CN113037485B - Group session key establishment method and system - Google Patents

Group session key establishment method and system Download PDF

Info

Publication number
CN113037485B
CN113037485B CN202110562109.4A CN202110562109A CN113037485B CN 113037485 B CN113037485 B CN 113037485B CN 202110562109 A CN202110562109 A CN 202110562109A CN 113037485 B CN113037485 B CN 113037485B
Authority
CN
China
Prior art keywords
user
key
group
plaintext
encapsulation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110562109.4A
Other languages
Chinese (zh)
Other versions
CN113037485A (en
Inventor
陶静
李翠
邢倩倩
陈荣茂
王毅
苏毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202110562109.4A priority Critical patent/CN113037485B/en
Publication of CN113037485A publication Critical patent/CN113037485A/en
Application granted granted Critical
Publication of CN113037485B publication Critical patent/CN113037485B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a group session key establishing method and a system, when group members dynamically change, because the updated group session key at each time is irrelevant to the old group session key, a user newly joining a group can not see a message generated in the group before joining the group, and a revoked user can not see a message sent by the group after being revoked, thereby meeting confidentiality; and because the encapsulation key of the cloud server changes once every time the group session key is updated, the old value will be erased, even if the enemy obtains the encapsulation plaintext generated when the previous group session key is updated, the enemy cannot interact with the cloud server to recover the previously negotiated group session key, thereby also meeting the forward security; meanwhile, only the group manager and the cloud server are required to be online when the group session key is updated, and some group members are not online and cannot influence the update of the group session key of the online group members, so that asynchronous communication is supported at the same time.

Description

Group session key establishment method and system
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a group session key establishment method and system.
Background
With the rise of cloud computing, more and more systems transmit information based on a cloud platform, and data generated by equipment is sent to a user by using the cloud platform. In order to ensure data security, before uploading data to the cloud, a user generally encrypts the data and securely transmits a decryption key to an authorized user, and the authorized user having the decryption key can obtain shared data.
In practical application, a data sharer and a plurality of authorized users form a group, the data sharer serves as a manager of the group and is responsible for distributing session keys for all members in the group, and all members in the group utilize the obtained session keys to carry out secret communication in the group. In order to achieve secure communication between members of a group, confidentiality and forward security need to be satisfied. On one hand, a newly added user cannot see the message generated in the group before the user is added; on the other hand, a user who has been revoked cannot see the message sent in the group after revocation. Forward security requires that the state of a group member be obtained by the adversary (e.g., the adversary knows the long-term session key of the group user), and the adversary still cannot decrypt the previous communication.
In the prior art, in order to satisfy confidentiality and forward security, a group key negotiation scheme may be adopted during group key distribution, that is, a Diffie-Hellman key exchange protocol/algorithm of two parties is extended to a group, each user in the group contributes a part of a group key, and finally, the group key is calculated according to the contribution of each user. However, the number of interactions in this scheme is linear with the number of users, all users are required to be online, and if any user is not online, a session key of a group cannot be negotiated, that is, asynchronous communication is not supported.
Disclosure of Invention
In order to solve the above technical problems, the present invention provides a group session key establishment method and system, which can satisfy confidentiality and forward security and support asynchronous communication when a group key is distributed among a plurality of group members.
One aspect of the present invention provides a group session key establishment method, including:
acquiring security parameters, and generating system public parameters and a master key according to the security parameters;
acquiring identity identification information of a user, generating a user public key of the user according to the identity identification information of the user, generating a user private key of the user according to the system public parameter, the master key and the user public key of the user, and sending the user private key of the user to the user;
acquiring authority information of a user, and generating a group public key according to the identity identification information of the user; wherein the group public key matches a user public key of the user;
acquiring an encapsulation key from a cloud server, and generating an encapsulation plaintext and a group session key according to the encapsulation key;
encrypting the packaged plaintext through the group public key to obtain a packaged ciphertext, sending the packaged ciphertext to the user, enabling the user to decrypt the packaged ciphertext according to a user private key of the user to obtain the packaged plaintext, and interacting with the cloud server according to the packaged plaintext to obtain the group session key;
when the authority of the user is revoked, updating the group public key, and updating the packaging plaintext, the group session key and the packaging ciphertext; wherein the updated group public key does not match the user public key corresponding to the user.
Preferably, in the process of encrypting the encapsulated plaintext by the group public key to obtain an encapsulated ciphertext, the encryption process adopts a wildcard-based identity-based encryption scheme.
Preferably, the vector expression of the group public key is:
Figure 369441DEST_PATH_IMAGE001
and to
Figure 238171DEST_PATH_IMAGE002
If it is the first in the groupiIf the authority of the individual user is revoked
Figure 711876DEST_PATH_IMAGE003
Otherwise
Figure 386571DEST_PATH_IMAGE004
The vector expression of the user public key of the user is as follows:
Figure 582060DEST_PATH_IMAGE005
in the formula (I), the compound is shown in the specification,Lrepresenting the maximum number of users in the group, a wildcard,ID i represents the first in the groupiThe identity of the individual user is identified,
Figure 746325DEST_PATH_IMAGE006
representsi-1 consecutive wildcard characters,
Figure 893010DEST_PATH_IMAGE007
representsL-iA series of wildcards.
Preferably, in the process of obtaining the encapsulation key from the cloud server and generating the encapsulation plaintext and the group session key according to the encapsulation key, a blind key encapsulation mechanism is adopted in the encapsulation process.
Preferably, the decrypting, by the user, the encapsulated ciphertext according to the user private key of the user to obtain the encapsulated plaintext, and interacting with the cloud server according to the encapsulated plaintext to obtain the group session key includes:
the user decrypts the encapsulation ciphertext according to a user private key of the user to obtain the encapsulation plaintext;
randomly selecting a blinding value, generating a blinding encapsulation plaintext and a blinding removing key according to the encapsulation plaintext, and sending the blinding encapsulation plaintext to the cloud server so that the cloud server generates a blinding key according to the blinding removing key and the blinding encapsulation plaintext;
obtaining the blinded key from the cloud server;
and obtaining the group session key according to the blinding-free key and the blinding key.
Another aspect of the present invention provides a group session key establishing system, including:
the first generation module is used for acquiring security parameters and generating system public parameters and a master key according to the security parameters;
the second generation module is used for acquiring the identity identification information of a user, generating a user public key of the user according to the identity identification information of the user, generating a user private key of the user according to the system public parameter, the master key and the user public key of the user, and sending the user private key of the user to the user;
the third generation module is used for acquiring the authority information of the user and generating a group public key according to the identity identification information of the user; wherein the group public key matches a user public key of the user;
the packaging module is used for acquiring a packaging key from the cloud server and generating a packaging plaintext and a group session key according to the packaging key;
the encryption module is used for encrypting the packaged plaintext through the group public key to obtain a packaged ciphertext, sending the packaged ciphertext to the user, enabling the user to decrypt the packaged ciphertext according to a user private key of the user to obtain the packaged plaintext, and interacting with the cloud server according to the packaged plaintext to obtain the group session key;
the updating module is used for updating the group public key when the authority of the user is revoked, and updating the packaging plaintext, the group session key and the packaging ciphertext; wherein the updated group public key does not match the user public key corresponding to the user.
Preferably, the encryption module employs a wildcard-based identity-based encryption scheme.
Preferably, the vector expression of the group public key is:
Figure 168134DEST_PATH_IMAGE001
and to
Figure 483709DEST_PATH_IMAGE002
If it is the first in the groupiIf the authority of the individual user is revoked
Figure 553296DEST_PATH_IMAGE003
Otherwise
Figure 954321DEST_PATH_IMAGE004
The vector expression of the user public key of the user is as follows:
Figure 767556DEST_PATH_IMAGE005
in the formula (I), the compound is shown in the specification,Lrepresenting the maximum number of users in the group, a wildcard,ID i represents the first in the groupiThe identity of the individual user is identified,
Figure 436173DEST_PATH_IMAGE006
representsi-1 consecutive wildcard characters,
Figure 676661DEST_PATH_IMAGE007
representsL-iA series of wildcards.
Preferably, the encapsulation module employs a blind key encapsulation mechanism.
Preferably, the decrypting, by the user, the encapsulated ciphertext according to the user private key of the user to obtain the encapsulated plaintext, and interacting with the cloud server according to the encapsulated plaintext to obtain the group session key includes:
the user decrypts the encapsulation ciphertext according to a user private key of the user to obtain the encapsulation plaintext;
randomly selecting a blinding value, generating a blinding encapsulation plaintext and a blinding removing key according to the encapsulation plaintext, and sending the blinding encapsulation plaintext to the cloud server so that the cloud server generates a blinding key according to the blinding removing key and the blinding encapsulation plaintext;
obtaining the blinded key from the cloud server;
and obtaining the group session key according to the blinding-free key and the blinding key.
The invention has at least the following beneficial effects:
when the group members dynamically change, because the updated group session key is irrelevant to the old group session key, the user newly joining the group can not see the message generated in the group before joining the new group, and the revoked user can not see the message sent by the group after being revoked, thereby meeting confidentiality; and because the encapsulation key of the cloud server changes once every time the group session key is updated, the old value will be erased, even if the enemy obtains the encapsulation plaintext generated when the previous group session key is updated, the enemy cannot interact with the cloud server to recover the previously negotiated group session key, thereby also meeting the forward security; meanwhile, when the group session key is updated, only the group manager and the cloud server are required to be online, some group members are not online and cannot influence the update of the group session key of the online group members, the packaged ciphertext obtained by encrypting the packaged plaintext through the group public key can be temporarily stored in the cloud server, and once the group members which are not online are online, the latest packaged ciphertext can be obtained from the cloud server and can be decrypted by using the user private key of the group members, so that the updated group session key is obtained, and the asynchronous communication is supported.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flowchart of a group session key establishment method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a group session key establishment system according to an embodiment of the present invention.
Detailed Description
The core of the invention is to provide a group session key establishment method and system, which can satisfy confidentiality and forward security and support asynchronous communication when group keys are distributed among a plurality of group members.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An aspect of the present invention provides a group session key establishment method, please refer to fig. 1, where the method includes:
and S110, acquiring the security parameters, and generating system public parameters and a master key according to the security parameters.
In the embodiment of the invention, each group has a group manager, and the group manager is responsible for the authorization of a new user and the revocation of an old user in the group. Group manager obtaining security parametersKThen, the system establishment algorithm is operated, and the safety parameters are inputKGenerating system common parametersmpkAnd a master keymsk
S120, obtaining the identity identification information of the user, generating a user public key of the user according to the identity identification information of the user, generating a user private key of the user according to the system public parameter, the master key and the user public key of the user, and sending the user private key of the user to the user.
In the embodiment of the invention, when a new user is authorized to join the group, the group manager acquires the identity of the user, generates the user public key corresponding to the user according to the identity of the user, then runs a key generation algorithm, inputs the system public parameter, the master key and the user public key corresponding to the user, generates the user private key corresponding to the user, and sends the user private key to the user in a secret way, and the user receives and stores the user private key. Meanwhile, for convenience of management, the group administrator can number the users newly joining the group in sequence.
S130, acquiring authority information of the user, and generating a group public key according to the identity identification information of the user; wherein the group public key matches the user public key of the user.
In the embodiment of the invention, a group manager acquires the authorization and revocation conditions of the users in the group, and constructs the public key of the group according to the identity information of the users in the group, wherein the public key of the group is a vector, if the authority of the users in the group is not revoked, the vector of the public key of the group is matched with the public key of the user, and if the authority of the users in the group is revoked, the vector of the public key of the group is not matched with the public key of the user. It will be appreciated that a user newly joining the group defaults to an authorized user, and thus, the group public key matches the user public key of that user.
S140, the packaging key is obtained from the cloud server, and a packaging plaintext and a group session key are generated according to the packaging key.
In the embodiment of the invention, the cloud server runs a key generation algorithm to generate the packaging keyekAnd decapsulating the keydk. Group manager obtains encapsulation key from cloud serverekRunning the encapsulation algorithm to generate the encapsulation plaintext C and the group session keyk. It can be understood that each time the group session key is generated, only the group manager and the cloud server need to be online, and some group members are not online and do not affect the update of the group session key of the online group members.
S150, encrypting the packaged plaintext through the group public key to obtain a packaged ciphertext, sending the packaged ciphertext to a user, enabling the user to decrypt the packaged ciphertext according to a user private key of the user to obtain the packaged plaintext, and interacting with the cloud server according to the packaged plaintext to obtain a group session key.
In the embodiment of the invention, the group manager runs the encryption algorithm, encrypts the encapsulation plaintext C by using the group public key to obtain the encapsulation ciphertext CT, and sends the encapsulation ciphertext CT to the user. After receiving the package ciphertext CT, the user runs the decryption algorithm and uses the own decryption algorithmThe user private key decrypts the packaging key CT, since the user is an authorized user and the group public key can be matched with the user public key of the user, the user is successfully decrypted to obtain a packaging plaintext C, the packaging plaintext C interacts with the cloud server, and then the group session key identical to that of a group manager is obtainedk. It will be appreciated that since each time the group session key is generated is independent of the previous old group session key, the user that newly joined the group cannot see the messages that they made in joining the previous group.
S160, when the authority of the user is revoked, updating the group public key, and updating the packaging plaintext, the group session key and the packaging ciphertext; and the updated group public key does not match the user public key corresponding to the user.
In the embodiment of the invention, after the authority of the user is revoked, the group manager updates the group public key to ensure that the updated group public key does not match the user public key corresponding to the user, and acquires the packaging key from the cloud server againekAnd according to the obtained encapsulation keyekGenerating updated encapsulation plaintext C and group session keykThen, the updated group public key is used for encrypting the updated encapsulation plaintext C to obtain an updated encapsulation ciphertext CT, and because the updated group public key does not match the user public key of the user, the user cannot decrypt the updated encapsulation key CT by using the user private key of the user to obtain the updated encapsulation plaintext C and further cannot obtain the updated group session keykAnd thus the user who has been revoked cannot see the message sent in the group after being revoked. It can be understood that the updated group public key matches the user public key of the authorized user in the group, so that the user whose authority is not revoked in the group can still use the user private key to decrypt the updated encapsulation key CT to obtain the updated encapsulation plaintext C, and further obtain the updated group session keyk
As can be seen from the above, the group session key establishment method provided in the embodiments of the present invention distributes the group key among a plurality of group members, and when a group member dynamically changes, since the group session key updated each time is unrelated to the old group session key, the user newly joining the group cannot see the message generated in the previous group, and the revoked user cannot see the message sent in the group after the revocation, thereby satisfying confidentiality; and because the encapsulation key of the cloud server changes once every time the group session key is updated, the old value will be erased, even if the enemy obtains the encapsulation plaintext generated when the previous group session key is updated, the enemy cannot interact with the cloud server to recover the previously negotiated group session key, thereby also meeting the forward security; meanwhile, when the group session key is updated, only the group manager and the cloud server are required to be online, some group members are not online and cannot influence the update of the group session key of the online group members, the packaged ciphertext obtained by encrypting the packaged plaintext through the group public key can be temporarily stored in the cloud server, and once the group members which are not online are online, the latest packaged ciphertext can be obtained from the cloud server and can be decrypted by using the user private key of the group members, so that the updated group session key is obtained, and the asynchronous communication is supported.
As a preferred implementation manner of the present invention, in the foregoing embodiment, in the process of encrypting the encapsulated plaintext by using the group public key to obtain the encapsulated ciphertext, the encryption process uses a wildcard-based identity-based encryption scheme.
In the embodiment of the invention, a scheme Based on WIBE (English full name: Identity-Based Encryption with Wildcard, Chinese full name: Wildcard Identity-Based Encryption) is mainly adopted, wherein the WIBE scheme mainly comprises 4 polynomial time algorithms: a system establishment algorithm, a key generation algorithm, an encryption algorithm and a decryption algorithm.
As a more preferred embodiment of the present invention, in the above embodiment, the vector expression of the group public key is:
Figure 564983DEST_PATH_IMAGE001
and to
Figure 181909DEST_PATH_IMAGE002
If it is the first in the groupiIf the authority of the individual user is revoked
Figure 206497DEST_PATH_IMAGE003
Otherwise
Figure 382001DEST_PATH_IMAGE004
The vector expression of the user public key of the user is:
Figure 492040DEST_PATH_IMAGE005
in the formula (I), the compound is shown in the specification,Lrepresenting the maximum number of users in the group, a wildcard,ID i represents the first in the groupiThe identity of the individual user is identified,
Figure 850340DEST_PATH_IMAGE006
representsi-1 consecutive wildcard characters,
Figure 791751DEST_PATH_IMAGE007
representsL-iA series of wildcards.
In the embodiment of the invention, the lengths of the group public key vector and the user public key vector of the users in the group are bothLI.e. the maximum number of users in the group. Wherein, users in the group respectively have their own numbersiThe identity of each user is recorded asID i
In the groupiWhen a user is authorized to join a group, a group manager acquires the identity of the userID i And generating a user public key vector for the userPK i Wherein the identity of the user is identifiedID i Occupying its user public key vectorPK i To (1)iOne position, the restL-1 positions are all set as wildcards. It will be appreciated that the identity of each user in the groupID i At its user public key vectorPK i Are different from each other. For example: the user public key vector corresponding to the 1 st user in the group is
Figure 374042DEST_PATH_IMAGE008
The user public key vector corresponding to the 2 nd user is
Figure 475771DEST_PATH_IMAGE009
And so on.
In addition, the group manager obtains the authorization and revocation of the users in the group, and constructs the public key vector of the group according to the identity identifiers of the authorized users and the revoked users in the group
Figure 434500DEST_PATH_IMAGE001
To a
Figure 433680DEST_PATH_IMAGE002
If it is the first in the groupiIf the authority of the individual user is revoked
Figure 452451DEST_PATH_IMAGE003
Otherwise
Figure 537082DEST_PATH_IMAGE004
. According to the rule, the finally constructed group public key vectorPIn the method, the corresponding positions of the authorized users are set as the identity marks of the usersID i And the corresponding positions of the withdrawn users are all set as wildcards. For example: in L group members, if the authority of the 1 st user and the authority of the 2 nd user are revoked, the constructed group public key vector is
Figure 33922DEST_PATH_IMAGE010
Based on the construction method of the group public key vector and the user public key vector in the method, when the group member is dynamically changed, the updated group public key vector can be matched with the user public key vector of the authorized user, so that the authorized user can decrypt to obtain the updated packaging plaintext C, and the group public key vector is not matched with the revoked userAnd (4) the user public key vector is removed, so that the user can not decrypt to obtain the updated packaged plaintext C. For example, a group public key vectorPNot matching the user public key vector of the 1 st user in the group, i.e.
Figure 386144DEST_PATH_IMAGE011
Therefore, the 1 st user cannot decrypt the updated encapsulation plaintext C; and the group public key vectorPMatching the user public key vector of the 3 rd user in the group, i.e.
Figure 779079DEST_PATH_IMAGE012
Therefore, the 3 rd user can decrypt the updated packaged plaintext C.
As a preferred embodiment of the present invention, in the foregoing embodiment, in the process of obtaining the encapsulation key from the cloud server and generating the encapsulation plaintext and the group session key according to the encapsulation key, a blind key encapsulation mechanism is adopted in the encapsulation process.
In the embodiment of the invention, a BKEM (Blind Key Encapsulation Mechanism, Chinese full name) is adopted in the Encapsulation process. A common Key Encapsulation Mechanism KEM (Key Encapsulation Mechanism) is a Mechanism that uses a public Key encryption algorithm to transmit keys used by a symmetric encryption algorithm, and does not provide any forward security. The KEM includes three polynomial time algorithms: a key generation algorithm, an encapsulation algorithm, and a decapsulation algorithm. While BKEM is proposed in a scenario involving a cloud server, using a semi-trusted cloud server to provide forward security for communication between entities. BKEM includes five polynomial time algorithms: the method comprises a key generation algorithm, an encapsulation algorithm, a blinding algorithm, a de-encapsulation algorithm and a de-blinding algorithm, namely the blinding algorithm and the de-blinding algorithm are added in addition to the common KEM.
As a more preferred embodiment of the present invention, in the above embodiment, the decrypting, by the user, the encapsulated ciphertext according to the user private key of the user to obtain an encapsulated plaintext, and interacting with the cloud server according to the encapsulated plaintext to obtain the group session key includes:
the user decrypts the encapsulation ciphertext according to the user private key of the user to obtain an encapsulation plaintext;
randomly selecting a blinding value, generating a blinding encapsulation plaintext and a blinding removing key according to the encapsulation plaintext, and sending the blinding encapsulation plaintext to a cloud server so that the cloud server generates a blinding key according to the blinding removing key and the blinding encapsulation plaintext;
acquiring a blinded key from a cloud server;
and obtaining a group session key according to the blinding key and the blinding key.
In the embodiment of the invention, the cloud server runs the key generation algorithm of the BKEM to generate the packaging keyekAnd decapsulating the keydk
When the group member changes dynamically, the group manager acquires the packaging key from the cloud serverekRunning the packing algorithm of BKEM to generate packing plaintext C and group session keykAnd operating an encryption algorithm of the WIBE scheme, encrypting the encapsulation plaintext C by using the group public key to obtain an encapsulation ciphertext CT, and sending the encapsulation ciphertext CT to the user. And after receiving the encapsulation ciphertext CT, the user operates a decryption algorithm of a WIBE scheme, decrypts the encapsulation key CT by using a user private key of the user, and successfully decrypts the user to obtain an encapsulation plaintext C because the group public key can be matched with the user public key of the user.
After obtaining the encapsulation plaintext C, the user randomly selects a blinded valuetRunning the blinding algorithm of BKEM and inputting the encapsulation plaintext C to generate a blinding encapsulation plaintext
Figure 610726DEST_PATH_IMAGE013
And a blinding keyukAnd blinding and packaging the plaintext
Figure 380099DEST_PATH_IMAGE013
And sending the data to a cloud server. Wherein the blinding key is removedukWith selected random blinded valuestAnd (4) correlating.
Cloud server receives blinded packaging plaintext
Figure 55669DEST_PATH_IMAGE013
Then, the unpacking algorithm of the BKEM is operated, and the unpacking key is inputdkAnd blinding the encapsulation plaintext
Figure 885084DEST_PATH_IMAGE013
Generating blinded keys
Figure 678728DEST_PATH_IMAGE014
And sent to the user.
The user receives the blinded key
Figure 156852DEST_PATH_IMAGE014
Then, the blinding removing algorithm of the BKEM is operated, and a blinding removing key is inputukAnd blinding the secret key
Figure 922813DEST_PATH_IMAGE014
Finally, the same group session key as the group manager is obtainedk
In order to further facilitate understanding of the workflow of the group session key establishment method provided in the embodiment of the present invention, the following description is made by combining a specific application scenario.
Assume that the maximum number of users in the group is 4 and the group administrator is a.
The group manager A runs the system establishment algorithm of WIBE, inputs the security parameters and returns the public parameters of the systemmpkAnd master keymsk
When the group administrator A wants to authorize the user B (ID is
Figure 439244DEST_PATH_IMAGE015
) User C (identification is
Figure 985763DEST_PATH_IMAGE016
) User E (identification is
Figure 96938DEST_PATH_IMAGE017
) And user F (identity
Figure 45303DEST_PATH_IMAGE018
) When joining the group, the group manager A sets the first position of the user public key vector of the user B as the identity thereof
Figure 449477DEST_PATH_IMAGE015
The other three positions are wildcard characters, namely the user public key vector of the user B is
Figure 483292DEST_PATH_IMAGE019
At the same time, the group manager A calls the key generation algorithm of WIBE and inputs the public parametermpkMaster keymskAnd B's user public key vector
Figure 70262DEST_PATH_IMAGE020
Generating a user private key of the user B
Figure 935450DEST_PATH_IMAGE021
And securely sending the private key to the user B, and secretly storing the private key of the user B after the user B receives the private key. Similarly, set the user public key vector of user C to
Figure 713788DEST_PATH_IMAGE022
Generates a user private key for user C as
Figure 31637DEST_PATH_IMAGE023
And sends it to user C, who keeps his user private key in secret. By analogy, the group administrator A can use the same method to identify the user E (the identity is identified as
Figure 219036DEST_PATH_IMAGE017
) And user F (identity is
Figure 141992DEST_PATH_IMAGE018
) And (5) joining the group. Wherein, the user public key vector corresponding to the user E is
Figure 622390DEST_PATH_IMAGE024
The private key is
Figure 630797DEST_PATH_IMAGE025
The user F corresponds to a user public key vector of
Figure 621887DEST_PATH_IMAGE026
The private key is
Figure 372586DEST_PATH_IMAGE027
Meanwhile, the group members are dynamically changed due to the addition of users in the group, and at this time, the group session key needs to be updated. The group manager A constructs a new group public key vector according to the identity information of the authorized users in the group
Figure 587667DEST_PATH_IMAGE028
And starting a round of BKEM, and calculating by using the temporary public key of the cloud server to obtain a new group session keykAnd packaging the plaintext C. And then, taking the new group public key vector P as a public key, calling the WIBE's encryption algorithm to encrypt the new encapsulation plaintext C to obtain a new encapsulation ciphertext CT, and sending the new encapsulation ciphertext CT to the group members. When the newly added user obtains a new encapsulation ciphertext CT, the new group public key is matched with the user public key of the authorized user, so that the new encapsulation plaintext C can be obtained by decryption, and a new group session key can be obtainedk. For example, when user E obtains a new encapsulated ciphertext CT, since
Figure 21053DEST_PATH_IMAGE029
The user E can decrypt to obtain a new packaging plaintext C, and then interacts with the cloud server to obtain a new group session keyk. The operation of other authorized users in the group is similar.
When the group administrator a wants to revoke the rights of a certain user, the group members also dynamically change, and the group session key also needs to be updated. Assuming that the group administrator A wants to revoke the authority of the user F, the group administrator A constructs an updated group public key vector according to the identity information of the authorized users in the current group
Figure 612572DEST_PATH_IMAGE030
. The group manager A starts a round of BKEM, and obtains an updated session key by utilizing the temporary public key calculation of the cloud serverkAnd packaging the plaintext C. And then, the updated encapsulation plaintext C is encrypted by calling the WIBE encryption algorithm by taking the updated group public key vector P as a public key to obtain an updated encapsulation ciphertext CT, and the updated encapsulation ciphertext CT is sent to the group members.
When user B, user C and user E in the group receive the updated encapsulation ciphertext CT, because
Figure 244541DEST_PATH_IMAGE031
Thus, user B uses his own user private key
Figure 66742DEST_PATH_IMAGE021
And calling a decryption algorithm of the WIBE to obtain the updated encapsulation plaintext C. Subsequently, the user B interacts with the cloud server by using the updated encapsulation plaintext C to perform blinding and de-encapsulation processes, and finally the updated group session key which is the same as the group administrator can be obtainedk. Similarly, the updated group public key vector P also matches the user public key vectors of the user C and the user E, so that the user C and the user E can also decrypt using their own user private keys to obtain an updated encapsulation plaintext C, thereby obtaining an updated group session key identical to that of the group administratork
Since the updated group public key vector P does not match the user public key vector of revoked user F, i.e.
Figure 49741DEST_PATH_IMAGE032
Therefore, the revocation user F cannot decrypt the encrypted packet data using the private key of the revocation user F to obtain the updated encapsulation plaintext C, and further cannot interact with the cloud server to obtain the updated group session keyk
The above embodiments describe the flow of the group session key establishment method, and the following describes a group session key establishment system for implementing the above method.
Another aspect of the embodiments of the present invention provides a group session key establishment system, please refer to fig. 2, where the system includes:
the first generating module 110 is configured to obtain a security parameter, and generate a system public parameter and a master key according to the security parameter;
the second generating module 120 is configured to obtain the identity information of the user, generate a user public key of the user according to the identity information of the user, generate a user private key of the user according to the system public parameter, the master key, and the user public key of the user, and send the user private key of the user to the user;
a third generating module 130, configured to obtain authority information of the user, and generate a group public key according to the identity information of the user; wherein, the group public key matches the user public key of the user;
the encapsulation module 140 is configured to obtain an encapsulation key from the cloud server, and generate an encapsulation plaintext and a group session key according to the encapsulation key;
the encryption module 150 is used for encrypting the packaged plaintext through the group public key to obtain a packaged ciphertext, and sending the packaged ciphertext to the user, so that the user decrypts the packaged ciphertext according to a user private key of the user to obtain the packaged plaintext, and interacts with the cloud server according to the packaged plaintext to obtain a group session key;
the updating module 160 is configured to update the group public key when the authority of the user is revoked, and update the encapsulation plaintext, the group session key, and the encapsulation ciphertext; and the updated group public key does not match the user public key corresponding to the user.
Preferably, the encryption module 150 employs a wildcard-based identity-based encryption scheme.
Preferably, the vector expression of the group public key is:
Figure 382633DEST_PATH_IMAGE001
and to
Figure 665847DEST_PATH_IMAGE002
If it is the first in the groupiIf the authority of the individual user is revoked
Figure 190107DEST_PATH_IMAGE003
Otherwise
Figure 394824DEST_PATH_IMAGE004
The vector expression of the user public key of the user is:
Figure 248DEST_PATH_IMAGE005
in the formula (I), the compound is shown in the specification,Lrepresenting the maximum number of users in the group, a wildcard,ID i represents the first in the groupiThe identity of the individual user is identified,
Figure 606810DEST_PATH_IMAGE006
representsi-1 consecutive wildcard characters,
Figure 600174DEST_PATH_IMAGE007
representsL-iA series of wildcards.
Preferably, the encapsulation module 140 employs a blind key encapsulation mechanism.
Preferably, the user decrypts the encapsulated ciphertext according to a user private key of the user to obtain an encapsulated plaintext, and interacts with the cloud server according to the encapsulated plaintext to obtain a group session key, including:
the user decrypts the encapsulation ciphertext according to the user private key of the user to obtain an encapsulation plaintext;
randomly selecting a blinding value, generating a blinding encapsulation plaintext and a blinding removing key according to the encapsulation plaintext, and sending the blinding encapsulation plaintext to a cloud server so that the cloud server generates a blinding key according to the blinding removing key and the blinding encapsulation plaintext;
acquiring a blinded key from a cloud server;
and obtaining a group session key according to the blinding key and the blinding key.
For a description of a relevant part in a group session key establishment system provided in an embodiment of the present invention, refer to a detailed description of a corresponding part in a group session key establishment method provided in an embodiment of the present invention, and all have a corresponding effect of a group session key establishment method provided in an embodiment of the present invention, and are not described herein again.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A group session key establishment method, comprising:
acquiring security parameters, and generating system public parameters and a master key according to the security parameters;
acquiring identity identification information of a user, generating a user public key of the user according to the identity identification information of the user, generating a user private key of the user according to the system public parameter, the master key and the user public key of the user, and sending the user private key of the user to the user;
acquiring authority information of a user, and generating a group public key according to the identity identification information of the user; wherein the group public key matches a user public key of the user;
acquiring an encapsulation key from a cloud server, and generating an encapsulation plaintext and a group session key according to the encapsulation key;
encrypting the packaged plaintext through the group public key to obtain a packaged ciphertext, sending the packaged ciphertext to the user, enabling the user to decrypt the packaged ciphertext according to a user private key of the user to obtain the packaged plaintext, and interacting with the cloud server according to the packaged plaintext to obtain the group session key;
when the authority of the user is revoked, updating the group public key, and updating the packaging plaintext, the group session key and the packaging ciphertext; wherein the updated group public key does not match the user public key corresponding to the user.
2. The method for establishing a group session key according to claim 1, wherein during the process of encrypting the encapsulated plaintext by the group public key to obtain an encapsulated ciphertext, an encryption scheme based on a wildcard identity is adopted in the encryption process.
3. The group session key establishment method according to claim 2, wherein the vector expression of the group public key is:
Figure 899090DEST_PATH_IMAGE001
and to
Figure 636101DEST_PATH_IMAGE002
If the authority of the ith user in the group is revoked
Figure 330126DEST_PATH_IMAGE003
Otherwise
Figure 228812DEST_PATH_IMAGE004
The vector expression of the user public key of the user is as follows:
Figure 142541DEST_PATH_IMAGE005
wherein, L represents the maximum number of users in the group, which represents wildcard characters, IDi represents the ID of the ith user in the group,
Figure 417665DEST_PATH_IMAGE006
represents i-1 consecutive wildcards,
Figure 467660DEST_PATH_IMAGE007
representing L-i consecutive wildcards.
4. The group session key establishment method according to claim 1, wherein in the process of obtaining the encapsulation key from the cloud server and generating the encapsulation plaintext and the group session key according to the encapsulation key, a blind key encapsulation mechanism is adopted in the encapsulation process.
5. The group session key establishment method according to claim 4, wherein the user decrypts the encapsulated ciphertext according to a user private key of the user to obtain the encapsulated plaintext, and interacts with the cloud server according to the encapsulated plaintext to obtain the group session key, comprising:
the user decrypts the encapsulation ciphertext according to a user private key of the user to obtain the encapsulation plaintext;
randomly selecting a blinding value, generating a blinding encapsulation plaintext and a blinding removing key according to the encapsulation plaintext, and sending the blinding encapsulation plaintext to the cloud server so that the cloud server generates a blinding key according to the blinding removing key and the blinding encapsulation plaintext;
obtaining the blinded key from the cloud server;
and obtaining the group session key according to the blinding-free key and the blinding key.
6. A group session key establishment system, comprising:
the first generation module is used for acquiring security parameters and generating system public parameters and a master key according to the security parameters;
the second generation module is used for acquiring the identity identification information of a user, generating a user public key of the user according to the identity identification information of the user, generating a user private key of the user according to the system public parameter, the master key and the user public key of the user, and sending the user private key of the user to the user;
the third generation module is used for acquiring the authority information of the user and generating a group public key according to the identity identification information of the user; wherein the group public key matches a user public key of the user;
the packaging module is used for acquiring a packaging key from the cloud server and generating a packaging plaintext and a group session key according to the packaging key;
the encryption module is used for encrypting the packaged plaintext through the group public key to obtain a packaged ciphertext, sending the packaged ciphertext to the user, enabling the user to decrypt the packaged ciphertext according to a user private key of the user to obtain the packaged plaintext, and interacting with the cloud server according to the packaged plaintext to obtain the group session key;
the updating module is used for updating the group public key when the authority of the user is revoked, and updating the packaging plaintext, the group session key and the packaging ciphertext; wherein the updated group public key does not match the user public key corresponding to the user.
7. The group session key establishment system of claim 6, wherein the encryption module employs a wildcard-based identity-based encryption scheme.
8. The group session key establishment system of claim 7, wherein the vector expression of the group public key is:
Figure 802827DEST_PATH_IMAGE001
and to
Figure 436808DEST_PATH_IMAGE002
If the authority of the ith user in the group is revoked
Figure 515622DEST_PATH_IMAGE003
Otherwise
Figure 685704DEST_PATH_IMAGE004
The vector expression of the user public key of the user is as follows:
Figure 598296DEST_PATH_IMAGE005
wherein, L represents the maximum number of users in the group, which represents wildcard characters, IDi represents the ID of the ith user in the group,
Figure 256591DEST_PATH_IMAGE006
represents i-1 consecutive wildcards,
Figure 873518DEST_PATH_IMAGE007
representing L-i consecutive wildcards.
9. The group session key establishment system of claim 6, wherein the encapsulation module employs a blind key encapsulation mechanism.
10. The group session key establishment system according to claim 9, wherein the user decrypts the encapsulated ciphertext according to a user private key of the user to obtain the encapsulated plaintext, and interacts with the cloud server according to the encapsulated plaintext to obtain the group session key, including:
the user decrypts the encapsulation ciphertext according to a user private key of the user to obtain the encapsulation plaintext;
randomly selecting a blinding value, generating a blinding encapsulation plaintext and a blinding removing key according to the encapsulation plaintext, and sending the blinding encapsulation plaintext to the cloud server so that the cloud server generates a blinding key according to the blinding removing key and the blinding encapsulation plaintext;
obtaining the blinded key from the cloud server;
and obtaining the group session key according to the blinding-free key and the blinding key.
CN202110562109.4A 2021-05-24 2021-05-24 Group session key establishment method and system Active CN113037485B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110562109.4A CN113037485B (en) 2021-05-24 2021-05-24 Group session key establishment method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110562109.4A CN113037485B (en) 2021-05-24 2021-05-24 Group session key establishment method and system

Publications (2)

Publication Number Publication Date
CN113037485A CN113037485A (en) 2021-06-25
CN113037485B true CN113037485B (en) 2021-08-03

Family

ID=76455539

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110562109.4A Active CN113037485B (en) 2021-05-24 2021-05-24 Group session key establishment method and system

Country Status (1)

Country Link
CN (1) CN113037485B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013005989A2 (en) * 2011-07-04 2013-01-10 삼성전자주식회사 Method and apparatus for managing group key for mobile device
CN106169996A (en) * 2016-07-04 2016-11-30 中国人民武装警察部队工程大学 Multi-area optical network key management method based on key hypergraph and identification cipher
CN108200181A (en) * 2018-01-11 2018-06-22 中国人民解放军战略支援部队信息工程大学 A kind of revocable attribute-based encryption system and method towards cloud storage
CN110048836A (en) * 2019-04-02 2019-07-23 南京航空航天大学 A kind of cloud shared data integrality auditing method of traceable user identity
CN112422282A (en) * 2020-11-18 2021-02-26 中国电子科技集团公司第三十研究所 Centralized efficient group session key management method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013005989A2 (en) * 2011-07-04 2013-01-10 삼성전자주식회사 Method and apparatus for managing group key for mobile device
CN106169996A (en) * 2016-07-04 2016-11-30 中国人民武装警察部队工程大学 Multi-area optical network key management method based on key hypergraph and identification cipher
CN108200181A (en) * 2018-01-11 2018-06-22 中国人民解放军战略支援部队信息工程大学 A kind of revocable attribute-based encryption system and method towards cloud storage
CN110048836A (en) * 2019-04-02 2019-07-23 南京航空航天大学 A kind of cloud shared data integrality auditing method of traceable user identity
CN112422282A (en) * 2020-11-18 2021-02-26 中国电子科技集团公司第三十研究所 Centralized efficient group session key management method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Deja Q Encore RIBE Anonymous Revocable Identity-Based Encryption with Short Parameters";Qianqian Xing.etc;《GLOBECOM 2017 - 2017 IEEE Global Communications Conference》;20180115;全文 *

Also Published As

Publication number Publication date
CN113037485A (en) 2021-06-25

Similar Documents

Publication Publication Date Title
US20220158832A1 (en) Systems and Methods for Deployment, Management and Use of Dynamic Cipher Key Systems
JP6670395B2 (en) System and method for distribution of identity-based key material and certificate
US9379891B2 (en) Method and system for ID-based encryption and decryption
CN113259329B (en) Method and device for data careless transmission, electronic equipment and storage medium
US9008312B2 (en) System and method of creating and sending broadcast and multicast data
JP4944886B2 (en) Cryptographic authentication and / or shared encryption key configuration using signature keys encrypted with non-one-time pad cryptography, including but not limited to technology with improved security against malleable attacks
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN108347404B (en) Identity authentication method and device
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
JP2003298568A (en) Authenticated identification-based cryptosystem with no key escrow
CN111277412B (en) Data security sharing system and method based on block chain key distribution
CN109873699B (en) Revocable identity public key encryption method
WO2017167771A1 (en) Handshake protocols for identity-based key material and certificates
CN109586908A (en) A kind of safe packet transmission method and its system
CN113037499B (en) Block chain encryption communication method and system
CN112187450B (en) Method, device, equipment and storage medium for key management communication
CN110999202A (en) Computer-implemented system and method for highly secure, high-speed encryption and transmission of data
CN104796260B (en) A kind of short ciphertext identity base encryption method for meeting forward secrecy
CN106549858A (en) A kind of instant messaging encryption method based on id password
CN106788997A (en) A kind of real-time multimedia encryption method based on id password
CN113037485B (en) Group session key establishment method and system
CN114189338B (en) SM9 key secure distribution and management system and method based on homomorphic encryption technology
CN106452736B (en) Cryptographic key negotiation method and system
CN113014376B (en) Method for safety authentication between user and server
CN108429717B (en) Identity authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant