CN107911209A - The method for establishing the security public key cryptography of resisting quantum computation attack - Google Patents
The method for establishing the security public key cryptography of resisting quantum computation attack Download PDFInfo
- Publication number
- CN107911209A CN107911209A CN201711466069.3A CN201711466069A CN107911209A CN 107911209 A CN107911209 A CN 107911209A CN 201711466069 A CN201711466069 A CN 201711466069A CN 107911209 A CN107911209 A CN 107911209A
- Authority
- CN
- China
- Prior art keywords
- party
- protocol
- group
- public key
- braid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer And Data Communications (AREA)
- Coloring Foods And Improving Nutritive Qualities (AREA)
Abstract
The present invention relates to information security field, discloses a kind of method for the security public key cryptography for establishing resisting quantum computation attack, includes the following steps:(11) agreement first party chooses the braid group B that index is n >=7n, and choose BnIn by a1,a2,…,akGenerated subgroup A and by b1,b2,…,bmGenerated subgroup B;(12) agreement first party chooses Θ:Bn→{0,1}kIt it is one by group BnTo plaintext space { 0,1 }kThe Hash functions of impact resistant;(13) agreement first party chooses an element x=x (a1,a2,…,ak) ∈ A are as private key, and by (Bn,A,B,Θ,x‑1b1x,x‑1b2x,…,x‑1bmX) it is used as its public key;(14) agreement second party first chooses an element y=y (b1,b2,…,bm) ∈ B, and calculate KB=(y‑1y(x‑1b1x,x‑ 1b2x,…,x‑1bmx))‑1=(y‑1x‑1yx)‑1=x‑1y‑1Xy, is then encrypted plaintext p and calculates to obtain ciphertextAnd t is sent to agreement first party;(15) agreement first party first calculates KA=x‑1x(y‑1a1y,y‑1a2y,…,y‑1akY)=x‑1y‑1Xy, is then decrypted ciphertext and calculates in plain text
Description
Technical Field
The invention relates to the field of information security, in particular to a public key encryption technology, a digital signature technology and an identity authentication technology for establishing resistance to various known attacks including quantum computing attack.
Background
In a classical public key cryptographic algorithm, as a problem of difficult actual calculation of security guarantee, the difficulty of the calculation is greatly reduced along with the improvement of the performance of a computer. In particular, the well-known Shor quantum algorithm proposed by Shor in 1997 will perform factorization of large integers and discrete logarithm computation, respectively, within polynomial time, which means that once implemented by a quantum computer, public key cryptographic protocols established based on RSA, ECC, E1Gamal algorithm, etc. will no longer be secure. A public key cryptosystem scheme is established aiming at the conjugation problem of elements based on braid groups, which is proposed by Ko et al, and attack schemes such as length-based attack, linear representation attack, super-Summit-set attack and the like are discovered in sequence. Therefore, the corresponding public key cryptosystem has potential safety hazard.
In order to resist various known public key cryptography of attacks, a method for establishing a public key cryptography resistant to quantum computing attack is given in the document with the patent application number of 201380001693. In this method we give the structure of the Mihailova subgroups of the braid group and have demonstrated that these subgroups have membership problem-undecomposed properties.
Disclosure of Invention
In order to solve the problem that potential safety hazards exist on the basis of the conventional public key cryptography, the invention aims to generate a private key by introducing the structure of Mihailova subgroups of a braid group again and taking elements in the subgroups, and establish a public key cryptography encryption, digital signature and identity authentication method capable of resisting various attacks by utilizing the insolubility of the private key.
The invention aims to realize that the method for establishing the security public key password for resisting the quantum computing attack comprises a public key password method for establishing information data encryption and decryption for resisting the attack, and the public key password method for establishing information data encryption and decryption for resisting the attack comprises the following steps:
(11) The first party of the protocol selects a braid group B with the index n being more than or equal to 7 n Braid group B n Is a group B defined by n :
B n =<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j =σ j σ i ,|i-j|≥2,σ i σ i+1 σ i =σ i+1 σ i σ i+1 ,1≤i≤n-2>
The group B n Are all in the set { σ 1 ,σ 2 ,…,σ n-1 A word representation in a formal form representing uniqueness of the element on the lattice,
the first party of the protocol further selects B n Two-component element a 1 ,a 2 ,…,a k And b 1 ,b 2 ,…,b m ;a 1 ,a 2 ,…,a k And b 1 ,b 2 ,…,b m Respectively generate B n Two subgroups a and B;
(12) Defining the coded plaintext information to be encrypted as p E {0,1} l I.e. 0 of length l-1 string; the first party of the protocol selects theta to B n →{0,1} l Is a group B n To the plaintext space {0,1} l A collision-resistant Hash function;
(13) The first party of the protocol chooses an element x = x (a) 1 ,a 2 ,…,a k ) E.g. A as private key, and will be (B) n ,A,B,Θ,x -1 b 1 x,x -1 b 2 x,…,x -1 b m x) as its public key;
(14) Encryption, the second party of the protocol selects an element y = y (b) 1 ,b 2 ,…,b m ) E.g. B, and calculating K B =(y -1 y(x -1 b 1 x,x -1 b 2 x,…,x -1 b k x)) -1 =(y -1 x -1 yx) -1 =x -1 y -1 xy, then the plaintext p is encrypted to obtain ciphertext t = Θ (K) B ) ^ p, and sending t to the first party of the protocol, wherein ^ is exclusive-or operation;
(15) Decryption by first party of the protocol first computing K A =x -1 x(y -1 a 1 y,y -1 a 2 y,…,y -1 a k y)=x -1 y -1 xy, then perform decryption calculation p' = Θ (K) A )⊕t=Θ(K A )⊕(Θ(K B )⊕p);
Verify p' = p, since K A =K B Therefore, it is
p′=Θ(K A )⊕(Θ(K B )⊕p)=Θ(K B )⊕(Θ(K B )⊕p)=(Θ(K B )⊕Θ(K B ))⊕p=p。
As a preferred mode, the method for digitally signing is further included, and the method for digitally signing includes the following steps:
(21) Define the encoded plaintext information to be signed as p and define Θ G → {0,1} l Is a collision-resistant Hash function, the protocol is selected by the first party (B) n ,A,B,Θ,x -1 b 1 x,x -1 b 2 x,…,x -1 b m x) is its public key;
(22) Protocol number oneTwo-party selection of an element y = y (b) 1 ,b 2 ,…,b m ) E.g. B and sending y to the first party of the protocol;
(23) Signature protocol first party calculates K A =x -1 x(y -1 a 1 y,y -1 a 2 y,…,y -1 a k y)=x -1 y -1 xy and S = Θ (pK) A ) The first party of the agreement takes S as its signature on the information p and sends (S, p) to the second party of the agreement;
(24) Verification that the second party of the protocol calculates K B =(y -1 y(x -1 b 1 x,x -1 b 2 x,…,x -1 b m x)) -1 =(y -1 x -1 yx) -1 =x -1 y -1 xy and S' = Θ (pK) B ) If S' = S, the second party of the protocol approves S as the first party of the protocol signs the information p, otherwise, the second party of the protocol refuses to accept S as the first party of the protocol signs the information p.
As a preferred mode, the method also comprises an identity authentication method, wherein the first party of the protocol is a prover, and the second party of the protocol is a verifier; the identity authentication method comprises the following steps:
(31) The first party of the protocol selects a Hash function theta of collision resistance G → {0,1} l Protocol first party selection (B) n ,A,B,Θ,x -1 b 1 x,x -1 b 2 x,…,x -1 b m x) is its public key, where x = x (a) 1 ,a 2 ,…,a k ) E is used as a private key;
(32) The second party of the protocol selects an element y = y (b) 1 ,b 2 ,…,b m ) E.g. B, and calculating
z=Θ((y -1 y(x -1 b 1 x,x -1 b 2 x,…,x -1 b m x)) -1 )=Θ((y -1 x -1 yx) -1 )=Θ(x -1 y -1 xy)
Then sending y as a challenge to the first party of the protocol;
(33) Protocol first party calculates z' = Θ (x) -1 x(y -1 a 1 y,y -1 a 2 y,…,y -1 a k y)) and sends z' as a response to the second party of the protocol;
(34) The protocol second party verifies whether z '= z, if z' = z, the protocol second party approves the identity of the protocol first party, otherwise the approval is denied.
As a preferred mode, the infinite non-exchange group G is a braid group;
the braid group is a Mihailova subgroup which is not decomposable with subgroup members, and the private key is selected from the Mihailova subgroup;
the infinite non-exchange group G is a braid group B with index n ≧ 12 n Braid group B n Is a group defined by the following presentation:
B n =<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j =σ j σ i ,|i-j|≥2,σ i σ i+1 σ i =σ i+1 σ i σ i+1 ,1≤i≤n-2>
the braid group B n Are all in the set { σ 1 ,σ 2 ,…,σ n-1 A word representation in a formal form representing uniqueness of the element on the lattice,
braid group B n Containing two subgroups ofIs the largest integer not greater than n/2, braid group B n Left braid LB n And right Braid RB n Are respectively as
LB n =<σ 1 ,σ 2 ,…,σ m-1 >, and RB n =<σ m+1 ,σ m+2 ,…,σ n-1 >
I.e. each by 1 ,σ 2 ,…,σ m-1 And σ m+1 ,σ m+2 ,…,σ n-1 A generated subgroup, and for an arbitrary a ∈ LB n And any b ∈ RB n Ab = ba, said subgroup A of G being taken as LB n And subgroup B of G is taken as RB n ;
When n ≧ 12, LB n And RB n Each containing one and F 2 ×F 2 Isomorphic subgroups, that is, direct product isomorphic subgroups of two free groups of rank 2:
LA=<σ m-5 2 ,σ m-4 2 ,σ m-2 2 ,σ m-1 2 >≤LB n
and
RA=<σ m+1 2 ,σ m+2 2 ,σ m+4 2 ,σ m+5 2 >≤RB n ;
and generating a finite presentation group H with an unsolvable word problem by two elements, and constructing a Mihailova subgroup M of the LA LA (H) And Mihaivova subgroup M of RA RA (H)。
According to the invention, one element is selected from the Mihailova subgroups of the braid groups by both sides of the protocol as the respective private key, and since the irresolvability of the member problems of the subgroups proves that all possible attacks can not be calculated, namely the public key cryptography method disclosed by the invention is resistant to all known attacks including quantum calculation attacks. Compared with the prior art, the method has the following advantages:
1. theoretically, all attacks to the public key cryptographic algorithm of the invention are proved to be calculable, so that the public key cryptographic algorithm of the invention is resistant to all known attacks including anti-quantitative calculation attacks;
2. the private key is selected to be safe, reliable and reusable due to the insolubility of the Mihailova subgroup membership problem.
Detailed Description
The following describes a public key cryptographic protocol for establishing quantum computing attack resistance in detail with reference to embodiments.
1. Platform for establishing public key cryptographic protocol
The platform for building all public key cryptographic protocols is an infinite-nonelliferan group G and two subgroups a and B of G, such that for any a e a any B e B, the equation ab = ba holds. Furthermore, due to the requirements of encoding and key generation, G must also satisfy the following conditions:
1) The words representing the elements of G on the set of G's generator have a computable regular form (normal form);
2) G is at least exponentially growing (i.e. the number of elements in G with a word length of a positive integer n is limited by an exponential function related to n;
3) The product and inversion operations based on the regular form of the group are computationally feasible.
To this end, a braid group B is selected in which an infinite non-exchange group G has an index n ≧ 12 n ,B n A group having the above properties and defined by the following presentation (presentation):
B n =<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j =σ j σ i ,|i-j|≥2,σ i σ i+1 σ i =σ i+1 σ i σ i+1 ,1≤i≤n-2〉,
the elements of the group are all in the set { σ 1 ,σ 2 ,…,σ n-1 A word representation in a formal form representing uniqueness of the element.
Braid group B n Two subgroups contained:
order toIs the largest integer not greater than n/2, braid group B n Left braid LB n And the right braid RB n Are respectively as
LB n =<σ 1 ,σ 2 ,…,σ m-1 >, and RB n =<σ m+1 ,σ m+2 ,…,σ n-1 >
I.e. respectively by 1 ,σ 2 ,…,σ m-1 And σ m+1 ,σ m+2 ,…,σ n-1 The generated subgroup, and for an arbitrary a ∈ LB n And optionallyb∈RB n Ab = ba.
When n ≧ 12, LB n And RB n Each containing one and F 2 ×F 2 I.e. two directly product isomorphic subgroups of free groups of rank 2
LA=<σ m-5 2 ,σ m-4 2 ,σ m-2 2 ,σ m-1 2 >≤LB n
And
RA=<σ m+1 2 ,σ m+2 2 ,σ m+4 2 ,σ m+5 2 >≤RB n
from a two-element generated finite presentation group H whose word problem is not resolvable, a Mihaivova subgroup M of LA is reconstructed LA (H) And a Mihaivova subgroup M of RA RA (H) (ii) a The lower part is M LA (H) Wherein i = m-5; when i = M +1, M is obtained RA (H) 56 generators:
and 27S ij Is (will be described below for each S) ij All of σ in i By sigma i+3 All of σ i+1 By sigma i+4 Corresponding 27T are obtained ij ,j=1,2,…,27):
2. Core step for establishing public key cryptosystem
In this embodiment, the two parties of the protocol are respectively Alice and Bob,
1) Alice selects braid group B with index n being more than or equal to 7 n And group B defined by the following presentation n :
B n =<σ 1 ,σ 2 ,…,σ n-1 |σ i σ j =σ j σ i ,|i-j|≥2,σ i σ i+1 σ i =σ i+1 σ i σ i+1 ,1≤i≤n-2>
The group B n Are all in the set { σ 1 ,σ 2 ,…,σ n-1 A word representation in a formal form representing uniqueness of the element. Alice further selects B n Two-component element a 1 ,a 2 ,…,a k And b 1 ,b 2 ,…,b m ;a 1 ,a 2 ,…,a k And b 1 ,b 2 ,…,b m Respectively generate B n Two subgroups a and B;
2) Alice defines the encoded plaintext information that needs to be encrypted asp∈{0,1} l I.e. 0-1 strings of length l; and selecting theta to B n →{0,1} l Is a group B n To the plaintext space {0,1} l Collision-resistant Hash function.
Preferred embodiments of establishing a public key encryption protocol:
the following process continues after the kernel step:
1) Alice selects an element x = x (a) 1 ,a 2 ,…,a k ) E.g. A as private key, and will be (B) n ,A,B,Θ,x -1 b 1 x,x -1 b 2 x,…,x -1 b m x) as its public key;
(2) Encryption Bob selects an element y = y (b) 1 ,b 2 ,…,b m ) E.g. B, and calculating K B =(y -1 y(x -1 b 1 x,x - 1 b 2 x,…,x -1 b k x)) -1 =(y -1 x -1 yx) -1 =x -1 y -1 xy, then the plaintext p is encrypted to obtain ciphertext t = Θ (K) B ) ^ p, and sending t to Alice, wherein ^ is exclusive-OR operation;
3) Decryption by Alice first computing K A =x -1 x(y -1 a 1 y,y -1 a 2 y,…,y -1 a k y)=x -1 y -1 xy, then perform decryption calculation p' = Θ (K) A )⊕t=Θ(K A )⊕(Θ(K B )⊕p);
Verify p' = p since K A =K B Therefore, it is
p′=Θ(K A )⊕(Θ(K B )⊕p)=Θ(K B )⊕(Θ(K B )⊕p)=(Θ(K B )⊕Θ(K B ))⊕p=p。
Preferred embodiments of establishing a digital signature protocol:
the following process continues after the kernel step:
1) Define the encoded plaintext information to be signed as p and define Θ G → {0,1} l Is a collision-resistant Hash function, selected by Alice (B) n ,A,B,Θ,x -1 b 1 x,x -1 b 2 x,…,x -1 b m x) is its public key;
2) Bob chooses an element y = y (b) 1 ,b 2 ,…,b m ) E.g. B and sending y to the first party of the protocol;
3) Signature, alice calculates K A =x -1 x(y -1 a 1 y,y -1 a 2 y,…,y -1 a k y)=x -1 y -1 xy and S = Θ (pK) A ) Alice takes S as its signature on the information p and sends (S, p) to Bob;
(24) Verification that Bob calculates K B =(y -1 y(x -1 b 1 x,x -1 b 2 x,…,x -1 b m x)) -1 =(y -1 x -1 yx) -1 =x -1 y -1 xy and S' = Θ (pK) B ) If S ' = S, bob approves S is Alice ' S signature on the information p, otherwise Bob refuses to accept S is Alice ' S signature on the information p.
Preferred embodiments of establishing an identity authentication protocol:
the following process continues after the kernel step:
let Alice be the prover (prover) and Bob be the verifier (verifier).
1) Alice selects a collision-resistant Hash function theta G → {0,1} l Alice chooses (B) n ,A,B,Θ,x -1 b 1 x,x -1 b 2 x,…,x -1 b m x) is its public key, where x = x (a) 1 ,a 2 ,…,a k ) E is used as a private key;
2) Bob selects an element y = y (b) 1 ,b 2 ,…,b m ) E.g. B, and calculate z = Θ ((y) -1 y(x -1 b 1 x,x - 1 b 2 x,…,x -1 b m x)) -1 )=Θ((y -1 x -1 yx) -1 )=Θ(x -1 y -1 xy) and then sends y to Alice as a challenge;
3) Alice calculates z' = Θ (x) -1 x(y -1 a 1 y,y -1 a 2 y,…,y -1 a k y)) and sends z' as a response to Bob;
4) If Bob ' z ' = z, if z ' = z, bob approves the identity of Alice, otherwise, approval is denied.
Security analysis
First, a definition of two decision problems on a group is given.
Given a subgroup H of group G whose generated element set is X, it determines whether any element G in G can be represented by a word on X, i.e. whether G is an element in H.
Let G and h be two elements of the group G. Element c of G is known to be present such that h = c -1 And gc. Obtaining an element c 'of H, so that H = c' -1 gc′。
In the key sharing protocol, the attacker Eve can obtain the following information through the public information and the interactive process of Alice and Bob:
braid group B with index n ≧ 7 n ,B n Two groups of generating elements a of the two Mihailova subgroups a and B as claimed in claim 1 1 ,a 2 ,…,a k E.g. A and b 1 ,b 2 ,…,b m E.g. B, and B n Middle element x -1 b 1 x,x -1 b 2 x,…,x -1 b m x and y -1 a 1 y,y - 1 a 2 y,…,y -1 a k y。
Note that Eve only knows that x is represented -1 b 2 x,…,x -1 b m x and y -1 a 1 y,y -1 a 2 y,…,y -1 a k y the regular form of the words of these elements, the corresponding decomposed expressions are not known.
Eve can obtain x' ∈ B if it can solve CSP problem n And y' e.g. B n So that x' -1 b i x′=x -1 b i x and y' -1 a j y′=y -1 a j y, i =1,2, …, m, j =1,2, …, k. But Eve cannot guarantee x '= x, and y' = y. Let x' = c a x,y′=c b y, then x' -1 b i x′=x -1 b i x and y' -1 a j y′=y -1 a j y is (c) a x) -1 b i c a x=x -1 c a -1 b i c a x=x - 1 b i x, thereby having c a -1 b i c a =b i I.e. c a And b i Exchangeable, i =1,2, …, m. In the same way, c b And a j Exchangeable, j =1,2, …, k. Furthermore, eve must also require
(c b y) -1 (c a x) -1 c b yc a x=y -1 c b -1 x -1 c a -1 c b yc a x=y -1 x -1 c b -1 c a -1 c b c a yx=y -1 x -1 yx=K
In turn must have c b c a =c a c b . So only when x '. Epsilon.A, and y'. Epsilon.B, there is c a E.g. A, and c b E.g. B. Then due to c a And all b i Is exchangeable, c a Centralizing subgroup B, so having c b c a =c a c b . Eve can get the correct shared key K. That is, eve must know that x 'and y' she obtained by solving the CSP problem are the elements of subgroup a and subgroup B, respectively. She must therefore solve the problem of the elements of Mihailova subgroup a and the members of subgroup B of x 'and y'. But this problem is not believed to be. The key sharing protocol is secure. Even Eve cannot attack with quantum computing systems.
6. Selection of parameters
In a preferred embodiment, braid group B n The exponent n is more than or equal to 7, and the selection of the private keys x and y in the protocol is not less than 128 bits.
The above description is provided for the purpose of promoting an understanding of the present invention, and the embodiments of the present invention are not limited by the above embodiments, and any changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit of the present invention are intended to be equivalent replacements within the scope of the present invention.
Claims (4)
1. A method for establishing a security public key password for resisting quantum computing attack is characterized by comprising a public key password method for encrypting and decrypting information data for resisting attack, wherein the public key password method for encrypting and decrypting the information data for resisting attack comprises the following steps:
(11) The first party of the protocol selects a braid group B with the index n being more than or equal to 7 n Braid group B n Is a group B defined by the following presentation n :
B n =〈σ 1 ,σ 2 ,…,σ n-1 |σ i σ j =σ j σ i ,|i-j|≥2,σ i σ i+1 σ i =σ i+1 σ i σ i+1 ,1≤i≤n-2〉
The group B n Are all in the set { σ 1 ,σ 2 ,…,σ n-1 A word representation in a formal form representing uniqueness of the element on the lattice,
the first party of the protocol further selects B n Two-component element a 1 ,a 2 ,…,a k And b 1 ,b 2 ,…,b m ;a 1 ,a 2 ,…,a k And b 1 ,b 2 ,…,b m Respectively generate B n Two subgroups a and B;
(12) Defining the coded plaintext information to be encrypted as p E {0,1} l I.e. 0-1 strings of length l; the first party of the protocol selects theta to B n →{0,1} l Is a group B n To the plaintext space {0,1} l A collision-resistant Hash function;
(13) The first party of the protocol selects an element x = x (a) 1 ,a 2 ,…,a k ) E.g. A asIs a private key, and will (B) n ,A,B,Θ,x - 1 b 1 x,x -1 b 2 x,…,x -1 b m x) as its public key;
(14) Encryption, the second party of the protocol selects an element y = y (b) 1 ,b 2 ,…,b m ) E.g. B, and calculating K B =(y -1 y(x - 1 b 1 x,x -1 b 2 x,…,x -1 b k x)) -1 =(y -1 x -1 yx) -1 =x -1 y -1 xy, then the plaintext p is encrypted to obtain ciphertext t = Θ (K) B ) ^ p, and sending t to the first party of the protocol, wherein ^ p is an exclusive-or operation;
(15) Decryption by first party of the protocol first computing K A =x -1 x(y -1 a 1 y,y -1 a 2 y,…,y -1 a k y)=x -1 y -1 xy, then perform decryption calculation p' = Θ (K) A )⊕t=Θ(K A )⊕(Θ(K B )⊕p);
Verify p' = p, since K A =K B Therefore, it is
p′=Θ(K A )⊕(Θ(K B )⊕p)=Θ(K B )⊕(Θ(K B )⊕p)=(Θ(K B )⊕Θ(K B ))⊕p=p。
2. The method for establishing a security public key cryptosystem resisting quantum computing attack as claimed in claim 1, further comprising a method of digital signature, wherein the method of digital signature comprises the following steps:
(21) Define the encoded plaintext information to be signed as p and define Θ G → {0,1} l Is a collision-resistant Hash function, the protocol is selected by the first party (B) n ,A,B,Θ,x -1 b 1 x,x -1 b 2 x,…,x -1 b m x) is its public key;
(22) The second party of the protocol chooses an element y = y (b) 1 ,b 2 ,…,b m ) Belongs to B and sends y to the first party of the protocol;
(23) Signature:protocol first party calculation K A =x -1 x(y -1 a 1 y,y -1 a 2 y,…,y -1 a k y)=x -1 y -1 xy and S = Θ (pK) A ) The first party of the protocol takes S as its signature for the information p and sends (S, p) to the second party of the protocol;
(24) Verification that the second party of the protocol calculates K B =(y -1 y(x -1 b 1 x,x -1 b 2 x,…,x -1 b m x)) -1 =(y -1 x -1 yx) -1 =x -1 y -1 xy and S' = Θ (pK) B ) If S' = S, the second party of the protocol approves S being the signature of the first party of the protocol on the information p, otherwise, the second party of the protocol refuses to accept S being the signature of the first party of the protocol on the information p.
3. The method for establishing the security public key password for resisting the quantum computing attack as claimed in claim 1, further comprising an identity authentication method, wherein the first party of the protocol is a prover, and the second party of the protocol is a verifier; the identity authentication method comprises the following steps:
(31) The first party of the protocol selects a collision-resistant Hash function theta, G → {0,1} l Protocol first party selection (B) n ,A,B,Θ,x -1 b 1 x,x -1 b 2 x,…,x -1 b m x) is its public key, where x = x (a) 1 ,a 2 ,…,a k ) E is used as a private key;
(32) The second party of the protocol selects an element y = y (b) 1 ,b 2 ,…,b m ) E.g. B, and calculating
z=Θ((y -1 y(x -1 b 1 x,x -1 b 2 x,…,x -1 b m x)) -1 )=Θ((y -1 x -1 yx) -1 )=Θ(x -1 y -1 xy)
Then sending y as a challenge to the first party of the protocol;
(33) Protocol first party calculates z' = Θ (x) -1 x(y -1 a 1 y,y -1 a 2 y,…,y -1 a k y)) and sends z' as a response to the second party of the protocol;
(34) The protocol second party verifies whether z '= z, if z' = z, the protocol second party approves the identity of the protocol first party, otherwise the approval is denied.
4. The method for establishing the security public key cryptography against the quantum computing attack as claimed in any one of claims 1 to 3, wherein the infinite non-exchange group G is a braid group;
the braid group is a Mihailova subgroup which is not decomposable with subgroup members, and the private key is selected from the Mihailova subgroup;
the infinite non-exchange group G is a braid group B with the index n ≧ 12 n Braid group B n Is a group defined by the following presentation:
B n =〈σ 1 ,σ 2 ,…,σ n-1 |σ i σ j =σ j σ i ,|i-j|≥2,σ i σ i+1 σ i =σ i+1 σ i σ i+1 ,1≤i≤n-2〉
the braid group B n Are all in the set { σ 1 ,σ 2 ,…,σ n-1 A word representation in a formal form representing uniqueness of the element on the lattice,
braid group B n Containing two subgroups ofIs the largest integer not greater than n/2, braid group B n Left braid LB n And right Braid RB n Are respectively as
LB n =〈σ 1 ,σ 2 ,…,σ m-1 R and RB n =〈σ m+1 ,σ m+2 ,…,σ n-1 >
I.e. each by 1 ,σ 2 ,…,σ m-1 And σ m+1 ,σ m+2 ,…,σ n-1 The generated subgroup, and for an arbitrary a ∈ LB n And optionally b ∈ RB n Ab = ba, said subgroup A of G being taken as LB n And subgroup B of G is taken as RB n ;
When n ≧ 12, LB n And RB n Each containing one and F 2 ×F 2 Isomorphic subgroups, namely the direct product isomorphic subgroups of two free groups of rank 2:
LA=<σ m-5 2 ,σ m-4 2 ,σ m-2 2 ,σ m-1 2 >≤LB n
and
RA=<σ m+1 2 ,σ m+2 2 ,σ m+4 2 ,σ m+5 2 >≤RB n ;
and generating a finite presentation group H with an unsolvable word problem by two elements, and constructing a Mihailova subgroup M of the LA LA (H) And Mihaivova subgroup M of RA RA (H) (ii) a The lower part is M LA (H) Wherein i = m-5; when i = M +1, M is obtained RA (H) 56 generators:
and 27S ij Comprises the following steps:
each S is ij All σ s in i By sigma i+3 All σ i+1 By sigma i+4 Corresponding 27T are obtained ij ,j=1,2,…,27。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711466069.3A CN107911209B (en) | 2017-12-28 | 2017-12-28 | Method for establishing security public key password for resisting quantum computing attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711466069.3A CN107911209B (en) | 2017-12-28 | 2017-12-28 | Method for establishing security public key password for resisting quantum computing attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107911209A true CN107911209A (en) | 2018-04-13 |
| CN107911209B CN107911209B (en) | 2020-10-16 |
Family
ID=61871981
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711466069.3A Active CN107911209B (en) | 2017-12-28 | 2017-12-28 | Method for establishing security public key password for resisting quantum computing attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107911209B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109787752A (en) * | 2018-09-30 | 2019-05-21 | 王威鉴 | The method for establishing the shared key of attack resistance |
| CN109981254A (en) * | 2019-04-01 | 2019-07-05 | 浙江工商大学 | A kind of miniature public key encryption method based on limited Lee's type group's resolution problem |
| CN109981253A (en) * | 2019-04-01 | 2019-07-05 | 浙江工商大学 | A kind of asymmet-ric encryption method of the anti-quantum attack based on limited Lee's type group |
| CN111400773A (en) * | 2020-03-12 | 2020-07-10 | 深圳大学 | Digital signature method, digital signature device, system and storage medium |
| CN111740821A (en) * | 2020-05-06 | 2020-10-02 | 深圳大学 | Method and device for establishing shared secret key |
| WO2021179258A1 (en) * | 2020-03-12 | 2021-09-16 | 深圳大学 | Digital signature method, digital signature apparatus, digital signature system, and storage medium |
| WO2021223090A1 (en) * | 2020-05-06 | 2021-11-11 | 深圳大学 | Method and apparatus for establishing shared key |
| CN114221753A (en) * | 2021-11-23 | 2022-03-22 | 深圳大学 | Key data processing method and electronic equipment |
| CN114301584A (en) * | 2021-12-28 | 2022-04-08 | 信阳师范学院 | Quantum attack method for RSA public key cryptography |
| WO2023159849A1 (en) * | 2022-02-25 | 2023-08-31 | 深圳大学 | Digital signature methods, computer device and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103986575A (en) * | 2014-06-05 | 2014-08-13 | 武汉大学 | Asymmetric calculation type shared key establishing method |
| US20170085387A1 (en) * | 2015-09-22 | 2017-03-23 | Securerf Corporation | Signature generation and verification system |
-
2017
- 2017-12-28 CN CN201711466069.3A patent/CN107911209B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103986575A (en) * | 2014-06-05 | 2014-08-13 | 武汉大学 | Asymmetric calculation type shared key establishing method |
| US20170085387A1 (en) * | 2015-09-22 | 2017-03-23 | Securerf Corporation | Signature generation and verification system |
Non-Patent Citations (2)
| Title |
|---|
| XIAOFENGWANG,YUFANGCHEN,ANDHANLINGLIN: "Unsolvable generalized word problem in braid subgroups and public key cryptography", 《2012年互联网技术与应用国际学术会议》 * |
| 陈思思: "基于辫群的新哈希函数", 《CNKI中国硕士学位论文全文数据库信息科技辑》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109787752A (en) * | 2018-09-30 | 2019-05-21 | 王威鉴 | The method for establishing the shared key of attack resistance |
| CN109981254A (en) * | 2019-04-01 | 2019-07-05 | 浙江工商大学 | A kind of miniature public key encryption method based on limited Lee's type group's resolution problem |
| CN109981253A (en) * | 2019-04-01 | 2019-07-05 | 浙江工商大学 | A kind of asymmet-ric encryption method of the anti-quantum attack based on limited Lee's type group |
| CN109981253B (en) * | 2019-04-01 | 2022-09-27 | 浙江工商大学 | Quantum attack resistant asymmetric encryption method based on finite plum-shaped group |
| CN109981254B (en) * | 2019-04-01 | 2022-09-27 | 浙江工商大学 | Micro public key encryption and decryption method based on finite lie type group decomposition problem |
| CN111400773A (en) * | 2020-03-12 | 2020-07-10 | 深圳大学 | Digital signature method, digital signature device, system and storage medium |
| WO2021179258A1 (en) * | 2020-03-12 | 2021-09-16 | 深圳大学 | Digital signature method, digital signature apparatus, digital signature system, and storage medium |
| CN111400773B (en) * | 2020-03-12 | 2022-09-09 | 深圳大学 | Digital signature method, digital signature device, system and storage medium |
| CN111740821A (en) * | 2020-05-06 | 2020-10-02 | 深圳大学 | Method and device for establishing shared secret key |
| WO2021223090A1 (en) * | 2020-05-06 | 2021-11-11 | 深圳大学 | Method and apparatus for establishing shared key |
| US11743036B2 (en) | 2020-05-06 | 2023-08-29 | Shenzhen University | Method and apparatus for establishing shared key |
| CN111740821B (en) * | 2020-05-06 | 2023-06-27 | 深圳大学 | Method and device for establishing shared secret key |
| WO2023093004A1 (en) * | 2021-11-23 | 2023-06-01 | 深圳大学 | Key data processing method and electronic device |
| CN114221753B (en) * | 2021-11-23 | 2023-08-04 | 深圳大学 | Key data processing method and electronic equipment |
| CN114221753A (en) * | 2021-11-23 | 2022-03-22 | 深圳大学 | Key data processing method and electronic equipment |
| CN114301584A (en) * | 2021-12-28 | 2022-04-08 | 信阳师范学院 | Quantum attack method for RSA public key cryptography |
| WO2023159849A1 (en) * | 2022-02-25 | 2023-08-31 | 深圳大学 | Digital signature methods, computer device and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107911209B (en) | 2020-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107911209B (en) | Method for establishing security public key password for resisting quantum computing attack | |
| CN103414569B (en) | A kind of method of the public key cryptography setting up attack resistance | |
| CN109672518B (en) | Node data processing of quantum attack resistant blockchains | |
| JP6019453B2 (en) | ENCRYPTION DEVICE, DECRYPTION DEVICE, AND PROGRAM | |
| US6298153B1 (en) | Digital signature method and information communication system and apparatus using such method | |
| JP4712017B2 (en) | Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher | |
| CN102263638B (en) | Authenticating device, authentication method and signature generation device | |
| WO2017063114A1 (en) | Method for establishing secure attack-resistant public key cryptographic algorithm | |
| CN106452790B (en) | Multi-quantum digital signature method without trust center | |
| CN110176995A (en) | Afterwards without certificate label decryption method on the lattice of quantum safety | |
| CN103493428A (en) | Data encryption | |
| CN105393488B (en) | The method for establishing the public key cryptography of resisting quantum computation attack | |
| CN114095181B (en) | Threshold ring signature method and system based on cryptographic algorithm | |
| CN113132104A (en) | Active and safe ECDSA (electronic signature SA) digital signature two-party generation method | |
| US20190215148A1 (en) | Method of establishing anti-attack public key cryptogram | |
| CN110740034B (en) | Method and system for generating QKD network authentication key based on alliance chain | |
| CN109981253B (en) | Quantum attack resistant asymmetric encryption method based on finite plum-shaped group | |
| CN117118600A (en) | Block chain agent re-encryption method and system based on lattice password improvement | |
| CN114760072B (en) | Signature and signature verification method, device and storage medium | |
| CN115865313A (en) | Lightweight privacy protection longitudinal federal learning model parameter aggregation method | |
| CN114221753B (en) | Key data processing method and electronic equipment | |
| Backes et al. | Fully secure inner-product proxy re-encryption with constant size ciphertext | |
| CN108494556A (en) | A kind of method of efficient RSA Algorithm encrypting metadata file | |
| JP2004246350A (en) | Enciphering device, deciphering device, enciphering system equipped with the same, enciphering method, and deciphering method | |
| CN113330712A (en) | Encryption system and method using permutation group-based encryption technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |