CN109412810A - A kind of key generation method based on mark - Google Patents
A kind of key generation method based on mark Download PDFInfo
- Publication number
- CN109412810A CN109412810A CN201910005633.4A CN201910005633A CN109412810A CN 109412810 A CN109412810 A CN 109412810A CN 201910005633 A CN201910005633 A CN 201910005633A CN 109412810 A CN109412810 A CN 109412810A
- Authority
- CN
- China
- Prior art keywords
- key
- seed
- mark
- alice
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Editing Of Facsimile Originals (AREA)
Abstract
The invention discloses a kind of key generation methods based on mark, the present invention can construct no certificates identified public-key cryptosystem, not only realize mark i.e. public key, also solve the existing collusion risk of Conbined public or double key mark system, and the performance that key is generated with applied is improved, the close SM2 algorithm standard rules of international standard algorithm protocol and state can be compatible with.
Description
Technical field
The present invention relates to field of information security technology, specially a kind of key generation method based on mark.
Background technique
With the fast development of information technology, information security caused extensively pay attention to and concern, especially financial field,
E-Government field, large and medium-sized enterprises and institutions have been set up the public key cryptography infrastructure based on third party's certificate agency
(PKI), and to information security it is made that major contribution.However, the Internet of Things intelligence of magnanimity is eventually with the rise of Internet of Things in recent years
End, sensor etc. access internet, and traditional PKI system is due to the Internet resources that construction O&M cost is high, needs and calculates money
Source is more, using the factors such as center dependence are needed, is difficult to carry in the application of the Internet of Things.Shamir is proposed and is based within 1984
The public-key cryptosystem (IBC) of mark realizes mark i.e. public key, greatly simplifies distribution and the management problems of public key, adopt
Become the developing direction of public key cryptography with mark public key system.
Currently, mark Public Key Infrastructure have SM9, CPK, CFL and CLA etc. several, and SM9 based on cryptography basis with it is other
Several differences, mainly Bilinear map, computation complexity is high, and performance is several in apparent disadvantage compared to other, and can not
It supports SM2 algorithm, can not also be compatible with the PKI system based on SM2.Other several mark public key algorithms are substantially the base in CPK
Grow up on plinth, can support SM2 algorithm completely.Although CPK is classical one of mark public key algorithm, but it exists
The risk of collusion;The random factor that CFL and CLA is introduced on the basis of the algorithm idea of CPK solves the problems, such as collusion, but CFL
It needs to sign to solve substitution attack risk to random factor, the algorithm complexity of CLA obviously increases.Current these types mark
Public key system cannot all solve security risk and performance issue simultaneously, in the application of the Internet of Things also by biggish restriction.
Summary of the invention
The purpose of the present invention is to provide a kind of key generation methods based on mark, to solve to mention in above-mentioned background technique
Out the problem of.
To achieve the above object, the invention provides the following technical scheme: a kind of key generation method based on mark, including
The generation of key seed and the generation of tagged keys, wherein the generation method of the key seed the following steps are included:
A, elliptic curve parameter is selected, the mark of key seed is set;
B, 2 are generated in cipher cardnA random number rij, and internal session key encrypted random number is used, 2nA random number
Form private key seed sks;
C, when generating private key seed, while R is calculatedij=rij.G, while by RijIt is output to outside cipher card, these 2nIt is a
The point of elliptic curve forms public key seed PKS.
Preferably, the generation of the tagged keys includes the generation of private key and the generation of public key;Wherein, the generation packet of private key
Include following steps:
A, Alice generates random key to (r in safety chip1, R1), wherein R1=r1G exports R1;
B, by R1It is sent to cipher key center with the mark (Alice) of Alice, cipher key center generates random key to (r2,
R2), wherein R2=r2G;
C, cipher key center calculates R=R1+R2;
D, cipher key center calculates the digital digest h=Hash (Alice | R) of mark Alice and random public key R;
E, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1;
F, n private key seed element sk is then respectively obtained from private key seed according to sequence of mapping0,sk1,sk2,…,
skn-1;
G, the identity private key isk of center calculation seed fractionseed=sk0+sk1+sk2+…+skn-1;
H, single order compound marking private key isk '=isk is calculatedseed+r2;
I, isk ' and R is transmitted to the safety chip of Alice by center by security protocol channel;
J, private key the isk=isk '+r of Alice is calculated in chip1;
K, private key isk is encrypted with chip interior session key and is stored.
Preferably, the generation step of the public key is as follows:
A, it calculates h=Hash (Alice | R);
B, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1;
C, n private key seed element PK is then respectively obtained from public key seed according to sequence of mapping0,PK1,PK2,…,
PKn-1;
D, mark public key PK is calculatedseed=PK0+PK1+PK2+…+PKn-1;
E, the public key PK=R+PK of Alice is calculatedseed。
Compared with prior art, the beneficial effects of the present invention are: the present invention can construct no certificates identified public key cryptography body
System not only realizes mark i.e. public key, also solves the existing collusion risk of Conbined public or double key mark system, and improve key
The performance with application is generated, the close SM2 algorithm standard rules of international standard algorithm protocol and state can be compatible with.
Specific embodiment
The following is a clear and complete description of the technical scheme in the embodiments of the invention, it is clear that described embodiment
Only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, the common skill in this field
Art personnel every other embodiment obtained without making creative work belongs to the model that the present invention protects
It encloses.
The invention provides the following technical scheme: a kind of key generation method based on mark, the generation including key seed
With the generation of tagged keys, wherein the generation method of the key seed the following steps are included:
A, elliptic curve parameter is selected, the mark of key seed is set;
B, 2 are generated in cipher cardnA random number rij, and internal session key encrypted random number is used, 2nA random number
Form private key seed sks;
C, when generating private key seed, while R is calculatedij=rij.G, while by RijIt is output to outside cipher card, these 2nIt is a
The point of elliptic curve forms public key seed PKS.
In the present invention, the generation of tagged keys includes the generation of private key and the generation of public key;Wherein, the generation of private key includes
Following steps:
A, Alice generates random key to (r in safety chip1, R1), wherein R1=r1G exports R1;
B, by R1It is sent to cipher key center with the mark (Alice) of Alice, cipher key center generates random key to (r2,
R2), wherein R2=r2G;
C, cipher key center calculates R=R1+R2;
D, cipher key center calculates the digital digest h=Hash (Alice | R) of mark Alice and random public key R;
E, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1;
F, n private key seed element sk is then respectively obtained from private key seed according to sequence of mapping0,sk1,sk2,…,
skn-1;
G, the identity private key isk of center calculation seed fractionseed=sk0+sk1+sk2+…+skn-1;
H, single order compound marking private key isk '=isk is calculatedseed+r2;
I, isk ' and R is transmitted to the safety chip of Alice by center by security protocol channel;
J, private key the isk=isk '+r of Alice is calculated in chip1;
K, private key isk is encrypted with chip interior session key and is stored.
In the present invention, the generation step of public key is as follows:
A, it calculates h=Hash (Alice | R);
B, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1;
C, n private key seed element PK is then respectively obtained from public key seed according to sequence of mapping0,PK1,PK2,…,
PKn-1;
D, mark public key PK is calculatedseed=PK0+PK1+PK2+…+PKn-1;
E, the public key PK=R+PK of Alice is calculatedseed。
The present invention is the thinking in the random public key replacing-proof attack for using for reference CLA, and take into account the high performance scheme of CPK
On the basis of the new mark public key algorithm system that grows up, adequately merged the advantage of two kinds of algorithms, eliminated two kinds of calculations
The disadvantage of method.So generation method of the invention has compared to the advantage of other methods: (1) introducing random factor, solve altogether
Scheme problem;(2) random shared key factor solves the problems, such as the substitution attack of random public key with reference to identity map algorithm;(3) public key
Calculating remain the advantage of CPK, only efficient point add operation;(4) include random factor in each key, reduce square
The scale of battle array, makes performance further get a promotion;(5) memory space needed for system is smaller, is suitable in embedded system
Limited memory space.
In conclusion the present invention can construct no certificates identified public-key cryptosystem, mark i.e. public key is not only realized, also
It solves the existing collusion risk of Conbined public or double key mark system, and improves the performance of key generation and application, can be compatible with
The close SM2 algorithm standard rules of international standard algorithm protocol and state.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with
A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding
And modification, the scope of the present invention is defined by the appended.
Claims (3)
1. a kind of key generation method based on mark, it is characterised in that: the life of generation and tagged keys including key seed
At, wherein the key seed generation method the following steps are included:
A, elliptic curve parameter is selected, the mark of key seed is set;
B, 2 are generated in cipher cardnA random number rij, and internal session key encrypted random number is used, 2nA random number composition is private
Key seed sks;
C, when generating private key seed, while R is calculatedij=rij.G, while by RijIt is output to outside cipher card, these 2nIt is a oval bent
The point of line forms public key seed PKS.
2. a kind of key generation method based on mark according to claim 1, it is characterised in that: the tagged keys
Generate includes the generation of private key and the generation of public key;Wherein, private key generation the following steps are included:
A, Alice generates random key to (r in safety chip1, R1), wherein R1=r1G exports R1;
B, by R1It is sent to cipher key center with the mark (Alice) of Alice, cipher key center generates random key to (r2, R2),
Middle R2=r2G;
C, cipher key center calculates R=R1+R2;
D, cipher key center calculates the digital digest h=Hash (Alice | R) of mark Alice and random public key R;
E, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1;
F, n private key seed element sk is then respectively obtained from private key seed according to sequence of mapping0,sk1,sk2,…,skn-1;
G, the identity private key isk of center calculation seed fractionseed=sk0+sk1+sk2+…+skn-1;
H, single order compound marking private key isk '=isk is calculatedseed+r2;
I, isk ' and R is transmitted to the safety chip of Alice by center by security protocol channel;
J, private key the isk=isk '+r of Alice is calculated in chip1;
K, private key isk is encrypted with chip interior session key and is stored.
3. a kind of key generation method based on mark according to claim 2, it is characterised in that: the generation of the public key
Steps are as follows:
A, it calculates h=Hash (Alice | R);
B, digital digest h is subjected to compression and grouping obtains seed sequence of mapping I0,I1,I2,…,In-1;
C, n private key seed element PK is then respectively obtained from public key seed according to sequence of mapping0,PK1,PK2,…,PKn-1;
D, mark public key PK is calculatedseed=PK0+PK1+PK2+…+PKn-1;
E, the public key PK=R+PK of Alice is calculatedseed。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910005633.4A CN109412810B (en) | 2019-01-03 | 2019-01-03 | Key generation method based on identification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910005633.4A CN109412810B (en) | 2019-01-03 | 2019-01-03 | Key generation method based on identification |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109412810A true CN109412810A (en) | 2019-03-01 |
CN109412810B CN109412810B (en) | 2022-06-24 |
Family
ID=65462006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910005633.4A Active CN109412810B (en) | 2019-01-03 | 2019-01-03 | Key generation method based on identification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109412810B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110995716A (en) * | 2019-12-06 | 2020-04-10 | 国网浙江省电力有限公司电力科学研究院 | Data transmission encryption and decryption method and system for transformer substation inspection robot |
CN111580956A (en) * | 2020-04-13 | 2020-08-25 | 北京三未信安科技发展有限公司 | Cipher card and its key space configuration method and key use method |
CN111767566A (en) * | 2020-06-18 | 2020-10-13 | 安徽旅贲科技有限公司 | Partial substitution integration method and system of CFL authentication system in Fabric system |
CN111767158A (en) * | 2020-06-18 | 2020-10-13 | 安徽旅贲科技有限公司 | Complete replacement integration method and system of CFL authentication system in Fabric system |
CN111970699A (en) * | 2020-08-11 | 2020-11-20 | 牛毅 | Terminal WIFI login authentication method and system based on IPK |
CN112422285A (en) * | 2020-11-20 | 2021-02-26 | 牛毅 | Plug and play control method and system for realizing PLC data safety transmission |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101420300A (en) * | 2008-05-28 | 2009-04-29 | 北京易恒信认证科技有限公司 | Double factor combined public key generating and authenticating method |
CN101488853A (en) * | 2009-01-15 | 2009-07-22 | 赵建国 | Cross-certification method based on seed key management |
CN102170356A (en) * | 2011-05-10 | 2011-08-31 | 北京联合智华微电子科技有限公司 | Authentication system realizing method supporting exclusive control of digital signature key |
CN104901804A (en) * | 2014-08-28 | 2015-09-09 | 赵捷 | User autonomy-based identity authentication implementation method |
CN110266474A (en) * | 2019-05-15 | 2019-09-20 | 亚信科技(成都)有限公司 | Key sending method, apparatus and system |
-
2019
- 2019-01-03 CN CN201910005633.4A patent/CN109412810B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101420300A (en) * | 2008-05-28 | 2009-04-29 | 北京易恒信认证科技有限公司 | Double factor combined public key generating and authenticating method |
CN101488853A (en) * | 2009-01-15 | 2009-07-22 | 赵建国 | Cross-certification method based on seed key management |
CN102170356A (en) * | 2011-05-10 | 2011-08-31 | 北京联合智华微电子科技有限公司 | Authentication system realizing method supporting exclusive control of digital signature key |
CN104901804A (en) * | 2014-08-28 | 2015-09-09 | 赵捷 | User autonomy-based identity authentication implementation method |
CN110266474A (en) * | 2019-05-15 | 2019-09-20 | 亚信科技(成都)有限公司 | Key sending method, apparatus and system |
Non-Patent Citations (1)
Title |
---|
南湘浩等: "组合公钥(CPK)体制标准(Ver2.1)", 《金融电子化》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110995716A (en) * | 2019-12-06 | 2020-04-10 | 国网浙江省电力有限公司电力科学研究院 | Data transmission encryption and decryption method and system for transformer substation inspection robot |
CN111580956A (en) * | 2020-04-13 | 2020-08-25 | 北京三未信安科技发展有限公司 | Cipher card and its key space configuration method and key use method |
CN111767566A (en) * | 2020-06-18 | 2020-10-13 | 安徽旅贲科技有限公司 | Partial substitution integration method and system of CFL authentication system in Fabric system |
CN111767158A (en) * | 2020-06-18 | 2020-10-13 | 安徽旅贲科技有限公司 | Complete replacement integration method and system of CFL authentication system in Fabric system |
CN111767566B (en) * | 2020-06-18 | 2023-07-18 | 安徽旅贲科技有限公司 | Partial replacement integration method and system of CFL authentication system in Fabric system |
CN111767158B (en) * | 2020-06-18 | 2023-11-21 | 安徽旅贲科技有限公司 | Complete replacement integration method and system of CFL authentication system in Fabric system |
CN111970699A (en) * | 2020-08-11 | 2020-11-20 | 牛毅 | Terminal WIFI login authentication method and system based on IPK |
CN111970699B (en) * | 2020-08-11 | 2023-09-05 | 牛毅 | Terminal WIFI login authentication method and system based on IPK |
CN112422285A (en) * | 2020-11-20 | 2021-02-26 | 牛毅 | Plug and play control method and system for realizing PLC data safety transmission |
CN112422285B (en) * | 2020-11-20 | 2024-01-30 | 牛毅 | Plug-and-play control method and system for realizing PLC data safety transmission |
Also Published As
Publication number | Publication date |
---|---|
CN109412810B (en) | 2022-06-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109412810A (en) | A kind of key generation method based on mark | |
Li et al. | Secure attribute-based data sharing for resource-limited users in cloud computing | |
CN108989053B (en) | Method for realizing certificateless public key cryptosystem based on elliptic curve | |
Xu et al. | Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation | |
US10673625B1 (en) | Efficient identity-based and certificateless cryptosystems | |
CN108418686B (en) | Multi-distributed SM9 decryption method and medium, and key generation method and medium | |
CN104539423B (en) | A kind of implementation method without CertPubKey cipher system of no Bilinear map computing | |
EP4007983A1 (en) | Systems and methods for generating signatures | |
CN102025491A (en) | Generation method of bimatrix combined public key | |
Oliveira et al. | Secure-TWS: Authenticating node to multi-user communication in shared sensor networks | |
Zhang et al. | An efficient certificateless generalized signcryption scheme | |
CN113114454B (en) | Efficient privacy outsourcing k-means clustering method | |
CN113162751B (en) | Encryption method and system with homomorphism and readable storage medium | |
CN111740988A (en) | Cloud storage data encryption method, system and storage medium | |
CN111769937A (en) | Two-party authentication key agreement protocol oriented to advanced measurement system of smart grid | |
Yundong et al. | Multi-authority attribute-based encryption access control scheme with hidden policy and constant length ciphertext for cloud storage | |
Wang et al. | Preserving scheme for user’s confidential information in smart grid based on digital watermark and asymmetric encryption | |
CN110138559A (en) | The method and system of quantum-key distribution are carried out to the terminal in platform area | |
Chen et al. | Adaptively secure efficient broadcast encryption with constant-size secret key and ciphertext | |
Xie et al. | Revocable identity-based fully homomorphic signature scheme with signing key exposure resistance | |
Lai et al. | Provably secure online/offline identity-based signature scheme based on SM9 | |
Li et al. | A forward-secure certificate-based signature scheme | |
CN110247761B (en) | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner | |
CN111800269B (en) | Anti-leakage broadcast key packaging method based on certificate | |
Yamada et al. | Generic constructions for fully secure revocable attribute-based encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |