CN1192543C - Encryption key exchange method based on public key centificate on elliptic curve - Google Patents

Encryption key exchange method based on public key centificate on elliptic curve Download PDF

Info

Publication number
CN1192543C
CN1192543C CNB031166202A CN03116620A CN1192543C CN 1192543 C CN1192543 C CN 1192543C CN B031166202 A CNB031166202 A CN B031166202A CN 03116620 A CN03116620 A CN 03116620A CN 1192543 C CN1192543 C CN 1192543C
Authority
CN
China
Prior art keywords
key
elliptic curve
sig
exchange method
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB031166202A
Other languages
Chinese (zh)
Other versions
CN1455542A (en
Inventor
朱华飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CNB031166202A priority Critical patent/CN1192543C/en
Publication of CN1455542A publication Critical patent/CN1455542A/en
Application granted granted Critical
Publication of CN1192543C publication Critical patent/CN1192543C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Landscapes

  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention discloses a secret key exchange method based on public key certificates on an elliptic curve. The secret key exchange method is a session secret key exchange method which proceeds from the problem of discrete logarithms on an elliptic curve and a Diffie-Hellman secret key exchange protocol with the assistance of anti-collision hash functions, public key certificates and digital signatures. The secret key exchange method has provable safety and high operation speed.

Description

On a kind of elliptic curve based on the key exchange method of public key certificate
Technical field
The present invention relates to maintain secrecy or the key exchange method of secure communication, on specifically a kind of elliptic curve based on the key exchange method of public key certificate.
Background technology
Evincible cryptographic algorithm of fail safe and communication protocol are cryptographic important and difficult research topics, and communication security is maintained secrecy and studied around seeking stronger better cryptographic system and launching.Traditional cryptographic system is single key owing to what use when encryption and decryption, in case encryption key is revealed, whole cryptographic system has just lost effect.Therefore exposed increasing defective in actual applications, but since the symmetric key system to have an enciphering rate more faster than public key encryption speed, into have advantage in that mass data is encrypted.Therefore, just produce a kind of mixed encryption method, combined their advantage, promptly used public key encryption system transmission session key, carried out the encryption and decryption of information with session key.Bellovin has designed a kind of method of using symmetry and public key cryptography simultaneously, and this method is encrypted the public-key cryptography that produces at random with cipher key shared.But the EKE agreement has a serious defective, and it needs both sides all to know a shared password P, has limited the scope of communication so greatly.
Summary of the invention
The objective of the invention is to carry on a kind of elliptic curve of arch based on the key exchange method of public key certificate, is discrete logarithm problem from the elliptic curve, is aided with anti-collision hash function, the method for the session key exchange of public key certificate and digital signature.
The concrete steps of the technical solution used in the present invention are as follows:
Because cipher key change is exactly the exchanges of both sides by mutual realization session key, also is related to the identity validation that exchanges both sides.Therefore, it is very natural introducing the user certificate data of representing user identity in cipher key change.Because digital certificate can effectively show subject identity, thereby we obtain a key exchange method based on digital certificate.X.509, the internal form of digital certificate is stipulated that by CCITT it must comprise the information content of the following aspects: the version number of certificate; The sequence number of digital certificate; Certificate owner's name; Signature algorithm; Issue the unit of digital certificate; Issue the signature of the unit of digital certificate; The term of validity of secret key etc. is disclosed. these information are called certificate data (Certificate-data).The concrete steps of key exchange method of the present invention are as follows:
1. system parameters (Fq, E, a P have been defined, n, H), wherein Fq is a finite field, the territory be characterized as big prime number q, E is the elliptic curve on the Fq, P is a rational point on the E, as basic point, the rank of P are prime number n, and H is anti-collision hash function, system parameters (Fq, E, P, n, H) public by one group of user.
2. need the both sides of interchange key to be made as A and B, share the exchange of session key by mutual realization, system parameters be (Fq, E, P, n, H) step of cipher key change is as follows:
(a) A picked at random 1<r a<n calculates u 1=r aP, and (u 1, sig A(u 1)) send to B;
(b) the signature u of B checking A 1, Sig A(u 1), be not inconsistent then termination as signature, otherwise picked at random 1<r b<n calculates u 2=r bP, and u 2, sig B(u 1, u 2) send to A, calculating K=H (cert-data, r bu 1) as session key.
(c) A certifying signature sig B(u 1, u 2), if sign incorrect then the exchange termination, otherwise calculating K=H (cert-data, r au 2), as session key;
The present invention compares the beneficial effect that has with background technology: discrete logarithm problem and the Diffie-Hellman IKE of the present invention from the elliptic curve, be aided with anti-collision hash function, the session key exchange method of public key certificate and digital signature.It has evincible fail safe, and has arithmetic speed faster.
Embodiment
When the present invention is used for cipher key change, suppose that user A thinks and communicating by letter that user B maintains secrecy, need on unsafe channel, carry out the transmission of secret meeting words key.In this method, user A and user B use an elliptic curve jointly, and it is as follows to provide an elliptic curve here:
E:y 2=x 3+ax+b?mod?n
Wherein E is an ellipse garden curve, and a, b are the coefficient of ellipse garden curve, and (x y) is point on the curve of ellipse garden.
Following p is a big prime number, and q is big prime number, and p=2q+1, chooses qualified p and q, can obtain the basic point seedE of ellipse garden curve, and r, a, b are ellipse garden curves of selecting, and n is an ellipse garden order of a curve, selects the ellipse garden curvilinear system of h=1.
p=6277101735386680763835789423207666416083908700390324961279;
seedE=0x3045ae6fc8422f64ed579528d38120eae12196d5;
r=0x3099d2bbbfcb2538542dcd5fb078b6ed5f3d6fe2c745de65;
a=-3;
b=0x64210519e59c80e70fa7e9ab72243049feb8deeccl46b9b1;
h=1
The rank of elliptic curve are:
n=6277101735386680763835789423176059013767194773182842284081;
It is a prime number.
Rank are that the basic point of n is being chosen for of P:
P=(xG, yG) wherein
xG=0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012;
yG=0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811;
User A picked at random 1<w<n calculates u=wP, and (u, sig a(u)) send to B.User B operates according to the step of this method, carries out signature verification, if signature is correct, then picked at random 1<x<n calculates y=xP, and (u, y, Sig b(u, y)) sends to A, and calculating K=(cert-data is xu) as session key.User A certifying signature (u, y, sig b(u, y)), if sign incorrect promptly stop the exchange, otherwise calculating K=H (cert-data is wy) as session key.

Claims (1)

  1. On the elliptic curve based on the key exchange method of public key certificate, discrete logarithm difficult problem from elliptic curve is supposed, be aided with the collision hash function, public key certificate (certificate-date) and digital signature method carry out the method for session key exchange, it is characterized in that:
    1) system parameters (Fq, E, a P have been defined, n, H), wherein Fq is a finite field, the territory be characterized as big prime number q, E is the elliptic curve on the Fq, P is a rational point on the E, as basic point, the rank of P are prime number n, and H is anti-collision hash function, system parameters (Fq, E, P, n, H) open public by one group of user;
    2) need the both sides of interchange key to be made as A and B, share the exchange of session key by mutual realization, system parameters be (Fq, E, P, n, H), the step of cipher key change is as follows:
    (a) A picked at random 1<r a<n calculates u 1=r aP, and (u 1, sig A(u 1)) send to B;
    (b) the signature u of B checking A 1, Sig A(u 1), be not inconsistent then termination as signature, otherwise picked at random 1<r b<n calculates u 2=r bP, and u 2, sig B(u 1, u 2) send to A, calculating K=H (cert-data, r bu 1) as session key;
    (c) A certifying signature sig B(u 1, u 2), if sign incorrect then the exchange termination, otherwise calculating K=H (cert-data, r au 2), as session key.
CNB031166202A 2003-04-23 2003-04-23 Encryption key exchange method based on public key centificate on elliptic curve Expired - Fee Related CN1192543C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031166202A CN1192543C (en) 2003-04-23 2003-04-23 Encryption key exchange method based on public key centificate on elliptic curve

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB031166202A CN1192543C (en) 2003-04-23 2003-04-23 Encryption key exchange method based on public key centificate on elliptic curve

Publications (2)

Publication Number Publication Date
CN1455542A CN1455542A (en) 2003-11-12
CN1192543C true CN1192543C (en) 2005-03-09

Family

ID=29260054

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031166202A Expired - Fee Related CN1192543C (en) 2003-04-23 2003-04-23 Encryption key exchange method based on public key centificate on elliptic curve

Country Status (1)

Country Link
CN (1) CN1192543C (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296072B (en) * 2007-04-29 2011-11-09 四川虹微技术有限公司 Sharing cryptographic key generation method of elliptic curve
CN101197668B (en) * 2007-12-06 2010-08-18 上海交通大学 Elliptic curve anti-bypass attack method based on randomizing multiplication with symbol scalar
CN111106937A (en) * 2019-12-31 2020-05-05 深圳职业技术学院 Secret key exchange method of double-channel exchange super-singular elliptic curve algorithm based on random prime number

Also Published As

Publication number Publication date
CN1455542A (en) 2003-11-12

Similar Documents

Publication Publication Date Title
WO2020087805A1 (en) Trusted authentication method employing two cryptographic values and chaotic encryption in measurement and control network
Krawczyk SIGMA: The ‘SIGn-and-MAc’approach to authenticated Diffie-Hellman and its use in the IKE protocols
WO2018225053A1 (en) Digital signing by utilizing multiple distinct signing keys, distributed between two parties
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
EP2334008A1 (en) A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN107566128A (en) A kind of two side's distribution SM9 digital signature generation methods and system
CN110020524B (en) Bidirectional authentication method based on smart card
CN101064610A (en) Identity authentication process
CN110278088A (en) A kind of SM2 collaboration endorsement method
CN104301108A (en) Signcryption method based from identity environment to certificateless environment
CN1277365C (en) High performance and quick public pin encryption
CN113268542A (en) Block chain rewriting method and system based on multi-party authorization
Jain et al. A Comparison Based Approach on Mutual Authentication and Key Agreement Using DNA Cryptography
CN114448641A (en) Privacy encryption method, electronic equipment, storage medium and chip
Rabah Elliptic curve elgamal encryption and signature schemes
CN117278330B (en) Lightweight networking and secure communication method for electric power Internet of things equipment network
Baee et al. The Security of “2FLIP” Authentication Scheme for VANETs: Attacks and Rectifications
CN117879833A (en) Digital signature generation method based on improved elliptic curve
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN1192543C (en) Encryption key exchange method based on public key centificate on elliptic curve
CN110149205B (en) Method for protecting Internet of things terminal by using block chain
CN112436942A (en) Attribute-based/identity-based heterogeneous revocable signcryption method
KR20080005344A (en) System for authenticating user's terminal based on authentication server
Oh et al. How to solve key escrow and identity revocation in identity-based encryption schemes
CN110324357A (en) Data transmission method for uplink and device, data receiver method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C14 Grant of patent or utility model
GR01 Patent grant
C19 Lapse of patent right due to non-payment of the annual fee
CF01 Termination of patent right due to non-payment of annual fee