[go: up one dir, main page]

CN110176991B - Anti-quantum computing application system near field energy-saving communication method and system based on signcryption, and computer equipment - Google Patents

Anti-quantum computing application system near field energy-saving communication method and system based on signcryption, and computer equipment Download PDF

Info

Publication number
CN110176991B
CN110176991B CN201910404409.2A CN201910404409A CN110176991B CN 110176991 B CN110176991 B CN 110176991B CN 201910404409 A CN201910404409 A CN 201910404409A CN 110176991 B CN110176991 B CN 110176991B
Authority
CN
China
Prior art keywords
key
terminal
signcryption
message
pool
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910404409.2A
Other languages
Chinese (zh)
Other versions
CN110176991A (en
Inventor
富尧
钟一民
汪仲祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201910404409.2A priority Critical patent/CN110176991B/en
Publication of CN110176991A publication Critical patent/CN110176991A/en
Application granted granted Critical
Publication of CN110176991B publication Critical patent/CN110176991B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a close-range energy-saving communication method and system of an anti-quantum computing application system based on signcryption and computer equipment, wherein the system comprises a first terminal, a second terminal, an application server and a communication network; the application server is configured with an application server key fob; the first terminal is configured with a first terminal key fob; the second terminal is configured with a second terminal key card, wherein a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key card, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool; the second terminal with low power consumption does not use public key and private key to calculate public and private key algorithm, and can obtain the shared key for encrypted communication with the application server only by looking up a table, so that the application server serving as a communication center does not need to store a plurality of large-capacity symmetric key pools, only needs to store a plurality of groups of public key pools, and the storage space of the application server is greatly saved.

Description

Anti-quantum computing application system near field energy-saving communication method and system based on signcryption, and computer equipment
Technical Field
The application belongs to the technical field of intelligent application terminals, and particularly relates to a near-field energy-saving communication method and system of an anti-quantum computing application system based on signcryption, and computer equipment.
Background
Along with the continuous development of information technology and social economy, the living standard of people is continuously improved, the living rhythm is gradually accelerated, and various scenes needing close-range identity authentication, such as entrance guard card swiping, traffic card swiping, work attendance and the like, appear in daily life. With the increasing number of intelligent devices, higher demands are being placed on the security of intelligent operations and data transmission. Data security is generally ensured by using asymmetric key encryption, which requires different keys to be used to perform encryption and decryption operations, respectively, one being published publicly, i.e. the public key, and the other being kept secret by the user himself, i.e. the private key. The information sender uses the public key to encrypt, and the information receiver uses the private key to decrypt; or the sender of the information may be de-encrypted with the private key and the receiver of the information may be de-encrypted with the public key. In a general identity authentication method, a key needs to be negotiated between application clients, and many services cannot be well supported because the application clients are often low-performance devices.
At present, the traditional communication encryption and transmission security are all dependent on complex mathematical algorithms. That is, the present digital cryptosystem is said to be secure because the computing power of the present computer is limited and the result is not computed in the time period where the demand exists. But this current state of security has become increasingly compromised by quantum computers. For example, for asymmetric key algorithms in classical cryptography, there are special quantum computer algorithms (shor algorithm, etc.) for cracking. In front of a quantum computer with high computing power, even advanced secret communication is possible to be deciphered and eavesdropped by the current communication means. Thus, it has been an urgent need to build a complete set of quantum communication network schemes that are practically available.
As is known by most people, quantum computers have great potential for password cracking. Most of the mainstream asymmetric (public key) encryption algorithms such as RSA encryption algorithm are based on two mathematical difficulties of factorization of large integers or calculation of discrete logarithms over finite fields. Their difficulty of cracking also depends on the efficiency of solving these problems. On a traditional computer, it is required to solve these two mathematical problems, and it takes an exponential time (i.e. the cracking time increases exponentially with the length of the public key), which is unacceptable in practical applications. The Xueer algorithm custom-designed for the quantum computer can perform integer factorization or discrete logarithm calculation in polynomial time (namely, the cracking time increases along with the increase of the length of the public key at the speed of the k th power, wherein k is a constant irrelevant to the length of the public key), thereby providing possibility for cracking of RSA and discrete logarithm encryption algorithms.
Problems of the prior art:
(1) In the prior art, the application server has no reliable protection measures. The application server is a central network element of the application system and has the Internet surfing capability, and is likely to be infected by virus Trojan so as to steal information; or is attacked to cause paralysis, resulting in paralysis of the entire application system scheme.
(2) In the prior art, an application terminal key is stored in an application terminal memory and exposed to the threat of a virus Trojan of an application terminal, so that the application terminal key can be stolen by malicious software or malicious operation.
(3) Because the quantum computer can quickly obtain the corresponding private key through the public key, the existing application system communication method based on the public and private keys is easy to crack by the quantum computer.
(4) If the public key and the private key are stored in the key fob, the low-power consumption application terminal is difficult to bear the calculated amount, so that the calculation is slow, and the rapid consumption of the electric quantity is easy to finish.
(5) If the symmetric key pool is stored in the key fob, the application server as the communication center needs to store a plurality of large-capacity symmetric key pools, which will consume the storage space of the application server greatly.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a near field energy saving communication method and system for a signcryption-based anti-quantum computing application system, and a computer device.
The application provides a close range energy-saving communication method of an anti-quantum computing application system based on signcryption, which is implemented in a first terminal, and comprises the following steps:
acquiring a second terminal random number from a second terminal;
generating a session message by using the second terminal random number and providing the session message to an application server;
acquiring a server random number and a message Tm from an application server; the server random number is generated by the application server, the message Tm is ciphertext containing a session key, and the message Tm is obtained by the application server according to the session message;
sending the server random number and a message Tm to a second terminal; the server random number is used for a second terminal to obtain a key Km by looking up a table in a symmetric key pool in the key fob, the key Km is used for the second terminal to decrypt the message Tm to obtain a session key, and the session key is used for the second terminal to carry out message authentication;
acquiring a first signcryption from a second terminal; the first signcryption is calculated by the second terminal according to a first signcryption message and a secret key Kij, the first signcryption message is generated by the second terminal, and the secret key Kij is obtained by the second terminal according to a server random number by looking up a table in a signcryption symmetric secret key pool in the secret key card;
Sending the first signcryption to the application server; the first signcryption is used for obtaining an authentication result after decryption and verification by the application server;
acquiring a second signcryption from an application server, verifying the second signcryption, and obtaining a second signcryption message according to the second signcryption after verification is passed; and the second signcryption message is generated by the application server according to the authentication result, and the second signcryption is calculated by the application server by utilizing the server random number and the second signcryption message.
The application provides a close range energy-saving communication method of an anti-quantum computing application system based on signcryption, which is implemented in a second terminal, and comprises the following steps:
generating and sending a second terminal random number to the first terminal, wherein the second terminal random number is used for the first terminal to generate a session message and provide the session message to an application server;
obtaining a server random number and a message Tm from a first terminal, looking up a table in a symmetric key pool in a key fob according to the server random number to obtain a key Km, decrypting the message Tm by using the key Km to obtain a session key, and performing message authentication by using the session key; the server random number is generated by the application server, the message Tm is ciphertext containing a session key, and the message Tm is obtained by the application server according to the session message;
After the message authentication is passed, a secret key Kij is obtained by looking up a table in a secret symmetric key pool in a key fob according to a server random number, a first secret message is generated, and the first secret message and the secret key Kij are used for calculating to obtain a first secret and are sent to a first terminal; the first signcryption is used for obtaining an authentication result after decryption and verification by the application server, the authentication result is used for generating a second signcryption message by the application server, the second signcryption message is used for generating a second signcryption by the application server, and the second signcryption is used for obtaining a second signcryption message after verification by the first terminal.
The application provides a close range energy-saving communication method of an anti-quantum computing application system based on signcryption, which is implemented in an application server and comprises the following steps:
acquiring a session message from a first terminal; the session message is generated by a first terminal according to a second terminal random number, and the second terminal random number is generated by a second terminal;
generating a server random number, obtaining a message Tm according to the session message, and sending the server random number and the message Tm to a first terminal; the message Tm is ciphertext containing a session key, the server random number is used for a second terminal to look up a table in a symmetric key pool in a key fob to obtain a key Km, the key Km is used for the second terminal to decrypt the message Tm to obtain the session key, and the session key is used for the second terminal to carry out message authentication;
Obtaining a first signcryption from a first terminal, decrypting and verifying the first signcryption to obtain an authentication result, generating a second signcryption message according to the authentication result, and calculating to obtain a second signcryption by using a server random number and the second signcryption message; the first signcryption is calculated by the second terminal according to a first signcryption message and a secret key Kij, the first signcryption message is generated by the second terminal, and the secret key Kij is obtained by the second terminal according to a server random number by looking up a table in a signcryption symmetric secret key pool in the secret key card;
sending the second signcryption to the first terminal; and the second signcryption is used for obtaining a second signcryption message after the first terminal passes verification.
The application provides a close range energy-saving communication method of an anti-quantum computing application system based on signcryption, which comprises the following steps:
the second terminal generates and sends a second terminal random number to the first terminal;
the first terminal acquires and utilizes the second terminal random number to generate a session message and provides the session message to an application server;
the application server acquires a session message from a first terminal, generates a server random number, obtains a message Tm according to the session message, and sends the server random number and the message Tm to the first terminal, wherein the message Tm is ciphertext containing a session key;
The first terminal acquires and forwards a server random number and a message Tm from an application server to a second terminal;
the second terminal obtains a server random number and a message Tm from the first terminal, obtains a key Km by looking up a table in a symmetric key pool in a key fob according to the server random number, decrypts the message Tm by using the key Km to obtain a session key, performs message authentication by using the session key, and obtains a key Kij by looking up a table in a signcryption symmetric key pool in the key fob according to the server random number after the message authentication is passed, generates a first signcryption message, calculates by using the first signcryption message and the key Kij to obtain a first signcryption and sends the first signcryption message to the first terminal;
the first terminal acquires a first signcryption from the second terminal and forwards the first signcryption to an application server;
the application server obtains a first signcryption from a first terminal, decrypts and verifies the first signcryption to obtain an authentication result, generates a second signcryption message according to the authentication result, calculates the second signcryption by using a server random number and the second signcryption message to obtain a second signcryption, and sends the second signcryption to the first terminal;
the first terminal acquires a second signcryption from the application server, verifies the second signcryption, and obtains a second signcryption message according to the second signcryption after verification is passed.
Preferably, the second terminal obtains the key Km by looking up a table in a symmetric key pool in the key fob according to the server random number, including:
combining the own second terminal random number and the server random number with a pointer function to obtain a second terminal private key pointer and an application server private key pointer, wherein the application server private key pointer and the second terminal private key pointer correspond to rows and columns of a key table in a symmetric key pool, and then a key Km is obtained;
the second terminal obtains a key Kij by looking up a table in a signcryption symmetric key pool in the key fob according to the server random number, and the method comprises the following steps:
generating a random number rik; and combining the server random number with the pointer function to obtain an application server private key pointer, wherein the application server private key pointer and the random number rik correspond to the rows and columns of the key table in the signcryption symmetric key pool, and then a key Kij is obtained.
Preferably, the application server is configured with an application server key fob, and a public key pool and a private key pool are stored in the application server key fob; the first terminal is configured with a first terminal key fob, and a gateway public key pool, a public key pool and a private key pool are stored in the first terminal key fob; the second terminal is configured with a second terminal key fob, a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key fob, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool.
The application also provides computer equipment, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the anti-quantum computing application system near-field energy-saving communication method based on the signcryption when executing the computer program.
The application also provides an anti-quantum computing application system short-distance energy-saving communication system based on the signcryption, which comprises a first terminal, a second terminal, an application server and a communication network; the application server is configured with an application server key fob, and a public key pool and a private key pool are stored in the application server key fob; the first terminal is configured with a first terminal key fob, and a gateway public key pool, a public key pool and a private key pool are stored in the first terminal key fob; the second terminal is configured with a second terminal key fob, a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key fob, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool;
the first terminal, the second terminal and the application server realize the steps of the anti-quantum computing application system near-field energy-saving communication method based on the signcryption through the communication network.
The second terminal in the application does not use public key and private key to carry out index calculation, and can obtain the symmetric key only by looking up a table, thus having small calculation amount and high speed and saving energy for the second terminal. The application server serving as the communication center does not need to store a plurality of large-capacity symmetric key pools, and only needs to store a plurality of groups of public key pools, so that the storage space of the application server is greatly saved. When an application server newly adds an Nth application terminal, according to a symmetric key pool method, the same key quantity as the Nth application terminal, namely m, N, needs to be newly added and stored originally; only the key quantity of the public key pool corresponding to the Nth application terminal needs to be newly increased and stored, namely N, and the newly increased key quantity is greatly reduced. Thus greatly saving the storage space of the application server.
Drawings
FIG. 1 is a networking diagram of an application system according to an embodiment of the present application;
FIG. 2 is a schematic diagram of the structure of an application server key fob key region;
FIG. 3 is a schematic diagram of the structure of a public key pool in the key zone of an application server key fob;
FIG. 4 is a schematic diagram of the key area of the key fob;
FIG. 5 is a schematic diagram of the structure of the key area of the M key fob;
FIG. 6 is a schematic diagram of a symmetric key pool in an application client key fob key zone;
FIG. 7 is a flowchart of obtaining a public and private key of an application server according to an embodiment of the present application;
Fig. 8 is a flowchart of obtaining a public key of an application terminal according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In one embodiment, a close range energy-saving communication method of an anti-quantum computing application system based on signcryption is provided, which is implemented in a first terminal, and the close range energy-saving communication method of the anti-quantum computing application system includes:
acquiring a second terminal random number from a second terminal;
generating a session message by using the second terminal random number and providing the session message to an application server;
acquiring a server random number and a message Tm from an application server; the server random number is generated by the application server, the message Tm is ciphertext containing a session key, and the message Tm is obtained by the application server according to the session message;
Sending the server random number and a message Tm to a second terminal; the server random number is used for a second terminal to obtain a key Km by looking up a table in a symmetric key pool in the key fob, the key Km is used for the second terminal to decrypt the message Tm to obtain a session key, and the session key is used for the second terminal to carry out message authentication;
acquiring a first signcryption from a second terminal; the first signcryption is calculated by the second terminal according to a first signcryption message and a secret key Kij, the first signcryption message is generated by the second terminal, and the secret key Kij is obtained by the second terminal according to a server random number by looking up a table in a signcryption symmetric secret key pool in the secret key card;
sending the first signcryption to the application server; the first signcryption is used for obtaining an authentication result after decryption and verification by the application server;
acquiring a second signcryption from an application server, verifying the second signcryption, and obtaining a second signcryption message according to the second signcryption after verification is passed; and the second signcryption message is generated by the application server according to the authentication result, and the second signcryption is calculated by the application server by utilizing the server random number and the second signcryption message.
In the application, one party of the session does not use the public key and the private key to carry out exponential calculation, and only needs to look up a table to obtain the symmetric key, thereby having small calculation amount and high speed and saving energy for the symmetric key.
In one embodiment, a close range energy-saving communication method of an anti-quantum computing application system based on signcryption is provided, and implemented in a second terminal, the close range energy-saving communication method of the anti-quantum computing application system includes:
generating and sending a second terminal random number to the first terminal, wherein the second terminal random number is used for the first terminal to generate a session message and provide the session message to an application server;
obtaining a server random number and a message Tm from a first terminal, looking up a table in a symmetric key pool in a key fob according to the server random number to obtain a key Km, decrypting the message Tm by using the key Km to obtain a session key, and performing message authentication by using the session key; the server random number is generated by the application server, the message Tm is ciphertext containing a session key, and the message Tm is obtained by the application server according to the session message;
after the message authentication is passed, a secret key Kij is obtained by looking up a table in a secret symmetric key pool in a key fob according to a server random number, a first secret message is generated, and the first secret message and the secret key Kij are used for calculating to obtain a first secret and are sent to a first terminal; the first signcryption is used for obtaining an authentication result after decryption and verification by the application server, the authentication result is used for generating a second signcryption message by the application server, the second signcryption message is used for generating a second signcryption by the application server, and the second signcryption is used for obtaining a second signcryption message after verification by the first terminal.
In this embodiment, the party of the session does not use the public key and the private key to perform the exponential calculation, and only needs to look up a table to obtain the symmetric key, so that the calculation amount is small, the speed is high, and energy can be saved for the symmetric key.
In one embodiment, a close range energy-saving communication method for an anti-quantum computing application system based on signcryption is provided, and implemented in an application server, the close range energy-saving communication method for the anti-quantum computing application system includes:
acquiring a session message from a first terminal; the session message is generated by a first terminal according to a second terminal random number, and the second terminal random number is generated by a second terminal;
generating a server random number, obtaining a message Tm according to the session message, and sending the server random number and the message Tm to a first terminal; the message Tm is ciphertext containing a session key, the server random number is used for a second terminal to look up a table in a symmetric key pool in a key fob to obtain a key Km, the key Km is used for the second terminal to decrypt the message Tm to obtain the session key, and the session key is used for the second terminal to carry out message authentication;
obtaining a first signcryption from a first terminal, decrypting and verifying the first signcryption to obtain an authentication result, generating a second signcryption message according to the authentication result, and calculating to obtain a second signcryption by using a server random number and the second signcryption message; the first signcryption is calculated by the second terminal according to a first signcryption message and a secret key Kij, the first signcryption message is generated by the second terminal, and the secret key Kij is obtained by the second terminal according to a server random number by looking up a table in a signcryption symmetric secret key pool in the secret key card;
Sending the second signcryption to the first terminal; and the second signcryption is used for obtaining a second signcryption message after the first terminal passes verification.
In this embodiment, the party of the session does not use the public key and the private key to perform the exponential calculation, and only needs to look up a table to obtain the symmetric key, so that the calculation amount is small, the speed is high, and energy can be saved for the symmetric key.
In one embodiment, a close range energy-saving communication method for an anti-quantum computing application system based on signcryption is provided, and the close range energy-saving communication method for the anti-quantum computing application system includes:
the second terminal generates and sends a second terminal random number to the first terminal;
the first terminal acquires and utilizes the second terminal random number to generate a session message and provides the session message to an application server;
the application server acquires a session message from a first terminal, generates a server random number, obtains a message Tm according to the session message, and sends the server random number and the message Tm to the first terminal, wherein the message Tm is ciphertext containing a session key;
the first terminal acquires and forwards a server random number and a message Tm from an application server to a second terminal;
the second terminal obtains a server random number and a message Tm from the first terminal, obtains a key Km by looking up a table in a symmetric key pool in a key fob according to the server random number, decrypts the message Tm by using the key Km to obtain a session key, performs message authentication by using the session key, and obtains a key Kij by looking up a table in a signcryption symmetric key pool in the key fob according to the server random number after the message authentication is passed, generates a first signcryption message, calculates by using the first signcryption message and the key Kij to obtain a first signcryption and sends the first signcryption message to the first terminal;
The first terminal acquires a first signcryption from the second terminal and forwards the first signcryption to an application server;
the application server obtains a first signcryption from a first terminal, decrypts and verifies the first signcryption to obtain an authentication result, generates a second signcryption message according to the authentication result, calculates the second signcryption by using a server random number and the second signcryption message to obtain a second signcryption, and sends the second signcryption to the first terminal;
the first terminal acquires a second signcryption from the application server, verifies the second signcryption, and obtains a second signcryption message according to the second signcryption after verification is passed.
In this embodiment, the party of the session does not use the public key and the private key to perform the exponential calculation, and only needs to look up a table to obtain the symmetric key, so that the calculation amount is small, the speed is high, and energy can be saved for the symmetric key.
In another embodiment, the second terminal obtains the key Km by looking up a table in a symmetric key pool in the key fob according to the server random number, including:
combining the own second terminal random number and the server random number with a pointer function to obtain a second terminal private key pointer and an application server private key pointer, wherein the application server private key pointer and the second terminal private key pointer correspond to rows and columns of a key table in a symmetric key pool, and then a key Km is obtained;
The second terminal obtains a key Kij by looking up a table in a signcryption symmetric key pool in the key fob according to the server random number, and the method comprises the following steps:
generating a random number rik; and combining the server random number with the pointer function to obtain an application server private key pointer, wherein the application server private key pointer and the random number rik correspond to the rows and columns of the key table in the signcryption symmetric key pool, and then a key Kij is obtained.
In the embodiment, the pointers required by the table lookup are obtained by using two random numbers, and the symmetric key can be obtained according to the corresponding pointers to the rows and columns of the key table, so that the table lookup operation is simple and the speed is high.
In another embodiment, the application server is configured with an application server key fob, and the application server key fob stores a public key pool and a private key pool; the first terminal is configured with a first terminal key fob, and a gateway public key pool, a public key pool and a private key pool are stored in the first terminal key fob; the second terminal is configured with a second terminal key fob, a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key fob, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool.
The application server in the embodiment does not need to store a plurality of large-capacity symmetric key pools, only needs to store a plurality of groups of public key pools, and greatly saves the storage space of the application server.
When the application is applied to the application system short-range energy-saving communication scheme, the application system can be various systems needing short-range identity authentication, and comprises an application server and a plurality of application clients, wherein the application clients comprise application terminals and application IC cards, and the application IC cards are low-performance devices. The application server runs the business service program and the application client runs the business client program. The application system may be, but is not limited to: an access control system; a traffic card swiping system; an attendance checking system; etc. In the case of the above three application systems, the application servers are respectively: an access control system server, a traffic card swiping system server and an attendance checking system server; the application terminals are respectively as follows: an access card reader, a traffic card reader and an attendance card reader; the application IC cards are respectively as follows: access card, traffic card, attendance card. The physical form of the application IC card may be a smart card form key fob or a handset SDKEY form key fob.
The application system structure is as shown in fig. 1, and the application server (S) is used for issuing a key fob to the application terminal and the application IC card, and is also used for issuing a session key KS. The application server and the application terminal are connected using a wired network or a wireless network. The application IC card and the application terminal are connected using a near field communication method (e.g., BLE/NFC/infrared).
Let us assume here that the application server ID is IDs, using S-key fob. The specific structure of the key area of the key fob of the application server S is shown in fig. 2, and includes a public key pool and a private key pool. The specific structure of the public key pool in the key fob is shown in fig. 3, and the public key pool comprises a server public key pool and N client public key pools of N clients. The starting position of the public key pool of the server is Kp0, and the size of the public key pool is Ks0. The size of the server private key pool is also Ks0. The starting positions of the N client public key pools are Kp1, kp2, … … and KpN respectively, and the sizes of the N private key pools are Ks1, ks2, … … and KsN respectively. The key pool size varies from 1G to 4096G. The server key numbers are respectively 1-m, the server private key pool is { s1, s2,… …, sm), the server public key pool is { S1, S2, … …, sm }. According to the Diffie-Hellman protocol, a large prime number p and a number g are defined, g is the primitive root of modulo p, and g and p are parameters of the Diffie-Hellman protocol. The server generates a true random large integer Si (i epsilon {1,2, … …, m }) as its own private key according to the matched key fob, and obtains a public key si=g by calculation si mod p(i∈{1,2,……,m})。
The application client includes an application terminal C and an application IC card M, which is a low-performance device. Assuming that the application terminal ID is IDC, a C key fob is used, and the specific structure of the C key fob is shown in fig. 4, including a gateway key pool, a public key pool, and a private key pool. The specific structure of the M key card is shown in fig. 5, and the M key card comprises a private key pool of the client, a public key pool/private key pool of the client, a symmetric key pool and a signcryption symmetric key pool. The specific structure of the symmetric key pool is shown in fig. 6, and the server public key and the client private key participate in generating the symmetric key. Let a client key number be 1-n, a client private key pool be { C1, C2, … …, cn }, a client public key pool be { C1, C2, … …, cn }, where cj=g cj mod p, j ε {1,2, … …, n }. The key fob issuer, namely the application server, calculates all Kij for the application client in the way kij= (Si) cj mod p copies the key field (i.e., the gray field in fig. 6) into the key fob to form the key table. The specific structure of the signcryption symmetric key pool is similar to that of the symmetric key pool, and the difference is that the signcryption symmetric key pool participates in generating the signcryption symmetric key is a server public key Si and a client private key xj, namely, according to formula qij= (Si) xj mod p may be calculated to obtain a signcryption symmetric key.
Without any particular description, the names in the present application are based on a combination of letters and numbers, such as S, application server S, and servers hereinafter represent the same meaning, i.e. application server S; again, as key Km, km hereinafter means the same meaning, namely key Km; the other names are the same. And Km, C and Nc in the expressions of the key Km, the application terminal C, the random number Nc, etc. are only for convenience of distinction and description, and there is no additional limitation on the parameters themselves, such as S, M in the application server S, the application IC card M; for another example, a pointer random number rs, rs in a secret key Kij and Kij; and the other is the same.
In a specific application scenario, for convenience of description, the first terminal is set as an application terminal C, and a first terminal key fob (i.e., a C key fob) is configured; the second terminal is set as an application IC card M, and is configured with a second terminal key fob (namely an M key fob); the application server is an application server S, and an application server key fob (i.e., S key fob) is configured.
Example 1
In this embodiment, a process that the application terminal C and the application IC card M perform key negotiation through the application server S and perform message authentication in a communication process is taken as an example, and a close-range energy-saving communication method of the anti-quantum computing application system based on signcryption is further described in detail.
In order to simplify the main communication flow, the process of negotiating a key between an application server and an application terminal is taken as an example to detail the key negotiation:
the application server S obtains an application server asymmetric key pointer random number rs and an application terminal asymmetric key pointer random number rc. Kc is obtained from rs and rc. The process is shown in fig. 7-8, and the text is described as follows:
and obtaining an application server private key pointer Ps by combining rs with a specific application server asymmetric key pointer function Fs, and extracting an application server private key SKs from an application server private key pool through the Ps. The application server public key pointer Kss can be obtained by adding Ps to the starting position Ks0 of the public key pool of the application server, and the public key PKs of the application server can be extracted from the public key pool through Kss.
The application terminal private key pointer Pc is obtained by combining rc with a specific application terminal asymmetric key pointer function Fc, the application terminal public key pointer Ksc is obtained by adding Pc to the application terminal public key pool starting position KsN, and the application terminal public key PKc is extracted from the public key pool by Ksc.
Calculate kc= (PKc) SKs mod p。
The application server S communicates with the application terminal C using Kc as a key.
After receiving the application terminal C, according to Ps and Pc, the application terminal C obtains an application server public key pointer Kss by adding Ps to the starting position Ks0 of the application server public key pool, extracts an application server public key PKs from the public key pool through Kss, extracts an application terminal private key SKc from the application terminal private key pool by using Pc, and calculates to obtain Kc= (PKs) SKc mod p。
The specific communication process is described as follows:
1. the application IC card M transmits key negotiation basic information to the application terminal C.
1.1, the application IC card M takes the second terminal random number Nm and sends the combined IDM Nm to the application terminal C.
1.2, C receives the message IDM Nm, takes the first terminal random number Nc, then names the combined IDC Nc IDM Nm SESSID and sends it to the application server S, and the message SESSID is also used as the session ID of the key negotiation, namely the session message.
2. The application server S receives the message sesssid.
Taking a server random number Ns, taking Ns as an application server asymmetric key pointer random number (where Ns is equal to rs above), taking Nm as an application IC card asymmetric key pointer random number (where Nm is equal to rc above), calculating to obtain Km according to the method, and calculating to obtain Kc by the same method. S takes a random number Kmc as a session key, encrypts a combination of Kmc, IDC and Nm by Km to obtain { Kmc I IDC I Nm } Km, and names the Km as a message Tm; the combination of Kmc, IDM and Nc is encrypted with Kc to obtain { Kmc I IDM I Nc } Kc, and names it as message Tc. S sends the combination SESSID Ns Tm Tc to C.
3. C obtains the message SESSID Ns Tm Tc.
C, calculating to obtain Kc by using Nc and Ns existing on the own side according to the method in the step 2, and decrypting Tc by using the Kc to obtain Kmc, IDM and Nc. Comparing whether Nc decrypted from Tc is equal to the original Nc of the own party, the equality can verify that Tc is from the server.
C will combine Kmc and Nm, nc, IDC according to the formula MACcm = MAC Kmc, and Nm Nc IDC is calculated to obtain the MAC value MACCm. MACcm represents a message authentication code with Kmc as a key and Nm Nc IDC as a message. And then the combination SESSID Ns Tm MACcm is sent to M.
4. M receives the message SESSID Ns Tm MACCm.
According to the existing Nm and the received Ns of the own party, combining the Nm and the Ns with pointer functions to obtain a second terminal private key pointer and an application server private key pointer, wherein the application server private key pointer and the second terminal private key pointer correspond to the rows and columns of a key table in a symmetric key pool, so as to obtain a key Km, and Kmc, IDC and Nm can be obtained by decrypting Tm by using the key Km. Comparing whether the decrypted Nm from Tm is equal to the original Nm from the own side, the Tm can be verified to originate from the server initially. M resolves Nc from sesssid, according to the formula MACcm '=mac { Kmc, nm Nc IDC is calculated to obtain a MAC value MACCm', and comparing the MACcm 'with the obtained MACcm, and if the MACcm' and the MACcm are the same, verifying successfully, wherein M completely trusts the identity of C. The MAC value MACmc is calculated according to the formula macmc=mac (Kmc, nm||nc).
Causing a first signcryption message mreq=nm| Ns req is a term of the number of times, where req is the application request that M issues to S. M acts on Nm with function fm to obtain ria, fs acts on Ns to obtain rib, and then a random number rik is taken, i=rib, j= rik, the key Kij is obtained by looking up a table in the signcryptic symmetric key pool of the key fob, and then a function f1 (for example, splitting one number into two segments according to a length of 1:1) acts on Kij to obtain two numbers k1 and k2.
Taking the keyed hash function KH to act on the signcryption messages Mreq and k2 to get r. KH is preferably an HMAC function. The rib is used to retrieve kia from the key fob client private key pool and rik is used to retrieve kik from the key fob client private key pool. If the SDSS1 signcryption scheme is selected to be used, the function fs1 is used to act on kik, r and kia, and the specific formula is s= kik/(r+ kia) so as to calculate s; if the SDSS2 signcryption scheme is selected, the function fs2 is used to act on kik, r and kia, specifically expressed as s= kik/(1+kia r) to calculate s (where the signcryption schemes SDSS1 and SDSS2 are derived from reference material Digital Signcryption or How to Achieve Cost (Signature & Encryption) < < Cost (Signature) + Cost (Encryption)). Encryption of req with k1 yields c, and encryption of s with Km yields { s } Km. The combination c r s Km is designated as the first SIGNms. M sends the message combination SESSID MACMc SIGNms to C.
5. C receives the message SESSID MACMc SIGNms.
The MAC value MACmc ' is calculated according to the formula MACmc ' =mac (Kmc, nm||nc) and comparing MACmc ' with the obtained MACmc, equality indicates that the verification is passed. The MAC value MACcs is calculated according to the formula maccs=mac (Kc, nc||ns). C sends the message combination SESSID MACS SIGNms to the server S.
6. S receives the message SESSID MACS SIGNms.
The MAC value MACcs ' is calculated according to the formula MACcs ' =mac (Kc, nc||ns), and the MACcs ' is compared with the obtained MACcs, and if they are equal, the verification is passed.
S gets c, r and { S } Km from SIGNms. S acts on Nm with the same function fm as M to obtain ria, acts on Ns with the same function fs as M to obtain rib, and then rib is taken out of the key fob public key pool Kia, and rib is taken out of the key fob private key pool kib. S, decrypting { S } Km according to the Km calculated in the step 2 to obtain S. The signcryption scheme SDSS1 or SDSS2 selected according to the signcryption acts on the Kia, r, s and kib using the corresponding function fu1 or fu2, specifically expressed as kij= (Kia ×g) r ) s*kib mod p (SDSS 1 case) or kij= (g Kia) r ) s*kib mod p (SDSS 2 case) can get the key Kij. And then the same function f1 as M is applied to Kij to obtain k1 and k2.
Decrypting c with k1 to obtain req, and combining req, nm and Ns to obtain Mreq. And (3) taking KH to act on the first signcryption messages Mreq and k2, comparing the obtained result with r in the signcryption combination, if the obtained result is the same with the r in the signcryption combination, verifying that the identity of M is correct, and the first signcryption message Mreq transmitted to S by M is not modified in the transmission process, otherwise, failing to verify, and obtaining an authentication result after comparison.
S designates the second signcryption message combination Ns/Nc/ntf as Mntf, where ntf denotes a notification of C or various types of operation instructions by S according to the authentication result of M. Acting on Ns with function fs yields ria ', acting on Nc with function fc yields rib ', taking kia ' from the key fob private key pool with ria ', and taking Kib ' of C from the key fob public key pool with rib. The random number kik ' is taken again, k ' is calculated according to the formula k ' = Kib ' = kik ' mod p, and then the two numbers k1' and k2' are obtained by acting on k ' by a function f1' (for example, splitting a number into two segments according to a length of 1:1).
Taking the keyed hash function KH acts on the second signcryption messages Mntf and k2 'to get r'. Preferably, KH is an HMAC function. If the SDSS1 signcryption scheme is selected to be used, the function fs1 is used to act on kik ', r' and kia ', and the specific formula is s' = kik '/(r' + kia ') so as to calculate s'; if the SDSS2 signcryption scheme is selected, the function fs2 is used to act on kik ', r' and kia ', specifically expressed as s' = kik '/(1+kia' ×r ') to calculate s'. Encryption ntf is performed with k1 'to obtain c', and s 'is encrypted with Kc to obtain { s' } Kc. The combination c ' ||r ' |{ s ' } Kc is designated as the second SIGNsc. S sends the message combination sesssid||sign sc to C.
7. C receives the message SESSID SIGNsc.
C gets C ', r ' and { s ' } Kc from SIGNsc. C acts on Ns with the same function fs as S to obtain ria ', acts on Nc with the same function fc as S to obtain rib ', and then rib ' extracts Kia ' from the key fob gateway public key pool and kib ' from the key fob private key pool. C decrypting { s '} Kc to obtain s' according to the Kc calculated in the step 3. The signcryption scheme SDSS1 or SDSS2 selected according to the signcryption is applied to Kia ', r', s 'and kib' using the corresponding function fu1 or fu2, specifically expressed as k '= (Kia' ×g) r’ ) s’*kib‘ mod p (SDSS 1 case) or k '= (g x Kia' r’ ) s’*kib‘ mod p (SDSS 2 case) can get k'. Then, k1 'and k2' are obtained by applying the same function f1 'as M to k'.
Decrypting c 'with k1' gives ntf, and then combining ntf, nc and Ns gives Mntf. And taking KH to act on the second signcryption messages Mntf and k2', comparing the obtained result with r' in the signcryption combination, and if the result is the same, verifying that the identity of S is correct and the second signcryption message Mntf of S to C is not modified in the transmission process. And if the verification is successful, C receives the content of ntf from the second signcryption message and sequentially plays the notification or executes various operation instructions.
This embodiment can be considered as directed to the respective embodiments described above for each step, and can also be considered as a combination of the respective embodiments described above for all steps.
The key fob is an identity authentication and encryption and decryption product combining cryptography technology, hardware security isolation technology and quantum physics technology (in the case of carrying a quantum random number generator). The embedded chip and the operating system of the key fob can provide the functions of secure storage of keys, cryptographic algorithms, and the like. Because of its independent data processing capability and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob may be protected by a hardware PIN code, which forms two necessary factors for the user to use the key fob, namely so-called "two-factor authentication", and the user may log into the system only by simultaneously obtaining the key fob and the user PIN code, which have stored the relevant authentication information. Even if the PIN code of the user is revealed, the identity of the legal user cannot be imitated as long as the key fob held by the user is not stolen; if the key fob of the user is lost, the pick-up cannot impersonate the identity of the legitimate user because the user PIN code is not known. In a word, the key fob makes the secret information such as the key not appear in the disk and the memory of the host in a plaintext form, thereby effectively ensuring the safety of the secret information.
The application system members are all provided with key fobs, the key fobs are independent hardware devices, and the possibility of stealing the key by malicious software or malicious operations is greatly reduced. Meanwhile, the public keys of the required application system members are extracted by combining the random numbers disclosed by the shared user side with the asymmetric key pool, and the public keys of the application system members are stored in the key fob, so that the quantum computer cannot obtain the public keys of the users and further cannot obtain the corresponding private keys, and therefore the risk of being cracked by the quantum computer is reduced.
The low-power consumption application IC card does not use public keys and private keys for exponential calculation, and can obtain the symmetric key only by looking up a table, so that the calculation amount is small and the speed is high; and can save energy for the battery and prolong the service time of the battery applying the IC card.
The application server serving as the communication center does not need to store a plurality of large-capacity symmetric key pools, and only needs to store a plurality of groups of public key pools, so that the storage space of the application server is greatly saved. According to the above embodiment, when the application server newly adds the nth application terminal, according to the symmetric key pool method, the same key amount as the nth application terminal, that is, m×n, needs to be newly stored; only the key quantity of the public key pool corresponding to the Nth application terminal needs to be newly increased and stored, namely N, and the newly increased key quantity is greatly reduced. Thus greatly saving the storage space of the application server.
In an embodiment, the present application further provides a computer device, which may be a first terminal device, a second terminal device or an application server device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the signcryption-based anti-quantum computing application system near-field energy saving communication method when executing the computer program.
Specific limitations regarding computer devices can be found in the above definitions of the short-range energy-saving communication method for quantum computing application systems, and are not described in detail herein. The various modules in the computer devices described above may be implemented in whole or in part in software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
The computer device may be a terminal and its internal structure may include a processor, memory, network interface, display screen and input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes non-volatile storage media, internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program when executed by the processor is used for realizing the anti-quantum computing application system near-field energy-saving communication method based on the signcryption. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
In another embodiment, a signcryption-based short-range energy-saving communication system of an anti-quantum computing application system is provided, the anti-quantum computing energy-saving communication system comprises a first terminal, a second terminal, an application server and a communication network; the application server is configured with an application server key fob, and a public key pool and a private key pool are stored in the application server key fob; the first terminal is configured with a first terminal key fob, and a gateway public key pool, a public key pool and a private key pool are stored in the first terminal key fob; the second terminal is configured with a second terminal key fob, a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key fob, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool;
the first terminal, the second terminal and the application server realize the steps of the anti-quantum computing application system near-field energy-saving communication method based on the signcryption through the communication network.
For specific limitations on the signcryption-based anti-quantum computing application system near field energy saving communication system, reference may be made to the above limitations on the signcryption-based anti-quantum computing application system near field energy saving communication method, and the detailed description thereof will be omitted.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the invention, which are described in detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.

Claims (7)

1. The anti-quantum computing application system near-field energy-saving communication method based on the signcryption is implemented in a first terminal and is characterized by comprising the following steps of:
acquiring a second terminal random number from a second terminal;
generating a session message by using the second terminal random number and providing the session message to an application server;
Acquiring a server random number and a message Tm from an application server; the server random number is generated by the application server, the message Tm is ciphertext containing a session key, and the message Tm is obtained by the application server according to the session message;
sending the server random number and a message Tm to a second terminal; the server random number is used for a second terminal to obtain a key Km by looking up a table in a symmetric key pool in the key fob, the key Km is used for the second terminal to decrypt the message Tm to obtain a session key, and the session key is used for the second terminal to carry out message authentication;
acquiring a first signcryption from a second terminal; the first signcryption is calculated by the second terminal according to a first signcryption message and a secret key Kij, the first signcryption message is generated by the second terminal, and the secret key Kij is obtained by the second terminal according to a server random number by looking up a table in a signcryption symmetric secret key pool in the secret key card;
sending the first signcryption to the application server; the first signcryption is used for obtaining an authentication result after decryption and verification by the application server;
acquiring a second signcryption from an application server, verifying the second signcryption, and obtaining a second signcryption message according to the second signcryption after verification is passed; the second signcryption message is generated by the application server according to the authentication result, and the second signcryption is calculated by the application server by utilizing a server random number and the second signcryption message;
The application server is configured with an application server key fob, and a public key pool and a private key pool are stored in the application server key fob; the first terminal is configured with a first terminal key fob, and a gateway public key pool, a public key pool and a private key pool are stored in the first terminal key fob; the second terminal is configured with a second terminal key fob, a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key fob, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool.
2. The anti-quantum computing application system near-field energy-saving communication method based on the signcryption is implemented in the second terminal and is characterized by comprising the following steps of:
generating and sending a second terminal random number to the first terminal, wherein the second terminal random number is used for the first terminal to generate a session message and provide the session message to an application server;
obtaining a server random number and a message Tm from a first terminal, looking up a table in a symmetric key pool in a key fob according to the server random number to obtain a key Km, decrypting the message Tm by using the key Km to obtain a session key, and performing message authentication by using the session key; the server random number is generated by the application server, the message Tm is ciphertext containing a session key, and the message Tm is obtained by the application server according to the session message;
After the message authentication is passed, a secret key Kij is obtained by looking up a table in a secret symmetric key pool in a key fob according to a server random number, a first secret message is generated, and the first secret message and the secret key Kij are used for calculating to obtain a first secret and are sent to a first terminal; the first signcryption is used for obtaining an authentication result after decryption and verification by the application server, the authentication result is used for generating a second signcryption message by the application server, the second signcryption message is used for generating a second signcryption by the application server, and the second signcryption is used for obtaining a second signcryption message after verification by the first terminal;
the application server is configured with an application server key fob, and a public key pool and a private key pool are stored in the application server key fob; the first terminal is configured with a first terminal key fob, and a gateway public key pool, a public key pool and a private key pool are stored in the first terminal key fob; the second terminal is configured with a second terminal key fob, a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key fob, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool.
3. The anti-quantum computing application system near-field energy-saving communication method based on the signcryption is implemented in an application server and is characterized by comprising the following steps of:
acquiring a session message from a first terminal; the session message is generated by a first terminal according to a second terminal random number, and the second terminal random number is generated by a second terminal;
generating a server random number, obtaining a message Tm according to the session message, and sending the server random number and the message Tm to a first terminal; the message Tm is ciphertext containing a session key, the server random number is used for a second terminal to look up a table in a symmetric key pool in a key fob to obtain a key Km, the key Km is used for the second terminal to decrypt the message Tm to obtain the session key, and the session key is used for the second terminal to carry out message authentication;
obtaining a first signcryption from a first terminal, decrypting and verifying the first signcryption to obtain an authentication result, generating a second signcryption message according to the authentication result, and calculating to obtain a second signcryption by using a server random number and the second signcryption message; the first signcryption is calculated by the second terminal according to a first signcryption message and a secret key Kij, the first signcryption message is generated by the second terminal, and the secret key Kij is obtained by the second terminal according to a server random number by looking up a table in a signcryption symmetric secret key pool in the secret key card;
Sending the second signcryption to the first terminal; the second signcryption is used for obtaining a second signcryption message after the first terminal passes verification;
the application server is configured with an application server key fob, and a public key pool and a private key pool are stored in the application server key fob; the first terminal is configured with a first terminal key fob, and a gateway public key pool, a public key pool and a private key pool are stored in the first terminal key fob; the second terminal is configured with a second terminal key fob, a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key fob, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool.
4. The anti-quantum computing application system short-range energy-saving communication method based on the signcryption is characterized by comprising the following steps of:
the second terminal generates and sends a second terminal random number to the first terminal;
the first terminal acquires and utilizes the second terminal random number to generate a session message and provides the session message to an application server;
the application server acquires a session message from a first terminal, generates a server random number, obtains a message Tm according to the session message, and sends the server random number and the message Tm to the first terminal, wherein the message Tm is ciphertext containing a session key;
The first terminal acquires and forwards a server random number and a message Tm from an application server to a second terminal;
the second terminal obtains a server random number and a message Tm from the first terminal, obtains a key Km by looking up a table in a symmetric key pool in a key fob according to the server random number, decrypts the message Tm by using the key Km to obtain a session key, performs message authentication by using the session key, and obtains a key Kij by looking up a table in a signcryption symmetric key pool in the key fob according to the server random number after the message authentication is passed, generates a first signcryption message, calculates by using the first signcryption message and the key Kij to obtain a first signcryption and sends the first signcryption message to the first terminal;
the first terminal acquires a first signcryption from the second terminal and forwards the first signcryption to an application server;
the application server obtains a first signcryption from a first terminal, decrypts and verifies the first signcryption to obtain an authentication result, generates a second signcryption message according to the authentication result, calculates the second signcryption by using a server random number and the second signcryption message to obtain a second signcryption, and sends the second signcryption to the first terminal;
the first terminal acquires a second signcryption from the application server, verifies the second signcryption, and obtains a second signcryption message according to the second signcryption after verification is passed;
The application server is configured with an application server key fob, and a public key pool and a private key pool are stored in the application server key fob; the first terminal is configured with a first terminal key fob, and a gateway public key pool, a public key pool and a private key pool are stored in the first terminal key fob; the second terminal is configured with a second terminal key fob, a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key fob, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool.
5. The method for near field energy saving communication of a signcryption-based anti-quantum computing application system according to any one of claims 1 to 4, wherein the second terminal obtains the key Km by looking up a table in a symmetric key pool in a key fob according to a server random number, comprising:
combining the own second terminal random number and the server random number with a pointer function to obtain a second terminal private key pointer and an application server private key pointer, wherein the application server private key pointer and the second terminal private key pointer correspond to rows and columns of a key table in a symmetric key pool, and then a key Km is obtained;
The second terminal obtains a key Kij by looking up a table in a signcryption symmetric key pool in the key fob according to the server random number, and the method comprises the following steps:
generating a random number rik; and combining the server random number with the pointer function to obtain an application server private key pointer, wherein the application server private key pointer and the random number rik correspond to the rows and columns of the key table in the signcryption symmetric key pool, and then a key Kij is obtained.
6. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the signcryption-based anti-quantum computing application system near field energy saving communication method of any one of claims 1 to 3.
7. The anti-quantum computing application system short-distance energy-saving communication system based on the signcryption is characterized by comprising a first terminal, a second terminal, an application server and a communication network; the application server is configured with an application server key fob, and a public key pool and a private key pool are stored in the application server key fob; the first terminal is configured with a first terminal key fob, and a gateway public key pool, a public key pool and a private key pool are stored in the first terminal key fob; the second terminal is configured with a second terminal key fob, a client private key pool, a client public key pool, a client private key pool, a symmetric key pool and a signcryption symmetric key pool are stored in the second terminal key fob, and independent key tables are respectively stored in the symmetric key pool and the signcryption symmetric key pool;
The first terminal, the second terminal and the application server implement the steps of the signcryption-based quantum computing application system short-range energy-saving communication method according to claim 4 through the communication network.
CN201910404409.2A 2019-05-15 2019-05-15 Anti-quantum computing application system near field energy-saving communication method and system based on signcryption, and computer equipment Active CN110176991B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910404409.2A CN110176991B (en) 2019-05-15 2019-05-15 Anti-quantum computing application system near field energy-saving communication method and system based on signcryption, and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910404409.2A CN110176991B (en) 2019-05-15 2019-05-15 Anti-quantum computing application system near field energy-saving communication method and system based on signcryption, and computer equipment

Publications (2)

Publication Number Publication Date
CN110176991A CN110176991A (en) 2019-08-27
CN110176991B true CN110176991B (en) 2023-09-05

Family

ID=67691079

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910404409.2A Active CN110176991B (en) 2019-05-15 2019-05-15 Anti-quantum computing application system near field energy-saving communication method and system based on signcryption, and computer equipment

Country Status (1)

Country Link
CN (1) CN110176991B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6061790A (en) * 1996-11-20 2000-05-09 Starfish Software, Inc. Network computer system with remote user data encipher methodology
CN108111301A (en) * 2017-12-13 2018-06-01 中国联合网络通信集团有限公司 The method and its system for realizing SSH agreements are exchanged based on rear quantum key
CN109756500A (en) * 2019-01-11 2019-05-14 如般量子科技有限公司 Anti- quantum calculation https traffic method and system based on multiple unsymmetrical key ponds

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6061790A (en) * 1996-11-20 2000-05-09 Starfish Software, Inc. Network computer system with remote user data encipher methodology
CN108111301A (en) * 2017-12-13 2018-06-01 中国联合网络通信集团有限公司 The method and its system for realizing SSH agreements are exchanged based on rear quantum key
CN109756500A (en) * 2019-01-11 2019-05-14 如般量子科技有限公司 Anti- quantum calculation https traffic method and system based on multiple unsymmetrical key ponds

Also Published As

Publication number Publication date
CN110176991A (en) 2019-08-27

Similar Documents

Publication Publication Date Title
Namasudra et al. Time efficient secure DNA based access control model for cloud computing environment
Lee et al. Three‐factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices
CN109728906B (en) Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
US20170195121A1 (en) Token binding using trust module protected keys
CN105871869B (en) Hash function and false identity anonymous bidirectional authentication method are based in mobile social networking
CN103780393B (en) Virtual-desktop security certification system and method facing multiple security levels
CN109921905B (en) Anti-quantum computation key negotiation method and system based on private key pool
CN109951513B (en) Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card
CN110213056B (en) Anti-quantum computing energy-saving communication method and system and computer equipment
CN110224816B (en) Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN111404664A (en) Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices
CN110380859B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol
CN109905229B (en) Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool
CN109728905B (en) Anti-quantum computation MQV key negotiation method and system based on asymmetric key pool
Verma Secure client-side deduplication scheme for cloud with dual trusted execution environment
CN110519214B (en) Application system short-distance energy-saving communication method, system and equipment based on online and offline signature and auxiliary verification signature
CN110768782B (en) Anti-quantum computation RFID authentication method and system based on asymmetric key pool and IBS
CN110430047B (en) Anti-quantum computing energy-saving equipment key negotiation method and system based on asymmetric key and MQV
Shekhawat et al. Quantum-defended lattice-based anonymous mutual authentication and key-exchange scheme for the smart-grid system
CN110048852B (en) Quantum communication service station digital signcryption method and system based on asymmetric key pool
CN110266483B (en) Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD
CN109905236B (en) Anti-quantum computing Elgamal encryption and decryption method and system based on private key pool

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant