CN115333845A - Private data verification method based on subsets - Google Patents
Private data verification method based on subsets Download PDFInfo
- Publication number
- CN115333845A CN115333845A CN202211000771.1A CN202211000771A CN115333845A CN 115333845 A CN115333845 A CN 115333845A CN 202211000771 A CN202211000771 A CN 202211000771A CN 115333845 A CN115333845 A CN 115333845A
- Authority
- CN
- China
- Prior art keywords
- key
- ciphertext
- verification
- subset
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000013524 data verification Methods 0.000 title claims abstract description 20
- 238000012795 verification Methods 0.000 claims abstract description 78
- 230000002776 aggregation Effects 0.000 claims abstract description 45
- 238000004220 aggregation Methods 0.000 claims abstract description 45
- 230000006854 communication Effects 0.000 claims abstract description 24
- 238000004891 communication Methods 0.000 claims abstract description 22
- 238000004364 calculation method Methods 0.000 claims description 22
- 230000006870 function Effects 0.000 claims description 15
- 238000013507 mapping Methods 0.000 claims description 11
- 125000004122 cyclic group Chemical group 0.000 claims description 6
- 238000010200 validation analysis Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 17
- 238000005516 engineering process Methods 0.000 description 11
- 238000001914 filtration Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 238000004422 calculation algorithm Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a privacy data verification method based on subsets, which relates to the field of communication and comprises the following steps: establishing a key exchange channel with a receiving terminal and a gateway server respectively, and generating a first key and a second key based on a key exchange protocol; encrypting the target data based on the second key and the encryption parameter and the public key issued by the key generation center to generate a ciphertext tag; and the ciphertext tag is sent to the gateway server, so that the gateway server can decrypt and match the ciphertext tag based on the aggregation trapdoor uploaded by the receiving terminal. In the scheme, the sending, receiving and server sides respectively establish a key exchange channel, and carry out encryption, generation of the aggregated trapdoor, verification and other processes according to encryption parameters, public keys or private keys of a key generation center, so that the trapdoor is used for verifying the keywords in the appointed keyword set, the verification efficiency is improved, and the confidentiality of the data set and the trapdoor in the verification process of the hidden data is also protected.
Description
Technical Field
The embodiment of the application relates to the field of communication, in particular to a privacy data verification method based on subsets.
Background
In recent years, with the competition of key core technologies among large countries, especially core technologies related to national security, becoming more and more intense, the need for how to design an autonomously controllable home-made cryptographic technology is also becoming more and more vigorous. On the basis of organically combining the existing domestic cryptographic technology as much as possible, the realization of the efficient key data privacy verification technology is an important measure.
In the related art, a public key encryption scheme of keyword search is a popular data encryption verification scheme. The traditional PEKS scheme has a certain privacy disclosure risk for a small keyword space scene, namely the traditional PEKS scheme is easy to suffer from keyword guessing attack. Specifically, when the recipient wants to filter a subset of keywords, each incoming data should be compared to the tokens of all keywords in the subset, which increases the number of authentication times at the cloud or terminal, affecting the communication efficiency. Taking CN 110489998B as an example, this method is limited to encryption and filtering of files, but cannot be applied to private data verification in a real-time application scenario of data stream, and this method only supports single keyword search, and if subset search needs to be supported, multiple single keyword trapdoors need to be deployed at a gateway and operated with these trapdoors in sequence, so the execution efficiency is not high.
Disclosure of Invention
The application provides a subset-based privacy verification method. The method solves the problems of guessed attack of data and verification efficiency in the related technology, and the technical scheme is as follows:
in one aspect, a subset-based privacy verification method is provided, where the method is used for a transmitting terminal, and the method includes:
establishing a key exchange channel with a receiving terminal and a gateway server respectively, and generating a first key and a second key based on a key exchange protocol; the first key is a shared key between the transmitting and receiving ends, and the second key is a shared key for encrypting by the transmitting terminal and verifying by the gateway service;
based on the second secret key and the encryption parameter and the public key issued by the secret key generation center, carrying out data encryption on the target data to generate a ciphertext label; communication connection is established among the key generation center, the sending terminal, the receiving terminal and the gateway server;
sending the ciphertext tag to the gateway server, so that the gateway server can conveniently check the ciphertext tag based on the aggregation trapdoor uploaded by the receiving terminal and send a check result to the receiving terminal; the aggregated trapdoors are generated by the receiving terminal based on a subset of a specified keyword space.
In another aspect, a subset-based private data verification method is provided, the method being used for a gateway server, and the method including:
establishing a key exchange channel with a sending terminal, and generating a second key based on a key exchange protocol; the second key is a shared key used for encryption and gateway service of the sending terminal;
receiving a ciphertext tag uploaded by the sending terminal, and decrypting and verifying the ciphertext tag based on the second key, the encryption parameter issued by the key generation center and the aggregation trapdoor uploaded by the receiving terminal; the aggregation trapdoor is generated by the receiving terminal based on a subset of a keyword space, and communication connections are established between the key generation center and the sending terminal, between the receiving terminal and the gateway server;
responding to the matching of the verification result of the ciphertext label and the verification set of the subset, and issuing the verification result to the receiving terminal; the verification set comprises verification data of all keywords in the subset.
In yet another aspect, a subset-based private data verification method for a receiving terminal is provided, the method comprising:
establishing a key exchange channel with a sending terminal, and generating a first key based on a key exchange protocol; the first key is a shared key between the transmitting and receiving ends;
acquiring a private key issued by a key generation center, and generating a convergence trapdoor based on the first key and a subset of a keyword space appointed by the sending terminal; communication connections are established between the key generation center and the sending terminal, between the receiving terminal and the gateway server;
and uploading the aggregation trapdoor to a gateway server, so that the gateway server decrypts and checks the ciphertext label uploaded by the aggregation trapdoor and the sending terminal and receives a check result issued by the gateway server.
In yet another aspect, a gateway server is provided, comprising a processor and a memory, wherein the memory stores at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by the processor to implement the subset-based private data verification method of the above aspect.
The beneficial effect that above-mentioned technical scheme brought includes at least: a third party key generation center is introduced, each part obtains encryption parameters, a public key and a private key based on the key generation center, but does not obtain data of each part, and communication isolation is achieved; for the verification and decryption processes, the scheme places the gateway server on the gateway server, so that the decryption pressure of the receiving terminal can be reduced, and the possibility of privacy disclosure possibly occurring between the terminals is avoided; keys are mutually established between the sending terminal and the gateway server and between the sending terminal and the receiving terminal, so that end-to-end directional encryption is realized, and the data cannot be decrypted by keyword prediction even if hijacked; for all encrypted data of the sending terminal, the receiving terminal does not need to upload and request for two times, and can realize data decryption, verification, filtering and receiving only by uploading once. Compared with an encryption mode in the related technology, the scheme greatly improves the encryption safety and the communication efficiency.
Drawings
Fig. 1 is a schematic view of a scenario of a subset-based private data verification method provided in an embodiment of the present application;
fig. 2 is a flowchart of a subset-based private data verification method for a sending terminal according to an embodiment of the present application;
FIG. 3 is a flowchart of a subset-based private data verification method for a gateway server according to an embodiment of the present application;
fig. 4 is a flowchart of a subset-based private data verification method provided by an embodiment of the present application, for a receiving terminal;
fig. 5 is an interaction flowchart of a subset-based private data verification method according to another embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Reference herein to "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Fig. 1 is a schematic view of a scenario of a subset-based private data verification method provided in an embodiment of the present application. Including a key generation center 100, a transmitting terminal 200, a gateway server 300, and a receiving terminal 400. The key generation center 100 is an authority established between government bodies or defense departments in order to ensure confidential information and avoid privacy disclosure by theft. The key generation center 100 synchronizes the generated key and information such as encryption parameters to the sending terminal 200, the gateway server 300 and the receiving terminal 400 to establish an authentication mechanism, and after the authentication mechanism is established, all data information between the sending terminal and the receiving terminal is encrypted and authenticated to ensure the absolute security of the information. The sending terminal and the receiving terminal in the present solution represent at least one or more devices, including but not limited to mobile phones, PCs, notebooks, repeaters, workstations, and the like. The gateway server 200 corresponds to a server of a software program for data interaction between the transmitting terminal 100 and the receiving terminal 300, such as a server of a communication program, a server of an email, a server of a financial system and a network platform, and the like. The gateway server 200 monitors all data uploaded by the sending terminal 200, verifies the data, and selects, filters, hides, and issues target data according to requirements agreed by both parties.
The key generation center 100 is a government-approved trust authority that provides a uniform public key and a separate private key for the receiver and the sender and the application server, the timeliness of the public key and the private key being set according to regulations. In the aging period, the receiving terminal 400 only needs to upload the aggregation trapdoor to the gateway server 300 once, and the aggregation trapdoor is filtered and verified by the gateway server 300. Optionally, the program and algorithm for data encryption, uploading and verification may be installed on the sending terminal and the receiving terminal, or on a switch or a router of a department where the program and algorithm is installed, and the target data to be sent and verified includes, but is not limited to, information such as files, audio/video, data streams, and mails, and the application is not limited thereto.
The data verification process needs to be agreed in advance, namely, a public key is issued among all parts, a subset of verification keys and an agreed keyword space are established mutually, and verification is performed according to keywords contained in the subset. On the contrary, in the interactive communication process, the receiving terminal 400 feeds back information to the sending terminal 200, and then the identities are exchanged, encrypted and uploaded by the receiving terminal 400, and the sending terminal receives the 200. Only one of the processes is described in the following examples. The keyword space in the scheme comprises a plurality of subsets, and appointed keywords can be added into different subsets according to actual needs, wherein the keywords comprise but are not limited to numerical values, codes, websites, characters, character strings, special symbols and the like. The method can be used for file identification, and can also realize encryption and verification of streaming media formats such as data streams, images, voice characters and the like.
Fig. 2 is a flowchart of a privacy verification method provided in an embodiment of the present application, for the sending terminal 200 in fig. 1, including the following steps:
The first key is a shared key between the transmitting and receiving terminals, and the second key is a shared key for the encryption of the transmitting terminal and the verification of the gateway service.
Under the condition that a sending terminal establishes a verification mechanism with a receiving terminal, any data information sent by the sending terminal needs to be encrypted, the establishment of the verification mechanism needs to establish a key exchange channel between a gateway server and the receiving terminal, and the key exchange channel does not perform data interaction and is only used for generating a corresponding key according to specific key exchange protocol handshaking. The first secret key established by the sending terminal and the receiving terminal is a secret key shared by both sides and is respectively used for encrypting data at the sending terminal and generating a convergence trapdoor at the receiving terminal; and the second key established by the sending terminal and the gateway server is used for encrypting the data at the sending terminal and decrypting the data by the gateway server.
And step 202, performing data encryption on the target data based on the second secret key and the encryption parameter and the public key issued by the secret key generation center to generate a ciphertext tag.
Communication connection is established between the key generation center and the sending terminal, between the receiving terminal and between the key generation center and the gateway server, and the communication connection is used for issuing encryption parameters and public keys when a verification mechanism is initialized and changed. The encryption parameters specify the protocols, algorithms, system parameters, etc. necessary for encryption and decryption. The public key is used for encryption and authentication of the various parts. And the transmitting terminal encrypts the target data according to the uploaded second key and the encryption parameters and the public key issued by the key generation center to generate a ciphertext tag, namely the encrypted data information. The process can be completed on the terminal or encrypted by the network equipment of the department where the terminal is located.
And 203, sending the ciphertext tag to the gateway server, so that the gateway server can conveniently check the ciphertext tag based on the aggregation trapdoor uploaded by the receiving terminal, and send a check result to the receiving terminal.
One reason for data encryption is to avoid the risk of secret data leakage between the sender and the receiver, and the other reason is to avoid privacy leakage caused by hijacking and cracking of data. Encryption between the sending terminal and the server may prevent the risk of hijacking, while encryption between the sending terminal and the receiving terminal may avoid privacy disclosure between the parts or terminals. The safe communication between the sender and the receiver is realized between the department and the terminal through the appointed keyword space and the related subset, namely, the subset is constructed based on the privacy keywords, and the sent target data is encrypted and checked according to the subset. The aggregation trapdoor is generated by the receiving terminal based on the subset of the keyword space agreed with the transmitting terminal. After the receiving terminal agrees on the protocol, the aggregation trapdoor can be generated according to the acquired parameters and various keys, the aggregation trapdoor is uploaded to the gateway server, the gateway server decrypts and verifies the ciphertext label uploaded by the sending terminal based on the aggregation trapdoor, and finally, the verification result is sent to the receiving terminal.
Fig. 3 is a flowchart of a privacy verification method provided in an embodiment of the present application, for the gateway server 300 in fig. 1, including the following steps:
The process refers to step 201, and details are not repeated here.
And 302, receiving the ciphertext tag uploaded by the sending terminal, and decrypting and verifying the ciphertext tag based on the second key, the encryption parameter issued by the key generation center and the aggregation trapdoor uploaded by the receiving terminal.
The aggregation trapdoor is generated by a receiving terminal based on a subset of a keyword space appointed by a sending terminal, and communication connections are established between a key generation center and the sending terminal, between the receiving terminal and a gateway server. The aggregation trapdoor and the encryption parameters are acquired by the gateway server in advance, and after receiving the ciphertext tag uploaded by the sending terminal, the decryption and verification can be started on the ciphertext tag. Decryption and verification need to depend on the second key and the aggregation trapdoor to participate together, the aggregation trapdoor does not need to be uploaded and modified every time, and the receiving terminal does not need to repeat uploading work on the premise of not changing protocol content.
The verification set comprises verification data of all keywords in the subset, under the condition that the subset is determined, the set of the verification data corresponding to each keyword can be obtained by primarily encrypting the encryption parameters issued by the key generation center, and the verification set is obtained based on Hash operation issued by the key generation center and only exists in the gateway server, so that privacy disclosure caused by unilateral data decryption between terminals is avoided.
Fig. 4 is a flowchart of a privacy verification method provided in an embodiment of the present application, for use in the gateway server 400 in fig. 1, including the following steps:
Step 201 is referred to in this process, and this step is not described in detail again.
Because the key generation center establishes communication connection with the sending terminal, the receiving terminal and the gateway server. The receiving terminal can obtain the encryption parameters and the private key issued by the key generation center in real time. The encryption parameters and the private key are used for generating the aggregation trapdoor, and the aggregation trapdoor is generated based on a subset of the specified keyword space, so that the decryption matching pressure of the server is reduced in the verification process. The first secret key is end-to-end encryption, so that the data is guaranteed to be hijacked and cracked, the secret key is different from the public key, the secret key generation center can synchronize the public key to the receiving terminal, the sending terminal and the gateway server, and the private key is a unique secret key specially used for the receiving party.
And step 403, uploading the aggregation trapdoor to a gateway server, so that the gateway server can decrypt and verify the encrypted message through the aggregation trapdoor and the encrypted message tag uploaded by the sending terminal, and receive a verification result issued by the gateway server.
The process refers to step 203, and is not described in detail here.
In summary, in order to improve the security of communication between a department and a terminal, a key generation center of a third party is introduced, and the key generation center is responsible for issuing encryption parameters, public keys and private keys without acquiring data of all parts, so that communication isolation is achieved; for the verification and decryption processes, the scheme places the gateway server on the gateway server, so that the decryption pressure of the receiving terminal can be reduced, and the possibility of privacy disclosure possibly occurring between the terminals is avoided; keys are mutually established between the sending terminal and the gateway server and between the sending terminal and the receiving terminal, so that end-to-end directional encryption is realized, and the data cannot be decrypted by keyword prediction even if hijacked; for all encrypted data of the sending terminal, the receiving terminal does not need to upload and request for two times, and can realize data decryption, verification, filtering and receiving only by uploading once. Compared with a single keyword encryption mode in the related technology, the aggregation trapdoor is constructed through the subset, only one aggregation trapdoor needs to be generated, and the encryption safety and the verification efficiency are greatly improved.
Fig. 5 is an interaction flowchart of a subset-based private data verification method according to another embodiment of the present application. The method comprises the following steps:
step 501, a first key exchange channel is established between a receiving terminal and a sending terminal, and a first key for hiding a keyword is generated based on an SM2 key exchange protocol.
In the scheme, the cipher negotiation needs to establish a special channel mutually and is generated by operating a cipher exchange protocol which is issued by a cipher generation center. The encryption parameter sp issued by the password generation center at least comprises at least one of a security parameter lambda, a bilinear map e, a subset W, q order cyclic group and a generation element g, a hash function H, a key exchange protocol SM2 and an encryption protocol SM 4; the issued key comprises a public key pk and a private key alpha, the public key is generated based on the private key, pk = g 1 =g α . Wherein sp = { λ, e, g, q, H, W, SM2, SM4, α ∈ Zq, and α is a positive integer between 0 and. The system parameters need to be synchronized to the server and the transceiving end, so that subsequent synchronous encryption and decryption are facilitated. The key generation center, the receiving terminal and the sending terminal are also transmitted by using a dedicated channel for communication connection between the gateway servers, and the purpose is to ensure data transmission safety.
In addition, the cipher exchange protocol in the scheme adopts SM2 key exchange protocol, after a first key exchange channel is established between the receiving terminal and the sending terminal, the SM2 key exchange-based protocol is operated to generate a first key for hiding the subset
The first key may preliminarily hide the target data.
λ is the security parameter and is also the length of the first key string.
Step 502, a second key exchange channel is established between the sending terminal and the gateway server, and a second key for data encryption is generated based on the SM2 key exchange protocol.
The second key exchange path is similar to the first encryption path and is used for generating keys between the sending terminal and the gateway server. The second key μ e {0,1} λ Wherein the second key and the first key belong to random keys, the sequence of the character strings may not be the same.
It should be noted that, secure transmission channels are respectively established between the gateway server, the sending terminal, and the receiving terminal and the key generation center, and are used for receiving the encryption parameters and the public and private key pairs.
In step 503, the sending terminal composes a first key tuple based on the first key and the second key.
First key tuple
The function of the key tuple is equivalent to the respective key part to be usedThe scores are used as vector sets, and key portions are selected to be used in the encryption and decryption processes. The first key tuple is for the receiving terminal. Similarly, the receiving terminal also needs to generate a second key tuple sk r 。
At step 504, the receiving terminal composes a second key tuple based on the private key and the first key.
It should be noted that the first key tuple may be shared with a department terminal, so as to implement fast replication and implement receiving shared ciphertext tags by multiple terminals and a sending terminal. The execution sequence of step 503 and step 504 is not sequential, and may be adjusted arbitrarily, as long as the private key is obtained and the first key is generated.
And 505, the sending terminal selects an encrypted random number, and performs data encryption on the target data based on the encrypted random number, the first key tuple, the public key and the encryption parameter to obtain a ciphertext tag.
In order to ensure the randomness and the security of encryption, for target data sent by a sending terminal each time, the sending terminal selects a random number r, and combines r and sk e Pk and sp, and encrypts the target data through the SM4 encryption protocol. Where r is a positive integer no greater than q, q representing the order of the second order cyclic group in the encryption parameter. The method comprises the following steps:
and 505a, calculating to obtain a first ciphertext of the ciphertext tag based on the encrypted random number r and the generator g.
Before the sending terminal sends data, r is randomly selected, and a first ciphertext c is obtained through calculation based on a generator g 1 . The calculation formula of the first ciphertext is as follows:
c 1 =g r
and 505b, performing hash operation on the target data and the first secret key through a hash function, and performing bilinear mapping on a hash operation result and the public key to obtain a second ciphertext of the ciphertext tag.
The hash function in the scheme is issued by a secret generation center, and for target data w, a first secret key in a first secret key tuple is used for carrying out hash operation encryption to obtain encrypted data
And then the issued public key pk and the encrypted random number are used for carrying out bilinear mapping calculation to obtain a second ciphertext c 2 . The calculation formula of the second ciphertext is as follows:
And 505c, performing SM4 symmetric encryption on the second secret key and the encrypted random number to obtain a third ciphertext.
The first two times of encryption adopts random number encryption and a first secret key to carry out hash encryption on target data, and as decryption is required through a gateway server in the process, a second secret key agreed by handshaking with the gateway server is also required to carry out encryption, so that on one hand, keyword prediction hijacking is prevented, and on the other hand, hackers can be prevented from invading the server and the inside of the server side to obtain data for reverse decryption to a certain extent. Third ciphertext c 3 The SM4 encryption protocol is used for encryption, and the calculation formula is as follows:
c 3 =SM4.Enc(μ,r)
μ is the second key and sm4.Enc is the symmetric cryptographic calculation function. It should be noted that in the three ciphertexts, only the second cipher text contains the target data, and the other two cipher texts are used for complexity increase and decryption.
And 505d, combining the first calculation ciphertext, the second calculation ciphertext and the third calculation ciphertext to obtain the encrypted ciphertext tag.
The ciphertext tag is a form obtained by integrating three sections of ciphertexts, and is represented as c = (c) 1 ,c 2 ,c 3 )。
Step 506, the sending terminal sends the ciphertext tag to the gateway server.
Step 507, the receiving terminal obtains the hash operation function in the encryption parameters, calculates the ciphertext hash values of all the keywords in the subset based on the second key tuple, and determines the product of all the ciphertext hash values as the first hash value.
For the receiving terminal, the aggregation trapdoor can be generated only after the private key and the encryption parameter issued by the first key and the key generation center are acquired. The generation of the aggregation trapdoor needs to acquire a corresponding subset in advance, calculate ciphertext hash values of all key words in the subset, and then acquire a first hash value tau 0 。τ 0 The calculation formula is as follows:
w i the ith keyword in the subset is a private key of alpha, and is a positive integer, and the power calculation is represented here;
is the ciphertext hash value of the ith key,
is the first key. It should be noted that, in the following description, subset W = { W 1 ,…,w n But not limited to text coding, voice coding, video coding, mailbox and website coding, etc.
And step 508, respectively calculating the ratios of the first hash value to all the ciphertext hash values, and combining the second hash values of the ratios into a verification set.
The verification set tau' is a standard for the final gateway server to check, and the number of the verification sets is the same as that of the keywords. First of allThe ratio of the hash value to all ciphertext hash values is tau i Expressed as follows:
τ i =τ 0 /H(κ,w i ) α
validation set τ' is expressed as:
τ i is the ratio of the first hash value to the ith ciphertext hash value, n is the total number of the keywords, and i is less than or equal to n.
In step 509, the receiving terminal composes the first hash value and the verification set into an aggregation trapdoor.
Polymeric trapdoors τ w =(τ 0 τ') including verification data of all keywords in the subset, and the verification data is formed based on a private key and encryption parameters issued by the key generation center, and cannot be reversed and decrypted even if data leakage occurs.
In step 510, the receiving terminal uploads the aggregation trapdoor to the gateway server.
It should be noted that steps 507-510 may occur before step 506 or after step 506, because decryption and verification by the gateway server need to have both the uploaded ciphertext tag and the aggregation trapdoor.
In step 511, the gateway server decomposes the aggregation trapdoor to obtain a first hash value of the subset.
The process is to obtain τ in step 507 0 . Refer to step 507 specifically.
And step 512, the gateway server decomposes the ciphertext tag to obtain a first ciphertext and a third ciphertext therein.
For the respective label ciphertexts, the gateway server can decompose the label ciphertexts to obtain a first ciphertext and a third ciphertext, the second ciphertext containing the target data can not be decomposed, the data processing pressure is reduced, the second ciphertext is decrypted after the verification conditions are met, and the target data are extracted according to the public key, the bilinear mapping and the Hash operation.
Step 513, the gateway server performs bilinear mapping operation on the first hash value and the first ciphertext to obtain a first check value; and carrying out SM4 decryption operation on the second secret key and the third ciphertext to obtain a second check value.
The decryption process also needs to depend on encryption parameters, namely bilinear mapping decryption operation and SM4 decryption operation. First check value y = e (τ) 0 ,c 1 ). Running the SM4 decryption algorithm with the second key μ as input results in m = sm4.Dec (μ, c) 3 )。
And 514, the gateway server performs check operation on the first check value and the second check value, and matches the check result with the verification set of the subset.
The first check formula for the first check value y and the second check value m is:
the second check formula for the second check value m is:
m×m -1 ≡1mod q
m -1 representing the inverse operation on the second check value m, z being the check result, c being the received ciphertext tag, q representing the order of the cyclic group in the encryption parameter.
The check of the check value is determined by checking whether z ∈ τ' exists. I.e. matching z with all second hash values in the verification set of the subset.
Step 515, when the same second hash value is matched by the gateway server and the check operation result meets the requirement, it indicates that a keyword exists in the target data, and feeds back a decryption result to the receiving terminal according to the encryption protocol.
When the arrival of z is matched with a certain second hash value in the verification set and the second hash value meets the identity formula of the inverse element operation, the target data is said to contain or hit the keywords in the subset, and then filtering is performed according to the encryption protocol, and the key data is hidden or fed back to prompt a receiving terminal and the like.
Taking mail filtering as an example, mail communication between a department A and a department B, a gateway server is a mail server, the mail sent by the department A comprises extranet connection, and the extranet connection is a specified keyword, so the gateway server can directly intercept the mail, and for the normal mail which does not comprise the keyword, the mail is decrypted into normal mail format data and then forwarded to terminal equipment of the department B for display.
In summary, in order to ensure the security of data communication, a third party key generation center is added on the basis of the receiving end, the sending end and the gateway server. In addition, in order to avoid hijacking and reverse prediction cracking of the transmitted data, the transmitting end, the receiving end, the transmitting end and the server end respectively establish an exchange channel, and a first key and a second key are generated through a protocol issued by a key generation center, so that the server end can be prevented from being invaded and acquired while the data is intercepted and cracked in the transmitting process.
In the data encryption and aggregation trapdoor generation operations, a first key for hiding a keyword is used, and the keyword is mapped to a larger variable space to prevent an adversary from guessing the attack by the keyword; meanwhile, each keyword is independently encrypted, and possible ciphertext combinations do not need to be preprocessed in advance according to verification conditions, so that the storage space of ciphertext data is reduced; in the trap door generation operation, for a plurality of given keywords, a data receiver only needs to generate an aggregated trap door of an integral subset instead of generating one trap door for each keyword, so that the complexity of calculation in a verification stage is reduced; in the verification stage, when the aggregation key is used to verify whether the message corresponding to the detected ciphertext is contained in the keyword set corresponding to the aggregation trapdoor, the gateway server only needs to perform bilinear computation once, and the computation amount required by the conventional verification method is positive to the number of the keyword sets. According to our definition, one trapdoor can be used for detecting ciphertext of a plurality of keyword conditions, and the size distribution of a single keyword query result is hidden to a certain extent, so that the trapdoor can play a role in resisting leakage abuse attacks based on the result size.
The verification process is placed at the server side, the receiving response speed can be improved by relying on the strong processing capacity of the cloud, the terminal pressure is reduced, the effect of resisting the leakage abuse attack based on the result size can be achieved, and the efficiency of the traditional verification method is greatly reduced. Compared with the prior art, the trapdoor aggregation technology can realize privacy verification of a plurality of keywords by using one aggregation trapdoor. The public and private key mixed encryption technology is utilized to expand the mapping space of the keywords and resist the keyword guessing attack from internal adversaries; meanwhile, in the verification stage, for any ciphertext, the gateway server only needs to execute bilinear operation once to complete verification matching, so that the efficiency of the traditional verification method is greatly reduced, and the communication safety is improved. In addition, the design is established on the basis of domestic passwords SM2 and SM4, and localization of the privacy verification technology is achieved.
In an embodiment of the present application, a computer program product or a computer program is also provided, which includes computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the subset-based private data verification method according to any one of the above aspects.
The above description is of the preferred embodiment of the invention; it is to be understood that the invention is not limited to the particular embodiments described above, in that devices and structures not described in detail are understood to be implemented in a manner common in the art; any person skilled in the art can make many possible variations and modifications, or modify equivalent embodiments, without departing from the technical solution of the invention, without affecting the essence of the invention; therefore, any simple modification, equivalent change and modification made to the above embodiments according to the technical essence of the present invention are still within the scope of the protection of the technical solution of the present invention, unless the contents of the technical solution of the present invention are departed.
Claims (10)
1. A subset-based private data verification method for a transmitting terminal, the method comprising:
establishing a key exchange channel with a receiving terminal and a gateway server respectively, and generating a first key and a second key based on a key exchange protocol; the first key is a shared key between the transmitting and receiving ends, and the second key is a shared key for encrypting by the transmitting terminal and verifying by the gateway service;
based on the second key and the encryption parameter and the public key issued by the key generation center, data encryption is carried out on the target data to generate a ciphertext tag; communication connections are established between the key generation center and the sending terminal, between the receiving terminal and the gateway server;
sending the ciphertext tag to the gateway server, so that the gateway server can check the ciphertext tag based on the aggregation trapdoor uploaded by the receiving terminal, and send a check result to the receiving terminal; the aggregated trapdoors are generated by the receiving terminal based on a subset of a specified keyword space.
2. The method of claim 1, wherein establishing a key exchange channel with the receiving terminal and the gateway server, respectively, and generating the first key and the second key based on a key exchange protocol comprises:
establishing a first key exchange channel with the receiving terminal, and generating the first key for hiding the keyword based on an SM2 key exchange protocol; establishing a second key exchange channel with the gateway server, and generating the second key for data encryption based on an SM2 key exchange protocol.
3. The method of claim 2, wherein the encryption parameters comprise at least one of security parameters, bilinear mapping functions, the subset, q-th order cyclic groups and generators g, hash functions, key exchange protocols, and encryption protocols; the first key and the second key are generated based on the security parameters; the public key is generated by the key generation center based on a private key and a generator; the private key is randomly generated by the key generation center.
4. The method according to claim 3, wherein the encrypting the target data based on the second key and the encryption parameter and the public key issued by the key generation center to generate the ciphertext tag comprises:
forming a first key tuple based on the first key and the second key;
selecting an encrypted random number r, and carrying out data encryption on the target data based on the encrypted random number, the first key tuple, the public key and the encryption parameter to obtain the ciphertext tag; where r is a positive integer no greater than q, q representing the order of the second order cyclic group in the encryption parameter.
5. The method of claim 4, wherein the data encrypting the target data based on the encrypted random number, the first key tuple, the public key and the encryption parameter to obtain the ciphertext tag comprises:
calculating to obtain a first ciphertext c of the ciphertext tag based on the encrypted random number r and the generator g 1 (ii) a The calculation formula is as follows:
c 1 =g t
performing Hash operation on the target data and the first secret key through a Hash function, and performing bilinear mapping operation on a Hash operation result and the public key to obtain a second ciphertext c of the ciphertext label 2 (ii) a The calculation formula is as follows:
performing SM4 symmetric encryption on the second secret key and the encrypted random number to obtain a third ciphertext c 3 (ii) a The calculation formula is as follows:
c 3 =SM4.Enc(μ,r)
mu is a second key, and SM4.Enc is a symmetric encryption calculation function;
and combining the first calculation ciphertext, the second calculation ciphertext and the third calculation ciphertext to obtain the encrypted ciphertext tag.
6. A subset-based private data verification method for a gateway server, the method comprising:
establishing a key exchange channel with a sending terminal, and generating a second key based on a key exchange protocol; the second key is a shared key used for encrypting and serving the gateway by the sending terminal;
receiving a ciphertext tag uploaded by the sending terminal, and decrypting and verifying the ciphertext tag based on the second key, the encryption parameter issued by the key generation center and the aggregation trapdoor uploaded by the receiving terminal; the aggregation trapdoor is generated by the receiving terminal based on a subset of a keyword space, and communication connections are established between the key generation center and the sending terminal as well as between the key generation center and the receiving terminal as well as between the key generation center and the gateway server;
responding to the matching of the verification result of the ciphertext label and the verification set of the subset, and issuing the verification result to the receiving terminal; the verification set comprises verification data of all keywords in the subset.
7. The method according to claim 6, wherein the receiving the ciphertext tag uploaded by the sending terminal, and decrypting and verifying the ciphertext tag based on the second key, the encryption parameter issued by the key generation center, and the aggregation trapdoor uploaded by the receiving terminal comprises:
decomposing the aggregation trapdoor to obtain first hash values of all keywords in the subset; the first hash value is the product of all keywords and the ciphertext hash value, and the ciphertext hash value is obtained by the receiving terminal performing hash operation on the keywords according to a second key tuple;
decomposing the ciphertext tag to obtain a first ciphertext and a third ciphertext; the first ciphertext is obtained by the sending terminal based on encrypted random number and generator calculation, and the third ciphertext is obtained by performing SM4 symmetric encryption calculation on the encrypted random number by using a second key;
performing bilinear mapping operation on the first hash value and the first ciphertext to obtain a first check value; performing SM4 decryption operation on the third ciphertext by using the second key to obtain a second check value;
performing a verification operation on the first verification value and the second verification value, and matching a verification result with the verification set of the subset; the verification set and the second hash value set are formed by the ratio of the first hash value to each ciphertext hash value in the subset;
and when the same second hash value is matched and the checking operation result meets the requirement, the fact that the keyword exists in the target data is indicated, and a verification result is fed back to the receiving terminal according to an encryption protocol.
8. The method of claim 7, wherein performing a check operation on the first check value and the second check value to match a check result with the verification set of the subset comprises:
the first check formula of the first check value y and the second check value m is:
the second check formula for the second check value m is:
m×m -1 ≡1 mod q
m -1 representing an inverse operation on the second check value, z being the check result, c being the received ciphertext tag, q representing the order of the cyclic group in the encryption parameter.
9. A subset-based private data verification method for a receiving terminal, the method comprising:
establishing a key exchange channel with a sending terminal, and generating a first key based on a key exchange protocol; the first key is a shared key between the transmitting and receiving ends;
acquiring a private key issued by a key generation center, and generating a convergence trapdoor based on the first key and a subset of a keyword space appointed by the sending terminal; communication connections are established between the key generation center and the sending terminal, between the receiving terminal and the gateway server;
and uploading the aggregation trapdoor to a gateway server, so that the gateway server decrypts and checks the ciphertext label uploaded by the aggregation trapdoor and the sending terminal and receives a check result issued by the gateway server.
10. The method of claim 9, wherein the obtaining of the encryption parameter and the private key issued by the key generation center and the generating of the aggregation trapdoor based on the first key and the subset of the keyword space agreed with the sending terminal comprises:
forming the first key and the private key into a second key tuple;
obtaining a hash function in the encryption parameters, calculating ciphertext hash values of all keywords in the subset based on the second key tuple, and determining the product of all the ciphertext hash values as a first hash value tau 0 (ii) a The calculation formula is as follows:
w i is the ith key in the subset, is the private key in the second key tuple, and is a positive integer,
is the ciphertext hash value of the ith key,
the first key in the second key tuple;
respectively calculating the ratio of the first hash value to all the ciphertext hash values, and combining the second hash values of the ratio into a verification set tau'; the verification set is represented as:
τ i the ratio of the first hash value to the ith ciphertext hash value is shown, n is the total number of the keywords, and i is less than or equal to n;
composing the first hash value and a validation set into the aggregated trapdoor τ w =(τ 0 ,τ′)。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211000771.1A CN115333845B (en) | 2022-08-19 | 2022-08-19 | Privacy data verification method based on subset |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211000771.1A CN115333845B (en) | 2022-08-19 | 2022-08-19 | Privacy data verification method based on subset |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115333845A true CN115333845A (en) | 2022-11-11 |
| CN115333845B CN115333845B (en) | 2024-04-12 |
Family
ID=83925228
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211000771.1A Active CN115333845B (en) | 2022-08-19 | 2022-08-19 | Privacy data verification method based on subset |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115333845B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116886268A (en) * | 2023-08-10 | 2023-10-13 | 云海链控股股份有限公司 | Data transmission verification method, device, equipment and computer readable storage medium |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106549753A (en) * | 2016-10-18 | 2017-03-29 | 电子科技大学 | The encipherment scheme that a kind of support ciphertext of identity-based compares |
| CN108092766A (en) * | 2017-11-30 | 2018-05-29 | 深圳大学 | A kind of cipher text searching method for verifying authority and its system |
| CN108256348A (en) * | 2017-11-30 | 2018-07-06 | 深圳大学 | A kind of cipher text searching result verification method and its system |
| CN108390760A (en) * | 2018-01-12 | 2018-08-10 | 电子科技大学 | Public key keyword can search for encryption method end to end in a kind of cloud data transmission |
| CN109086615A (en) * | 2018-08-03 | 2018-12-25 | 上海海事大学 | A kind of support multiple key search public key encryption method of anti-keyword guessing attack |
| CN110602064A (en) * | 2019-08-29 | 2019-12-20 | 河海大学 | Identity-based encryption method and system supporting multi-keyword search |
| CN111786790A (en) * | 2020-06-09 | 2020-10-16 | 河海大学 | Privacy protection identity-based encryption method and system with keyword search function |
| CN112861153A (en) * | 2021-02-10 | 2021-05-28 | 华中科技大学 | Keyword searchable delay encryption method and system |
| CN113330712A (en) * | 2018-11-13 | 2021-08-31 | 蓝捕快股份公司 | Encryption system and method using permutation group-based encryption technology |
| WO2021208690A1 (en) * | 2020-11-11 | 2021-10-21 | 平安科技(深圳)有限公司 | Method and apparatus for data encryption and decryption, device, and storage medium |
| CN114124371A (en) * | 2021-10-27 | 2022-03-01 | 杭州师范大学 | Certificateless public key searchable encryption method meeting MTP (Multi-time programmable) security |
| CN114138823A (en) * | 2021-11-12 | 2022-03-04 | 山东云海国创云计算装备产业创新中心有限公司 | Encrypted file retrieval method and system |
| CN114142996A (en) * | 2021-11-18 | 2022-03-04 | 贵州大学 | Searchable encryption method based on SM9 cryptographic algorithm |
-
2022
- 2022-08-19 CN CN202211000771.1A patent/CN115333845B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106549753A (en) * | 2016-10-18 | 2017-03-29 | 电子科技大学 | The encipherment scheme that a kind of support ciphertext of identity-based compares |
| CN108092766A (en) * | 2017-11-30 | 2018-05-29 | 深圳大学 | A kind of cipher text searching method for verifying authority and its system |
| CN108256348A (en) * | 2017-11-30 | 2018-07-06 | 深圳大学 | A kind of cipher text searching result verification method and its system |
| CN108390760A (en) * | 2018-01-12 | 2018-08-10 | 电子科技大学 | Public key keyword can search for encryption method end to end in a kind of cloud data transmission |
| CN109086615A (en) * | 2018-08-03 | 2018-12-25 | 上海海事大学 | A kind of support multiple key search public key encryption method of anti-keyword guessing attack |
| CN113330712A (en) * | 2018-11-13 | 2021-08-31 | 蓝捕快股份公司 | Encryption system and method using permutation group-based encryption technology |
| CN110602064A (en) * | 2019-08-29 | 2019-12-20 | 河海大学 | Identity-based encryption method and system supporting multi-keyword search |
| CN111786790A (en) * | 2020-06-09 | 2020-10-16 | 河海大学 | Privacy protection identity-based encryption method and system with keyword search function |
| WO2021208690A1 (en) * | 2020-11-11 | 2021-10-21 | 平安科技(深圳)有限公司 | Method and apparatus for data encryption and decryption, device, and storage medium |
| CN112861153A (en) * | 2021-02-10 | 2021-05-28 | 华中科技大学 | Keyword searchable delay encryption method and system |
| US20220255744A1 (en) * | 2021-02-10 | 2022-08-11 | Huazhong University Of Science And Technology | Method of time-delay encryption with keyword search and system using the same |
| CN114124371A (en) * | 2021-10-27 | 2022-03-01 | 杭州师范大学 | Certificateless public key searchable encryption method meeting MTP (Multi-time programmable) security |
| CN114138823A (en) * | 2021-11-12 | 2022-03-04 | 山东云海国创云计算装备产业创新中心有限公司 | Encrypted file retrieval method and system |
| CN114142996A (en) * | 2021-11-18 | 2022-03-04 | 贵州大学 | Searchable encryption method based on SM9 cryptographic algorithm |
Non-Patent Citations (4)
| Title |
|---|
| KEITA EMURA; LE TRIEU PHONG; YOHEI WATANABE: "Keyword Revocable Searchable Encryption with Trapdoor Exposure Resistance and Re-generateability", 《IEEE》, 3 November 2015 (2015-11-03) * |
| LEI XU, CHENGZHI XU, JIANGHUA LIU, BENNIAN DOU, XIAOCAN JIN: "Enabling privacy-preserving data validation from multi-writer encryption with aggregated keywords search", 《WIRELESS NETWORKS》, 31 August 2022 (2022-08-31) * |
| 冒海波;李永忠;: "云环境下个人医疗信息的密文检索方法研究", 计算机应用与软件, no. 09, 15 September 2017 (2017-09-15) * |
| 郭丽峰;李智豪;胡磊;: "面向云存储的带关键词搜索的公钥加密方案", 计算机研究与发展, no. 07, 7 July 2020 (2020-07-07) * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116886268A (en) * | 2023-08-10 | 2023-10-13 | 云海链控股股份有限公司 | Data transmission verification method, device, equipment and computer readable storage medium |
| CN116886268B (en) * | 2023-08-10 | 2024-04-26 | 云海链控股股份有限公司 | Data transmission verification method, device, equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115333845B (en) | 2024-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Agrawal et al. | PASTA: password-based threshold authentication | |
| CN112106322B (en) | Password-based threshold token generation | |
| CN107124268A (en) | A kind of privacy set common factor computational methods for resisting malicious attack | |
| CN102780698A (en) | User terminal safety communication method in platform of Internet of Things | |
| CN111416715B (en) | Quantum secret communication identity authentication system and method based on secret sharing | |
| CN107682152B (en) | Group key negotiation method based on symmetric cipher | |
| Mishra et al. | A pairing-free identity based authentication framework for cloud computing | |
| Wang et al. | Provably secure and efficient identification and key agreement protocol with user anonymity | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN111416710A (en) | Certificateless searchable encryption method and system applied to multiple receiving ends | |
| CN111049738B (en) | E-mail data security protection method based on hybrid encryption | |
| CN116527279A (en) | Verifiable federal learning device and method for secure data aggregation in industrial control network | |
| González Vasco et al. | Group key establishment in a quantum-future scenario | |
| Sun et al. | Privacy-aware and security-enhanced efficient matchmaking encryption | |
| CN103051457A (en) | Method for establishing safety communication of network groups | |
| CN115333845B (en) | Privacy data verification method based on subset | |
| Castiglione et al. | An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update | |
| CN109889329A (en) | Anti- quantum calculation wired home quantum communications method and system based on quantum key card | |
| US11240661B2 (en) | Secure simultaneous authentication of equals anti-clogging mechanism | |
| Li et al. | A general compiler for password-authenticated group key exchange protocol | |
| CN114884700B (en) | Searchable public key encryption batch processing method and system for resisting key guessing attack | |
| CN110519219A (en) | A kind of password authentication key exchange method and system based on lattice | |
| Mehta et al. | Group authentication using paillier threshold cryptography | |
| CN116055136A (en) | Secret sharing-based multi-target authentication method | |
| Schliep et al. | Consistent synchronous group off-the-record messaging with sym-gotr |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |