[go: up one dir, main page]

CN114065247B - Quantum digital mixing signcryption method - Google Patents

Quantum digital mixing signcryption method Download PDF

Info

Publication number
CN114065247B
CN114065247B CN202111353954.7A CN202111353954A CN114065247B CN 114065247 B CN114065247 B CN 114065247B CN 202111353954 A CN202111353954 A CN 202111353954A CN 114065247 B CN114065247 B CN 114065247B
Authority
CN
China
Prior art keywords
key
hash function
signcryption
polynomial
plaintext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111353954.7A
Other languages
Chinese (zh)
Other versions
CN114065247A (en
Inventor
尹华磊
翁晨洵
富尧
陈增兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University
Matrix Time Digital Technology Co Ltd
Original Assignee
Nanjing University
Matrix Time Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University, Matrix Time Digital Technology Co Ltd filed Critical Nanjing University
Priority to CN202111353954.7A priority Critical patent/CN114065247B/en
Publication of CN114065247A publication Critical patent/CN114065247A/en
Application granted granted Critical
Publication of CN114065247B publication Critical patent/CN114065247B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提出一种量子数字混合签密方法,包括签密方与接收方和验签方进行密钥协商,执行签密操作,接收方和验签方对混合签名进行验证。本发明所述方法采用将明文消息、明文摘要和不可约多项式除最高项以外每一项的系数构成的字符串进行混合的方式来实现对明文消息的加密效果,这一方案无需使用额外的密钥对明文消息进行加密,有效节约了密钥资源且达到了传输过程中不直接出现明文消息的效果,同时改进了签密过程中使用的哈希函数,使得接收方和验签方在验证之前无法提前得到生成哈希函数的不可约多项式,进一步保证了整个签密过程的安全性。

The present invention proposes a quantum digital hybrid signcryption method, including a signer negotiating a key with a receiver and a verifier, performing a signcryption operation, and the receiver and the verifier verifying the hybrid signature. The method of the present invention achieves the encryption effect of the plaintext message by mixing a plaintext message, a plaintext summary, and a character string consisting of coefficients of each term except the highest term of an irreducible polynomial. This scheme does not require the use of an additional key to encrypt the plaintext message, effectively saves key resources, and achieves the effect that the plaintext message does not appear directly during the transmission process. At the same time, the hash function used in the signcryption process is improved, so that the receiver and the verifier cannot obtain the irreducible polynomial for generating the hash function in advance before verification, further ensuring the security of the entire signcryption process.

Description

一种量子数字混合签密方法A quantum digital hybrid signcryption method

技术领域Technical Field

本发明涉及量子安全技术领域,更具体地说,涉及一种量子数字混合签密方法。The present invention relates to the field of quantum security technology, and more specifically, to a quantum digital hybrid signcryption method.

背景技术Background technique

加密和数字签名是保证机密性、完整性、真实性和不可抵赖性的两种基本加密工具。直到1997年,它们仍然被认为是各种密码系统的重要但完全不同的组成部分。在非对称密钥体系中,传统的方法是先对消息进行数字签名,然后再对输出进行加密(sign-then-encryption),这种叠加方案的效率低、成本高,且存在任意一种方案都不能保证安全性的情况。Encryption and digital signatures are two basic cryptographic tools that ensure confidentiality, integrity, authenticity, and non-repudiation. Until 1997, they were still considered important but completely different components of various cryptographic systems. In asymmetric key systems, the traditional method is to digitally sign the message first and then encrypt the output (sign-then-encryption). This superposition scheme is inefficient and costly, and there are situations where neither scheme can guarantee security.

签密是一种相对较新密码学技术,1997年,Yuliang Zheng提出了第一个签密方案。Zheng还提出了一种基于椭圆曲线的签名加密方案,与传统的基于椭圆曲线签名再加密方案相比,该方案可节省58%的计算量和40%的通信成本。与传统的sign-then-encryption方案相比,签密可以在一个逻辑步骤内完成数字签名和加密的功能,有效地减少计算力消耗和通信损耗,以一种更高效的方式同时提供了数字签名和加密方案的特性。Signcryption is a relatively new cryptographic technology. In 1997, Yuliang Zheng proposed the first signcryption scheme. Zheng also proposed a signature encryption scheme based on elliptic curves, which can save 58% of the computational effort and 40% of the communication cost compared to the traditional elliptic curve-based signature-and-encryption scheme. Compared with the traditional sign-then-encryption scheme, signcryption can complete the functions of digital signature and encryption in one logical step, effectively reducing the consumption of computing power and communication loss, and providing the characteristics of digital signature and encryption schemes in a more efficient way.

目前通用的数字签密方案大多基于非对称密钥体系,它的安全性基于未证明的数学计算难题,随着经典计算力的快速提升以及量子算法的爆炸式地发展,攻击者暴力破解各种签密算法也在不远的将来成为可能,现有的数字签密方案的安全性已经不能够满足当前快速发展的数字化社会中在验证消息真实性的同时保证消息安全的要求。Currently, most common digital signcryption schemes are based on asymmetric key systems, and their security is based on unproven mathematical calculation problems. With the rapid improvement of classical computing power and the explosive development of quantum algorithms, it will be possible for attackers to brute force various signcryption algorithms in the near future. The security of existing digital signcryption schemes can no longer meet the requirements of ensuring message security while verifying the authenticity of messages in the current rapidly developing digital society.

综上,现有的经典数字签密方案的安全性并不能够满足当前快速发展的数字化社会的要求,此外,对长消息进行签密时,现有的方案也存在着密钥长度过长、过多、资源利用率过低、系统兼容性差、计算复杂度快速上升等缺点,在这种情况下,找到一种高效的并且无条件安全的量子数字签密方案显得尤为重要和急迫。In summary, the security of existing classical digital signcryption schemes cannot meet the requirements of the current rapidly developing digital society. In addition, when signing long messages, existing schemes also have shortcomings such as too long and too many keys, too low resource utilization, poor system compatibility, and rapidly increasing computational complexity. In this case, it is particularly important and urgent to find an efficient and unconditionally secure quantum digital signcryption scheme.

发明内容Summary of the invention

1.要解决的技术问题1. Technical problems to be solved

现阶段的经典数字签密协议的安全性受到极大的威胁,诸多早期的哈希函数和公钥算法已经被攻破,不再安全,尤其是未来量子计算机的出现也将对目前的数字签密协议的算法安全性构成致命威胁。同时,传统的签密方案中,需要对传递的明文消息进行加密,这将消耗一个额外的加密密钥,占据额外的通信资源。为解决上述问题,本发明提出了一种量子数字混合签密方法。The security of the current classical digital signcryption protocol is under great threat. Many early hash functions and public key algorithms have been broken and are no longer safe. In particular, the emergence of quantum computers in the future will also pose a fatal threat to the algorithm security of the current digital signcryption protocol. At the same time, in the traditional signcryption scheme, the transmitted plaintext message needs to be encrypted, which will consume an additional encryption key and occupy additional communication resources. In order to solve the above problems, the present invention proposes a quantum digital hybrid signcryption method.

2.技术方案2. Technical solution

本发明提出一种量子数字混合签密方法,所述方法包括:The present invention proposes a quantum digital hybrid signcryption method, the method comprising:

签密方与接收方进行密钥协商,各自分别获得第一哈希函数密钥和第一密钥,签密方与验签方进行密钥协商,各自分别获得第二哈希函数密钥和第二密钥;The signatory party negotiates keys with the receiving party, and each obtains a first Hash function key and a first key respectively; the signatory party negotiates keys with the signature verification party, and each obtains a second Hash function key and a second key respectively;

签密方利用协商出的密钥对消息明文进行混合签密操作,将得到的混合签名发送给接收方;The signer uses the negotiated key to perform a hybrid signcryption operation on the message plaintext and sends the obtained hybrid signature to the recipient;

接收方将收到的混合签名和其与签密方协商出的两组密钥发送给验签方;The receiver sends the received mixed signature and the two sets of keys negotiated with the signer to the verifier;

验签方将其与签密方协商出的两组密钥发送给接收方;The verification party sends the two sets of keys negotiated between it and the encryption party to the receiving party;

接收方和验签方分别对混合签名进行签密验证,双方都验证通过时,签密成功,否则重新执行签密过程。The receiver and the verifier perform signcryption verification on the hybrid signature respectively. If both parties pass the verification, the signcryption is successful. Otherwise, the signcryption process is executed again.

进一步的,所述混合签密操作包括如下步骤:Furthermore, the hybrid signcryption operation includes the following steps:

(1)签密方从本地获取一组随机数用于生成一个不可约多项式;(1) The signatory obtains a set of random numbers from the local computer to generate an irreducible polynomial;

(2)签密方利用与接收方和验签方协商出的第一哈希函数密钥和第二哈希函数密钥得到签密方的用于生成哈希函数的第三哈希函数密钥;(2) The signatory obtains the signatory's third Hash function key for generating a Hash function by using the first Hash function key and the second Hash function key negotiated with the recipient and the verifier;

(3)签密方选择不可约多项式和第三哈希函数密钥生成基于线性移位寄存器的哈希函数;(3) The signer selects an irreducible polynomial and a third hash function key to generate a hash function based on a linear shift register;

(4)签密方使用所述哈希函数对明文消息进行哈希运算,得到明文摘要;(4) The signatory uses the hash function to perform a hash operation on the plaintext message to obtain a plaintext summary;

(5)签密方将明文消息、明文摘要和不可约多项式中除最高项以外每一项的系数组成的字符串按照预设的规则进行混合,得到混合摘要;(5) The signatory mixes the plaintext message, the plaintext summary, and the character string consisting of the coefficients of each term except the highest term in the irreducible polynomial according to a preset rule to obtain a mixed summary;

(6)签密方利用与接收方和验签方协商出的第一密钥和第二密钥得到签密方的用于加密的第三密钥;(6) The signatory obtains the signatory's third key for encryption using the first key and the second key negotiated with the recipient and the verifier;

(7)签密方使用第三密钥对混合摘要进行无条件安全加密,得到混合签名。(7) The signatory uses the third key to unconditionally and securely encrypt the mixed digest to obtain a mixed signature.

进一步的,所述不可约多项式的生成过程为:Furthermore, the generation process of the irreducible polynomial is:

1)首先,依次用随机数的每一位对应多项式中除最高项以外每一项的系数,生成一个GF(2)域中的多项式,最高项的系数为1;1) First, use each bit of the random number to correspond to the coefficient of each term in the polynomial except the highest term, and generate a polynomial in the GF(2) field, where the coefficient of the highest term is 1;

2)然后,验证此多项式是否为不可约多项式,若验证结果为“否”,则从签密方的本地重新获取另一组随机数,作为新的随机数返回步骤1)重新生成多项式并验证;若验证结果为“是”,则停止验证,得到不可约多项式。2) Then, verify whether the polynomial is an irreducible polynomial. If the verification result is "no", obtain another set of random numbers from the local of the signatory party and return to step 1) as new random numbers to regenerate the polynomial and verify it; if the verification result is "yes", stop the verification and obtain an irreducible polynomial.

进一步的,所述验证多项式是否为不可约多项式的方法为:Furthermore, the method for verifying whether a polynomial is an irreducible polynomial is:

依次验证是否成立,其中表示对取整,若对所有的i均验证通过,则p(x)是GF(2)上的n阶不可约多项式;其中gcd(f(x),g(x))表示GF(2)上f(x)和g(x)的最大公因式,f(x)和g(x)指两个任意多项式。Verify in sequence Is it established? Express Round up. If the verification is passed for all i, then p(x) is an irreducible polynomial of order n over GF(2); where gcd(f(x), g(x)) represents the greatest common divisor of f(x) and g(x) over GF(2), and f(x) and g(x) are two arbitrary polynomials.

进一步的,所述验证多项式是否为不可约多项式的方法为:Furthermore, the method for verifying whether a polynomial is an irreducible polynomial is:

验证条件(1)(2)是否同时成立,其中表示的余式和x mod p(x)的余式相同,d是n的任意素因子,gcd(f(x),g(x))表示GF(2)上f(x)和g(x)的最大公因式,f(x)和g(x)指两个任意多项式,当同时满足这两个验证条件时,则p(x)是GF(2)上的n阶不可约多项式。Verification conditions(1) (2) Whether it is established at the same time, express The remainder of is the same as the remainder of x mod p(x), d is an arbitrary prime factor of n, gcd(f(x), g(x)) represents the greatest common divisor of f(x) and g(x) over GF(2), f(x) and g(x) are two arbitrary polynomials, and when both verification conditions are met, then p(x) is an irreducible polynomial of order n over GF(2).

进一步的,所述在步骤1)之前,若随机数的最后一位为0,则令随机数的最后一位为1;或若n位随机数的最后一位为0,则重新生成随机数直至生成的随机数最后一位为1。Furthermore, before step 1), if the last digit of the random number is 0, the last digit of the random number is set to 1; or if the last digit of the n-digit random number is 0, a random number is regenerated until the last digit of the generated random number is 1.

进一步的,所述哈希函数为基于线性移位寄存器的托普利兹矩阵哈希函数。Furthermore, the hash function is a Toeplitz matrix hash function based on a linear shift register.

进一步的,所述签密验证包括如下步骤:Furthermore, the signcryption verification includes the following steps:

(1)接收方和验签方根据各自拥有的第一哈希函数密钥和第二哈希函数密钥得到第四哈希函数密钥,根据第一密钥和第二密钥得到第四密钥;(1) The receiving party and the signature verifier obtain a fourth Hash function key based on the first Hash function key and the second Hash function key respectively possessed by them, and obtain a fourth key based on the first key and the second key;

(2)接收方和验签方使用各自得到的第四密钥对混合签名进行解密,得到混合摘要;(2) The recipient and the verifier use their respective fourth keys to decrypt the mixed signature and obtain a mixed digest;

(3)将混合摘要按照预设规则进行分离,得到明文消息、逆明文摘要和不可约多项式中除最高项以外每一项的系数组成的字符串;(3) Separating the mixed summary according to a preset rule to obtain a string consisting of the plaintext message, the inverse plaintext summary, and the coefficients of each term in the irreducible polynomial except the highest term;

(4)将字符串的每一位对应多项式中除最高项以外每一项的系数,生成一个最高项系数为1的不可约多项式;(4) Corresponding each bit of the string to the coefficient of each term in the polynomial except the highest term, generates an irreducible polynomial whose highest term coefficient is 1;

(5)使用所述不可约多项式和第三哈希函数密钥得到基于线性移位寄存器的哈希函数;(5) obtaining a linear shift register-based hash function using the irreducible polynomial and a third hash function key;

(6)利用所述哈希函数对明文消息进行哈希运算,得到顺明文摘要;(6) performing a hash operation on the plaintext message using the hash function to obtain a plaintext digest;

(7)判断顺明文摘要与逆明文摘要是否相等,若相等则接受签名,否则拒绝签名。(7) Determine whether the forward plaintext digest and the reverse plaintext digest are equal. If they are equal, accept the signature; otherwise, reject the signature.

进一步的,本发明中所述明文消息的长度为m,第一哈希函数密钥和第二哈希函数密钥的长度为n,第一密钥和第二密钥的长度为2n+m。Furthermore, in the present invention, the length of the plaintext message is m, the length of the first hash function key and the second hash function key is n, and the length of the first key and the second key is 2n+m.

3.有益效果3. Beneficial effects

相比于现有技术,本发明的优点在于:Compared with the prior art, the advantages of the present invention are:

(1)本发明提出的一种量子数字混合签密方法,采用的是混合的方式达到对所需传输明文消息进行加密的效果,无需额外消耗加密密钥,极大的节约了密钥资源,降低了三方处理过程的操作复杂度;(1) The quantum digital hybrid signcryption method proposed in the present invention adopts a hybrid method to achieve the effect of encrypting the required plaintext message for transmission, without consuming additional encryption keys, greatly saving key resources and reducing the operational complexity of the three-party processing process;

(2)本发明提出的一种量子数字混合签密方法,它的无条件安全性是由信息学理论证明的一次一密和基于不固定不可约多项式的一次一哈希技术保障。执行签密过程所使用的哈希函数的安全性由不可约多项式和哈希函数密钥共同来确保,而不可约多项式依赖于签密方本地的随机数,在签密过程之前不会被接收方和验签方提前知道,保证了整个签密过程的安全性;(2) The present invention proposes a quantum digital hybrid signcryption method, whose unconditional security is guaranteed by the one-time-one-key technology proven by information theory and the one-time-one-hash technology based on non-fixed irreducible polynomials. The security of the hash function used in the signcryption process is jointly ensured by the irreducible polynomial and the hash function key. The irreducible polynomial depends on the local random number of the signer, which will not be known in advance by the recipient and the verifier before the signcryption process, thus ensuring the security of the entire signcryption process;

(3)采用本发明所述的签密方法,可以对任意长度的消息进行签密,具有较高的效率和安全性。(3) The signcryption method described in the present invention can be used to signcrypt messages of any length with high efficiency and security.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为混合签密的流程示意图。FIG1 is a schematic diagram of the hybrid signcryption process.

具体实施方式Detailed ways

根据密码学的共识,本发明所提出的一种量子数字混合签密方案有三个参与方:签密方Alice,接收方Bob以及验签方Charlie,分别记为A、B、C,需要传递的明文消息为M,长度为m。According to the consensus of cryptography, a quantum digital hybrid signcryption scheme proposed in the present invention has three participants: the signer Alice, the receiver Bob and the verifier Charlie, denoted as A, B and C respectively. The plaintext message to be transmitted is M, and its length is m.

下面结合说明书附图和具体的实施例,对本发明作详细描述。The present invention is described in detail below in conjunction with the accompanying drawings and specific embodiments.

本发明提出一种量子数字混合签密方法的具体过程如图1所示,包括如下步骤:The specific process of a quantum digital hybrid signcryption method proposed in the present invention is shown in FIG1 , and includes the following steps:

1、签密方A与接收方B进行密钥协商,各自分别获得第一哈希函数密钥Lab和第一密钥Rab,签密方A与验签方C进行密钥协商,各自分别获得第二哈希函数密钥Lac和第二密钥Rac;其中第一哈希函数密钥Lab和第二哈希函数密钥Lac的长度为n,第一密钥Rab和第二密钥Rac的长度为2n+m;在实际使用中,n的长度为128已经足以保证整个签密过程的安全性。1. The signer A and the receiver B perform key negotiation, and each obtains the first hash function key Lab and the first key Rab respectively. The signer A and the verifier C perform key negotiation, and each obtains the second hash function key Lac and the second key Rac respectively. The length of the first hash function key Lac and the second hash function key Lac is n, and the length of the first key Rab and the second key Rac is 2n+m. In actual use, the length of n is 128, which is sufficient to ensure the security of the entire signcryption process.

2、签密方A利用协商出的密钥对消息明文进行混合签密操作,具体如下:2. Signer A uses the negotiated key to perform a hybrid signcryption operation on the message plaintext, as follows:

(1)签密方A从本地获取一组长度为n的随机数k用于生成一个不可约多项式p(x),具体为:(1) The signatory A obtains a set of random numbers k of length n from the local computer to generate an irreducible polynomial p(x), which is:

首先,依次用n位随机数k的每一位对应多项式中除最高项以外每一项的系数,生成一个GF(2)域中的n阶多项式,最高项的系数为1;例如,随机数k=(an-1,an-2,...,a1,a0),则生成的多项式为p(x)=xn+an-1xn-1+…+a1x+a0;优选地,只有当a0=1时,生成的多项式才有可能是不可约多项式,因此,为减少后期验证不可约多项式时的计算量,可以先对n位随机数k进行判断:若a0=0,则令a0=1,再生成一个GF(2)域中的n阶不可约多项式;或若a0=0,则重新生成一个n位随机数,直至生成的随机数最后一位为1,再用新生成的随机数生成一个GF(2)域中的n阶不可约多项式;这样能减少后期验证不可约多项式时的计算量,最后使得a0=1,生成的多项式为p(x)=xn+an-1xn-1+…+a1x+1;First, use each bit of the n-bit random number k to correspond to the coefficient of each term in the polynomial except the highest term, and generate an n-order polynomial in the GF(2) field, where the coefficient of the highest term is 1; for example, the random number k = ( an-1 , an-2 , ..., a1 , a0 ), then the generated polynomial is p(x) = xn + an-1 xn-1 + ... + a1 x + a0 ; preferably, only when a0 = 1, the generated polynomial may be an irreducible polynomial. Therefore, in order to reduce the amount of calculation in the subsequent verification of the irreducible polynomial, the n-bit random number k can be judged first: if a0 = 0, then let a0 = 1, and then generate an n-order irreducible polynomial in the GF( 2 ) field; or if a0 = 1, then let a0 = 1, and then generate an n-order irreducible polynomial in the GF(2) field; =0, then regenerate an n-bit random number until the last bit of the generated random number is 1, and then use the newly generated random number to generate an n-order irreducible polynomial in the GF(2) field; this can reduce the amount of calculation when verifying the irreducible polynomial later, and finally make a 0 =1, and the generated polynomial is p(x) = x n + a n-1 x n-1 +…+a 1 x+1;

然后,验证此多项式是否为不可约多项式,若验证结果为“否”,则从发送端的随机数发生器直接生成n位的另一组随机数,将此随机数作为新的n位随机数返回前述步骤重新生成多项式并验证;若验证结果为“是”,则停止验证,得到不可约多项式p(x)。Then, verify whether this polynomial is an irreducible polynomial. If the verification result is "no", directly generate another set of n-bit random numbers from the random number generator at the sending end, and return this random number as a new n-bit random number to the previous step to regenerate the polynomial and verify it; if the verification result is "yes", stop the verification and obtain the irreducible polynomial p(x).

验证此处的不可约多项式有多种方法,优选我们在本发明中提到的两种方法:There are many ways to verify the irreducible polynomial here, and the two methods mentioned in this invention are preferred:

方法一:依次验证是否成立,其中表示对取整,若对所有的i均验证通过,则p(x)是GF(2)上的n阶不可约多项式;其中gcd(f(x),g(x))表示GF(2)上f(x)和g(x)的最大公因式,f(x)和g(x)指两个任意多项式。Method 1: Verify one by one Is it established? Express Round up. If the verification is passed for all i, then p(x) is an irreducible polynomial of order n over GF(2); where gcd(f(x), g(x)) represents the greatest common divisor of f(x) and g(x) over GF(2), and f(x) and g(x) are two arbitrary polynomials.

方法二:验证条件(1)(2)是否同时成立,其中表示的余式和x mod p(x)的余式相同,d是n的任意素因子,gcd(f(x),g(x))表示GF(2)上f(x)和g(x)的最大公因式,f(x)和g(x)指两个任意多项式,当同时满足这两个验证条件时,则p1(x)是GF(2)上的n阶不可约多项式。Method 2: Verification conditions (1) (2) Whether it is established at the same time, express The remainder of is the same as the remainder of x mod p(x), d is an arbitrary prime factor of n, gcd(f(x), g(x)) represents the greatest common divisor of f(x) and g(x) over GF(2), f(x) and g(x) are two arbitrary polynomials, and when both verification conditions are met, then p 1 (x) is an irreducible polynomial of order n over GF(2).

一般地,取n=2k,因此条件(2)中只需要取d=2。可选地,取n=27=128。由于此方法只需要验证这两个条件,我们采用Fast modular composition算法来快速得到替换条件(2)的进行计算,通过降低阶数的方法来更快的得到计算结果。Generally, n = 2 k , so in condition (2) only d = 2 is needed. Alternatively, n = 2 7 = 128. Since this method only needs to verify these two conditions, we use the Fast modular composition algorithm to quickly obtain and use Replace condition (2) Perform calculations and obtain results faster by reducing the order.

(2)签密方A利用与接收方B和验签方C协商出的第一哈希函数密钥Lab和第二哈希函数密钥Lac得到签密方的用于生成哈希函数的第三哈希函数密钥La,本实施例优选一次一密的异或操作,即 (2) The signer A uses the first hash function key Lab and the second hash function key Lac negotiated with the receiver B and the verifier C to obtain the signer's third hash function key La for generating the hash function. In this embodiment, a one-time-one-key XOR operation is preferred, that is,

(3)签密方A选择不可约多项式p(x)和第三哈希函数密钥La生成基于线性移位寄存器的哈希函数优选的,本实施例选择基于线性移位寄存器的托普利兹矩阵(LFSR-Toeplitz)哈希函数(3) The signatory A selects the irreducible polynomial p(x) and the third hash function key La to generate a hash function based on a linear shift register: Preferably, this embodiment selects a linear shift register based Toeplitz matrix (LFSR-Toeplitz) hash function

(4)签密方A使用该哈希函数对明文消息M进行哈希运算,得到明文摘要digest;(4) Signatory A uses this hash function Perform a hash operation on the plaintext message M to obtain the plaintext digest;

(5)签密方A将明文消息M、明文摘要digest和不可约多项式中除最高项以外每一项的系数组成的字符串str1按照预设的规则进行混合,得到混合摘要Mdigest,其中Mdigest=(M,digest,str1),这里预设的规则可以是签密方A、接收方B和验签方C提前商定;(5) The signer A mixes the plaintext message M, the plaintext digest digest, and the string str1 consisting of the coefficients of each term except the highest term in the irreducible polynomial according to a preset rule to obtain a mixed digest Mdigest, where Mdigest = (M, digest, str1). The preset rule here can be agreed upon in advance by the signer A, the receiver B, and the verifier C.

(6)签密方A利用与接收方B和验签方C协商出的第一密钥Rab和第二密钥Rac得到用于加密的第三密钥Ra,第三密钥Ra的长度为m+2n;(6) Encryptor A uses the first key Rab and the second key Rac negotiated with receiver B and verifier C to obtain the third key Ra for encryption. The length of the third key Ra is m+2n.

(7)签密方A使用第三密钥Ra对混合摘要Mdigest进行无条件安全的加密,这里采用异或操作,得到混合签名sig,即 (7) Signatory A uses the third key Ra to unconditionally and securely encrypt the mixed digest Mdigest, using an exclusive OR operation to obtain the mixed signature sig, that is,

3、签密方A将得到的混合签名sig发送给接收方B;3. Signature party A sends the obtained mixed signature sig to recipient B;

4、接收方B收到混合签名sig后,将收到的混合签名sig和其与签密方A协商出的第一哈希函数密钥Lab和第一密钥Rab发送给验签方C;4. After receiving the mixed signature sig, the receiver B sends the mixed signature sig and the first hash function key L ab and the first key R ab negotiated with the signer A to the verifier C;

5、验签方C收到接收方B发送的信息后,将其与签密方A协商出的第二哈希函数密钥Lac和第二密钥Rac发送给接收方B;5. After receiving the information sent by the recipient B, the signature verifier C sends the second hash function key Lac and the second key Rac negotiated with the signer A to the recipient B;

其中接收方B和验签方C之间互相发送信息是通过的经认证的经典信道,防止被篡改。The information sent between the receiver B and the signature verifier C is transmitted through an authenticated classic channel to prevent tampering.

6、接收方B和验签方C分别对混合签名进行签密验证,这两方的验证过程一样,故本实施例中以接收方B的验证过程为例,具体说明签密验证的过程。具体如下:6. The recipient B and the signature verifier C perform signcryption verification on the hybrid signature respectively. The verification process of the two parties is the same, so this embodiment takes the verification process of the recipient B as an example to specifically illustrate the process of signcryption verification. The details are as follows:

(1)经过前面的步骤4和5之后,接收方B拥有了自己本身与签密方A协商出来的第一哈希函数密钥Lab、第一密钥Rab以及验签方C发送过来的第二哈希函数密钥Lac和第二密钥Rac,采用与签密方A相同的处理方法,使用第一哈希函数密钥Lab和第二哈希函数密钥Lac得到用于生成哈希函数的第四哈希函数密钥La′,使用第一密钥Rab和第二密钥Rac得到用于解密的第四密钥Ra′;(1) After the above steps 4 and 5, the receiver B has the first hash function key Lab and the first key Rab negotiated between itself and the signer A, as well as the second hash function key Lac and the second key Rac sent by the signer C. The receiver B uses the same processing method as the signer A to obtain the fourth hash function key La ' for generating the hash function using the first hash function key Lab and the second hash function key Lac , and obtains the fourth key Ra ' for decryption using the first key Rab and the second key Rac .

(2)接收方B使用第四密钥Ra′对收到的混合签名sig进行解密,得到混合摘要Mdigest;(2) The receiver B uses the fourth key Ra ' to decrypt the received mixed signature sig to obtain the mixed digest Mdigest;

(3)将混合摘要Mdigest按照预设规则进行分离,得到明文消息M、逆明文摘要digestb′和不可约多项式中除最高项以外每一项的系数组成的字符串str1;(3) Separate the mixed digest Mdigest according to a preset rule to obtain a string str1 consisting of the plaintext message M, the inverse plaintext digest digest b′ , and the coefficients of each term in the irreducible polynomial except the highest term;

(4)将字符串str1的每一位对应多项式中除最高项以外每一项的系数,生成一个最高项系数为1的不可约多项式p(x)′;(4) Correspond each bit of the string str1 to the coefficient of each term in the polynomial except the highest term, and generate an irreducible polynomial p(x)′ whose highest term coefficient is 1;

(5)使用不可约多项式p(x)′和第四哈希函数密钥La′得到基于线性移位寄存器的哈希函数 (5) Using the irreducible polynomial p(x)′ and the fourth hash function key La ′, we obtain the linear shift register-based hash function

(6)利用哈希函数对明文消息M进行哈希运算,得到顺明文摘要digestb(6) Using hash functions Perform a hash operation on the plaintext message M to obtain the plaintext digest b ;

(7)判断顺明文摘要digestb与逆明文摘要digestb′是否相等,若相等,则接收方B接受签名,否则拒绝签名。(7) Determine whether the plaintext digest b is equal to the reverse plaintext digest b′ . If they are equal, the recipient B accepts the signature; otherwise, the signature is rejected.

验签方C执行与接收方B相同的方法进行签密的验证,仅当接收方B和验签方C均验证通过,接受签名的时候,才能视作整个签密过程成功,否则,只要有乙方不接受,则签密过程失败,需要重新进行签密过程。The signature verifier C performs the same method as the receiver B to verify the signcryption. Only when both the receiver B and the signature verifier C pass the verification and accept the signature, can the entire signcryption process be considered successful. Otherwise, as long as Party B does not accept it, the signcryption process fails and needs to be repeated.

经过上述过程后,接收方B已经可以获取到签密方需要发送的明文信息M,而在整个的传输过程中,无需使用额外的密钥对明文进行加密,也可以使得在整个信息传输过程中不单独出现明文,使用混合签密这一方法极大的节约了密钥资源,减少了签密方进行加密和接收方进行解密的过程,降低了处理过程的操作复杂度。After the above process, the receiver B can already obtain the plaintext information M that the signer needs to send. During the entire transmission process, there is no need to use an additional key to encrypt the plaintext, and the plaintext does not appear separately during the entire information transmission process. The use of the hybrid signcryption method greatly saves key resources, reduces the encryption process by the signer and the decryption process by the receiver, and reduces the operational complexity of the processing process.

本发明方案中采用的基于线性移位寄存器的哈希函数可以对任意长度的消息进行签密,因此实现了对长消息的签密,具有较高的效率和安全性。The hash function based on the linear shift register used in the solution of the present invention can signencrypt messages of any length, thereby realizing the signencryption of long messages with high efficiency and security.

Claims (8)

1.一种量子数字混合签密方法,其特征在于,所述方法包括:1. A quantum digital hybrid signcryption method, characterized in that the method comprises: 签密方与接收方进行密钥协商,各自分别获得第一哈希函数密钥和第一密钥,签密方与验签方进行密钥协商,各自分别获得第二哈希函数密钥和第二密钥;The signatory party negotiates keys with the receiving party, and each obtains a first Hash function key and a first key respectively; the signatory party negotiates keys with the signature verification party, and each obtains a second Hash function key and a second key respectively; 签密方利用协商出的密钥对消息明文进行混合签密操作,将得到的混合签名发送给接收方;The signer uses the negotiated key to perform a hybrid signcryption operation on the message plaintext and sends the obtained hybrid signature to the recipient; 接收方将收到的混合签名和其与签密方协商出的两组密钥发送给验签方;The receiver sends the received mixed signature and the two sets of keys negotiated with the signer to the verifier; 验签方将其与签密方协商出的两组密钥发送给接收方;The verification party sends the two sets of keys negotiated between it and the encryption party to the receiving party; 接收方和验签方分别对混合签名进行签密验证,双方都验证通过时,签密成功,否则重新执行签密过程;The receiver and the verifier perform signcryption verification on the hybrid signature respectively. If both parties pass the verification, the signcryption is successful. Otherwise, the signcryption process is executed again. 其中,所述混合签密操作包括如下步骤:The hybrid signcryption operation includes the following steps: (1)签密方从本地获取一组随机数用于生成一个不可约多项式;(1) The signatory obtains a set of random numbers from the local computer to generate an irreducible polynomial; (2)签密方利用与接收方和验签方协商出的第一哈希函数密钥和第二哈希函数密钥得到签密方的用于生成哈希函数的第三哈希函数密钥;(2) The signatory obtains the signatory's third Hash function key for generating a Hash function by using the first Hash function key and the second Hash function key negotiated with the recipient and the verifier; (3)签密方选择不可约多项式和第三哈希函数密钥生成基于线性移位寄存器的哈希函数;(3) The signer selects an irreducible polynomial and a third hash function key to generate a hash function based on a linear shift register; (4)签密方使用所述哈希函数对明文消息进行哈希运算,得到明文摘要;(4) The signatory uses the hash function to perform a hash operation on the plaintext message to obtain a plaintext summary; (5)签密方将明文消息、明文摘要和不可约多项式中除最高项以外每一项的系数组成的字符串按照预设的规则进行混合,得到混合摘要;(5) The signatory mixes the plaintext message, the plaintext summary, and the character string consisting of the coefficients of each term except the highest term in the irreducible polynomial according to a preset rule to obtain a mixed summary; (6)签密方利用与接收方和验签方协商出的第一密钥和第二密钥得到签密方的用于加密的第三密钥;(6) The signatory obtains the signatory's third key for encryption using the first key and the second key negotiated with the recipient and the verifier; (7)签密方使用第三密钥对混合摘要进行无条件安全加密,得到混合签名。(7) The signatory uses the third key to unconditionally and securely encrypt the mixed digest to obtain a mixed signature. 2.根据权利要求1所述的一种量子数字混合签密方法,其特征在于,所述不可约多项式的生成过程为:2. A quantum digital hybrid signcryption method according to claim 1, characterized in that the generation process of the irreducible polynomial is: 1)首先,依次用随机数的每一位对应多项式中除最高项以外每一项的系数,生成一个GF(2)域中的多项式,最高项的系数为1;1) First, use each bit of the random number to correspond to the coefficient of each term in the polynomial except the highest term, and generate a polynomial in the GF(2) field, where the coefficient of the highest term is 1; 2)然后,验证此多项式是否为不可约多项式,若验证结果为“否”,则从签密方的本地重新获取另一组随机数,作为新的随机数返回步骤1)重新生成多项式并验证;若验证结果为“是”,则停止验证,得到不可约多项式。2) Then, verify whether the polynomial is an irreducible polynomial. If the verification result is "no", obtain another set of random numbers from the local of the signatory party and return to step 1) as new random numbers to regenerate the polynomial and verify it; if the verification result is "yes", stop the verification and obtain an irreducible polynomial. 3.根据权利要求2所述的一种量子数字混合签密方法,其特征在于,验证多项式是否为不可约多项式的方法为:3. A quantum digital hybrid signcryption method according to claim 2, characterized in that the method for verifying whether a polynomial is an irreducible polynomial is: 依次验证gcd(p(x),x2i-x)=1是否成立,其中 表示对取整,若对所有的i均验证通过,则p(x)是GF(2)上的n阶不可约多项式;其中gcd(f(x),g(x))表示GF(2)上f(x)和g(x)的最大公因式,f(x)和g(x)指两个任意多项式。Verify in sequence whether gcd(p(x),x 2i -x) = 1 holds, where Express Round up. If the verification is passed for all i, then p(x) is an irreducible polynomial of order n over GF(2); where gcd(f(x), g(x)) represents the greatest common divisor of f(x) and g(x) over GF(2), and f(x) and g(x) are two arbitrary polynomials. 4.根据权利要求2所述的一种量子数字混合签密方法,其特征在于,验证多项式是否为不可约多项式的方法为:4. A quantum digital hybrid signcryption method according to claim 2, characterized in that the method for verifying whether a polynomial is an irreducible polynomial is: 验证条件1:条件2:是否同时成立,其中表示的余式和xmodp(x)的余式相同,d是n的任意素因子,gcd(f(x),g(x))表示GF(2)上f(x)和g(x)的最大公因式,f(x)和g(x)指两个任意多项式,当同时满足这两个验证条件时,则p(x)是GF(2)上的n阶不可约多项式。Verification condition 1: Condition 2: Whether it is established at the same time, express The remainder of is the same as the remainder of xmodp(x), d is an arbitrary prime factor of n, gcd(f(x), g(x)) represents the greatest common divisor of f(x) and g(x) over GF(2), f(x) and g(x) are two arbitrary polynomials, and when both verification conditions are met, then p(x) is an irreducible polynomial of order n over GF(2). 5.根据权利要求2所述的一种量子数字混合签密方法,其特征在于,在步骤1)之前,若随机数的最后一位为0,则令随机数的最后一位为1;或若n位随机数的最后一位为0,则重新生成随机数直至生成的随机数最后一位为1。5. A quantum digital hybrid signcryption method according to claim 2, characterized in that, before step 1), if the last digit of the random number is 0, the last digit of the random number is set to 1; or if the last digit of the n-digit random number is 0, a random number is regenerated until the last digit of the generated random number is 1. 6.根据权利要求1所述的一种量子数字混合签密方法,其特征在于,所述哈希函数为基于线性移位寄存器的托普利兹矩阵哈希函数。6. A quantum digital hybrid signcryption method according to claim 1, characterized in that the hash function is a Toeplitz matrix hash function based on a linear shift register. 7.根据权利要求1所述的一种量子数字混合签密方法,其特征在于,所述签密验证包括如下步骤:7. A quantum digital hybrid signcryption method according to claim 1, characterized in that the signcryption verification comprises the following steps: (1)接收方和验签方根据各自拥有的第一哈希函数密钥和第二哈希函数密钥得到第四哈希函数密钥,根据第一密钥和第二密钥得到第四密钥;(1) The receiving party and the signature verifier obtain a fourth Hash function key based on the first Hash function key and the second Hash function key respectively possessed by them, and obtain a fourth key based on the first key and the second key; (2)接收方和验签方使用各自得到的第四密钥对混合签名进行解密,得到混合摘要;(2) The recipient and the verifier use their respective fourth keys to decrypt the mixed signature and obtain a mixed digest; (3)将混合摘要按照预设规则进行分离,得到明文消息、逆明文摘要和不可约多项式中除最高项以外每一项的系数组成的字符串;(3) Separating the mixed summary according to a preset rule to obtain a string consisting of the plaintext message, the inverse plaintext summary, and the coefficients of each term in the irreducible polynomial except the highest term; (4)将字符串的每一位对应多项式中除最高项以外每一项的系数,生成一个最高项系数为1的不可约多项式;(4) Corresponding each bit of the string to the coefficient of each term in the polynomial except the highest term, generates an irreducible polynomial whose highest term coefficient is 1; (5)使用所述不可约多项式和第三哈希函数密钥得到基于线性移位寄存器的哈希函数;(5) obtaining a linear shift register-based hash function using the irreducible polynomial and a third hash function key; (6)利用所述哈希函数对明文消息进行哈希运算,得到顺明文摘要;(6) performing a hash operation on the plaintext message using the hash function to obtain a plaintext digest; (7)判断顺明文摘要与逆明文摘要是否相等,若相等则接受签名,否则拒绝签名。(7) Determine whether the forward plaintext digest and the reverse plaintext digest are equal. If they are equal, accept the signature; otherwise, reject the signature. 8.根据权利要求1-6中任一所述的一种量子数字混合签密方法,其特征在于,所述明文消息的长度为m,第一哈希函数密钥和第二哈希函数密钥的长度为n,第一密钥和第二密钥的长度为2n+m。8. A quantum digital hybrid signcryption method according to any one of claims 1 to 6, characterized in that the length of the plaintext message is m, the length of the first hash function key and the second hash function key is n, and the length of the first key and the second key is 2n+m.
CN202111353954.7A 2021-11-12 2021-11-12 Quantum digital mixing signcryption method Active CN114065247B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111353954.7A CN114065247B (en) 2021-11-12 2021-11-12 Quantum digital mixing signcryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111353954.7A CN114065247B (en) 2021-11-12 2021-11-12 Quantum digital mixing signcryption method

Publications (2)

Publication Number Publication Date
CN114065247A CN114065247A (en) 2022-02-18
CN114065247B true CN114065247B (en) 2024-07-19

Family

ID=80272523

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111353954.7A Active CN114065247B (en) 2021-11-12 2021-11-12 Quantum digital mixing signcryption method

Country Status (1)

Country Link
CN (1) CN114065247B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114362971B (en) * 2022-03-21 2022-06-21 南京大学 Digital asset right confirming and tracing method based on Hash algorithm
CN114626537B (en) * 2022-05-17 2022-08-16 矩阵时光数字科技有限公司 Irreducible polynomial and quantum secure hash value calculation method based on x86 platform SIMD

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101262341A (en) * 2008-02-22 2008-09-10 北京航空航天大学 A Hybrid Encryption Method in Conference System
CN113297633A (en) * 2021-07-26 2021-08-24 南京大学 Quantum digital signature method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE69941335D1 (en) * 1999-12-02 2009-10-08 Sony Deutschland Gmbh message authentication
JP5790319B2 (en) * 2011-08-29 2015-10-07 ソニー株式会社 Signature verification apparatus, signature verification method, program, and recording medium
CN106027262B (en) * 2016-07-01 2017-02-22 陕西科技大学 Multi-variable signing method resisting key recovery attack
CN113572606B (en) * 2021-07-30 2023-08-22 矩阵时光数字科技有限公司 Quantum digital signature system and method based on Gaussian modulation and homodyne detection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101262341A (en) * 2008-02-22 2008-09-10 北京航空航天大学 A Hybrid Encryption Method in Conference System
CN113297633A (en) * 2021-07-26 2021-08-24 南京大学 Quantum digital signature method

Also Published As

Publication number Publication date
CN114065247A (en) 2022-02-18

Similar Documents

Publication Publication Date Title
CN110247757B (en) Block chain processing method, device and system based on cryptographic algorithm
CN104821880B (en) One kind is without certificate broad sense agent signcryption method
CN113779645B (en) Quantum digital signature and quantum digital signature encryption method
CN108667627B (en) SM2 Digital Signature Method Based on Two-Party Collaboration
CN113297633B (en) A quantum digital signature method
CN101262341A (en) A Hybrid Encryption Method in Conference System
CN109639439B (en) ECDSA digital signature method based on two-party cooperation
CN108418686A (en) A multi-distributed SM9 decryption method and medium and key generation method
CN109450640B (en) SM 2-based two-party signature method and system
CN113132104B (en) A proactive and secure two-party generation method for ECDSA digital signatures
CN113972981B (en) SM2 cryptographic algorithm-based efficient threshold signature method
CN114065249A (en) An authentication encryption method
CN114065247B (en) Quantum digital mixing signcryption method
CN112187461A (en) Weapon equipment data hybrid encryption method based on encryption algorithm
CN117879833A (en) Digital signature generation method based on improved elliptic curve
CN118984214A (en) A distributed quantum-resistant digital signature method and system
CN114039720B (en) Unconditional security authentication encryption method based on LFSR hash
CN111865578B (en) SM 2-based multi-receiver public key encryption method
Aydos et al. Implementing network security protocols based on elliptic curve cryptography
CN116346336B (en) Key distribution method based on multi-layer key generation center and related system
CN107147626A (en) An Encrypted File Transmission Method Combining AES Algorithm and ElGamal Algorithm
CN114186251B (en) SM2 cryptographic algorithm collaborative signature and decryption method for protecting user privacy
Liu et al. Research on application layer security communication protocol based on lightweight NTRU public key cryptography
CN112367159B (en) A hybrid encryption and decryption method and system for safe storage of medical data
CN109787772B (en) Anti-quantum computation signcryption method and system based on symmetric key pool

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant