[go: up one dir, main page]

CN108111485B - Sub-key generation method and device and key reduction method and device - Google Patents

Sub-key generation method and device and key reduction method and device Download PDF

Info

Publication number
CN108111485B
CN108111485B CN201711261407.XA CN201711261407A CN108111485B CN 108111485 B CN108111485 B CN 108111485B CN 201711261407 A CN201711261407 A CN 201711261407A CN 108111485 B CN108111485 B CN 108111485B
Authority
CN
China
Prior art keywords
key
prime
sub
threshold
matrix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711261407.XA
Other languages
Chinese (zh)
Other versions
CN108111485A (en
Inventor
贾星星
王道顺
许存禄
孟创纪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lanzhou University
Original Assignee
Lanzhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lanzhou University filed Critical Lanzhou University
Priority to CN201711261407.XA priority Critical patent/CN108111485B/en
Publication of CN108111485A publication Critical patent/CN108111485A/en
Application granted granted Critical
Publication of CN108111485B publication Critical patent/CN108111485B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提供一种多门限访问结构下的子密钥生成方法、还原密钥的方法、子密钥生成装置和还原密钥的装置,其中的子密钥生成方法包括:根据密钥s确定密钥相关值S的步骤,利用{pi,j}计算

Figure DDA0001493686400000011
的步骤,以及将
Figure DDA0001493686400000012
中的第i行元素{si,1,si,2,...,si,m}为分配给第i个参与者的子密钥的步骤。采用本方法能够实现(t,n)和(t',n)之间的任意整数门限的访问结构,生成的子密钥能够携带比单个门限访问结构下的方案多(t'‑t)/(t‑1)倍的情况下共享(t'‑t+1)个门限。该发明相对于(t'‑t+1)个独立的门限方案来说子密钥长度增加量只有原来的1/(t‑1)。而且每个门限方案下都具有完全安全性。

Figure 201711261407

The present invention provides a method for generating a sub-key, a method for restoring a key, a device for generating a sub-key and a device for restoring a key under a multi-threshold access structure, wherein the method for generating a sub-key includes: determining a secret key according to the key s Step of key correlation value S, using {pi ,j } to calculate

Figure DDA0001493686400000011
steps, and will
Figure DDA0001493686400000012
The i-th row element in {s i,1 ,s i,2 ,...,s i,m } is the step assigned to the i-th participant's subkey. This method can realize the access structure of any integer threshold between (t,n) and (t',n), and the generated subkey can carry more (t'-t)/ (t-1) times share (t'-t+1) thresholds. Compared with (t'-t+1) independent threshold schemes, the sub-key length increase in this invention is only 1/(t-1) of the original. And there is complete security under each threshold scheme.

Figure 201711261407

Description

子密钥生成方法和装置、还原密钥方法和装置Subkey generation method and device, and method and device for restoring key

技术领域technical field

本发明涉及安全信息领域中密钥管理,具体涉及一种根据子密钥生成方法、分发装置,以及一种利用子密钥还原密钥的方法和装置。The present invention relates to key management in the field of security information, in particular to a method for generating a subkey, a distribution device, and a method and device for restoring a key by using the subkey.

背景技术Background technique

密钥管理是分布式密码学和分布式计算中重要的协议,可以在一个利益相互冲突但是必须合作的群体中建立起公平信任的合作关系,使分布式安全系统具有鲁棒性。Key management is an important protocol in distributed cryptography and distributed computing. It can establish a fair and trustful cooperative relationship among a group of conflicting interests but must cooperate, making the distributed security system robust.

因为(t,n)(t≤n)门限方案具有强安全性、全同态性、低复杂度和操作简单的优点,所以近年来被广泛用在密钥管理(隐私保护,认证系统,可信计算,信任管理,安全多方计算)。Because the (t,n)(t≤n) threshold scheme has the advantages of strong security, full homomorphism, low complexity and simple operation, it has been widely used in key management (privacy protection, authentication systems, etc.) in recent years. trust computing, trust management, secure multi-party computation).

(t,n)门限方案将一个重要的密钥在参与者群体中进行分发,使得每个参与者只携带一份子密钥,利用不少于t个子密钥,将它们放在一起利用重构算法就可以重构出密钥,但是利用不多于t-1个子密钥不能重构出密钥。其中t一般由安全访策略、敌手攻击能力以及用户方便性确定。The (t,n) threshold scheme distributes an important key in the group of participants, so that each participant carries only one sub-key, uses no less than t sub-keys, and puts them together for reconstruction The algorithm can reconstruct the key, but the key cannot be reconstructed with no more than t-1 subkeys. Among them, t is generally determined by the security access strategy, adversary attack capability and user convenience.

现有技术中,门限方案在构造时只考虑一种安全需求,没有考虑随着时间的推移、敌手的攻击力改变而造成系统安全性降低。为了克服单个门限方案长期使用造成的安全性解决问题,允许门限动态改变的子密钥分发和使用成为本领域考虑的解决方法。In the prior art, the threshold scheme only considers one security requirement when constructing, and does not consider the decrease of system security caused by the change of the attack power of the adversary with the passage of time. In order to overcome the security solution problem caused by the long-term use of a single threshold scheme, the distribution and use of subkeys that allow the threshold to change dynamically has become a solution considered in the art.

发明内容SUMMARY OF THE INVENTION

本发明提供一种子密钥生成方法、利用子密钥还原密钥的方法及其对应前述方法的装置,用于实现门限动态改变的子密钥分发和利用子密钥还原密钥。The present invention provides a method for generating a subkey, a method for restoring a key by using the subkey, and a device corresponding to the foregoing method, which are used for realizing the distribution of the subkey with the dynamic threshold change and restoring the key by using the subkey.

本发明提供一种子密钥生成方法,包括如下步骤:The present invention provides a method for generating a subkey, comprising the following steps:

S101,根据密钥s确定密钥相关值S,其中

Figure BDA0001493686380000011
素数p0∈(2λ-1,2λ];S101, determine the key correlation value S according to the key s, wherein
Figure BDA0001493686380000011
prime number p 0 ∈(2 λ-1 ,2 λ ];

S102,计算

Figure BDA0001493686380000021
中的元素si,j≡S mod pi,j,其中pi,j是素数矩阵
Figure BDA0001493686380000022
中的元素,i∈{1,2,...,n},j∈{1,2,...,m};S102, calculation
Figure BDA0001493686380000021
elements in s i,j ≡S mod p i,j , where p i,j is a matrix of prime numbers
Figure BDA0001493686380000022
elements in , i∈{1,2,...,n}, j∈{1,2,...,m};

所述素数矩阵

Figure BDA0001493686380000023
满足关系式:
Figure BDA0001493686380000024
Figure BDA0001493686380000025
前述关系式中,
Figure BDA0001493686380000026
Figure BDA0001493686380000027
l∈{1,…,m},n为参与者总数,t为最小参门限,t'为最大门限,2≤t≤t'≤n,m为可调整的门限总数,t+m-1=t';the prime number matrix
Figure BDA0001493686380000023
Satisfy the relation:
Figure BDA0001493686380000024
and
Figure BDA0001493686380000025
In the above relationship,
Figure BDA0001493686380000026
Figure BDA0001493686380000027
l∈{1,...,m}, n is the total number of participants, t is the minimum parameter threshold, t' is the maximum threshold, 2≤t≤t'≤n, m is the total number of adjustable thresholds, t+m-1 = t';

S103:提取

Figure BDA0001493686380000028
中的第i行元素{si,1,si,2,...,si,m}为分配给第i个参与者的子密钥。S103: Extraction
Figure BDA0001493686380000028
The i-th row elements in {s i,1 ,s i,2 ,...,s i,m } are the subkeys assigned to the i-th participant.

可选的,按照下述步骤根据密钥s确定密钥相关值S:Optionally, the key-related value S is determined according to the key s according to the following steps:

S=s+αp0;其中随机数α的选择范围为

Figure BDA0001493686380000029
以使S∈(am,bm]。S=s+αp 0 ; the selection range of random number α is
Figure BDA0001493686380000029
so that S∈(am ,b m ] .

可选的,所述素数矩阵

Figure BDA00014936863800000210
中的元素按照下述方法获得:Optionally, the prime number matrix
Figure BDA00014936863800000210
The elements in are obtained as follows:

从区间(2λ-1+t'-1,2λ-1+t']中选取n个素数赋值给{p1,m,p2,m,...,pn,m}中的元素;Select n prime numbers from the interval (2 λ-1+t'-1 ,2 λ-1+t' ] and assign them to {p 1,m ,p 2,m ,...,p n,m } element;

按照l的取值从大到小的顺序依次从区间

Figure BDA00014936863800000211
中随机选取n个素数赋值给{p1,l,p2,l,...,pn,l}中的元素,其中l∈{1,2,…,m-1}。According to the value of l in descending order, from the interval
Figure BDA00014936863800000211
Randomly select n prime numbers from and assign them to the elements in {p 1,l ,p 2,l ,...,p n,l }, where l∈{1,2,...,m-1}.

可选的,所述方法还包括:Optionally, the method further includes:

S104:采用公钥加密或者私钥加密的方法将子密钥{si,1,si,2,...,si,m}加密后分发给第i个参与者。S104: The sub-key {s i,1 ,s i,2 ,...,s i,m } is encrypted and distributed to the i-th participant by using public key encryption or private key encryption.

另一方面,本发明还提供一种还原密钥的方法,其特征在于,包括:On the other hand, the present invention also provides a method for restoring a key, which is characterized in that, comprising:

S501:在启动第l个门限tl(tl=t+l-1)的情况下,获得至少tl个参与者的子密钥中的

Figure BDA0001493686380000031
ir∈A,|A|≥tl
Figure BDA0001493686380000032
其中,l∈{1,2,…,m},t+m-1=t',t≤t'≤n,n为参与者总数,t为最小门限,t'为最大门限,m为可调整的门限总数;S501: In the case where the lth threshold tl is activated (tl=t+ l - 1 ), obtain the subkeys of at least tl participants
Figure BDA0001493686380000031
i r ∈A, |A|≥t l ,
Figure BDA0001493686380000032
Among them, l∈{1,2,...,m}, t+m-1=t', t≤t'≤n, n is the total number of participants, t is the minimum threshold, t' is the maximum threshold, m is the available threshold The total number of thresholds adjusted;

S502:利用所述素数矩阵

Figure BDA0001493686380000033
的子矩阵
Figure BDA0001493686380000034
计算密钥相关值S,其中
Figure BDA0001493686380000035
Figure BDA0001493686380000036
S502: Utilize the prime number matrix
Figure BDA0001493686380000033
submatrix of
Figure BDA0001493686380000034
Calculate the key correlation value S, where
Figure BDA0001493686380000035
Figure BDA0001493686380000036

S503:根据密钥相关值S还原密钥s。S503: Restore the key s according to the key-related value S.

可选的,按照下述步骤根据密钥相关值S还原密钥s:Optionally, restore the key s according to the key-related value S according to the following steps:

s=S mod p0,其中p0为中的素数p0s=S mod p 0 , where p 0 is a prime number p 0 in .

另一方面,本发明提供一种子密钥生成装置,包括:On the other hand, the present invention provides a sub-key generation device, comprising:

密钥相关值计算单元,用于根据密钥s确定密钥相关值S,其中

Figure BDA0001493686380000037
素数p0∈(2λ-1,2λ];The key correlation value calculation unit is used to determine the key correlation value S according to the key s, wherein
Figure BDA0001493686380000037
prime number p 0 ∈(2 λ-1 ,2 λ ];

子密钥计算单元,用于计算

Figure BDA0001493686380000038
中元素si,j=S mod pi,j,其中pi,j是素数矩阵
Figure BDA0001493686380000039
中的元素,i∈{1,2,…,n},j∈{1,2,…,m};Subkey calculation unit, used to calculate
Figure BDA0001493686380000038
element s i,j =S mod p i,j , where p i,j is a matrix of prime numbers
Figure BDA0001493686380000039
elements in , i∈{1,2,…,n}, j∈{1,2,…,m};

所述素数矩阵

Figure BDA0001493686380000041
满足关系式:
Figure BDA0001493686380000042
Figure BDA0001493686380000043
前述关系式中,
Figure BDA0001493686380000044
Figure BDA0001493686380000045
l∈{1,…,m},t为最小门限,t'为最大门限,t≤t'≤n,m为可调整的门限总数,t+m-1=t';the prime number matrix
Figure BDA0001493686380000041
Satisfy the relation:
Figure BDA0001493686380000042
and
Figure BDA0001493686380000043
In the above relationship,
Figure BDA0001493686380000044
Figure BDA0001493686380000045
l∈{1,...,m}, t is the minimum threshold, t' is the maximum threshold, t≤t'≤n, m is the total number of adjustable thresholds, t+m-1=t';

子密钥确定单元,用于将

Figure BDA0001493686380000046
中的元素{si,1,si,2,...,si,m}为分配给第i个参与者的子密钥。Subkey determination unit, used to convert
Figure BDA0001493686380000046
The elements in {s i,1 ,s i,2 ,...,s i,m } are the subkeys assigned to the i-th participant.

可选的,所述密钥相关值计算单元按照下述步骤根据密钥s确定密钥相关值S:Optionally, the key-related value calculation unit determines the key-related value S according to the key s according to the following steps:

S=s+αp0;其中随机数α的选择范围为

Figure BDA0001493686380000047
以使S∈(am,bm]。S=s+αp 0 ; the selection range of random number α is
Figure BDA0001493686380000047
so that S∈(am ,b m ] .

可选的,所述素数矩阵

Figure BDA0001493686380000048
中的元素按照下述方法获得:Optionally, the prime number matrix
Figure BDA0001493686380000048
The elements in are obtained as follows:

从区间(2λ-1+t'-1,2λ-1+t']中随机选取n个素数按照顺序赋值为{p1,m,p2,m,...,pn,m};Randomly select n prime numbers from the interval (2 λ-1+t'-1 ,2 λ-1+t' ] and assign them in order as {p 1,m ,p 2,m ,...,p n,m };

按照l的取值范围{1,…,m-1}从大到小的顺序依次从区间

Figure BDA0001493686380000049
中随机选取n个素数按照顺序赋值为{p1,l,p2,l,...,pn,l},其中l∈{1,2,…,m-1}。According to the value range of l {1,...,m-1} from large to small in order from the interval
Figure BDA0001493686380000049
Randomly select n prime numbers in the sequence and assign them as {p 1,l ,p 2,l ,...,p n,l }, where l∈{1,2,...,m-1}.

可选的,所述的子密钥生成装置,还包括:Optionally, the sub-key generating device further includes:

子密钥分发单元,用于采用公钥加密或者私钥加密的方法将子密钥信息{si,1,si,2,...,si,m}加密后分发给第i个参与者。The sub-key distribution unit is used to encrypt the sub-key information {s i,1 ,s i,2 ,...,s i,m } by using public key encryption or private key encryption and distribute it to the i-th participants.

另一方面,本发明还提供一种还原密钥的装置,包括:On the other hand, the present invention also provides a device for restoring a key, comprising:

子密钥获取单元,用于:在启动第l个门限tl(tl=t+l-1)的情况下,获得至少tl个参与者的子密钥中的

Figure BDA0001493686380000051
ir∈A,|A|≥tl
Figure BDA0001493686380000052
其中,l∈{1,…,m},t+m-1=t',2≤t≤t'≤n,n为参与者总数,t为最小门限,t'为最大门限,m为可调整的门限总数;a sub-key obtaining unit, configured to: in the case of starting the lth threshold t l (t l =t+l-1), obtain the sub-keys of at least t l participants
Figure BDA0001493686380000051
i r ∈A, |A|≥t l ,
Figure BDA0001493686380000052
Among them, l∈{1,...,m}, t+m-1=t', 2≤t≤t'≤n, n is the total number of participants, t is the minimum threshold, t' is the maximum threshold, m is the available threshold The total number of thresholds adjusted;

密钥相关值还原单元,用于根据的素数矩阵

Figure BDA0001493686380000053
的子矩阵
Figure BDA0001493686380000054
计算密钥相关值S,其中
Figure BDA0001493686380000055
Figure BDA0001493686380000056
key correlation value restoration unit for prime number matrix according to
Figure BDA0001493686380000053
submatrix of
Figure BDA0001493686380000054
Calculate the key correlation value S, where
Figure BDA0001493686380000055
Figure BDA0001493686380000056

密钥还原单元,用于根据密钥相关值S还原密钥s。The key restoration unit is used to restore the key s according to the key related value S.

可选的,按照下述步骤根据密钥相关值S还原密钥s:Optionally, restore the key s according to the key-related value S according to the following steps:

s≡S mod p0,其中p0为所述的素数p0s≡S mod p 0 , where p 0 is said prime number p 0 .

采用本方法能够实现(t,n)和(t',n)之间的任意整数门限的访问结构,生成的子密钥长度仅比单个门限访问结构下的子密钥长(t'-t)/(t-1)倍的情况下共享(t'-t+1)个门限。尤其t'较大时,该发明相对于(t'-t+1)个独立的门限方案来说子密钥长度至少有几乎50%的降低,甚至可以达到(t'-4)/t'。而且每个门限方案都具有完全安全性。The method can realize the access structure of any integer threshold between (t,n) and (t',n), and the length of the generated subkey is only longer than the subkey under a single threshold access structure (t'-t )/(t-1) times share (t'-t+1) thresholds. Especially when t' is large, the sub-key length of the invention is reduced by at least almost 50% compared with (t'-t+1) independent threshold schemes, and can even reach (t'-4)/t' . And each threshold scheme has complete security.

附图说明Description of drawings

通过参考以下结合附图的说明及权利要求书的内容,并且随着对本发明的更全面理解,本发明的其它目的及结果将更加明白及易于理解。在附图中:Other objects and results of the present invention will be more apparent and readily understood by reference to the following description taken in conjunction with the accompanying drawings and the contents of the claims, and as the present invention is more fully understood. In the attached image:

图1是素数矩阵的构建方法流程图;Fig. 1 is the construction method flow chart of prime number matrix;

图2是子密钥生成方法流程图;Fig. 2 is the flow chart of sub-key generation method;

图3是利用子密钥还原密钥的方法流程;Fig. 3 is the method flow of utilizing subkey to restore key;

图4是子密钥生成装置结构图;Fig. 4 is a sub-key generation device structural diagram;

图5是利用子密钥还原密钥的装置流程图;Fig. 5 is the apparatus flow chart of utilizing subkey to restore key;

其中:11-密钥相关值计算单元,12-子密钥计算单元,13-子密钥确定单元,14-子密钥分发单元,21-子密钥获取单元,22-密钥相关值还原单元,23-密钥还原单元。Among them: 11-key correlation value calculation unit, 12-subkey calculation unit, 13-subkey determination unit, 14-subkey distribution unit, 21-subkey acquisition unit, 22-key correlation value restoration Unit, 23 - Key Restoration Unit.

在所有附图中相同的标号指示相似或相应的特征或功能。The same reference numbers indicate similar or corresponding features or functions throughout the drawings.

具体实施方式Detailed ways

以下将结合附图对本发明的具体实施例进行详细描述。The specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

本发明实施例提供一种采用中国剩余定理构造门限可变的子密钥生成方法和生成装置,以及利用前述子密钥还原密钥的方法和装置。Embodiments of the present invention provide a method and device for generating a subkey with variable thresholds by using the Chinese remainder theorem, and a method and device for restoring a key by using the aforementioned subkey.

为了实现门限动态可变,首先需要建立符合门限动态可变的素数矩阵,其次再利用素数矩阵对密钥进行处理,分别生成给各个参与者的子密钥并分发给他们。In order to realize the dynamic change of the threshold, it is necessary to establish a prime number matrix that conforms to the dynamic change of the threshold number, and then use the prime number matrix to process the key, generate subkeys to each participant and distribute them to them.

下文首先对素数矩阵的构造过程做分析,再分别对本实施例提供的子密钥生成方法、利用子密钥还原密钥的方法、子密钥生成装置和利用子密钥还原密钥的装置做分析。First, the construction process of the prime number matrix is analyzed below, and then the sub-key generation method provided by the present embodiment, the method for utilizing the sub-key to restore the key, the sub-key generating device and the device for utilizing the sub-key to restore the key are respectively made. analyze.

1.素数矩阵的建立1. The establishment of prime number matrix

S01:确定参与者总数n和参与者集合P={1,2,…,n}。S01: Determine the total number of participants n and the participant set P={1,2,...,n}.

参与者总数n代表了可以分发得到子密钥的参与者的数量。The total number of participants n represents the number of participants who can distribute the subkey.

S02:根据预设的安全策略、攻击者能力以及参与者的方便程度确定需要的安全参数t和t',2≤t≤t'≤n,其中t为最小门限,t'为最大门限。S02: Determine the required security parameters t and t' according to the preset security policy, the attacker's ability and the convenience of the participant, 2≤t≤t'≤n, where t is the minimum threshold and t' is the maximum threshold.

在系统的安全策略要求较高、攻击者能力较高的情况下t的数值可适当地增加;t'≤n;另外,t+m-1=t',m为可调整的门限总数。The value of t can be appropriately increased when the security policy requirements of the system are higher and the attacker's ability is higher; t'≤n; in addition, t+m-1=t', m is the total number of adjustable thresholds.

S03:选择需求的密钥长度λ,并选择素数p0∈(2λ-1,2λ]。S03: Select the required key length λ, and select the prime number p 0 ∈(2 λ-1 , 2 λ ].

S04:构建素数矩阵

Figure BDA0001493686380000061
(下文简写为{pi,j}),并使{pi,j}满足下述的关系(1)。S04: Build a prime number matrix
Figure BDA0001493686380000061
(hereinafter abbreviated as {pi ,j }), and make {pi ,j } satisfy the following relation (1).

Figure BDA0001493686380000062
Figure BDA0001493686380000062

关系式(1)中,

Figure BDA0001493686380000071
l∈{1,…,m}。In relation (1),
Figure BDA0001493686380000071
l∈{1,…,m}.

本发明实施例还提供了一种素数矩阵{pi,j}的快速构建方法,以便于方便地应用本发明实施例提供的子密钥生成方法、利用子密钥还原密钥的方法;素数矩阵构建方法包括步骤S011-S012。The embodiment of the present invention also provides a method for quickly constructing a prime number matrix {pi ,j }, so as to conveniently apply the method for generating a subkey and a method for restoring a key by using the subkey provided by the embodiment of the present invention; the prime number The matrix construction method includes steps S011-S012.

S011:从区间(2λ-1+t'-1,2λ-1+t']中选取n个素数赋值给{p1,m,p2,m,...,pn,m}中的元素;S011: Select n prime numbers from the interval (2 λ-1+t'-1 ,2 λ-1+t' ] and assign them to {p 1,m ,p 2,m ,...,p n,m } elements in;

S012:按照l的取值从大到小的顺序依次从区间

Figure BDA0001493686380000072
中随机选取n个素数赋值给{p1,l,p2,l,…,pn,l}中的元素,其中l∈{1,2,…,m-1}。S012: According to the value of l in descending order, from the interval
Figure BDA0001493686380000072
Randomly select n prime numbers from , and assign them to the elements in {p 1,l ,p 2,l ,...,p n,l }, where l∈{1,2,...,m-1}.

当然,在其他实施例中,素数矩阵构建方法也可以采用本领域提供的其他方法,并不限于前述方法。Of course, in other embodiments, the method for constructing the prime number matrix may also adopt other methods provided in the art, and is not limited to the foregoing method.

2.子密钥生成方法2. Subkey generation method

在前文提供的素数矩阵{pi,j}的基础上,就可以根据密钥s生成子密钥,具体步骤如S021-S023。On the basis of the prime number matrix {pi , j } provided above, the sub-key can be generated according to the key s, and the specific steps are as in S021-S023.

S021:根据密钥s确定密钥相关值S。S021: Determine the key-related value S according to the key s.

具体的,密钥s应当满足

Figure BDA0001493686380000073
素数p0∈(2λ-1,2λ]。Specifically, the key s should satisfy
Figure BDA0001493686380000073
The prime number p 0 ∈(2 λ-1 ,2 λ ].

S022:计算si,j≡S mod pi,j,并利用si,j组成矩阵

Figure BDA0001493686380000074
S022: Calculate s i,j ≡S mod p i,j , and use s i,j to form a matrix
Figure BDA0001493686380000074

其中,i∈{1,2,…,n},j∈{1,2,…,m}。where i∈{1,2,…,n} and j∈{1,2,…,m}.

S023:提取

Figure BDA0001493686380000075
中的第i行元素{si,1,si,2,…,si,m}为分配给第i个参与者的子密钥。S023: Extraction
Figure BDA0001493686380000075
The i-th row elements in {s i,1 ,s i,2 ,...,s i,m } are the subkeys assigned to the i-th participant.

本实施例中,S021中,按照下述步骤根据密钥s确定密钥相关值S:S=s+αp0,其中随机数α的选择范围为

Figure BDA0001493686380000076
以使S∈(am,bm]。In this embodiment, in S021, the key correlation value S is determined according to the key s according to the following steps: S=s+αp 0 , wherein the selection range of the random number α is
Figure BDA0001493686380000076
so that S∈(am ,b m ] .

当然,在其他实施例中,也可以利用其他方法、根据密钥s获得密钥相关值S,例如,直接将密钥s作为密钥相关值S,当然,此时密钥s也应当满足(am,bm]。Of course, in other embodiments, other methods can also be used to obtain the key related value S according to the key s. For example, the key s is directly used as the key related value S. Of course, at this time, the key s should also satisfy ( a m , b m ].

前述子密钥生成方法还包括S024:采用公钥加密或者私钥加密的方法将子密钥{si,1,si,2,…,si,m}分发给第i个参与者。公钥加密和私钥加密的方法均已经使本领域已有的方法,在此不再详细叙述。当然,在其他实施例中,也可以将子密钥存储在加密狗或者U盾等硬件装置中,通过分发加密狗和U盾的方式实现子密钥的分发。The foregoing sub-key generation method further includes S024: Distribute the sub-key {s i,1 ,s i,2 ,...,s i,m } to the ith participant by using public key encryption or private key encryption. The methods of public key encryption and private key encryption are already known in the art, and will not be described in detail here. Of course, in other embodiments, the sub-key may also be stored in a hardware device such as a dongle or a USB shield, and the distribution of the sub-key is realized by distributing the dongle and the USB shield.

3.利用子密钥还原密钥的方法3. The method of using the subkey to restore the key

实际应用中,具体在社交网络、云计算等平台中,服务终端需要通过参与者持有的子密钥还原密钥,并判定还原得到的密钥是否符合原始密钥。利用子密钥还原密钥的方法包括步骤S031-S034。In practical applications, specifically in social networks, cloud computing and other platforms, the service terminal needs to restore the key through the sub-key held by the participant, and determine whether the restored key conforms to the original key. The method of using the subkey to restore the key includes steps S031-S034.

在利用子秘钥还原密钥的方法中,在n个参与者中共享一个密钥s,密钥安全级别要求为每个门限下至少tl个参与者给出他们的子密钥信息才能恢复密钥。In the method of using subkeys to restore keys, a key s is shared among n participants, and the key security level requires that at least t l participants under each threshold give their subkey information to recover key.

本发明允许密钥有m个安全级别,允许m个不同门限的访问结构,其中l∈{1,2,…,m},t+m-1=t',2≤t≤t'≤n,n为参与者总数,t为最小门限,t'为最大门限,m为可调整的门限总数。The present invention allows keys to have m security levels, and allows m access structures with different thresholds, where l∈{1,2,...,m}, t+m-1=t', 2≤t≤t'≤n , n is the total number of participants, t is the minimum threshold, t' is the maximum threshold, and m is the total number of adjustable thresholds.

S031:在启动第l个门限tl(tl=t+l-1)的情况下,获得至少tl个参与者的子密钥中的

Figure BDA0001493686380000081
S031: In the case of starting the lth threshold tl (tl=t+ l - 1 ), obtain the subkeys of at least tl participants
Figure BDA0001493686380000081

其中,l∈{1,2,…,m},t+m-1=t',t≤t'≤n,n为参与者总数,t为最小参与者总数,t'为最大参与者总数,m为可调整的门限总数,ir∈A,|A|≥tl

Figure BDA0001493686380000082
Among them, l∈{1,2,...,m}, t+m-1=t', t≤t'≤n, n is the total number of participants, t is the minimum total number of participants, and t' is the maximum total number of participants , m is the total number of adjustable thresholds, i r ∈A, |A|≥t l ,
Figure BDA0001493686380000082

具体的,在启动第l个门限tl(tl=t+l-1)的情况下,用于实现密钥还原的终端可以向参与者发送门限值tl,参与者根据tl的大小提取自己拥有的子密钥的子集

Figure BDA0001493686380000091
不向实现密钥还原的终端发送全部的子密钥信息。当然,在通信安全得到保证的情况下,参与者也可以将自己拥有的子密钥子集直接传输给实现密钥还原的终端,由实现密钥还原的终端根据tl确定使用子密钥的子集。Specifically, in the case of starting the lth threshold tl (tl=t+ l - 1 ), the terminal used for realizing the key restoration can send the threshold value tl to the participant , and the participant can send the threshold value tl to the participant according to tl's size to extract the subset of subkeys owned by oneself
Figure BDA0001493686380000091
All sub-key information is not sent to the terminal that implements key recovery. Of course, if the communication security is guaranteed, the participants can also directly transmit the subset of subkeys they own to the terminal that implements key restoration, and the terminal that implements key restoration determines the use of the subkey according to t l . Subset.

S032:根据tl的大小和tl个参与者的编号(当然,也可以是子密钥的编号)在{pi,j}中提取子矩阵

Figure BDA0001493686380000092
S032: Extract the submatrix in {pi ,j } according to the size of tl and the number of tl participants (of course, it can also be the number of the subkey)
Figure BDA0001493686380000092

S033:利用子矩阵

Figure BDA0001493686380000093
计算密钥相关值S;其中
Figure BDA0001493686380000094
S033: Utilize submatrix
Figure BDA0001493686380000093
Calculate the key correlation value S; where
Figure BDA0001493686380000094

其中yi,j可以使用欧几里得算法得到。where y i,j can be obtained using the Euclidean algorithm.

步骤S033实际是利用中国剩余定理求算S的过程,在此不再就中国剩余定理的原理做详细讲解,具体可参照相关文献。Step S033 is actually a process of calculating S by using the Chinese remainder theorem, and the principle of the Chinese remainder theorem will not be explained in detail here. For details, please refer to the relevant literature.

S034:根据密钥相关值S还原密钥s。S034: Restore the key s according to the key-related value S.

与前述生成子密钥的方法相对应的,利用子密钥还原密钥过程中,s≡S mod p0,其中p0为素数矩阵建立时的素数p0。与前述方法对应,在其他实施例中在其他实施例中,也可以利用其他方法、根据密钥相关值S获得密钥s,例如,直接将密钥相关值S作为密钥s。Corresponding to the aforementioned method of generating a subkey, in the process of using the subkey to restore the key, s≡S mod p 0 , where p 0 is the prime number p 0 when the prime number matrix is established. Corresponding to the foregoing method, in other embodiments, the key s may also be obtained according to the key correlation value S by using other methods, for example, the key correlation value S is directly used as the key s.

在得到秘钥s后,实现密钥还原的终端将秘钥s与自身存储的密钥比较,就可以判定各个参与者发送的子密钥是否合法,也就可以判定各个参与者的身份是否合法。After obtaining the secret key s, the terminal that implements the key restoration compares the secret key s with the key stored by itself, and can determine whether the sub-key sent by each participant is legal, and can also determine whether the identity of each participant is legal. .

当然,在利用子密钥还原密钥的过程中,子密钥中的部分信息可以由参与者通过公钥加密或者私钥加密的方法发送实现密钥还原的终端。当然,如前所述,也可以由各个参与者利用加密狗或者U盾将子密钥的至少部分元素发送给实现密钥还原的终端。Of course, in the process of using the sub-key to restore the key, some information in the sub-key can be sent by the participant to the terminal that implements the key restoration by using public key encryption or private key encryption. Of course, as mentioned above, each participant may also use a dongle or USB shield to send at least some elements of the subkey to a terminal that implements key restoration.

4.子密钥生成装置4. Subkey generation device

本实施例提供的子密钥生成装置包括密钥相关值计算单元11、子密钥计算单元12和子密钥确定单元13。The sub-key generation apparatus provided in this embodiment includes a key correlation value calculation unit 11 , a sub-key calculation unit 12 and a sub-key determination unit 13 .

密钥相关值计算单元11用于根据密钥s确定密钥相关值S,其中

Figure BDA0001493686380000101
素数p0∈(2λ-1,2λ]。The key correlation value calculation unit 11 is used to determine the key correlation value S according to the key s, wherein
Figure BDA0001493686380000101
The prime number p 0 ∈(2 λ-1 ,2 λ ].

子密钥计算单元12用于计算

Figure BDA0001493686380000102
中元素si,j≡S mod pi,j;其中,pi,j是素数矩阵{pi,j}中的元素,i∈{1,2,…,n},j∈{1,2,…,m};The subkey calculation unit 12 is used to calculate
Figure BDA0001493686380000102
The element s i,j ≡S mod p i,j ; where, p i,j is the element in the prime number matrix {p i,j }, i∈{1,2,…,n}, j∈{1, 2,…,m};

所述素数矩阵{pi,j}满足关系式:

Figure BDA0001493686380000103
Figure BDA0001493686380000104
前述关系式中,
Figure BDA0001493686380000105
Figure BDA0001493686380000106
l∈{1,…,m},t为最小参与者总数,t'为最大参与者总数,t≤t'≤n,m为可调整的门限总数,t+m-1=t'。The prime number matrix {pi ,j } satisfies the relation:
Figure BDA0001493686380000103
and
Figure BDA0001493686380000104
In the above relationship,
Figure BDA0001493686380000105
Figure BDA0001493686380000106
l∈{1,...,m}, t is the minimum total number of participants, t' is the maximum total number of participants, t≤t'≤n, m is the total number of adjustable thresholds, t+m-1=t'.

子密钥确定单元13用于将

Figure BDA0001493686380000107
中的元素{si,1,si,2,…,si,m}为分配给第i个参与者的子密钥。The subkey determination unit 13 is used to
Figure BDA0001493686380000107
The elements {s i,1 ,s i,2 ,...,s i,m } in are the subkeys assigned to the i-th participant.

与前文方法对应的,密钥相关值计算单元按照下述步骤根据密钥s确定密钥相关值S:S=s+αp0;其中随机数α的选择范围为

Figure BDA0001493686380000108
以使S∈(am,bm]。Corresponding to the foregoing method, the key correlation value calculation unit determines the key correlation value S according to the key s according to the following steps: S=s+αp 0 ; the selection range of the random number α is
Figure BDA0001493686380000108
so that S∈(am ,b m ] .

在子密钥计算单元中,素数矩阵{pi,j}按照下述方法获得:In the subkey calculation unit, the prime number matrix {pi ,j } is obtained as follows:

从区间(2λ-1+t'-1,2λ-1+t']中随机选取n个素数按照顺序赋值为{p1,m,p2,m,…,pn,m};Randomly select n prime numbers from the interval (2 λ-1+t'-1 ,2 λ-1+t' ] and assign them as {p 1,m ,p 2,m ,...,p n,m } in sequence;

按照l的取值范围{1,…,m-1}从大到小的顺序依次从区间

Figure BDA0001493686380000111
中随机选取n个素数按照顺序赋值为{p1,l,p2,l,...,pn,l}。According to the value range of l {1,...,m-1} from large to small in order from the interval
Figure BDA0001493686380000111
Randomly select n prime numbers in the sequence and assign them as {p 1,l ,p 2,l ,...,p n,l }.

此外,本实施例提供的子密钥生成装置中还可以包括子密钥分发单元14,子密钥分发单元14用于采用公钥加密或者私钥加密的方法将子密钥信息{si,1,si,2,...,si,m}加密后分发给第i个参与者。In addition, the sub-key generation device provided in this embodiment may further include a sub-key distribution unit 14, and the sub-key distribution unit 14 is configured to use public key encryption or private key encryption to encrypt the sub-key information {s i, 1 ,s i,2 ,...,s i,m } are encrypted and distributed to the i-th participant.

5.利用子密钥还原密钥的装置5. A device for restoring a key using a subkey

本实施例提供的利用子密钥还原密钥的装置包括子密钥获取单元21、密钥相关值还原单元22和密钥还原单元23。The apparatus for restoring a key by using a subkey provided in this embodiment includes a subkey obtaining unit 21 , a key-related value restoring unit 22 and a key restoring unit 23 .

子密钥获取单元21用于在启动第l个门限tl=t+l-1的情况下,获得至少tl个参与者的子密钥中的

Figure BDA0001493686380000118
其中,l∈{1,2,…,m},t+m-1=t',t≤t'≤n,n为参与者总数,t为最小门限,t'为最大门限,m为可调整的门限总数,密钥相关值还原单元22用于素数矩阵{pi,j}的子矩阵
Figure BDA0001493686380000113
计算密钥相关值S,其中
Figure BDA0001493686380000114
The sub-key obtaining unit 21 is configured to obtain the sub-key of at least t l participants under the condition that the l-th threshold t l =t+l-1 is activated.
Figure BDA0001493686380000118
Among them, l∈{1,2,...,m}, t+m-1=t', t≤t'≤n, n is the total number of participants, t is the minimum threshold, t' is the maximum threshold, m is the available threshold The total number of thresholds adjusted, the key correlation value restoration unit 22 is used for the submatrix of the prime number matrix {pi ,j }
Figure BDA0001493686380000113
Calculate the key correlation value S, where
Figure BDA0001493686380000114

Figure BDA0001493686380000115
Figure BDA0001493686380000115

密钥还原单元23用于根据密钥相关值S还原密钥s。The key restoration unit 23 is used to restore the key s according to the key correlation value S.

其中密钥还原单元23可以按照下述步骤根据密钥相关值还原密钥s:s≡S modp0,其中p0为前述的素数p0The key restoring unit 23 can restore the key s according to the key correlation value according to the following steps: s≡S modp 0 , where p 0 is the aforementioned prime number p 0 .

6.举例6. Examples

按照前述思路,本实施例提供一种具体应用例。在具体应用例中:t'=4,t=2,参 与者总数n=5,安全参数λ=8,取定素数p0=257;据此,确定的(a1,b1]=(1908839; 648261852953],(a2,b2]=(133144723;358361739593],(a3,b3]=(164831339; 80635076741]。满足条件关系式和的素数矩阵pi,j

Figure BDA0001493686380000121
According to the foregoing idea, this embodiment provides a specific application example. In a specific application example: t'=4, t=2, the total number of participants n=5, the security parameter λ=8, and a fixed prime number p 0 =257; accordingly, the determined (a 1 ,b 1 ]=( 1908839; 648261852953], (a 2 , b 2 ]=(133144723; 358361739593], (a 3 , b 3 ]=(164831339; 80635076741]. The prime number matrix p i,j that satisfies the conditional relationship and is
Figure BDA0001493686380000121

密钥s=110,确定密钥相关值S=8063507722,并根据素数矩阵pi,j得到五个参与者的子密钥分别为{100 6 10}、{8 10 414}、{82 11 102}、{128 5 212}和{73 6 304}。The key s=110, the key correlation value S=8063507722 is determined, and the sub-keys of the five participants are obtained according to the prime number matrix p i,j respectively {100 6 10}, {8 10 414}, {82 11 102 }, {128 5 212} and {73 6 304}.

同样的,利用中国剩余定理,在确定相应的门限的情况下,也可以利用前述子密钥还原得到密钥相关值S以及密钥s。Similarly, using the Chinese remainder theorem, in the case of determining the corresponding threshold, the key correlation value S and the key s can also be obtained by using the aforementioned sub-key restoration.

本实施例提供的子密钥能够携带比单个门限方案多(t'-t)/(t-1)信息的情况下共享m个门限,而且每个门限都具有完全安全性。采用前述方法的门限方案较同类方案具有更低的重构复杂度,在每个门限下仅有O(tl)的计算复杂度。The subkey provided in this embodiment can share m thresholds under the condition that it carries more (t'-t)/(t-1) information than a single threshold scheme, and each threshold has complete security. The threshold scheme using the aforementioned method has lower reconstruction complexity than similar schemes, and only has a computational complexity of O(t l ) under each threshold.

另外,采用本方法能够实现(t,n)和(t',n)之间的任意整数门限的访问结构,生成的子密钥能够携带比单个门限访问结构下的方案多(t'-t)/(t-1)倍的情况下共享(t'-t+1)个门限。尤其t'较大时,该发明相对于(t'-t+1)个独立的门限方案来说子密钥长度至少有几乎50%的降低,甚至可以达到(t'-4)/t'。而且每个门限方案下都具有完全安全性。In addition, this method can realize the access structure of any integer threshold between (t, n) and (t', n), and the generated subkey can carry more (t'-t) than the scheme under the single threshold access structure )/(t-1) times share (t'-t+1) thresholds. Especially when t' is large, the sub-key length of the invention is reduced by at least almost 50% compared with (t'-t+1) independent threshold schemes, and can even reach (t'-4)/t' . And there is complete security under each threshold scheme.

前述方法可以应用于分布式安全系统、社交网络、云计算等平台下外包安全计算、访问控制、隐私保护、数据加密等需求的核心支持技术,也可用于具有冲突的利益但是必须合作的群体或多服务器中权限管理及信任管理以及作为安全多方计算的基础协议。The aforementioned methods can be applied to core supporting technologies for outsourcing secure computing, access control, privacy protection, data encryption and other requirements under platforms such as distributed security systems, social networks, and cloud computing, and can also be used for groups or groups with conflicting interests that must cooperate. Privilege management and trust management in multi-server and as a basic protocol for secure multi-party computing.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应所述以权利要求的保护范围为准。The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed by the present invention. should be included within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (10)

1. A method for generating a seed key, comprising the steps of:
S101determining a key-dependent value S from the key S, S + α p0(ii) a Wherein
Figure FDA0002407353110000011
p0Is prime and p0∈(2λ-1,2λ]The random number α is selected to be within a range of
Figure FDA0002407353110000012
So that S ∈ (a)m,bm];
S102, calculating
Figure FDA0002407353110000013
Element s in (1)i,j≡Smodpi,jWherein p isi,jIs a prime number matrix
Figure FDA0002407353110000014
Element of (e), i ∈ {1,2, …, n }, j ∈ {1,2, …, m };
the prime number matrix
Figure FDA0002407353110000015
Satisfy the relation:
Figure FDA0002407353110000016
and
Figure FDA0002407353110000017
in the above-mentioned relation, the first and second characteristic,
Figure FDA0002407353110000018
Figure FDA0002407353110000019
n is the total number of participants, t is the minimum threshold, t ' is the maximum threshold, t is not less than t ' and not more than n, m is the total number of adjustable thresholds, and t + m-1 is t ';
s103: extraction of
Figure FDA00024073531100000110
Element of row i of (1 s) { S }i,1,si,2,…,si,mIs the subkey assigned to the ith participant.
2. The subkey generation method of claim 1, wherein the prime number matrix is a matrix of prime numbers
Figure FDA00024073531100000111
The element in (1) is obtained by the following method:
slave interval (2)λ-1+t'-1,2λ-1+t']N prime numbers are selected to be assigned to { p1,m,p2,m,…,pn,mThe elements in (1);
sequentially ranging from large to small according to the value of l
Figure FDA0002407353110000021
In the method, n prime numbers are randomly selected to be assigned to { p1,l,p2,l,…,pn,lWhere l ∈ {1,2, …, m-1 }.
3. The subkey generation method according to claim 1, further comprising:
s104: the sub-key s is encrypted by adopting a public key encryption method or a private key encryption methodi,1,si,2,...,si,mEncrypted and distributed to the ith participant.
4. A method for recovering a secret key, comprising:
s501: at the start of the first threshold tl(tlT + l-1), at least t is obtainedlIn the subkeys of a participant
Figure FDA0002407353110000022
|A|≥tl
Figure FDA0002407353110000023
Wherein l ∈ {1,2, …, m }, t + m-1 ═ t ', t is more than or equal to 2 and less than or equal to t ', and is less than or equal to n, n is the total number of participants, t is the minimum threshold, t ' is the maximum threshold, and m is the total number of adjustable thresholds;
s502: using a matrix of prime numbers
Figure FDA0002407353110000024
Is sub-matrix of
Figure FDA0002407353110000025
Calculating a key correlation value S, wherein
Figure FDA0002407353110000026
Figure FDA0002407353110000027
Wherein,
the prime number matrix
Figure FDA0002407353110000028
Satisfy the relation:
Figure FDA0002407353110000029
and
Figure FDA00024073531100000210
in the above-mentioned relation, the first and second characteristic,
Figure FDA00024073531100000211
Figure FDA00024073531100000212
n is the total number of participants, t is the minimum threshold, t ' is the maximum threshold, t is not less than t ' and not more than n, m is the total number of adjustable thresholds, and t + m-1 is t ';
s503: and restoring the secret key S according to the secret key correlation value S.
5. Method for recovering a secret key according to claim 4, characterized in that the secret key S is recovered from the secret key correlation value S according to the following steps:
s≡Smodp0wherein p is0Is prime, and p0∈(2λ-1,2λ]。
6. A subkey generation apparatus, comprising:
a key-related value calculating unit for determining a key-related value S, S + α p from the key S0(ii) a Wherein
Figure FDA0002407353110000031
p0Is prime and p0∈(2λ-1,2λ]The random number α is selected to be within a range of
Figure FDA0002407353110000032
So that S ∈ (a)m,bm];
A sub-key calculation unit for calculating
Figure FDA0002407353110000033
Middle element si,j≡Smodpi,jWherein p isi,jIs a prime number matrix
Figure FDA0002407353110000034
Element of (e), i ∈ {1,2, …, n }, j ∈ {1,2, …, m };
the prime number matrix
Figure FDA0002407353110000035
Satisfy the relation:
Figure FDA0002407353110000036
and
Figure FDA0002407353110000037
in the above-mentioned relation, the first and second characteristic,
Figure FDA0002407353110000038
Figure FDA0002407353110000039
t is the minimum threshold, t ' is the maximum threshold, t is more than or equal to 2 and less than or equal to t ', n is less than or equal to n, m is the total number of the adjustable thresholds, and t + m-1 is t ';
a sub-key determination unit for determining a sub-key
Figure FDA0002407353110000041
Element { s } of (1)i,1,si,2,...,si,mIs the subkey assigned to the ith participant.
7. The subkey generation apparatus of claim 6, wherein the prime number matrix is a matrix of prime numbers
Figure FDA0002407353110000042
The element in (1) is obtained by the following method:
slave interval (2)λ-1+t'-1,2λ-1+t']In the method, n prime numbers are randomly selected and assigned as { p ] according to the sequence1,m,p2,m,...,pn,m};
Sequentially ranging from large to small according to the value range {1, …, m-1} of l
Figure FDA0002407353110000043
In the method, n prime numbers are randomly selected and assigned as { p ] according to the sequence1,l,p2,l,...,pn,l}。
8. The subkey generation apparatus according to claim 6, further comprising:
a sub-key distribution unit for distributing sub-key information { s ] by public key encryption or private key encryptioni,1,si,2,...,si,mEncrypted and distributed to the ith participant.
9. An apparatus for recovering a secret key, comprising:
subkeyAn acquisition unit configured to: at the start of the first threshold tl(tlT + l-1), at least t is obtainedlIn the subkeys of a participant
Figure FDA0002407353110000044
|A|≥tl
Figure FDA0002407353110000045
Wherein l ∈ {1, …, m }, t + m-1 ═ t ', t is more than or equal to 2 and less than or equal to t ', t is less than or equal to n, n is the total number of participants, t is the minimum threshold, t ' is the maximum threshold, and m is the total number of adjustable thresholds;
a key correlation value recovery unit for using the prime number matrix
Figure FDA0002407353110000046
Is sub-matrix of
Figure FDA0002407353110000051
Calculating a key correlation value S, wherein
Figure FDA0002407353110000052
Figure FDA0002407353110000053
Wherein the prime number matrix
Figure FDA0002407353110000054
Satisfy the relation:
Figure FDA0002407353110000055
and
Figure FDA0002407353110000056
in the above-mentioned relation, the first and second characteristic,
Figure FDA0002407353110000057
Figure FDA0002407353110000058
n is the total number of participants, t is the minimum threshold, t ' is the maximum threshold, t is not less than t ' and not more than n, m is the total number of adjustable thresholds, and t + m-1 is t ';
and the key recovery unit is used for recovering the key S according to the key correlation value S.
10. The apparatus for recovering a secret key according to claim 9, wherein the secret key S is recovered based on the secret key correlation value S according to the following steps:
s≡Smodp0wherein p is0Is prime, and p0∈(2λ-1,2λ]。
CN201711261407.XA 2017-12-04 2017-12-04 Sub-key generation method and device and key reduction method and device Active CN108111485B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711261407.XA CN108111485B (en) 2017-12-04 2017-12-04 Sub-key generation method and device and key reduction method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711261407.XA CN108111485B (en) 2017-12-04 2017-12-04 Sub-key generation method and device and key reduction method and device

Publications (2)

Publication Number Publication Date
CN108111485A CN108111485A (en) 2018-06-01
CN108111485B true CN108111485B (en) 2020-09-22

Family

ID=62208137

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711261407.XA Active CN108111485B (en) 2017-12-04 2017-12-04 Sub-key generation method and device and key reduction method and device

Country Status (1)

Country Link
CN (1) CN108111485B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109617674A (en) * 2018-10-16 2019-04-12 兰州大学 A key distribution method for cooperation among multiple key management systems
CN110380851B (en) * 2019-07-17 2022-05-31 电子科技大学 Threshold-carrying two-key distribution and recovery method based on generalized Chinese remainder theorem

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119364A (en) * 2007-09-13 2008-02-06 上海大学 Authenticated Ad Hoc Group Key Agreement Protocol
CN101425902A (en) * 2008-11-12 2009-05-06 电子科技大学 Threshold digital signature method and system having forward security
CN101997833A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 Key storage method and device and data encryption/decryption method and device
CN106530368A (en) * 2016-10-28 2017-03-22 陕西师范大学 Prime-domain multi-threshold progressive secret image preservation and reconstruction method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8861716B2 (en) * 2010-03-30 2014-10-14 International Business Machines Corporation Efficient homomorphic encryption scheme for bilinear forms
KR101437033B1 (en) * 2012-06-21 2014-11-03 기초과학연구원 Method for authenticating low efficiency device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119364A (en) * 2007-09-13 2008-02-06 上海大学 Authenticated Ad Hoc Group Key Agreement Protocol
CN101425902A (en) * 2008-11-12 2009-05-06 电子科技大学 Threshold digital signature method and system having forward security
CN101997833A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 Key storage method and device and data encryption/decryption method and device
CN106530368A (en) * 2016-10-28 2017-03-22 陕西师范大学 Prime-domain multi-threshold progressive secret image preservation and reconstruction method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"一种动态安全的多重密钥门限共享方案";张燕燕;《计算机工程与应用》;20071231;第43卷(第34期);全文 *
"对可验证秘密共享方案的研究";贾星星;《中国优秀博士学位论文全文数据库信息科技辑》;20110715(第7期);全文 *

Also Published As

Publication number Publication date
CN108111485A (en) 2018-06-01

Similar Documents

Publication Publication Date Title
CN111566990B (en) Secure Key Agreement with Untrusted Devices
US11316676B2 (en) Quantum-proof multiparty key exchange system, quantum-proof multiparty terminal device, quantum-proof multiparty key exchange method, program, and recording medium
CN112106322B (en) Password-based threshold token generation
CN110233730B (en) A privacy information protection method based on K-means clustering
CN105406967B (en) A kind of hierarchical attribute encipherment scheme
CN103414682B (en) The method for cloud storage of a kind of data and system
Guo et al. An authenticated group key distribution protocol based on the generalized Chinese remainder theorem
CN111275202A (en) A machine learning prediction method and system for data privacy protection
CN111563265A (en) Distributed deep learning method based on privacy protection
CN107425967B (en) A Theoretical Secure Flexible Multi-Secret Sharing Method
CN112104454B (en) Data secure transmission method and system
CN109274492B (en) Self-secure tightly coupled secret sharing method
CN112597542B (en) Aggregation method and device of target asset data, storage medium and electronic device
CN111416715A (en) Quantum secret communication identity authentication system and method based on secret sharing
CN111211903A (en) Mobile group perception data report duplication removing method based on fog calculation and privacy protection
AU2019381522A1 (en) Encryption system and method employing permutation group-based encryption technology
CN108111485B (en) Sub-key generation method and device and key reduction method and device
CN116865938A (en) Multi-server federated learning method based on secret sharing and homomorphic encryption
CN110737907B (en) Anti-quantum computing cloud storage method and system based on alliance chain
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
CN107947923B (en) Attribute key distribution method without trusted center
CN113904833A (en) A threshold-based dynamic multi-factor authentication method and communication method
CN110071796A (en) A kind of calculation method based on shared secret
CN116633537A (en) Key agreement method, system and medium based on dual servers and multiple authentication factors
CN110572788B (en) Wireless sensor communication method and system based on asymmetric key pool and implicit certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant