CN109450623A - Anti- quantum calculation cryptographic key negotiation method based on unsymmetrical key pond - Google Patents
Anti- quantum calculation cryptographic key negotiation method based on unsymmetrical key pond Download PDFInfo
- Publication number
- CN109450623A CN109450623A CN201811202610.4A CN201811202610A CN109450623A CN 109450623 A CN109450623 A CN 109450623A CN 201811202610 A CN201811202610 A CN 201811202610A CN 109450623 A CN109450623 A CN 109450623A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- pond
- keys
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000004364 calculation method Methods 0.000 title claims abstract description 16
- 239000000284 extract Substances 0.000 claims description 2
- 239000000203 mixture Substances 0.000 claims 1
- 238000004891 communication Methods 0.000 abstract description 3
- 238000005194 fractionation Methods 0.000 description 4
- 230000001502 supplementing effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond, including a group, the group includes a plurality of clients, pool of keys is stored in the quantum key card that each user terminal is configured, the pool of keys includes one's own side's private key pond and the public key pond of other members of group, and it interacts to obtain equal arranging key by each side's parameter and one's own side's pool of keys, and then realize the key agreement of user terminal two-by-two.Quantum key card is independent hardware isolated equipment, substantially reduce Malware or a possibility that malicious operation steals key, it will not be obtained and be cracked by quantum computer, in group, key agreement is realized using asymmetric key exchange mode between object, the key for realizing communicating pair is shared, other objects are unable to get corresponding shared key, have ensured communication security of the communicating pair in group.
Description
Technical field
The present invention relates to public-key cryptosystems and unsymmetrical key pool technology, and in particular to field is Diffie-Hellman.
The present invention is the Internet Key Exchange realized in group between communicating pair.
Background technique
The Internet of rapid development brings huge convenience to people's lives, work, and people can be sitting in family
It sent and received e-mail, made a phone call by Internet, carrying out the activities such as shopping online, bank transfer.The network information security simultaneously
It is increasingly becoming a potential huge problem.In general the network information is faced with following several security risks: the network information
It is stolen, information is tampered, attacker palms off information, malicious sabotage etc..
The key technology of the current guarantee network information security is exactly cryptographic technique, and in field of cryptography of today, it is main
Will there are two types of cryptographic system, first is that symmetric key cryptosystem, i.e. encryption key and decruption key use it is same.The other is
Public key cryptosystem, i.e. encryption key and decruption key difference, one of them can be disclosed.
The safety of symmetric key cryptosystem relies on following two factor.First, Encryption Algorithm must be it is sufficiently strong,
Being based only on ciphertext itself and removing solution confidential information is impossible in practice;Second, the safety of encryption method is from key
Secret, rather than the secret of algorithm.The problem of symmetric encryption system maximum be key distribution and management it is extremely complex,
It is of a high price.Symmetric encipherment algorithm, which has another disadvantage that, is not easily accomplished digital signature.So in current mobile e-business
Encryption Algorithm realization in field depends primarily on RSA arithmetic.
The encryption key pair (public key) and decryption key (private key) that Public Key Cryptographic Systems uses are different.Due to encryption
Key be it is disclosed, the distribution of key and management are just very simple, and Public Key Cryptographic Systems can also be easily carried out number
Signature.
Since public key encryption comes out, scholars propose many kinds of public key encryption methods, their safety is all base
In complicated difficult math question.Classified according to the difficult math question being based on, have following three classes system be presently believed to be safety and
It is effective: big integer factorization system (representative to have RSA), Discrete log systems (representative to have DSA) and ellipse from
It dissipates Logarithmic system (ECC).
But with the development of quantum computer, classical asymmetric-key encryption algorithm will be no longer safe, no matter encryption and decryption
Or private key can be calculated in key exchange method, quantum computer by public key, therefore currently used asymmetric close
Key will become cannot withstand a single blow in the quantum epoch.
Summary of the invention
A kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond, including a group, group's packet
A plurality of clients are included, pool of keys is stored in the quantum key card that each user terminal is configured, the pool of keys includes one's own side's private key
Pond and the public key pond of other members of group, and by each side's parameter and one's own side's pool of keys interact to obtain equal negotiation close
Key, and then realize the key agreement of user terminal two-by-two.
The description of quantum key card is visible, and application No. is the patents of " 201610843210.6 ".It is close when for mobile terminal
Key card is preferably key SD card;When for fixed terminal, key card is preferably key USB key or host key board.
Each user terminal has quantum key card in group in the present embodiment, can store the key of big data quantity,
The ability for having processing information.The quantum key card side of issuing is the supervisor side of key card, the generally administrative department of group, such as
The administrative department of certain enterprise or public institution;The member that the key card side of being awarded is managed by the supervisor side of key card, generally
The employees at different levels of certain enterprise or public institution.Supervisor side's application that user terminal arrives key card first is opened an account.When user terminal is infused
After volume registration is granted, key card will be obtained (there is unique key card ID).Key card stores client enrollment register information, also
It is built-in with identity authentication protocol, includes at least key schedule and verification function or other calculations relevant to authentication
Method.User side key in key card is all downloaded from down the same cipher key management services station, and to the supervisor side of the same key card
For, the pool of keys stored in each key card for issuing is completely the same.Preferably, the pool of keys stored in key card
Size can be 1G, 2G, 4G, 8G, 16G, 32G, 64G, 128G, 256G, 512G, 1024G, 2048G, 4096G etc..Its capacity
Requirement depending on supervisor side to safety, capacity is bigger, and safety is higher.
In group the pool of keys number of each user terminal be group in all members number, i.e., one itself private key it is close
Key pond (private key pond) and the corresponding public-key cryptographic keys pond (public key pond) of other each group members, such as Fig. 1.Each pool of keys data volume is
1GB or more.
Preferably, arranging key is combined by other side's public key of each user terminal one's own side private key and corresponding key agreement user terminal
It generates.
Preferably, the generating mode of each user terminal one's own side private key includes: one's own side's parameter and unsymmetrical key pointer letter
Number combines and obtains private key position indicator pointer, extracts one's own side's private key in one's own side's private key pond using the private key position indicator pointer
Preferably, it includes: close using the correspondence that the counterpart keys, which negotiate the generating mode of other side's public key of user terminal,
Key negotiates user terminal parameter and generates the corresponding public key position of counterpart keys negotiation user terminal with unsymmetrical key pointer function in conjunction with to refer to
Needle generates other side's public affairs that the counterpart keys negotiate user terminal using the public key position indicator pointer in conjunction with corresponding public-key cryptographic keys pond
Key.
Preferably, the key card is issued by Key Management server, and the Key Management server is established asymmetric close
The group of key pond body system, and corresponding private key pond is generated according to number of members in group and is generated simultaneously with private key pond one by one
Corresponding public-key cryptographic keys pond.
Preferably, the private key pond is made of the true random number of designated length one by one;The public-key cryptographic keys pond by
Public key data forms one by one, and the private key in corresponding private key pond is corresponding.
Preferably, public key is obtained according to parameter defined in Key Management server and private key in the public-key cryptographic keys pond,
Wherein the private key in the private key pond by extracting.
Preferably, user A and user B realizes that the key agreement step of user terminal two-by-two includes:
The pool of keys of one's own side is generated the side's A private key by user A in conjunction with the side's A parameter, and the side's A parameter is sent to user B;
User B generates the side's A public key using the side's the A parameter combination one's own side's pool of keys obtained;
The pool of keys of one's own side is generated the side's B private key by user B in conjunction with the side's B parameter;
User B generates the side's B arranging key using the side's B private key and the side's A public key, and the side's B parameter is sent user A;
User A generates the side's B public key using the side's the B parameter obtained in conjunction with one's own side's pool of keys;
User A generates the side's A arranging key using the side's B public key and the side's A private key;
Wherein, the side's A arranging key and the side's B arranging key are equal, mutually referred to as symmetric key.
In the present embodiment, all there is the algorithm of corresponding demand in the local system of user A and user B.
The above-mentioned anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond, including a group, group's packet
A plurality of clients are included, pool of keys is stored in the quantum key card that each user terminal is configured, the pool of keys includes one's own side's private key
Pond and the public key pond of other members of group, and by each side's parameter and one's own side's pool of keys interact to obtain equal negotiation close
Key, and then realize the key agreement of user terminal two-by-two.Quantum key card is independent hardware isolated equipment, and it is soft to substantially reduce malice
A possibility that part or malicious operation steal key will not be obtained and be cracked by quantum computer, in group, use between object
Asymmetric key exchange mode realizes key agreement, and the key for realizing communicating pair is shared, other objects are unable to get accordingly
Shared key, ensured communication security of the communicating pair in group.
Detailed description of the invention
Fig. 1 is the distribution schematic diagram of pool of keys in the present invention;
Fig. 2 is that the key of embodiment 1 exchanges flow chart;
Fig. 3 is the schematic diagram of private key and public key generating process;
Fig. 4 is that the key of embodiment 2 exchanges flow chart.
Specific embodiment
The present invention realizes that scene is any two object in the group of a unsymmetrical key pond body system, such as user A
With user B.
Embodiment 1
For key card when supplementing pool of keys with money, Key Management server can specify one group identities of key card, and give group
ID in group.Key card can be written into the public-key cryptographic keys pond of other groups in the private key pond and group of itself.Key pipe
Server is managed when establishing the group of a unsymmetrical key pond body system, the private key that can generate corresponding number according to membership is close
Key pond generates and the one-to-one public-key cryptographic keys pond in private key pond simultaneously.Private key pond by designated length one by one it is true with
Machine array at.Public-key cryptographic keys pond is made of public key data one by one, and the private key in corresponding private key pond is corresponding.
Generating public key mode is the calculation in DH Diffie-Hellman.Key Management server defines a Big prime
P and several g, g are the primitive root of mould p.And a private key x in private key pond is taken to carry out that corresponding public key X=g is calculated
^x mod p.It is all generate public keys parameter p and g be same, and when supplementing key with money for key card can by parameter p with
G is written to the specific secure data area of key card.
Step 1.1: user A obtains private key and the relevant random number of cipher key location pointer is sent to user B
Step 1.1.1: user A generates a random number, and obtains Party A's private key by calculating and operation: user A is generated
One true random number r1, and the private key position indicator pointer kp1 of user A is calculated by unsymmetrical key pointer function fkp.User
A according to private key position indicator pointer from local system in private key pond take out Party A's private key kpri1.
Step 1.1.2: user A send it is specified count at random user B: user A one's own side's private key is generated it is relevant truly random
Number r1 is sent to user B.
Step 1.2: simultaneously public key is calculated in user B parsing message, generates one's own side's true random number and one's own side's private is calculated
Key.User B calculates arranging key and one's own side's random number is sent to user A.
Step 1.2.1: user B reception message simultaneously parses: the negotiation that user B receives the key exchange from user A disappears
It ceases and obtains true random number r1 ' by rule fractionation.
Step 1.2.2: user B calculating random number obtains one's own side's private key and Party A's public key: user B is logical by true random number r1 '
Cross the public key position indicator pointer kp1 ' that user A is calculated in unsymmetrical key pointer function fkp.User B is according to public key position indicator pointer
Party A's public key kpub1 is taken out from the public-key cryptographic keys pool of keys of the user A in local system.User B generates a true random number
R2, and pass through the identical private key position indicator pointer kp2 that user B is calculated.User B is according to private key position indicator pointer from local system
Party B's private key kpri2 is taken out in middle private key pond.Under normal circumstances, the pointer kp1 ' and user A that user B is calculated are calculated
Obtained pointer kp1 is identical.
Step 1.2.3: privacy key is calculated in user B: user B takes out parameter p from key card and calculate
To privacy key Kb=kpub1^kpri2 mod p.The privacy key Kb is the side's B arranging key.
Step 1.2.4: user B send it is specified count at random user A: user B one's own side's private key is generated it is relevant truly random
Number r2 is sent to user A.
Step 1.3: simultaneously Party B's public key is calculated in user A parsing message, and arranging key is finally calculated.
Step 1.3.1: user A reception message simultaneously parses: the negotiation that user A receives the key exchange from user B disappears
It ceases and obtains r2 ' by rule fractionation.
Step 1.3.2: user A calculating random number obtains Party B's public key: user A passes through true random number r2 ' asymmetric close
The public key position indicator pointer kp2 ' of user B is calculated in key pointer function fkp.User A is according to public key position indicator pointer from local system
In user B public-key cryptographic keys pool of keys in take out Party B's public key kpub2.
Step 1.3.3: privacy key is calculated in user A: user A takes out parameter p from key card and calculate
It is the side's A arranging key to privacy key Ka=kpub2^kpri1 mod p, the privacy key Ka.
The privacy key Ka and user B that user A is obtained obtain privacy key Kb and are equal to g^ (kpri1*kpri2) modp,
That is the side's A arranging key and the side's B arranging key is equal, mutually symmetrical key.
Embodiment 2
For key card when supplementing pool of keys with money, Key Management server can specify one group identities of key card, and give group
ID in group.Key card can be written into the public-key cryptographic keys pond of other groups in the private key pond and group of itself.Key pipe
Server is managed when establishing the group of a unsymmetrical key pond body system, the private key that can generate corresponding number according to membership is close
Key pond generates and the one-to-one public-key cryptographic keys pond in private key pond simultaneously.Private key pond by designated length one by one it is true with
Machine array at.Public-key cryptographic keys pond is made of public key data one by one, and the private key in corresponding private key pond is corresponding.
Generating public key mode is the calculation in ECDH Diffie-Hellman.Key Management server definition defines one
Prime number p > 3 simultaneously select two the nonnegative integer a and b for being less than p.Construct elliptic curve E:y2=x3+ax+b.Meet 4a simultaneously3+
27b2(mod p) ≠ 0, the rank n of the elliptic curve are prime number, and n ≠ p, n ≠ pk- 1,1≤k≤20.Server defines ellipse
Group Ep (a, b).Server picks out a first point, i.e. basic point P (x, y).Key Management server private key generated is small
With the true random number of prime number p.Key Management server takes a private key x in private key pond to carry out that corresponding public affairs are calculated
Key X=xP.All parameter Ep (a, b) and P (x, y) for generating public key are same, and when supplementing key with money for key card
Parameter Ep (a, b) and P (x, y) can be written to the specific secure data area of key card.
Step 2.1: user A obtains private key and the relevant random number of cipher key location pointer is sent to user B
Step 2.1.1: user A generates a random number, and obtains Party A's private key by calculating and operation: user A is generated
One true random number r1, and the private key position indicator pointer kp1 of user A is calculated by unsymmetrical key pointer function fkp.User
A according to private key position indicator pointer from local system in private key pond take out Party A's private key kpri1.
Step 2.1.2: user A send it is specified count at random user B: user A one's own side's private key is generated it is relevant truly random
Number r1 is sent to user B.
Step 2.2: simultaneously public key is calculated in user B parsing message, generates one's own side's true random number and one's own side's private is calculated
Key.User B calculates arranging key and one's own side's random number is sent to user A
Step 2.2.1: user B reception message simultaneously parses: the negotiation that user B receives the key exchange from user A disappears
It ceases and obtains true random number r1 ' by rule fractionation.
Step 2.2.2: user B calculating random number obtains one's own side's private key and Party A's public key: user B is logical by true random number r1 '
Cross the public key position indicator pointer kp1 ' that user A is calculated in unsymmetrical key pointer function fkp.User B is according to public key position indicator pointer
Party A's public key kpub1 is taken out from the public-key cryptographic keys pool of keys of the user A in local system.User B generates a true random number
R2, and pass through the identical private key position indicator pointer kp2 that user B is calculated.User B is according to private key position indicator pointer from local system
Party B's private key kpri2 is taken out in middle private key pond.Under normal circumstances, the pointer kp1 ' and user A that user B is calculated are calculated
Obtained pointer kp1 is identical.
Step 2.2.3: privacy key is calculated in user B: user B takes out parameter p from key card and calculate
To privacy key Kb=(kpub1) (kpri2).The privacy key Kb is the side's B arranging key.
Step 2.2.4: user B send it is specified count at random user A: user B one's own side's private key is generated it is relevant truly random
Number r2 is sent to user A.
Step 2.3: simultaneously Party B's public key is calculated in user A parsing message, and arranging key is finally calculated.
Step 2.3.1: user A reception message simultaneously parses: the negotiation that user A receives the key exchange from user B disappears
It ceases and obtains r2 ' by rule fractionation.
Step 2.3.2: user A calculating random number obtains Party B's public key: user A passes through true random number r2 ' asymmetric close
The public key position indicator pointer kp2 ' of user B is calculated in key pointer function fkp.User A is according to public key position indicator pointer from local system
In user B public-key cryptographic keys pool of keys in take out Party B's public key kpub2.
Step 2.3.3: privacy key is calculated in user A: user A takes out parameter p from key card and calculate
It is the side's A arranging key to privacy key Ka=(kpub2) (kpri1), the privacy key Ka.
The privacy key Ka that user A is obtained is equal with the privacy key Kb that user B is obtained, i.e. the side's A arranging key and association, the side B
Quotient's key is equal, mutually symmetrical key.
Quantum key card is developed from smart card techniques, be combined with real random number generator (preferably quantum with
Machine number generator), cryptological technique, the authentication of hardware security isolation technology and encryption and decryption product.Quantum key card it is interior
Embedding chip and operating system can provide the functions such as secure storage and the cryptographic algorithm of key.Due to its with independent data at
Reason ability and good safety, quantum key card become the safety barrier of private key and pool of keys.Each quantum key card
There is the protection of hardware PIN code, PIN code and hardware constitute two necessary factors that user uses key card.It is i.e. so-called that " double factor is recognized
Card ", user only have while obtaining the quantum key card and user's PIN code that save relevant authentication information, just can be with login system.
Even if the PIN code of user is leaked, as long as the key card that user holds is not stolen, the identity of legitimate user would not be imitated
It emits;If the quantum key card of user is lost, the person of picking up also cannot counterfeit the body of legitimate user due to not knowing user's PIN code
Part.
In the present embodiment, the quantum key card used is independent hardware isolated equipment.Public key, private key ginseng related to other
A possibility that counting the data safety area being stored in key card, stealing key by Malware or malicious operation substantially reduces,
It will not be obtained and be cracked by quantum computer.It is only the true of a computation key position indicator pointer due to transmitting data in a network
Random number, so to get the random number also meaningless by third party, a possibility that cracking the arranging key, is very low.In group
In, key agreement is realized using asymmetric key exchange mode between object, the key for realizing communicating pair is shared, other objects
It is unable to get corresponding shared key, has ensured communication security of the communicating pair in group.
Disclosed above is only the embodiment of the present invention, but the present invention is not limited to this, those skilled in the art
Various changes and modifications can be made to the invention without departing from the spirit and scope of the present invention.These obvious modification and variations are equal
Should belong to the present invention claims protection scope protection in.In addition, although being used some specific terms in this specification, this
A little terms merely for convenience of description, are not constituted the present invention any specifically limited.
Claims (8)
1. a kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond, which is characterized in that including a group, institute
Stating group includes a plurality of clients, and pool of keys is stored in the quantum key card that each user terminal is configured, and the pool of keys includes
One's own side's private key pond and the public key pond of other members of group, and by each side's parameter and one's own side's pool of keys interact to obtain equal
Arranging key, and then realize the key agreement of user terminal two-by-two.
2. a kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond according to claim 1, feature
It is, arranging key is combined by other side's public key of each user terminal one's own side private key and corresponding key agreement user terminal and generated.
3. a kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond according to claim 2, feature
It is, the generating mode of each user terminal one's own side private key includes: that one's own side's parameter obtains in conjunction with unsymmetrical key pointer function
Private key position indicator pointer extracts one's own side's private key in one's own side's private key pond using the private key position indicator pointer.
4. a kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond according to claim 2, feature
It is, the generating mode that the counterpart keys negotiate other side's public key of user terminal includes: to negotiate user using the counterpart keys
End parameter generates the corresponding public key position indicator pointer of counterpart keys negotiation user terminal with unsymmetrical key pointer function in conjunction with, utilizes the public affairs
Key position indicator pointer generates other side's public key that the counterpart keys negotiate user terminal in conjunction with corresponding public-key cryptographic keys pond.
5. a kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond according to claim 1, feature
It is, the key card is issued by Key Management server, and the Key Management server establishes unsymmetrical key pond body system
Group, and corresponding private key pond is generated according to number of members in group and is generated and the one-to-one public key in private key pond simultaneously
Pool of keys.
6. a kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond according to claim 5, feature
It is, the private key pond is made of the true random number of designated length one by one;The public-key cryptographic keys pond is by public key one by one
Private key in data composition, and corresponding private key pond is corresponding.
7. a kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond according to claim 6, feature
It is, public key is obtained according to parameter defined in Key Management server and private key in the public-key cryptographic keys pond, wherein the private
Key in the private key pond by extracting.
8. a kind of anti-quantum calculation cryptographic key negotiation method based on unsymmetrical key pond according to claim 1, feature
It is, user A and user B realizes that the key agreement step of user terminal two-by-two includes:
The pool of keys of one's own side is generated the side's A private key by user A in conjunction with the side's A parameter, and the side's A parameter is sent to user B;
User B generates the side's A public key using the side's the A parameter combination one's own side's pool of keys obtained;
The pool of keys of one's own side is generated the side's B private key by user B in conjunction with the side's B parameter;
User B generates the side's B arranging key using the side's B private key and the side's A public key, and the side's B parameter is sent user A;
User A generates the side's B public key using the side's the B parameter obtained in conjunction with one's own side's pool of keys;
User A generates the side's A arranging key using the side's B public key and the side's A private key;
Wherein, the side's A arranging key and the side's B arranging key are equal, mutually referred to as symmetric key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811202610.4A CN109450623A (en) | 2018-10-16 | 2018-10-16 | Anti- quantum calculation cryptographic key negotiation method based on unsymmetrical key pond |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811202610.4A CN109450623A (en) | 2018-10-16 | 2018-10-16 | Anti- quantum calculation cryptographic key negotiation method based on unsymmetrical key pond |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109450623A true CN109450623A (en) | 2019-03-08 |
Family
ID=65546145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811202610.4A Pending CN109450623A (en) | 2018-10-16 | 2018-10-16 | Anti- quantum calculation cryptographic key negotiation method based on unsymmetrical key pond |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109450623A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110086627A (en) * | 2019-04-22 | 2019-08-02 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and timestamp quantum communications service station cryptographic key negotiation method and system |
| CN110113152A (en) * | 2019-04-22 | 2019-08-09 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and digital signature quantum communications service station cryptographic key negotiation method and system |
| CN110138548A (en) * | 2019-04-22 | 2019-08-16 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system |
| CN110176989A (en) * | 2019-05-15 | 2019-08-27 | 如般量子科技有限公司 | Quantum communications service station identity identifying method and system based on unsymmetrical key pond |
| CN110176997A (en) * | 2019-05-15 | 2019-08-27 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and digital signature quantum communications service station AKA cryptographic key negotiation method and system, computer equipment |
| CN110266483A (en) * | 2019-06-25 | 2019-09-20 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and the quantum communications service station cryptographic key negotiation method of QKD, system, equipment |
| CN110380859A (en) * | 2019-05-30 | 2019-10-25 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and DH agreement quantum communications service station identity identifying method and system |
| CN110505055A (en) * | 2019-07-12 | 2019-11-26 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and key card outer net access identity authentication method and system |
| CN110519046A (en) * | 2019-07-12 | 2019-11-29 | 如般量子科技有限公司 | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD |
| CN110535632A (en) * | 2019-07-02 | 2019-12-03 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and DH agreement quantum communications service station AKA cryptographic key negotiation method and system |
| CN114362926A (en) * | 2020-09-30 | 2022-04-15 | 如般量子科技有限公司 | Quantum secret communication network key management communication system and method based on key pool |
| CN114980037A (en) * | 2021-02-20 | 2022-08-30 | 南京如般量子科技有限公司 | Group communication method and system based on asymmetric key pool with hierarchical structure |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110106769A1 (en) * | 2009-10-30 | 2011-05-05 | Cleversafe, Inc. | Distributed storage network that processes data in either fixed or variable sizes |
| US9178876B1 (en) * | 2011-10-20 | 2015-11-03 | Amazon Technologies, Inc. | Strength-based password expiration |
| CN106357396A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | Digital signature method, digital signature system and quantum key card |
| CN106452740A (en) * | 2016-09-23 | 2017-02-22 | 浙江神州量子网络科技有限公司 | Quantum communication service station, quantum key management device, key configuration network, and key configuration method |
| CN108476133A (en) * | 2015-12-11 | 2018-08-31 | 亚马逊科技有限公司 | Key exchange via a partially trusted third party |
| CN108599925A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on quantum communication network |
-
2018
- 2018-10-16 CN CN201811202610.4A patent/CN109450623A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110106769A1 (en) * | 2009-10-30 | 2011-05-05 | Cleversafe, Inc. | Distributed storage network that processes data in either fixed or variable sizes |
| US9178876B1 (en) * | 2011-10-20 | 2015-11-03 | Amazon Technologies, Inc. | Strength-based password expiration |
| CN108476133A (en) * | 2015-12-11 | 2018-08-31 | 亚马逊科技有限公司 | Key exchange via a partially trusted third party |
| CN106357396A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | Digital signature method, digital signature system and quantum key card |
| CN106452740A (en) * | 2016-09-23 | 2017-02-22 | 浙江神州量子网络科技有限公司 | Quantum communication service station, quantum key management device, key configuration network, and key configuration method |
| CN108599925A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on quantum communication network |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110113152A (en) * | 2019-04-22 | 2019-08-09 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and digital signature quantum communications service station cryptographic key negotiation method and system |
| CN110138548A (en) * | 2019-04-22 | 2019-08-16 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system |
| CN110086627A (en) * | 2019-04-22 | 2019-08-02 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and timestamp quantum communications service station cryptographic key negotiation method and system |
| CN110113152B (en) * | 2019-04-22 | 2023-09-01 | 如般量子科技有限公司 | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and digital signature |
| CN110138548B (en) * | 2019-04-22 | 2023-09-01 | 如般量子科技有限公司 | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol |
| CN110086627B (en) * | 2019-04-22 | 2023-08-04 | 如般量子科技有限公司 | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp |
| CN110176989A (en) * | 2019-05-15 | 2019-08-27 | 如般量子科技有限公司 | Quantum communications service station identity identifying method and system based on unsymmetrical key pond |
| CN110176997A (en) * | 2019-05-15 | 2019-08-27 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and digital signature quantum communications service station AKA cryptographic key negotiation method and system, computer equipment |
| CN110380859B (en) * | 2019-05-30 | 2022-10-14 | 如般量子科技有限公司 | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol |
| CN110380859A (en) * | 2019-05-30 | 2019-10-25 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and DH agreement quantum communications service station identity identifying method and system |
| CN110266483A (en) * | 2019-06-25 | 2019-09-20 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and the quantum communications service station cryptographic key negotiation method of QKD, system, equipment |
| CN110266483B (en) * | 2019-06-25 | 2023-06-06 | 如般量子科技有限公司 | Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD |
| CN110535632A (en) * | 2019-07-02 | 2019-12-03 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and DH agreement quantum communications service station AKA cryptographic key negotiation method and system |
| CN110535632B (en) * | 2019-07-02 | 2023-09-05 | 如般量子科技有限公司 | Quantum communication service station AKA key negotiation method and system based on asymmetric key pool pair and DH protocol |
| CN110519046A (en) * | 2019-07-12 | 2019-11-29 | 如般量子科技有限公司 | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD |
| CN110505055A (en) * | 2019-07-12 | 2019-11-26 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and key card outer net access identity authentication method and system |
| CN110519046B (en) * | 2019-07-12 | 2023-10-13 | 如般量子科技有限公司 | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD |
| CN114362926A (en) * | 2020-09-30 | 2022-04-15 | 如般量子科技有限公司 | Quantum secret communication network key management communication system and method based on key pool |
| CN114362926B (en) * | 2020-09-30 | 2024-04-09 | 如般量子科技有限公司 | Quantum secret communication network key management communication system and method based on key pool |
| CN114980037A (en) * | 2021-02-20 | 2022-08-30 | 南京如般量子科技有限公司 | Group communication method and system based on asymmetric key pool with hierarchical structure |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109450623A (en) | Anti- quantum calculation cryptographic key negotiation method based on unsymmetrical key pond | |
| Liao et al. | A secure dynamic ID based remote user authentication scheme for multi-server environment | |
| Tsai et al. | Novel anonymous authentication scheme using smart cards | |
| EP0691055B1 (en) | Two-way public key authentication and key agreement for low-cost terminals | |
| CN109728906B (en) | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool | |
| CN109921905B (en) | Anti-quantum computation key negotiation method and system based on private key pool | |
| CN109787758B (en) | Anti-quantum computation MQV key agreement method and system based on private key pool and Elgamal | |
| CN109064324A (en) | Method of commerce, electronic device and readable storage medium storing program for executing based on alliance's chain | |
| CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
| CN109818749A (en) | The point-to-point method for message transmission of anti-quantum calculation and system based on pool of symmetric keys | |
| CN109936456A (en) | Anti- quantum calculation digital signature method and system based on private key pond | |
| CN110505055A (en) | Based on unsymmetrical key pond to and key card outer net access identity authentication method and system | |
| CN110535626A (en) | The quantum communications service station secret communication method and system of identity-based | |
| CN109495244A (en) | Anti- quantum calculation cryptographic key negotiation method based on pool of symmetric keys | |
| CN109728905B (en) | Anti-quantum computation MQV key negotiation method and system based on asymmetric key pool | |
| CN110380859B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol | |
| CN109905229B (en) | Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool | |
| CN109905236B (en) | Anti-quantum computing Elgamal encryption and decryption method and system based on private key pool | |
| Kumar et al. | A secure and privacy-preserving signature protocol using quantum teleportation in metaverse environment | |
| US20040120519A1 (en) | Method for enhancing security of public key encryption schemas | |
| CN110213056A (en) | Anti- quantum calculation energy-saving communication method and system and computer equipment based on online static signature | |
| CN110519226A (en) | Quantum communications server-side secret communication method and system based on unsymmetrical key pond and implicit certificate | |
| CN110768782B (en) | Anti-quantum computation RFID authentication method and system based on asymmetric key pool and IBS | |
| CN110266483B (en) | Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD | |
| Sarkar et al. | A multi-instance cancelable fingerprint biometric based secure session key agreement protocol employing elliptic curve cryptography and a double hash function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190308 |