member A, B, C, D; t isijFor time stamp, i can be member A, B, C, D, j can also be member A, B, C, D; h (m) is a secure hash function. Sigi(m) elliptic curve-based signature algorithm for member i, which may be member A, B, C, D; kABCDConference key negotiated for member A, B, C, D.
The key agreement process of the embodiment of the invention stipulates that the identity of the sender is prior and the information of the receiver is later in the key agreement information, so as to ensure that an information receiver can distinguish whether the information is the reflection of the message sent by the receiver.
Example 5:
as shown in fig. 1 and 2, when the member performing key agreement is a1、A2、……Am-1、AmThe specific implementation process is as follows:
A2→A3:A2Receiving a messageDecrypting messages, verifying signatures, verifying messagesIntegrity of, verifying the timestampThe freshness of (1). A. the2Generating random numbersComputing
A3→A4:A3Receiving a messageDecrypting messages, verifying signatures, verifying messagesIntegrity of, verifying the timestampThe freshness of (1). A. the3Generating random numbersComputing
A4→A5:A4Receiving a messageDecrypting messages, verifying signatures, verifying messagesIntegrity of, verifying the timestampThe freshness of (1). A. the4Generating random numbersComputing
…………
Am-1→Am:Am-1Receiving a messageDecrypting messages, verifying signatures, verifying messagesIntegrity of, verifying the timestampThe freshness of (1). A. them-1Generating random numbersComputing
Am→Am-1:AmReceiving a messageDecrypting messages, verifying signatures, verifying messagesIntegrity of, verifying the timestampThe freshness of (1). A. themGenerating random numbersComputing
Am-1→Am-2:Am-1Receiving a messageDecrypting messages, verifying signatures, verifying messagesIntegrity of, verifying the timestampThe freshness of (1). Computing
…………
A3→A2:A3Receiving a messageDecrypting messages, verifying signatures, verifying messagesIntegrity of, verifying the timestampThe freshness of (1). Computing
A2→A1:A2Receiving a messageDecrypting messages, verifying signatures, verifying messagesIntegrity of, verifying the timestampThe freshness of (1). Computing
A1Receiving a messageDecrypting messages, verifying signatures, verifying messagesIntegrity of, verifying the timestampThe freshness of (1). Computing
It should be noted that, in the key agreement process, each key agreement member does not need to store the intermediate variables of the calculation, but only stores the generated random numbersAnd (4) finishing.
Example 6:
when the group member is taken as a unit to carry out key negotiation, the conditions of two parties, three parties and multiple parties also exist, the three-party member key negotiation scheme based on the elliptic curve is used for establishing the three-party group member key exchange scheme based on the elliptic curve, and the conditions of the two parties and the multiple parties can be established according to the reference.
Assuming that the group members are { a1, a2, A3, a4, a5, B1, B2, B3, C1, C2}, grouping the members according to the relevant attributes of the group members, assuming that the members can be divided into A, B, C three groups, a ═ { a1, a2, A3, a4, a5}, B ═ { B1, B2, B3}, C ═ C1, C2}, and selecting A, B, C three groups as a1, B1, C1, respectively.
The three-party group member key exchange scheme based on the elliptic curve is established according to the following process.
Step1:
1.1 for group a, since group a has 5 bit members, a key between the 5 bit members in group a can be established according to the elliptic curve-based multi-party member key agreement scheme in embodiment 5, and is denoted as a _ CK;
1.2 for group B, because group B has 3-bit members, a key between 3-bit members in group B can be established according to the elliptic curve-based three-party member key agreement scheme in embodiment 5, and is denoted as B _ CK;
1.3 for group C, since group C has 2-bit members, a key between 2-bit members in group C can be established according to the elliptic curve-based two-party member key agreement scheme in embodiment 5, and is denoted as C _ CK;
Step2:
2.1, representing three group members of A1, B1 and C1 by A, B, C groups, and establishing keys among A1, B1 and C1, which are denoted as ABC _ CK, according to the elliptic curve-based three-party member key agreement scheme in embodiment 5;
2.2 remember mA=IDA1||ABC_CK||TAHere IDA1ID of A1, TAFor time stamping, A1 broadcasts the message in a broadcast formSending the ABC _ CK to the members of the group A, and obtaining ABC _ CK through respective calculation of the members;
2.3 note mB=IDB1||ABC_CK||TBHere IDB1ID of B1, TBFor time stamping, B1 is communicatedThe form of broadcasting is to send the messageSending the ABC _ CK to the members of the group B, and obtaining ABC _ CK through respective calculation of the members;
2.4 note mC=IDC1||ABC_CK||TCHere IDC1ID of C1, TCFor time stamping, C1 broadcasts the message in a form of a broadcastAnd sending the ABC _ CK to the members of the group C, and obtaining ABC _ CK by the respective calculation of the members.
Example 7:
corresponding to the above method for implementing multi-party key agreement, an embodiment of the present invention further provides a system for implementing multi-party key agreement, including: the device comprises a plurality of random number generation modules, a plurality of calculation modules and a plurality of key negotiation information generation modules;
a first random number generation module for key negotiation member A1Generating random numbersA first calculation module for generating key parametersG is a base point with a prime number n of an order on the elliptic curve; a first key negotiation information generation module for passing throughGenerating key negotiation information with member informationAnd sends to the key agreement member A2;
A second random number generation module for key negotiation member A2Generating random numbersA second calculation module forCalculating key parametersA second key agreement information generation module for passing through Generating key negotiation information with member informationAnd sends to the key agreement member A3;
The ith random number generation module is used for the key negotiation member AiGenerating random numbersAn ith calculation module for negotiating the member A according to the keyi-1Key parameter ofCalculating its key parametersAn ith key agreement information generation module for passing the key parameters of its previous (i-1) key agreement members, its own key parametersGenerating key negotiation information with member informationAnd sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
the mth random number generation module is used for the key negotiation member AmGenerating random numbersAn mth calculation module for calculating the obtained keyComputingThe mth key negotiation information generation module is used for the key negotiation member AmBy passing Generating key negotiation information with member informationAnd sends to the key agreement member Am-1;
M-1 th calculation module for key agreement member Am-1Calculating a secret keyComputing M-1 key agreement information generation module for passing through Generating key negotiation information with member informationAnd sends to the key agreement member Am-2;
A jth calculation module for key negotiation member AjCalculating a secret keyComputing By passingGenerating key negotiation information with member informationAnd sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
a second calculation module for key agreement member A2Calculating a secret keyComputingA second key agreement information generation module for passing throughGenerating key negotiation information with member informationAnd sends to the key agreement member A1;
The system for realizing the multi-party key agreement provided by the embodiment of the invention can divide the process of the multi-party key agreement into a forward process and a reverse process, and sequentially transmit information required by subsequent key agreement members, thereby effectively realizing the key agreement of the multi-party members; and by selecting a safe elliptic curve, on the basis of the safe elliptic curve, the difficulty of discrete logarithm on the elliptic curve can effectively ensure the security of the key parameter in the communication process.
Example 8:
on the basis of the foregoing embodiment 7, an embodiment of the present invention further provides a system for implementing multi-party key agreement, which is different from the foregoing embodiment 7 in that the system further includes a first security module and a second security module; wherein:
the first security module is used for performing digest, signature and encryption processing on the key negotiation information before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member; and the system is used for decrypting, checking and verifying the integrity of the received ciphertext after each key negotiation member receives the ciphertext.
Specifically, the digest, signature, and encryption processing are performed on the key agreement information, specifically: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; and encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext.
Decrypting, checking and integrity verifying the received ciphertext, specifically comprising: decrypting the received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then verifying the signature information by using the public key of each key negotiation member, performing hash operation on the key negotiation information through the hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.
In order to prevent replay attack of the old message, the key negotiation information also comprises a time stamp when the sender sends the information to the receiver; thus, the second security module is configured to verify the timestamp after the receiving party receives the timestamp.
It should be noted that the system for implementing multi-party key agreement provided by the present invention is for implementing the above method embodiments, and the functions thereof may specifically refer to the above method embodiments, and are not described herein again.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for realizing multi-party key agreement is characterized in that m key agreement members { A }1,A2,…,Am-said method comprising: a forward transmission process and a reverse transmission process;
the forward transmission process comprises the following steps:
key agreement member A1Generating random numbersThen generating key parametersBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member A2(ii) a G is a base point with a prime number n of an order on the elliptic curve;
key agreement member A2Generating randomNumber ofCalculating key parametersBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member A3;
Continuing so, key agreement member AiGenerating random numbersNegotiating Member A based on a Keyi-1Key parameter ofCalculating its key parametersKey parameter of the member negotiating with its previous (i-1) keys, key parameter of itselfGenerating key negotiation information with member informationAnd sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
The reverse transmission process comprises:
key agreement member AmBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member Am-1;
Key agreement member Am-1Calculating a secret keyComputing By passingGenerating key negotiation information with member informationAnd sends to the key agreement member Am-2;
Continuing so, key agreement member AjCalculating a secret keyComputingBy passingGenerating key negotiation information with member informationAnd sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
key agreement member A2Calculating a secret keyComputingBy passingGenerating key negotiation information with member informationAnd sends to the key agreement member A1;
2. The method of claim 1, further comprising:
before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member, performing digest, signature and encryption processing on the key negotiation information;
correspondingly, after each key negotiation member receives the ciphertext, the received ciphertext is decrypted, signed and integrity verified, and then the key or the key parameter is calculated.
3. The method of claim 2,
the digest, signature and encryption processing of the key negotiation information specifically includes: performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
the decrypting, signature verification and integrity verification of the received ciphertext specifically comprises: the method comprises the steps of firstly decrypting a received ciphertext through an encryption and decryption algorithm to obtain signature information and key negotiation information, then using public keys of all key negotiation members to verify the signature information, carrying out hash operation on the key negotiation information through a hash algorithm to generate a second hash operation result, and comparing the first hash operation result with the second hash operation result to verify the integrity of the key negotiation information.
4. The method according to any one of claims 1-3, wherein the key agreement information further includes a timestamp when the sender sends the information to the receiver;
correspondingly, after receiving the timestamp, the receiver first verifies the timestamp and then calculates the key or key parameters.
5. The method according to claim 1, wherein the member information refers to ID information of a key agreement member as both parties of communication.
6. The method of claim 1, wherein each key agreement member does not save each result of the intermediate calculation during the key agreement process, but only saves the generated random number.
7. A system for implementing multi-party key agreement is characterized by comprising:
a first random number generation module for key negotiation member A1Generating random numbersA first calculation module for generating key parametersG is a base point with a prime number n of an order on the elliptic curve; a first key negotiation information generation module for passing throughGenerating key negotiation information with member informationAnd sends to the key agreement member A2;
A second random number generation module for key negotiation member A2Generating random numbersA second calculation module for calculating key parametersA second key agreement information generation module for passing through Generating key negotiation information with member informationAnd sends to the key agreement member A3;
The ith random number generation module is used for the key negotiation member AiGenerating random numbersAn ith calculation module for negotiating the member A according to the keyi-1Key parameter ofCalculating its key parametersAn ith key agreement information generation module for passing the key parameters of its previous (i-1) key agreement members, its own key parametersGenerating key negotiation information with member informationAnd sends to the next key negotiation member Ai+1(ii) a Wherein i is 3,4,5 …, m-1, i is a positive integer;
the mth random number generation module is used for the key negotiation member AmGenerating random numbersAn mth calculation module for calculating the obtained keyComputingThe mth key negotiation information generation module is used for the key negotiation member AmBy passing Generating key negotiation information with member informationAnd sends to the key agreement member Am-1;
M-1 th calculation module for key agreement member Am-1Calculating a secret keyComputing M-1 key agreement information generation module for passing through Generating key negotiation information with member informationAnd sends to the key agreement member Am-2;
A jth calculation module for key negotiation member AjCalculating a secret keyComputing By passingGenerating key negotiation information with member informationAnd sends to the next key negotiation member Aj-1(ii) a Wherein j is m-2, m-3, …,5,4,3, j is a positive integer;
a second calculation module for key agreement member A2Calculating a secret keyComputingA second key agreement information generation module for passing throughGenerating key negotiation information with member informationAnd sends to the key agreement member A1;
8. The system of claim 7, further comprising:
the first security module is used for performing digest, signature and encryption processing on the key negotiation information before each key negotiation member sends the key negotiation information to the next key negotiation member corresponding to the key negotiation member; and after each key negotiation member receives the ciphertext, decrypting, checking the signature and verifying the integrity of the received ciphertext.
9. The system of claim 8, wherein the first security module is specifically configured to:
performing hash operation on the key negotiation information through a hash algorithm to generate a first hash operation result; signing the first hash operation result by using a private key of each key negotiation member through a signature algorithm to generate signature information; encrypting the signature information and the key negotiation information through an encryption and decryption algorithm to generate a ciphertext;
and the encryption and decryption module is specifically configured to decrypt the received ciphertext through an encryption and decryption algorithm to obtain signature information and key agreement information, then verify the signature information using the public key of each key agreement member, perform hash operation on the key agreement information through the hash algorithm to generate a second hash operation result, and compare the first hash operation result with the second hash operation result to verify the integrity of the key agreement information.
10. The system according to any one of claims 7-9, wherein the key agreement information further includes a time stamp of when the sender sends information to the receiver; correspondingly, the system further comprises:
and the second safety module is used for verifying the time stamp after the receiving party receives the time stamp.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011212830.2A CN112422276B (en) | 2020-11-04 | 2020-11-04 | Method and system for realizing multi-party key agreement |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011212830.2A CN112422276B (en) | 2020-11-04 | 2020-11-04 | Method and system for realizing multi-party key agreement |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112422276A CN112422276A (en) | 2021-02-26 |
CN112422276B true CN112422276B (en) | 2022-03-25 |
Family
ID=74827497
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011212830.2A Active CN112422276B (en) | 2020-11-04 | 2020-11-04 | Method and system for realizing multi-party key agreement |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112422276B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113242122B (en) * | 2021-04-15 | 2022-11-25 | 哈尔滨工业大学 | Encryption method based on DH and RSA encryption algorithm |
CN113722750B (en) * | 2021-07-20 | 2024-03-19 | 南京航空航天大学 | Authentication encryption and group key based network-on-chip security domain construction method |
CN113660083B (en) * | 2021-08-12 | 2023-08-04 | 云南电网有限责任公司信息中心 | Symmetric key generation method based on shared knowledge |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000022775A1 (en) * | 1998-10-09 | 2000-04-20 | Deutsche Telekom Ag | Method for establishing a common cryptographic key for n subscribers |
CN101291214A (en) * | 2007-04-19 | 2008-10-22 | 华为技术有限公司 | Group cipher key generating method, system and apparatus |
CN101321053A (en) * | 2007-06-08 | 2008-12-10 | 华为技术有限公司 | Group cipher key generating method, system and apparatus |
CN102111266A (en) * | 2009-12-28 | 2011-06-29 | 航天信息股份有限公司 | Method for generating group keys based on elliptic curve |
CN103634104A (en) * | 2013-11-26 | 2014-03-12 | 常州大学 | Three-party authentication key agreement protocol generating method based on certificates |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100966071B1 (en) * | 2007-12-18 | 2010-06-28 | 한국전자통신연구원 | Method for multi-party-key agreement using bilinear map and system therefor |
-
2020
- 2020-11-04 CN CN202011212830.2A patent/CN112422276B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000022775A1 (en) * | 1998-10-09 | 2000-04-20 | Deutsche Telekom Ag | Method for establishing a common cryptographic key for n subscribers |
CN101291214A (en) * | 2007-04-19 | 2008-10-22 | 华为技术有限公司 | Group cipher key generating method, system and apparatus |
CN101321053A (en) * | 2007-06-08 | 2008-12-10 | 华为技术有限公司 | Group cipher key generating method, system and apparatus |
CN102111266A (en) * | 2009-12-28 | 2011-06-29 | 航天信息股份有限公司 | Method for generating group keys based on elliptic curve |
CN103634104A (en) * | 2013-11-26 | 2014-03-12 | 常州大学 | Three-party authentication key agreement protocol generating method based on certificates |
Non-Patent Citations (1)
Title |
---|
"Diffie-Hellman Key Distribution Extended to Group Communication";Michael Steiner等;《Proceedings of the 3rd ACM conference on Computer and communications security》;19960131;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN112422276A (en) | 2021-02-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107947913B (en) | Anonymous authentication method and system based on identity | |
CN108199835B (en) | Multi-party combined private key decryption method | |
CN101238677B (en) | Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved safety | |
US9130744B1 (en) | Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary | |
US11870891B2 (en) | Certificateless public key encryption using pairings | |
CN112422276B (en) | Method and system for realizing multi-party key agreement | |
CN110020524B (en) | Bidirectional authentication method based on smart card | |
CN111049647B (en) | Asymmetric group key negotiation method based on attribute threshold | |
CN107342977A (en) | Suitable for the information security method of point-to-point instant messaging | |
CN113972981B (en) | SM2 cryptographic algorithm-based efficient threshold signature method | |
CN113132104A (en) | Active and safe ECDSA (electronic signature SA) digital signature two-party generation method | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN111049738B (en) | E-mail data security protection method based on hybrid encryption | |
JPH09312643A (en) | Key sharing method and ciphering communication method | |
CN114553441B (en) | Electronic contract signing method and system | |
CN116318702A (en) | Multi-particle GHZ state-based semi-quantum ring signature method and device | |
CN113242129B (en) | End-to-end data confidentiality and integrity protection method based on lattice encryption | |
CN114978488A (en) | SM2 algorithm-based collaborative signature method and system | |
WO2020042023A1 (en) | Instant messaging data encryption method and apparatus | |
CN111565108B (en) | Signature processing method, device and system | |
CN111526131B (en) | Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station | |
CN114268441B (en) | Quantum security application method, client device, server device and system | |
CN114422114B (en) | Time-controlled encryption method and system based on multi-time server | |
CN114070550B (en) | Information processing method, device, equipment and storage medium | |
CN115834175A (en) | Quantum key-based group chat encryption method, message transmitting and receiving equipment and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |