CN101267300A - Multi-variant public key encryption method based on mutual prime number sequent and lever function - Google Patents

Abstract

A multiple-variable public key ciphering method based on a related-prime sequence and a lever function belongs to the field of the cryptographic technique and computer technique. The method comprises three procedures of key generating, ciphering and deciphering. The user has two keys. One can only be private and is called private key. The other can be opened and is called public key. The public key is obtained from Ci=(AiW< l(i)>)<delta>(mod M). The private key ((Ai), W, delta) can not be derivate from the public key. The public key is used for switching the plain text to the cipher text (ciphering). The private key is used for switching the cipher text to the plain text (deciphering). The method has the characteristics of small mode number, high security, more rapid computing speed, technique which can be disclosed and the like. The method can be used for the secret storing and transmission of any file and data in mobile phone, computer and communication network.

Description

Multi-variable public key ciphering method based on coprime sequence and lever function

(1) technical field

Public key encryption method (being called for short key encrypt method or public key cryptography scheme) belongs to cryptographic technique and field of computer technology, is one of core technology of information security and credible calculating.

(2) background technology

Classic cryptographic technique, symmetric cryptographic technique and public key cryptography technology three phases have been experienced in the development of cryptographic technique.1976, American scholar Diffie and Hellman proposed the thought of public key cryptography, indicate the arriving of public key cryptography technology.At present, generally the public key cryptography of Shi Yonging has schemes such as RSA, Rabin and ElGamal (referring to " applied cryptography ", U.S. Bruce Schneier is outstanding, and Wu Shizhong, Zhu Shixiong etc. translates, China Machine Press, in January, 2000,334-342 page or leaf).In order to shorten parameter length, the ElGamal scheme is everlasting, and simulation realizes that at this moment, it is called as the ECC scheme on the elliptic curve.In addition, Chinese scholar Tao Ren thoroughbred horse once proposed the FAPKC1 scheme (referring to " Chinese journal of computers ", 1985 (11), pp.401-409).

Schemes such as RSA, Rabin and ElGamal all are that the American invents.The character that their fail safe is difficult to find the solution based on big several problems, promptly in the limited time and resource, big number is carried out factorization or asks discrete logarithm almost is impossible.This is a kind of asymptotic safety.Along with the raising of computer run speed, it is increasing that their security parameter has become, greatly reduced the efficient of encryption and decryption.The particularly appearance of quantum computer in the future makes big number factorization and discrete logarithm find the solution and can carry out in polynomial time.In addition, some scholars point out that after by analysis FAPKC1 also is unsafe.

(3) summary of the invention

The present invention be to " REESSE1 public-key cryptosystem " (" computer engineering and science ", 2003 (10), pp.13-16) in an innovation of encipherment scheme, still, both some mathematical concepts remain similar.

The present invention is used for the encryption and decryption of various data such as computer and communication network character, literal, figure, pictures and sounds and file, kept secure and transmission to guarantee data, file content can be widely used in ecommerce, electronic banking and the E-Government.

The present invention wishes that our country can have the core technology of oneself in the public key encryption field, to guarantee information security, economic security and the safety with sovereign right of country, improves the technological means that finance and tax swindle are taken precautions against by China simultaneously.

In this Section has omitted the proof to related properties and conclusion, fills if desired, and we will present immediately.

3.1 two basic conceptions

3.1.1 the definition of coprime sequence and character

Definition: if A ₁, A ₂..., A _nBe n different in twos integer, satisfy

Subsidiary i ≠ j, perhaps gcd (A _i, A _j)=1; Perhaps gcd (A _i, A _j) ≠ 1, but to arbitrarily

And So, these integers are called as coprime sequence, are designated as { A ₁, A ₂..., A _n, note by abridging and be { A _i.

Notice that in this article, we only require each A _i＞0, and

Subsidiary i ≠ j has gcd (A _i, A _j)=1.

Character: for any positive integer m≤n, if from coprime sequence { A _iA middle picked at random m element, and subsetting { Ax ₁, Ax ₂..., Ax _m, so coprime subclass is long-pending

G＝|Ax ₁|×|Ax ₂|×…×|Ax _m|

Determined uniquely, promptly from G to { Ax ₁, Ax ₂..., Ax _mMapping be man-to-man.

Here, | Ax ₁|, | Ax ₂| ..., | Ax _m| wait the absolute value of expression number.

Proof slightly.

3.1.2 lever function

If l (.) is by the injective function of integer to integer, its domain of definition be 1,2 ..., n}, codomain be 5,6 ..., M-1}, M is a modulus here.

In " REESSE1 public-key cryptosystem " literary composition, we have discussed: when from PKI derivation private key, need to consider { l (i) } full number of permutations n! , this means that when n was enough big, being arranged in entirely in the polynomial time of exhaustive { l (i) } was infeasible; But when private key recovers expressly or carry out digital signature, only need consider { l (i) } add up and, make that deciphering or signature are feasible in the polynomial time about n.Therefore, { l (i) } is big in " disclosing " end amount of calculation, and be little in " privately owned " end amount of calculation.Still weighing-appliance the l (.) of above-mentioned feature is arranged is lever function.

Attention: in this article, { A _iBe sequence { A ₁, A ₂..., A _nWrite a Chinese character in simplified form { C _iBe sequence { C ₁, C ₂..., C _nWrite a Chinese character in simplified form.{ l (i) } be n lever function value l (1), l (2) ..., l (n) write a Chinese character in simplified form.

Multiplying " A * B " writes a Chinese character in simplified form " AB "." mod " represents complementation." gcd " represents greatest common divisor." ← " represents assignment.On behalf of both sides, " ≡ " the M complementation is equated.

3.2 technical scheme of the present invention

The present invention is a kind of key encrypt method based on non-homogeneous ultra-increasing sequence, is called for short the REESSE1+ encryption method, according to this method, can make public key encryption, deciphering chip or exploitation public key encryption, decryption software etc.Therefore, the present invention is a kind of production public key encryption deciphering product mandatory basic principle of institute and technical scheme, rather than physical product itself.

The technical program is made up of three parts such as key generation, encryption and decryption.

3.2.1 public key encryption and decryption oprerations

Encrypting file before or data, encrypt file afterwards or data herein, ciphertext expressly.

Suppose that user V desire sends a file or data by network to user U, and carry out in the mode of maintaining secrecy.User V and user U desire realize so secure communication process, and its pattern is as follows:

Key generates: at first, user U should go to the 3rd side authoritative institution (ca authentication center or digital certificate center) to get a pair of private key (Private Key) and PKI (Public Key) that is generated parts output by key, private key must must not be divulged a secret by user U oneself keeping; PKI then allows openly to provide to the external world with the form of public key certificate, so that use.

Cryptographic operation: user V obtains the public key certificate of user U from the ca authentication center, the plaintext that on the machine of operation encryption unit desire is sent is encrypted, and obtains ciphertext, and by network ciphertext is sent to user U.

Decryption oprerations: after user U receives the ciphertext that user V sends, on the machine of operation deciphering parts, ciphertext is decrypted, recovers plaintext with own private key.

In key encrypt method, in order to improve the efficient of encryption, adopt the mixed cipher technology usually, promptly come encrypting plaintext with DSE arithmetic, come encrypted symmetric key with public-key cryptosystem again.Employed encryption key of DSE arithmetic and decruption key are same key in essence, are called as session key.

3.2.2 key generating portion

The length that makes clear packets or symmetric key is that n, sequence length are $\tilde{n}=3n/2$ (being 2 bits that 3 items of sequence correspond to grouping),

Be the largest prime in this method.It is suitable to choose

So that M is not too big.

The key generating portion is used for the ca authentication center, is used for producing a pair of private key and PKI, and its implementation is:

(1) generates a strange coprime sequence at random $\left\{\begin{array}{cccc}{A}_1,& A_2,& \&CenterDot;\&CenterDot;\&CenterDot;,& A_{\tilde{n}}\end{array}\right\},$ And

(2) find a plain integer M to satisfy $M>{\mathrm{\&Pi;}}_{i=1}^{\tilde{n}}{A}_i,$ And not too big

(3) select positive integer $\tilde{n}<\mathrm{\&delta;}<M$ Make gcd (δ, M-1)=1

(4) select positive integer W＜M at random, calculate W ^-1

(5) order is divided $\left\{\begin{array}{cccc}5,& 6,& \&CenterDot;\&CenterDot;\&CenterDot;,& \tilde{n}+4\end{array}\right\}$ For

Individual unit is composed one of any free cells and is aligned to { l (3j-2), l (3j-1), l (3j) }, and is right $j=\mathrm{1,2},\&CenterDot;\&CenterDot;\&CenterDot;,\tilde{n}/3$

(6) calculate C _i← (A _iW ^{L (i)}) ^δMod M is right $i=\mathrm{1,2},\&CenterDot;\&CenterDot;\&CenterDot;,\tilde{n},$ Finish

At last, with ({ C _i, M) be PKI, with ({ A _i, W ^-1, δ, M) be private key, { l (i) } can abandon.

3.2.3 encryption section

Encryption section uses for transmit leg, is used for to expressly encrypting.Transmit leg is recipient's PKI for obtaining encryption key, must obtain recipient's public key certificate from the ca authentication center.

Suppose ({ C _i, M) be PKI, b ₁b ₂B _nIt is the clear packets of n bit.Then the implementation method of encryption section is:

(1) puts $\hat{G}\&LeftArrow;1,i\&LeftArrow;1$

(2) if b _2i-1b _2i=01, then $\hat{G}\&LeftArrow;\hat{G}{C}_{3i-2}\mathrm{mod}M,$ Otherwise

If b _2i-1b _2i=10, then $\hat{G}\&LeftArrow;\hat{G}{C}_{3i-1}\mathrm{mod}M,$ Otherwise

If b _2i-1b _2i=11, then $\hat{G}\&LeftArrow;\hat{G}{C}_{3i-0}\mathrm{mod}M$

(3) make i ← i+1,, otherwise finish at last ciphertext if i≤n/2 goes to (2)

Obtained.

Note b _2i-1b _2iRepresent two adjacent bits, below same.

3.2.4 decryption portion

Sequence { A _iCan be divided in proper order $\tilde{n}/3=n/2$ The unit.Each unit comprises 3 elements, wherein has a maximum number.Suppose that n/2 maximal term is respectively A ₁, A ₂..., A _N/2

In advance, calculate

${\stackrel{\&CenterDot;}{G}}_k={\mathrm{\&Pi;}}_{i=1}^k{\stackrel{\&OverBar;}{A}}_i,$ To k=1,2 ..., n/2

And storage ${\stackrel{\&CenterDot;}{G}}_1,{\stackrel{\&CenterDot;}{G}}_2,\&CenterDot;\&CenterDot;\&CenterDot;,{\stackrel{\&CenterDot;}{G}}_{n/2}$ Position to private key.

Decryption portion is used for the recipient, is used for ciphertext is decrypted.The recipient with oneself private key as decruption key.

Suppose ({ A _i, W ^-1, δ, M} be private key,

It is ciphertext.Then the implementation method of decryption portion is:

(1) calculates $\hat{G}\&LeftArrow;{\hat{G}}^{1/\mathrm{\&delta;}}\mathrm{mod}M$

(2) repeat $\hat{G}\&LeftArrow;\hat{G}{W}^{-1}\mathrm{mod}M$ Up to For odd number and $\hat{G}\&le;{\stackrel{\&CenterDot;}{G}}_{n/2}$

(3) put $b_1{b}_2\&CenterDot;\&CenterDot;\&CenterDot;b_n\&LeftArrow;0,G\&LeftArrow;\hat{G},i\&LeftArrow;n/2,j\&LeftArrow;0$

(4) if A _3i-j| G, then b _2i-1b _2i← 3-j and G ← G/A _3i-j,

Otherwise j ← j+1, and if j≤2 go to (4)

(5) make i ← i-1, if i 〉=1 and $1\&le;G\&le;{\stackrel{\&CenterDot;}{G}}_i,$ J ← 0 and go to (4) then

(6), otherwise finish if G ≠ 1 then goes to (2)

At last, b ₁b ₂B _nTo be original clear packets or symmetric key.

Obviously, need only

Be a real ciphertext, this decrypt scheme can fair termination.

3.2.5 the correctness of deciphering

Because Be an Abelian group, i.e. abelian group, so, $\&ForAll;k\&Element;[1,M-1],$ Have

W ^k(W ^-1) ^k≡W ^kW ^-k≡1(mod?M)。

Make b ₁b ₂B _nIt is the clear packets of a n bit.

Know from the 3.2.3 joint $\hat{G}\&equiv;{\mathrm{\&Pi;}}_{i=1}^n{C}_i^{b_i}\left(\mathrm{mod}M\right),$ C wherein _i≡ (A _iW ^{L (i)}) ^δ(mod M).

Order $k\&equiv;{\mathrm{\&Sigma;}}_{i=1}^{n}l\left(i\right)b_i(\mathrm{mod}M-1),$ $G\&equiv;{\mathrm{\&Pi;}}_{i=1}^{n}A{|}^{\mathrm{bi}}\left(\mathrm{mod}M\right).$

So, we need proof: ${\hat{G}}^{1/\mathrm{\&delta;}}{\left(W^{-1}\right)}^k\&equiv;G(\%M).$

Proof: according to the 3.2.4 joint,

${\hat{G}}^{1/\mathrm{\&delta;}}{\left(W^{-1}\right)}^k\&equiv;{\left({\mathrm{\&Pi;}}_{i-1}^n{C}_i^{b_i}\right)}^{1/\mathrm{\&delta;}}{\left(W^{-1}\right)}^k$

$\&equiv;{\mathrm{\&Pi;}}_{i=1}^n{\left({\left(A_i{W}^{l\left(i\right)}\right)}^{\mathrm{\&delta;}{b}_i}\right)}^{1/\mathrm{\&delta;}}{\left(W^{-1}\right)}^k$

$\&equiv;{\mathrm{\&Pi;}}_{i=1}^n{A}_i^{b_i}\left(w^{{\mathrm{\&Sigma;}}_{i=1}^n\left(l\left(i\right)b_i\right)}\right){\left(W^{-1}\right)}^k$

$\&equiv;{\mathrm{\&Pi;}}_{i=1}^n{A}_i^{b_i}{\left(W\right)}^k{\left(W^{-1}\right)}^k$

$\&equiv;{\mathrm{\&Pi;}}_{i=1}^n{A}_i^{b_i}\&equiv;G\left(\mathrm{mod}M\right).$

Above-mentioned proof procedure has also provided the method for seeking G.

Note, in actual applications, clear packets b ₁b ₂B _nBe ignorant in advance, therefore, we can not directly calculate k.Yet, because $k\&Element;(5,{\mathrm{\&Sigma;}}_{i=1}^{n}l\left(i\right))$ Scope is very narrow, and we can be by taking advantage of W ^-1Mod M searches for k exploratoryly, and checking G is at quilt { A _iIn some whether equal 1 after dividing exactly.Be understood that, when condition G=1 is satisfied, original plaintext b ₁b ₂B _nAlso obtained.

3.3 advantage and good effect

3.3.1 fail safe is higher

Can prove C with reducing method _i≡ (A _iW ^{L (i)}) ^δ(mod M) and $\hat{G}\&equiv;{\mathrm{\&Pi;}}_{i=1}^n{C}_i^{b_i}\left(\mathrm{mod}M\right)$ More difficult than discrete logarithm problem, therefore, be infeasible in polynomial time expressly from PKI derivation private key or from the ciphertext decoding.

In addition, because $\mathrm{\&delta;}\&Element;(\tilde{n},M)$ Be sizable, therefore, it also is infeasible that attempt utilizes the continued fraction method to attack private key.Can analyze in fact and know, as long as $\mathrm{\&delta;}\&GreaterEqual;\tilde{n}$ Just can make the continued fraction method attack lost efficacy.

And, problem C _i≡ (A _iW ^{L (i)}) ^δ(mod M) and $\hat{G}\&equiv;{\mathrm{\&Pi;}}_{i=1}^n{C}_i^{b_i}\left(\mathrm{mod}M\right)$ On the quantum Turing machine, also be likely in the polynomial time not have and separate.This is indicating that this programme has long-range application potential.

3.3.2 modulus length is shorter

Be not difficult to find that as clear packets length n=80,96,112,128 the time, the bit length of modulus M can be respectively 320,384,448,512, comparatively speaking, is short by calculating.

3.3.3 arithmetic speed is very fast

The cryptographic operation of this method only need be done maximum n/2 modular multiplication, and by relatively finding: it is than popular RSA, the fast manyfold of ECC scheme.Decryption oprerations needs O (n ²) individual modular multiplication, also the RSA scheme than equal safe coefficient goes up manyfold soon.

3.3.4 technology can disclose

Realization technology of the present invention can disclose fully, and user's PKI (Public Key) also can openly be provided to the external world fully.As long as private key (Private Key) is not divulged a secret, just can guarantee the safety of ciphertext fully.

3.3.4 it is favourable to national security

The Internet is a kind of open net, and apparent, Chuan Shu various information must be encrypted in the above.

Because internet usage was as means of communication already for important departments such as the Chinese government, national defence, finance, the tax, therefore, information security is related to national sovereignty safety and economic security.

Angle from the password containing, the information security of a great country can not be based upon on the external cryptography scheme basis, therefore, fully public key encryption autonomous, original innovation and digital signature scheme seem imperative, very urgent and are significant to study us.

(4) embodiment

The characteristics of this key encrypt method are that it can allow each user obtain two keys, and a key can disclose, and are used for encrypting, and a key can only the individual have, and are used for deciphering.Like this, can not worry that key divulged a secret in the transmittance process on the net.When the agreement correspondent was transmitted information on the net, the sender used recipient's PKI that file or message are encrypted, and the recipient uses the private key of oneself that it is decrypted after receiving ciphertext.

CA (Certificate Authentication) authentication center that each user can arrive appointment obtains two keys.The ca authentication center is the mechanism that the user is registered, key is produced, distributes and manages.It utilizes the key generation method generation user's of 3.2.2 joint PKI and private key.

This encryption method can realize that it comprises two parts with logic circuit chip or program language: (1) develops chip or program according to close pincers generation method, is used by the ca authentication center; (2) develop chip or program according to the encrypt and decrypt method of 3.2.3,3.2.4 joint, use by the general user.

Claims (1)

1, based on the multi-variable public key ciphering method of coprime sequence and lever function, form by key generation, three parts of encryption and decryption, the key generating portion produces user's a pair of private key and PKI for the 3rd side authoritative institution, encryption section uses recipient's PKI expressly being converted to ciphertext for transmit leg, decryption portion uses the private key of oneself that ciphertext is reduced into expressly for the recipient, it is characterized in that

The key generating portion has adopted the following step:

(1) generates a strange coprime sequence at random $\left\{\begin{array}{cccc}{A}_1,& A_2,& \&CenterDot;\&CenterDot;\&CenterDot;,& A_{\tilde{n}}\end{array}\right\},$ And

(2) find a plain integer M to satisfy $M>{\mathrm{\&Pi;}}_{i=1}^{\tilde{n}}{A}_i,$ And not too big

(3) select positive integer $\tilde{n}<\mathrm{\&delta;}<M$ Make gcd (δ, M-1)=1

(4) select positive integer W＜M at random, calculate W ^-1

(5) order is divided $\left\{\begin{array}{cccc}5,& 6,& \&CenterDot;\&CenterDot;\&CenterDot;,& \tilde{n}+4\end{array}\right\}$ For

Individual unit is composed one of any free cells and is aligned to { l (3j-2), l (3j-1), l (3j) }, and is right $j=\mathrm{1,2},\&CenterDot;\&CenterDot;\&CenterDot;,\tilde{n}/3$

(6) calculate C _i← (A _iW ^{L (i)}) ^δMod M is right $i=\mathrm{1,2},\&CenterDot;\&CenterDot;\&CenterDot;,\tilde{n},$ Finish

At last, with ({ C _i, M) be PKI, with ({ A _i, W ^-1, δ, M) be private key, and private key can only be had privately by the user;

Encryption section has adopted the following step:

Transmit leg is with recipient's PKI ({ C _i, M) as encryption key, at the clear packets b of n bit ₁b ₂B _nDo

(1) puts $\hat{G}\&LeftArrow;1,i\&LeftArrow;1$

(2) if b _2i-1b _2i=01, then $\hat{G}\&LeftArrow;\hat{G}{C}_{3i-2}\mathrm{mod}M,$ Otherwise

If b _2i-1b _2i=10, then $\hat{G}\&LeftArrow;\hat{G}{C}_{3i-1}\mathrm{mod}M,$ Otherwise

If b _2i-1b _2i=11, then $\hat{G}\&LeftArrow;\hat{G}{C}_{3i-0}\mathrm{mod}M$

(3) make j ← i+1,, otherwise finish if j≤n/2 goes to (2)

At last, obtain ciphertext

It will be sent to the recipient;

Decryption portion has adopted the following step:

The recipient is with the private key ({ A of oneself _i, W ^-1, δ, M) as decruption key and calculate

At ciphertext

Do

(1) calculates $\hat{G}\&LeftArrow;{\hat{G}}^{1/\mathrm{\&delta;}}\mathrm{mod}M$

(2) repeat $\hat{G}\&LeftArrow;\hat{G}{W}^{-1}\mathrm{mod}M$ Up to

For odd number and $\hat{G}\&le;{\stackrel{\&CenterDot;}{G}}_{n/2}$

(3) put $b_1{b}_2\&CenterDot;\&CenterDot;\&CenterDot;b_n\&LeftArrow;0,G\&LeftArrow;\hat{G},i\&LeftArrow;n/2,j\&LeftArrow;0$

(4) if A _3i-j| G, then b _2i-1b _2i← 3-j and G ← G/A _3i-j,

Otherwise j ← j+1, and if j≤2 go to (4)

(5) make i ← i-1, if i 〉=1 and $1<G\&le;{\stackrel{\&CenterDot;}{G}}_i,$ J ← 0 and go to (4) then

(6), otherwise finish if G ≠ 1 then goes to (2)

At last, the recipient recovers the original plaintext b of transmit leg ₁b ₂B _n