CN100452695C - Elliptic curve encryption and decryption method and apparatus - Google Patents

Elliptic curve encryption and decryption method and apparatus Download PDF

Info

Publication number
CN100452695C
CN100452695C CNB021547173A CN02154717A CN100452695C CN 100452695 C CN100452695 C CN 100452695C CN B021547173 A CNB021547173 A CN B021547173A CN 02154717 A CN02154717 A CN 02154717A CN 100452695 C CN100452695 C CN 100452695C
Authority
CN
China
Prior art keywords
function
encryption
curve encryption
ellipse curve
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB021547173A
Other languages
Chinese (zh)
Other versions
CN1505306A (en
Inventor
陈建华
汪朝晖
李莉
涂航
崔竞松
彭蓉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING HUADA INFOSEC TECHNOLOGY Ltd
Original Assignee
BEIJING HUADA INFOSEC TECHNOLOGY Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING HUADA INFOSEC TECHNOLOGY Ltd filed Critical BEIJING HUADA INFOSEC TECHNOLOGY Ltd
Priority to CNB021547173A priority Critical patent/CN100452695C/en
Publication of CN1505306A publication Critical patent/CN1505306A/en
Application granted granted Critical
Publication of CN100452695C publication Critical patent/CN100452695C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention relates to an elliptic curve encryption method, wherein an encryption part obtains a public key Y<B> of a decryption part; then, a random number k is generated to carry out elliptic curve dot product calculation respectively with the public key Y<B> and a basic point G of a curve to obtain a points P and Q, wherein the P is equal to kG, and the Q is equal to kY; the P and the Q are calculated respectively by functions v and g, and then, v(P) and g(Q) are obtained; a plaintext m is calculated by a function f to obtain f(m); f(m) and g(Q) are calculated by a function u to obtain u(f(m), g(Q)), and thus, v(P), u(f(m) and g(Q)) are obtained; the decryption part receives a ciphertext (V, U), and the ciphertext (V, U) is calculated by private keys x <B> and V of the decryption part to obtain r(x<B>, V); r(x<B>, V) and U are calculated by an u inverse function to obtain D which is equal to u'(U, r(x<B>, V)), and the plaintext m which is equal to f<minus1>(D) is obtained by the calculation of an f inverse function; the function u in the encryption process and the function u' in the decryption process have the following property that a function that z is equal to u(x, y) can obtain a function that x is equal to u'(z, y). The problem of plaintext insertion required for an ElGamal encryption method is solved by the present invention.

Description

Elliptic curve cryptography decryption method and device
Technical field
The present invention relates to data ciphering and deciphering, is the encryption method of utilizing the elliptic curve discrete logarithm problem.
Background technology
Cryptographic system is divided into symmetric cryptosystem and asymmetric cryptosystem.
Symmetric cryptography also is the conventional cipher algorithm sometimes, is exactly that encryption key can be calculated from separate dense wanting, otherwise also sets up.In most of algorithms, the enciphering/deciphering key is identical.These algorithms also are secret-key algorithm or single key algorithm, and it requires sender and recipient before secure communication, consult a key.The fail safe of symmetric cryptography depends on key, and the key of divulging a secret just means that anyone can both carry out enciphering/deciphering to message.So though the speed of symmetric cryptography is very fast, how secret key safety being distributed to legal user but is a problem.
At patent " encryption device and method " (" CRYPTOGRAPHIC APPARATUS METHOD ", the patent No.: provided US4200770) one can be in overt channel the method and apparatus of interchange key, this method is called the public-key cryptographic keys exchange or is called the Diffie-Hellman key exchange method.This patent makes communicating pair use a mould power function to consult and transmit their secret information.The assailant will seek out the secret information of transmission, must solve discrete logarithm problem.If the parameter of using is enough big, separating discrete logarithm problem is an intractable problem.
Public key cryptography claims asymmetric cryptography again, then can effectively address the above problem.Public key cryptography is different with the symmetric cryptography that only uses a key, and public key cryptography is asymmetric, and its uses two independences but the key of certain mathematical connection is arranged: PKI and private key.Secret its private key of recipient in the communication discloses its PKI like this.Communicating pair A and B be when communicating by letter like this, if sender A need send to B with the form with ciphertext expressly, then can at first obtain the disclosed PKI of B, uses the public key encryption information of B, and recipient B uses has only the private key decrypting ciphertext of oneself knowing.Because have only B to have its private key, so A can determine to have only B can read expressly.
Patent " cryptographic communication system and method " (" CRYPTOGRAPHIC COMMUNICATIONSSYSTEM AND METHOD ", the patent No.: US4405829) proposed Rivest, a kind of public key cryptography method---the RSA of Shamir and Adleman invention.The fail safe of RSA public key cryptography method is based on the intractability of big integer factor resolution problem.But to the improving constantly of security requirement, also come also high more to the requirement of RSA key length along with at present.
1984, Taher ElGamal proposed new public-key cryptography scheme in its thesis for the doctorate.In this mechanism, the recipient uses the mould power function to hide private key x, calculates y=g xModp, and PKI y is open.Concrete cryptographic algorithm is as follows:
1, preprocessing process: the needed parameters of acquisition system
1.1: determine finite field gf (p), promptly determine prime number p;
1.2: determine generator g;
1.3: choose random number x, make 1≤x≤p-1, with x as decruption key, i.e. private key;
1.4: calculate y=g x, y is as encryption key, i.e. PKI;
1.6: open g, p and PKI y.
2, ciphering process:
2.1: encryption side obtains the open parameter g of deciphering side, p and PKI y;
2.2: generate random number k, 1≤k≤p-1 wherein, the y that uses public-key utilizes the mould power function to calculate g kAnd y k
2.3: calculate for plaintext m: m y k, form ciphertext c=(g k, m y k);
2.4: encryption side sends to deciphering side with ciphertext c.
3, decrypting process:
3.1: deciphering side receive ciphertext c=(P, Q);
3.2: utilize private key x, calculate P x=g K x=(g x) k=y k
3.3: calculate Q* (P x) -1=m y r(y k) -1=m;
4, finish.
Neal Koblitz in 1985 and Victor Miller propose respectively elliptic curve is used for common key cryptosystem, and have realized already present public key algorithm with elliptic curve.Cryptographic algorithm based on elliptic curve discrete logarithm problem intractability is called as elliptic curve cryptography (Elliptic Curve Cryptography is called for short ECC), becomes the public key algorithm of being accepted extensively by international cryptography circle.
Subsequently, ElGamal encryption mechanism mentioned above is transplanted on the elliptic curve, and is as follows based on the ElGamal cryptographic algorithm of elliptic curve discrete logarithm problem intractability:
1, preprocessing process: obtain the needed parameters of elliptic curve cryptography
1.1: determine finite field gf (p), promptly determine prime field p;
1.2: choose parameter of curve a, b, determine elliptic curve equation E:y 2=x 3+ ax+b (modp);
1.3: the rank N of calculated curve, choose the basic point G of curve;
1.4: choose random number x, make 1≤x≤N-1, with x as decruption key, i.e. private key;
1.5: calculate Y=xG, Y is as encryption key, i.e. PKI;
1.6: open curve E, generator G and PKI Y.
2, ciphering process:
2.1: encryption side obtains the curve E of deciphering side, generator G and PKI Y;
2.2: encryption side obtains the plaintext m of suitable length, and it is embedded curve E, is met the some P of curve E m
2.3: generate random number k, 1≤k≤N-1 wherein, the Y that uses public-key utilizes elliptic curve dot product and point to add formula and calculates rG and P m+ kY forms ciphertext c=(kG, P m+ kY);
2.4: encryption side sends to deciphering side with ciphertext c.
3, decrypting process:
3.1: deciphering side receive ciphertext c=(P, Q);
3.2: utilize private key x, calculate xP=x kG=r (x G)=kY;
3.3: calculate Q-xP=P m+ kY-x kG=P m
3.4: by P mCalculate expressly m;
4, finish.
In said process, because the point on the elliptic curve all will satisfy elliptic curve equation E:y 2=x 3+ ax+b (mod p), and expressly m is at random, therefore, with m itself during as the abscissa x of point, the possibly ordinate y that can't solve a little of equation, thus must carry out the plaintext embedding to m.Usually the way that adopts is: increase some positions together as the abscissa of point behind m, embed thereby carry out plaintext.Filler is many more, and the possibility that can successfully carry out expressly embedding is just big more, but this kind method remains a kind of probabilistic algorithm, may occur therefore, addressing this problem obviously extremely important to the situation of certain plain text encryption.
The public key algorithm based on elliptic curve---the MV encryption method that Menezes and Vanstone propose has overcome above-mentioned defective in the ElGamal encryption mechanism.Its concrete encrypting step is described below:
1, preprocessing process: obtain the needed parameters of elliptic curve cryptography
1.1: determine finite field gf (p), promptly determine prime field p;
1.2: choose parameter of curve a, b, determine elliptic curve equation E:y 2=x 3+ ax+b (modp);
1.3: the rank N of calculated curve, choose the basic point G of curve;
1.4: choose random number x, make 1≤x≤N-1, with x as decruption key, i.e. private key;
1.5: calculate Y=xG, Y is as encryption key, i.e. PKI;
1.6: open curve E, generator G and PKI Y.
2, ciphering process:
2.1: encryption side obtains the curve E of deciphering side, generator G and PKI Y;
2.2: encryption side obtains the plaintext m of suitable length;
2.3: generate random number k, wherein 1≤k≤N-1;
2.4: calculation level P=kG, Q=kY=(x 0, y 0), U=mx 0Mod p
2.5: (P U) sends to deciphering side with ciphertext c=in encryption side.
3, decrypting process:
3.1: deciphering side receive ciphertext c=(P, U);
3.2: utilize private key x, calculate Q=kP=xkG=k (xG)=kY=(x 0, y 0);
3.3: the abscissa x that takes out Q 0, calculate m=Ux 0 -1Mod p, thus expressly m obtained.
4, finish.
Though this method has solved the problem that expressly embeds, can not compatible ElGamal encryption method.
Summary of the invention
Purpose of the present invention provides a kind of new elliptic curve cryptography method, it has solved expressly imbedding problem on the one hand, has high flexibility on the other hand, can construct more existing encryption methods by the selection of parameter, moreover the implementation efficiency of this method is very high.
The invention provides a kind of encrypting and decrypting method, system at first determines finite field gf (q), chooses elliptic curve equation E; Choose the basic point G of elliptic curve, and calculate elliptic curve point order of a group N on the finite field.User B utilizes these system parameterss to generate the private key x of oneself as deciphering side B, 1≤x wherein B≤ N-1 utilizes basic point G to calculate dot product then and obtains PKI Y B=x BG.Below the ciphering process step of the side of encryption A for plaintext m:
At first, the encipherer obtains the PKI Y of B B, generate random number k then, the k that makes drops on the interval [1, N-1], with k respectively with PKI Y BCarry out the elliptic curve point multiplication operation with the basic point G of curve, obtain the some P=kG on the curve, Q=kY BUse function v and g that P and Q are carried out computing respectively, promptly obtain v (P), g (Q); Use function f that plaintext m is carried out computing, obtain f (m), use function u that f (m) and g (Q) computing are obtained u (f (m), g (Q)), (the v (P) that obtains like this, u (f (m), g (Q))) is the encrypted result of encipherer, is expressed as (V plaintext m, U), V=v (P) wherein, U=u (f (m), g (Q)).
The side of deciphering B accepts ciphertext, and (V U), uses the private key x of r function to B BCarry out computing with V, obtain r (x B, V), use the d function to r (x B, V) carry out computing and obtain D=d (U, r (x with U B, V)), use the inverse function of f to calculate expressly m=f at last -1(D).
A kind of ciphering and deciphering device that adopts described elliptic curve cryptography method is provided according to another aspect of the present invention;
Description of drawings
Fig. 1 is the flow chart of ciphering process of the present invention.
Fig. 2 is the flow chart of decrypting process of the present invention.
Fig. 3 is the block diagram of encrypting and decrypting device of the present invention.
Embodiment
Fig. 1 illustrates the flow chart of ciphering process of the present invention.
In step 101, the side of encryption A obtains disclosed system parameters of deciphering side B and PKI Y B
In step 102, A generates random number k, 1≤k≤N-1 wherein, and wherein N is the some order of a group of elliptic curve;
In step 103, with the PKI Y of k and basic point G and B BMake the point multiplication operation of elliptic curve, obtain P=kG, Q=kY B
In step 104, calculate V=v (P), utilize the v function that P is made further data processing, for example P is compressed or expands;
In step 105, encryption side obtains the plaintext m of suitable length, and uses f that plaintext m is done the preliminary treatment computing to obtain f (m).Wherein, function f (m) must have inverse function, passes through f -1(f (m)) must can recover m, can comprise following form:
A) f (m) can value be: f (m)=m, then f -1(m)=m
B) f (m) can value be: f (m)=(m, n), wherein n is random number, then f -1(m, n)=m;
C) f (m) can value be: f (m)=(m, h (m)), wherein h is the Hash function, as SHA-1, MAC etc., then f -1(m, h (m))=m;
D) f (m) can value be: f (m)=(m 1, m 2), m=m wherein 1|| m 2, || be bound symbol, then f -1(m1, m 2)=m 1|| m 2=m;
E) f (m) can value be: f (m)=(1 1(m1), 1 2(m 2)), m=m wherein 1|| m 2, || be bound symbol, 1 1, 1 2Be reversible spread function, then f -1(1 1, 1 2)=1 1 -1(1 1(m 1)) || 1 2 -1(1 2(m 2))=m;
F) or the like.
In step 106, calculate U=u (f (m), g (Q)), (U, V), wherein V is the v (P) that calculates in the step 104 to obtain ciphertext at last.
In step 106, must have following character for function u; If u-function shape be U=u (x, y), from function u can push away y=u ' (x, U), the u ' function that obtains like this will be used for following deciphering.
In step 106, be suitable for function g to comprising private key x BBe for further processing with the Q point of random number k information, handle or extension process as Q is compressed, for example g (Q) can be taken as:
A) g (Q) can value be: g (Q)=Q;
B) g (Q) can value be: g (Q)=x 0, perhaps g (Q)=y 0, Q=(x wherein 0, y 0);
C) g (Q) can value be: g (Q)=x 0|| y 0, Q=(x wherein 0, y 0), || be bound symbol;
D) g (Q) can value be: g (Q)=h (x 0), perhaps g (Q)=h (y 0), Q=(x wherein 0, y 0), h is the Hash function, as SHA-1 or MAC etc.;
E) g (Q) can value be: g (Q)=h (x 0|| y 0), perhaps g (Q)=h (x 0) || h (y 0), Q=(x wherein 0, y 0), || be bound symbol, h is the Hash function, as SHA-1 or MAC etc.;
F) or the like.
In step 207, (V, U), the side of encryption A sends to deciphering side B with this ciphertext to generate ciphertext.
So far, ciphering process finishes.
Fig. 2 illustrates the flow chart of decrypting process of the present invention.
In step 201, the side of deciphering B receive ciphertext (V, U);
In step 202, B obtains the private key x of oneself B
In step 203, B uses the private key x of oneself BDo computing with the V that receives, obtain R=r (x B, V); Wherein function r makes and can utilize private key x BPartial information with computing among the V that has comprised random number information obtains comprising among the U satisfies: r (x B, V)=and g (Q), the result who obtains so promptly can obtain required cleartext information with U computing together, for example:
A) be v (P)=P when getting function shape, then get r (x B, V)=g (x BV);
B) be v (P)=(x when getting function shape 0, s), P=(x wherein 0, y 0), the s value is y 0Direction flag, this moment v function have the character the same with u-function, have v ' function, then get r (x B, V)=g (x BV ' (V));
C) be v (P)=x when getting function shape P, g (Q)=x 0, P=(x wherein P, y P), Q=(x 0, y 0), suitably get r and can satisfy r (x B, V)=g (kY);
Step 204 calculate D=u ' (U, R); Wherein the function u in function u ' and the ciphering process has following character, for z=u (x, y), then can obtain x=u ' (z, y).Function u and u ' can be following form;
A) u, u ' can value be symmetrical encryption and decryption function, x 0Be plaintext, y 0Be key;
B) u, u ' can value be that elliptic curve point adds, some subtraction function (or point subtracts, point add function), x 0, y 0Be respectively the point on the elliptic curve;
C) u, u ' can value be that mould adds function and mould subtraction function, u (x 0, y 0)=x 0+ y 0(modq), d (x 0, y 0)=x 0-y 0(mod q);
D) u, u ' can value be that mould is taken advantage of function and inverse function, u (x 0, y 0)=x 0* y 0(mod q), d (x 0, y 0)=x 0* y 0 -1(mod q);
E) u, u ' can value be nodulo-2 addition (XOR), u ( x 0 , y 0 ) = d ( x 0 , y 0 ) = x 0 &CirclePlus; y 0 ;
F) u, u ' can value be together or operate, u ( x 0 , y 0 ) = d ( x 0 , y 0 ) = x 0 &CircleTimes; y 0 ;
G) or the like.
In step 205, calculate m=f -1(D), thus obtain expressly m.
So far, decrypting process finishes.
Fig. 3 illustrates encrypting and decrypting device of the present invention.When the side of encryption A communicated by letter on a communication channel with deciphering side B, the side of deciphering B used the key of key generating device 340 generation B right: PKI Y BWith private key x BThe side of encryption A uses encryption equipment 320, adopts in conjunction with the ciphering process of Fig. 1 explanation plaintext m is encrypted, and the ciphertext c that generates is sent to deciphering side B.The decipher 350 of the side of deciphering B is decrypted acquired information m by the decrypting process in conjunction with Fig. 2 explanation to ciphertext c.
Above invention has been described in conjunction with most preferred embodiment of the present invention, and those of ordinary skill in the art can do various modifications and change to it under the situation that does not depart from scope of the present invention.

Claims (52)

1. ellipse curve encryption and decryption method, it is right that deciphering side has the key of oneself: private key x BWith PKI Y B, encryption side obtains the PKI Y of deciphering side B, plaintext m being realized encrypting, and ciphertext is sent to deciphering side, decipher from ciphertext and obtain expressly m, wherein Y deciphering side B=x BG comprises following steps:
Encryption side obtains the PKI Y of deciphering side B, generate random number k then, 1≤k≤N-1 wherein, N is the some order of a group of elliptic curve, respectively with PKI Y BCarry out the elliptic curve point multiplication operation with the basic point G of curve, obtain the some P=kG on the curve, Q=kY BUse function v and g that P and Q are carried out computing respectively, promptly obtain v (P), g (Q); Use function f that plaintext m is carried out computing, obtain f (m), use function u that f (m) and g (Q) computing are obtained u (f (m), g (Q)), (the v (P) that obtains like this, u (f (m), g (Q))) is the encrypted result of encipherer, is expressed as (V plaintext m, U), V=v (P) wherein, U=u (f (m), g (Q));
Deciphering side receives ciphertext, and (V U), uses the private key x of oneself BCarry out computing, wherein 1≤X with V B≤ N-1 obtains r (x B, V), the inverse function of using u is to r (x B, V) carry out computing and obtain D=u ' (U, r (x with U B, V)), use the inverse function of f to calculate expressly m=f -1(D);
Wherein function u in the ciphering process and the function u ' in the decrypting process have following character: for z=u (x, y), then obtain x=u ' (z, y).
2. ellipse curve encryption and decryption method as claimed in claim 1, wherein the v function is compression or spread function.
3. ellipse curve encryption and decryption method as claimed in claim 1, wherein the f function has inverse function.
4. ellipse curve encryption and decryption method as claimed in claim 1, wherein, the f value is: f (m)=m, then f -1(m)=m.
5. ellipse curve encryption and decryption method as claimed in claim 1, wherein, f (m) value is: f (m)=(m, n), wherein n is random number, then f -1(m, n)=m.
6. ellipse curve encryption and decryption method as claimed in claim 1, wherein, f (m) value is: f (m)=(m, h (m)), wherein h is Hash function, then f -1(m, h (m))=m.
7. encryption method as claimed in claim 6, wherein, the Hash function is SHA-1 or MAC function.
8. ellipse curve encryption and decryption method as claimed in claim 1, wherein, f (m) value is: f (m)=(m 1, m 2), m=m wherein 1|| m 2, || be bound symbol, then f -1(m 1, m 2)=m 1|| m 2=m.
9. ellipse curve encryption and decryption method as claimed in claim 1, wherein, f (m) value is: f (m)=(1 1(m 1), 1 2(m 2)), m=m wherein 1|| m 2, || be bound symbol, 1 1, 1 2Be reversible function, then f -1(1 1, 1 2)=1 1 -1(1 1(m 1)) || 1 2 -1(1 2(m 2))=m.
10. ellipse curve encryption and decryption method as claimed in claim 1, wherein, g (Q) value is: g (Q)=Q.
11. ellipse curve encryption and decryption method as claimed in claim 1, wherein, g (Q) value is: g (Q)=x 0, perhaps g (Q)=y 0, Q=(x wherein 0, y 0).
12. ellipse curve encryption and decryption method as claimed in claim 1, wherein, g (Q) value is: g (Q)=x 0|| y 0, Q=(x wherein 0, y 0), || be bound symbol.
13. ellipse curve encryption and decryption method as claimed in claim 1, wherein, g (Q) value is: g (Q)=h (x 0), perhaps g (Q)=h (y 0), Q=(x wherein 0, y 0), h is the Hash function.
14. ellipse curve encryption and decryption method as claimed in claim 1, wherein, g (Q) value is: g (Q)=h (x 0|| y 0), perhaps g (Q)=h (x 0) || h (y 0), Q=(x wherein 0, y 0), || be bound symbol, h is the Hash function.
15. as the encryption method of claim 13 or 14, wherein, the Hash function is SHA-1 or MAC function.
16. ellipse curve encryption and decryption method as claimed in claim 1, wherein, function u and u ' are symmetrical encryption and decryption function.
17. ellipse curve encryption and decryption method as claimed in claim 1, wherein, function u and u ' add for elliptic curve point or the some subtraction function.
18. ellipse curve encryption and decryption method as claimed in claim 1, wherein, function u and u ' add function and mould subtraction function for mould.
19. ellipse curve encryption and decryption method as claimed in claim 1, wherein, function u and u ' take advantage of function and inverse function for mould.
20. ellipse curve encryption and decryption method as claimed in claim 1, wherein, function u and u ' are nodulo-2 addition.
21. ellipse curve encryption and decryption method as claimed in claim 1, wherein, function u and u ' are together or operate.
22. ellipse curve encryption and decryption method as claimed in claim 1, wherein, the selection of function r is satisfied: r (x B, V)=g (kY B)=g (Q).
23. ellipse curve encryption and decryption method as claimed in claim 1, wherein, the selection and function v of function r is relevant with function g, and the r function satisfies: r (x B, V)=g (kY B).
24., wherein, be v (P)=P, then get r (x when getting function shape as the ellipse curve encryption and decryption method of claim 1 or 22 B, V)=g (x BV).
25., wherein, be v (P)=(x when getting function shape as the ellipse curve encryption and decryption method of claim 1 or 22 0, s), P=(x wherein 0, y 0), the s value is y 0Direction flag, this moment, the v function had the character the same with u-function, had v ' function, then got r (x B, V)=g (x BV ' (V)).
26., wherein, be v (P)=x when getting function shape as the ellipse curve encryption and decryption method of claim 1 or 22 P, g (Q)=x Q, P=(x wherein P, y P), Q=(x Q, y Q), suitably get r and can satisfy r (x B, V)=g (kY B).
27. an ellipse curve encryption and decryption system comprises key generating device (340), it is right that encryption equipment (330) and decipher (350), deciphering square tube are crossed the key of described key generating device (340) generation oneself: private key x BWith PKI Y B, encryption side obtains the PKI Y of deciphering side B, plaintext m realize is encrypted, and ciphertext is sent to deciphering side, decipher square tube and cross described decipher (350) and from ciphertext, decipher and obtain plaintext m, wherein Y B=x BG, wherein said encryption equipment (330) is carried out:
Obtain the PKI Y of deciphering side B, generate random number k then, 1≤k≤N-1 wherein, N is the some order of a group of elliptic curve, respectively with PKI Y BCarry out the elliptic curve point multiplication operation with the basic point G of curve, obtain the some P=kG on the curve, Q=kT BUse function v and g that P and Q are carried out computing respectively, promptly obtain v (P), g (Q); Use function f that plaintext m is carried out computing, obtain f (m), use function u that f (m) and g (Q) computing are obtained u (f (m), g (Q)), (the v (P) that obtains like this, u (f (m), g (Q))) is the encrypted result of encipherer, is expressed as (V plaintext m, U), V=v (P) wherein, U=u (f (m), g (Q));
Described decipher (350) is carried out:
(V U), uses the private key x of oneself to receive ciphertext BCarry out computing, wherein 1≤X with V B≤ N-1 obtains r (x B, V), the inverse function of using u is to r (x B, V) carry out computing and obtain D=u ' (U, r (x with U B, V)), use the inverse function of f to calculate expressly m=f -1(D);
Wherein function u in the ciphering process and the function u ' in the decrypting process have following character: for z=u (x, y), then obtain x=u ' (z, y).
28. as the ellipse curve encryption and decryption system of claim 27, wherein the v function is compression or spread function.
29. as the ellipse curve encryption and decryption system of claim 27, wherein the f function has inverse function.
30. as the ellipse curve encryption and decryption system of claim 27, wherein, the f value is: f (m)=m, then f -1(m)=m.
31. as the ellipse curve encryption and decryption system of claim 27, wherein, f (m) value is: f (m)=(m, n), wherein n is random number, then f -1(m, n)=m.
32. as the ellipse curve encryption and decryption system of claim 27, wherein, f (m) value is: f (m)=(m, h (m)), wherein h is Hash function, then f -1(m, h (m))=m.
33. as the ellipse curve encryption and decryption system of claim 32, wherein, the Hash function is SHA-1 or MAC function.
34. as the ellipse curve encryption and decryption system of claim 27, wherein, f (m) value is: f (m)=(m 1, m 2), m=m wherein 1|| m 2, || be bound symbol, then f -1(m 1, m 2)=m 1|| m 2=m.
35. as the ellipse curve encryption and decryption system of claim 27, wherein, f (m) value is: f (m)=(1 1(m 1), 1 2(m 2)), m=m wherein 1|| m 2, || be bound symbol, 1 1, 1 2Be reversible function, then f -1(1 1, 1 2)=1 1 -1(1 1(m 1)) || 1 2 -1(1 2(m 2))=m.
36. as the ellipse curve encryption and decryption system of claim 27, wherein, g (Q) value is: g (Q)=Q.
37. as the ellipse curve encryption and decryption system of claim 27, wherein, g (Q) value is: g (Q)=x 0, perhaps g (Q)=y 0, Q=(x wherein 0, y 0).
38. as the ellipse curve encryption and decryption system of claim 27, wherein, g (Q) value is: g (Q)=x 0|| y 0, Q=(x wherein 0, y 0), || be bound symbol.
39. as the ellipse curve encryption and decryption system of claim 27, wherein, g (Q) value is: g (Q)=h (x 0), perhaps g (Q)=h (y 0), Q=(x wherein 0, y 0), h is the Hash function.
40. as the ellipse curve encryption and decryption system of claim 27, wherein, g (Q) value is: g (Q)=h (x 0|| y 0), perhaps g (Q)=h (x 0) || h (y 0), Q=(x wherein 0, y 0), || be bound symbol, h is the Hash function.
41. as the ellipse curve encryption and decryption system of claim 39 or 40, wherein, the Hash function is SHA-1 or MAC function.
42. as the ellipse curve encryption and decryption system of claim 27, wherein, function u and u ' are symmetrical encryption and decryption function.
43. as the ellipse curve encryption and decryption system of claim 27, wherein, function u and u ' add for elliptic curve point or the some subtraction function.
44. as the ellipse curve encryption and decryption system of claim 27, wherein, function u and u ' add function and mould subtraction function for mould.
45. as the ellipse curve encryption and decryption system of claim 27, wherein, function u and u ' take advantage of function and inverse function for mould.
46. as the ellipse curve encryption and decryption system of claim 27, wherein, function u and u ' are nodulo-2 addition.
47. as the ellipse curve encryption and decryption system of claim 27, wherein, function u and u ' are together or operate.
48. as the ellipse curve encryption and decryption system of claim 27, wherein, the selection of function r is satisfied: r (x B, V)=g (kY B)=g (Q).
49. as the ellipse curve encryption and decryption system of claim 27, wherein, the selection and function v of function r is relevant with function g, the r function satisfies: r (x B, V)=g (kY B).
50., wherein, be v (P)=P, then get r (x when getting function shape as the ellipse curve encryption and decryption system of claim 27 or 48 B, V)=g (x BV).
51., wherein, be v (P)=(x when getting function shape as the ellipse curve encryption and decryption system of claim 27 or 48 0, s), P=(x wherein 0, y 0), the s value is y 0Direction flag, this moment, the v function had the character the same with u-function, had v ' function, then got r (x B, V)=g (x BV ' (V)).
52., wherein, be v (P)=x when getting function shape as the ellipse curve encryption and decryption system of claim 27 or 48 P, g (Q)=x Q, P=(x wherein P, y P), Q=(x Q, y Q), suitably get r and can satisfy r (x B, V)=g (kY B).
CNB021547173A 2002-11-29 2002-11-29 Elliptic curve encryption and decryption method and apparatus Expired - Lifetime CN100452695C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021547173A CN100452695C (en) 2002-11-29 2002-11-29 Elliptic curve encryption and decryption method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021547173A CN100452695C (en) 2002-11-29 2002-11-29 Elliptic curve encryption and decryption method and apparatus

Publications (2)

Publication Number Publication Date
CN1505306A CN1505306A (en) 2004-06-16
CN100452695C true CN100452695C (en) 2009-01-14

Family

ID=34235562

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021547173A Expired - Lifetime CN100452695C (en) 2002-11-29 2002-11-29 Elliptic curve encryption and decryption method and apparatus

Country Status (1)

Country Link
CN (1) CN100452695C (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100411334C (en) * 2004-11-19 2008-08-13 深圳市明华澳汉科技股份有限公司 Method for encrypting and decrypting data
CN1262087C (en) * 2005-01-14 2006-06-28 南相浩 Method and apparatus for cipher key generation based on identification
US7602907B2 (en) * 2005-07-01 2009-10-13 Microsoft Corporation Elliptic curve point multiplication
CN101079701B (en) * 2006-05-22 2011-02-02 北京华大信安科技有限公司 Highly secure ellipse curve encryption and decryption method and device
CN101296077B (en) * 2007-04-29 2012-07-11 四川虹微技术有限公司 Identity authentication system based on bus type topological structure
CN101321058B (en) * 2007-06-07 2010-12-15 管海明 Method and system for encoding and decoding digital message
CN101197668B (en) * 2007-12-06 2010-08-18 上海交通大学 Elliptic curve anti-bypass attack method based on randomizing multiplication with symbol scalar
CN101582170B (en) * 2009-06-09 2011-08-31 上海大学 Remote sensing image encryption method based on elliptic curve cryptosystem
CN102761412A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 P-element domain SM2 elliptic curve public key encryption, decryption and encryption-decryption hybrid system
CN102394747B (en) * 2011-11-23 2015-01-14 上海爱信诺航芯电子科技有限公司 Method for rapidly embedding plaintext on one point of elliptic curve
CN104486074B (en) * 2014-12-12 2017-06-23 湘潭大学 For the elliptic curve cryptography method and decryption method of embedded device
CN109818741B (en) * 2017-11-22 2022-06-07 航天信息股份有限公司 Decryption calculation method and device based on elliptic curve
CN108737097A (en) * 2018-06-20 2018-11-02 北京邮电大学 A kind of elliptic curve cryptography method using quantum random number
CN113810195B (en) * 2021-06-04 2023-08-15 国网山东省电力公司 Safe transmission method and device for electric power training simulation assessment data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0503119A1 (en) * 1991-03-14 1992-09-16 Omnisec Ag Public key cryptographic system using elliptic curves over rings
EP0874307A1 (en) * 1997-03-25 1998-10-28 Certicom Corp. Accelerated finite field operations on an elliptic curve
EP0924895A2 (en) * 1997-12-17 1999-06-23 Nippon Telegraph and Telephone Corporation Encryption and decryption devices for public-key cryptosystems and recording medium with their processing programs recorded thereon
WO1999033220A1 (en) * 1997-12-18 1999-07-01 ETAT FRANÇAIS représenté par le DELEGUE GENERAL POUR L'ARMEMENT Digital signature method
CN1264974A (en) * 1999-12-01 2000-08-30 陈永川 Digital signature method using elliptic curve encryption algorithm
US6243467B1 (en) * 1998-07-23 2001-06-05 The United States Of America As Represented By The National Security Agency Method of elliptic curve cryptographic digital signature generation and verification using reduced base tau expansion in non-adjacent form

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0503119A1 (en) * 1991-03-14 1992-09-16 Omnisec Ag Public key cryptographic system using elliptic curves over rings
EP0874307A1 (en) * 1997-03-25 1998-10-28 Certicom Corp. Accelerated finite field operations on an elliptic curve
EP0924895A2 (en) * 1997-12-17 1999-06-23 Nippon Telegraph and Telephone Corporation Encryption and decryption devices for public-key cryptosystems and recording medium with their processing programs recorded thereon
WO1999033220A1 (en) * 1997-12-18 1999-07-01 ETAT FRANÇAIS représenté par le DELEGUE GENERAL POUR L'ARMEMENT Digital signature method
US6243467B1 (en) * 1998-07-23 2001-06-05 The United States Of America As Represented By The National Security Agency Method of elliptic curve cryptographic digital signature generation and verification using reduced base tau expansion in non-adjacent form
CN1264974A (en) * 1999-12-01 2000-08-30 陈永川 Digital signature method using elliptic curve encryption algorithm

Also Published As

Publication number Publication date
CN1505306A (en) 2004-06-16

Similar Documents

Publication Publication Date Title
Cocks An identity based encryption scheme based on quadratic residues
CN101079701B (en) Highly secure ellipse curve encryption and decryption method and device
CN100440776C (en) Elliptic curve signature and signature verification method and apparatus
US6697488B1 (en) Practical non-malleable public-key cryptosystem
CN100452695C (en) Elliptic curve encryption and decryption method and apparatus
CN110784314A (en) Certificateless encrypted information processing method
Raghunandan et al. Key generation using generalized Pell’s equation in public key cryptography based on the prime fake modulus principle to image encryption and its security analysis
CN1472914A (en) High performance and quick public pin encryption
KR100396740B1 (en) Provably secure public key encryption scheme based on computational diffie-hellman assumption
US20070183600A1 (en) Secure Cryptographic Communication System Using Kem-Dem
KR20040009766A (en) Apparatus and method for transmitting and receiving in encryption system
CN111262709B (en) Trapdoor hash function-based unlicensed bookmark encryption system and method
US20100150343A1 (en) System and method for encrypting data based on cyclic groups
GB2384406A (en) Three party cryptosystem having pairs of private keys
US20060251248A1 (en) Public key cryptographic methods and systems with preprocessing
CN103873248B (en) Encryption method and device with certificate based on identity
CN114285580B (en) Online and offline signcryption method from certificate-free to public key infrastructure
JP4563037B2 (en) ENCRYPTION APPARATUS, DECRYPTION APPARATUS, ENCRYPTION SYSTEM HAVING THEM, ENCRYPTION METHOD, AND DECRYPTION METHOD
Chauhan An implemented of hybrid cryptography using elliptic curve cryptosystem (ECC) and MD5
Nalwaya et al. A cryptographic approach based on integrating running key in feedback mode of elgamal system
JP3694242B2 (en) Signed cryptographic communication method and apparatus
JP3278790B2 (en) Public key encryption method and public key encryption system
JP4230162B2 (en) Public key encryption communication method
Saichyshyna ELGAMAL ENCRIPTION
JPH09149025A (en) Cipher communication method and cipher communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Elliptic curve encryption and decryption method and apparatus

Effective date of registration: 20140715

Granted publication date: 20090114

Pledgee: Bank of Communications Ltd. Beijing Jiuxianqiao branch

Pledgor: Beijing Huada Infosec Technology, Ltd.

Registration number: 2014990000572

PLDC Enforcement, change and cancellation of contracts on pledge of patent right or utility model
PC01 Cancellation of the registration of the contract for pledge of patent right

Date of cancellation: 20150804

Granted publication date: 20090114

Pledgee: Bank of Communications Ltd. Beijing Wangjing branch

Pledgor: Beijing Huada Infosec Technology, Ltd.

Registration number: 2014990000572

PLDC Enforcement, change and cancellation of contracts on pledge of patent right or utility model
PM01 Change of the registration of the contract for pledge of patent right

Change date: 20150804

Registration number: 2014990000572

Pledgee after: Bank of Communications Ltd. Beijing Wangjing branch

Pledgee before: Bank of Communications Ltd. Beijing Jiuxianqiao branch

PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Elliptic curve encryption and decryption method and apparatus

Effective date of registration: 20150811

Granted publication date: 20090114

Pledgee: Bank of Communications Ltd. Beijing Wangjing branch

Pledgor: Beijing Huada Infosec Technology, Ltd.

Registration number: 2015990000669

PLDC Enforcement, change and cancellation of contracts on pledge of patent right or utility model
PC01 Cancellation of the registration of the contract for pledge of patent right

Date of cancellation: 20161101

Granted publication date: 20090114

Pledgee: Bank of Communications Ltd. Beijing Wangjing branch

Pledgor: Beijing Huada Infosec Technology, Ltd.

Registration number: 2015990000669

PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Elliptic curve encryption and decryption method and apparatus

Effective date of registration: 20161104

Granted publication date: 20090114

Pledgee: Bank of Communications Ltd. Beijing Wangjing branch

Pledgor: Beijing Huada Infosec Technology, Ltd.

Registration number: 2016990000939

PLDC Enforcement, change and cancellation of contracts on pledge of patent right or utility model
PC01 Cancellation of the registration of the contract for pledge of patent right

Date of cancellation: 20171220

Granted publication date: 20090114

Pledgee: Bank of Communications Ltd. Beijing Wangjing branch

Pledgor: Beijing Huada Infosec Technology, Ltd.

Registration number: 2016990000939

PC01 Cancellation of the registration of the contract for pledge of patent right
CX01 Expiry of patent term

Granted publication date: 20090114

CX01 Expiry of patent term