[go: up one dir, main page]

CN112636906A - Key agreement method and device - Google Patents

Key agreement method and device Download PDF

Info

Publication number
CN112636906A
CN112636906A CN202011464621.7A CN202011464621A CN112636906A CN 112636906 A CN112636906 A CN 112636906A CN 202011464621 A CN202011464621 A CN 202011464621A CN 112636906 A CN112636906 A CN 112636906A
Authority
CN
China
Prior art keywords
key
identifier
shared
verified
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011464621.7A
Other languages
Chinese (zh)
Inventor
谌浩田
杜潘洋
申银
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hygon Information Technology Co Ltd
Original Assignee
Hygon Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hygon Information Technology Co Ltd filed Critical Hygon Information Technology Co Ltd
Priority to CN202011464621.7A priority Critical patent/CN112636906A/en
Publication of CN112636906A publication Critical patent/CN112636906A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供一种密钥协商方法,包括:获取第一随机数,并依据所述第一随机数生成第一公私密钥对;将所述公私密钥对中的第一公钥发送至协商对象;以使所述协商对象计算第一共享密钥;接收协商对象发送的第二公钥,并依据所述第二公钥生成第二共享密钥;依据共享秘密、第二公钥和第二共享密钥,确定第一验证标识;接收协商对象发送的待验证标识;所述待验证标识为依据第二公钥、第一共享密钥和共享秘密确定的第一待验证标识;依据所述第一验证标识和所述第一待验证标识,验证当前的共享密钥协商结果。能够安全的完成密钥的协商,不易被攻破且具备前向安全性。

Figure 202011464621

The present invention provides a method for key negotiation, comprising: obtaining a first random number, and generating a first public-private key pair according to the first random number; sending the first public key in the public-private key pair to the negotiation object; so that the negotiation object calculates the first shared key; receives the second public key sent by the negotiation object, and generates a second shared key according to the second public key; Two shared keys, determine the first verification identifier; receive the to-be-verified identifier sent by the negotiation object; the to-be-verified identifier is the first to-be-verified identifier determined according to the second public key, the first shared key and the shared secret; The first verification identifier and the first to-be-verified identifier are used to verify the current shared key negotiation result. It can safely complete the negotiation of the key, which is not easy to be broken and has forward security.

Figure 202011464621

Description

Key agreement method and device
Technical Field
The present invention relates to the field of computer communications technologies, and in particular, to a key agreement method and apparatus.
Background
In the existing key agreement method, a public key certificate certifying authority is usually adopted to communicate to obtain a public key certificate of a communication opposite end, but when two communication parties are in an information isolated island state in the starting process, the public key certificate of the communication opposite end cannot be obtained through communicating with the public key certificate certifying authority such as a digital certificate certification center. Meanwhile, because internal resources of two communication parties are limited, it is impossible to allocate a public-private key pair to all communication terminals and centrally record public keys of all communication terminals in each communication terminal. Therefore, when the communication terminal is in the information island state, it is difficult to complete the key agreement.
Disclosure of Invention
The key negotiation method and the device provided by the invention can safely complete key negotiation, are not easy to be broken and have forward security.
In a first aspect, the present invention provides a key agreement method, including:
acquiring a first random number, and generating a first public and private key pair according to the first random number;
sending a first public key in the public-private key pair to a negotiation object; to cause the negotiation object to calculate a first shared key;
receiving a second public key sent by a negotiation object, and generating a second shared key according to the second public key;
determining a first verification identifier according to the shared secret, the second public key and the second shared key;
receiving an identifier to be verified sent by a negotiation object; the identification to be verified is a first identification to be verified determined according to the second public key, the first shared secret key and the shared secret;
and verifying the current shared key negotiation result according to the first verification identifier and the first to-be-verified identifier.
Optionally, determining the first authentication identity according to the shared secret, the second public key and the second shared key comprises:
splicing the shared secret, the second public key and the second shared key with the first fixed data to obtain spliced data;
performing hash operation on the spliced data to obtain a hash value of the spliced data;
and taking the hash value as the first verification identifier.
Optionally, the method further comprises:
determining a second identifier to be verified according to the shared secret, the first public key and the second shared key;
and sending the second identifier to be verified to a negotiation object so that the negotiation object verifies the negotiation result of the shared secret key.
Optionally, sending the second identifier to be verified to the negotiation object includes:
encrypting the second identifier to be verified by adopting a second public key;
and sending the encrypted second identifier to be verified to the negotiation object.
Optionally, determining the second identifier to be verified according to the shared secret, the first public key, and the second shared key includes:
splicing the shared secret, the first public key and the second shared key with second fixed data to obtain spliced data;
performing hash operation on the spliced data to obtain a hash value of the spliced data;
and taking the hash value as the second identifier to be verified.
Optionally, the shared secret includes at least a root key of the processor.
Optionally, the obtaining a first random number and generating a first public-private key pair according to the first random number includes:
acquiring a first random number, and taking the first random number as a first private key;
acquiring an elliptic curve base point;
and determining a first public key according to the private key and the elliptic curve base point.
Optionally, verifying the current shared key negotiation result according to the first verification identifier and the first identifier to be verified includes:
when the first verification identifier is the same as the first to-be-verified identifier, determining that the current shared key negotiation result is successful in verification;
and when the first verification identifier is different from the first identifier to be verified, determining that the current shared key negotiation result is verification failure.
Optionally, the determining process of the first public key, the first shared key, the second public key, and the second shared key is calculated in a manner conforming to an exchange law.
Optionally, determining the first authentication identity according to the shared secret, the second public key and the second shared key comprises:
encrypting the second public key and the second shared key with a shared secret;
and determining a first verification identifier according to the shared secret and the encrypted second public key and the encrypted second shared key.
In a second aspect, the present invention provides a key agreement apparatus, including:
the key pair acquisition module is used for acquiring a first random number and generating a first public and private key pair according to the first random number;
the public key sending module is used for sending the first public key in the public-private key pair to a negotiation object; to cause the negotiation object to calculate a first shared key;
the public key receiving module is used for receiving a second public key sent by the negotiation object and generating a second shared secret key according to the second public key;
the verification identifier generation module is used for determining a first verification identifier according to the shared secret, the second public key and the second shared key;
the identification receiving module to be verified is used for receiving the identification to be verified sent by the negotiation object; the identification to be verified is a first identification to be verified determined according to the second public key, the first shared secret key and the shared secret;
and the verification module is used for verifying the current shared key negotiation result according to the first verification identifier and the first identifier to be verified.
Optionally, the verification identifier generation module includes:
the data splicing unit is used for splicing the shared secret, the second public key and the second shared key with the first fixed data to obtain spliced data;
the hash operation unit is used for carrying out hash operation on the spliced data to obtain a hash value of the spliced data;
and the verification identifier generating unit is used for taking the hash value as the first verification identifier.
In the technical scheme provided by the invention, the processor carries out the calculation of the shared key through the public key information sent by the opposite side, and the shared key cannot be directly transmitted or calculated through the information exchanged between CPUs, thereby ensuring the confidentiality of the shared key. And, the shared key participates in the calculation of the identification information. If the message in the negotiation stage is tampered, the shared key generated by the two parties is different, and the identity identifications calculated based on the shared key are also different, so that the first verification information is different from the first information to be verified, which also results in the failure of the negotiation of the shared key. Although the shared secret is fixed, the two do not participate in the calculation of the shared key; the public-private key pair is randomly generated in each key agreement process, so even if the secret is shared, the data encrypted by using the old shared key is still safe.
Drawings
FIG. 1 is a flow diagram of a key agreement method according to an embodiment;
FIG. 2 is a flowchart illustrating a first authentication ID generation process of a key agreement method according to another embodiment;
fig. 3 is a flowchart illustrating a process of a second to-be-verified identifier in a key agreement method according to another embodiment;
fig. 4 is a flowchart of encrypted transmission of a second to-be-authenticated identifier of a key agreement method according to another embodiment;
fig. 5 is a flowchart illustrating generation of a second to-be-verified identifier in a key agreement method according to another embodiment;
FIG. 6 is a flowchart of a first public key generation of a key agreement method according to another embodiment;
FIG. 7 is a flowchart illustrating the generation of a first authentication token in a key agreement method according to another embodiment;
FIG. 8 is a detailed flowchart of key agreement by a dual-path processor according to another embodiment of a key agreement method;
FIG. 9 is a diagram illustrating a key agreement apparatus according to another embodiment;
fig. 10 is a schematic structural diagram of an authentication identity generation module of a key negotiation apparatus according to another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An embodiment of the present invention provides a key agreement method, as shown in fig. 1, including:
step 100, acquiring a first random number, and generating a first public and private key pair according to the first random number;
in some embodiments, the first random number is generated by a random number generation module, and the generation of the first public-private key pair is based on the first random number, for example, the first random number is used as the first private key, and the first public key is generated with the first random number and an elliptic curve base point. For example, the first random number is a, the first random number a is used as a private key, and a first public key PA ═ a ] G is formed according to the first random number.
Step 200, sending a first public key in the public-private key pair to a negotiation object; to cause the negotiation object to calculate a first shared key;
in some embodiments, the first public key is sent to the negotiation object, the negotiation object generates the first shared key according to the second random number and the first public key obtained by the negotiation object, and the first shared key is the shared key successfully negotiated under the condition that negotiation is successful. For example, the first shared key may be obtained by the following calculation: KB ═ b ] PA; wherein b is a second random number obtained by the negotiation object.
Step 300, receiving a second public key sent by a negotiation object, and generating a second shared secret key according to the second public key;
in some embodiments, the second public key is a second public key in a second public-private key pair formed by the negotiation object, the second shared key is a shared key generated according to the first random number and the second public key, and the second shared key is the same as the first shared key in case of successful negotiation. For example, the second shared key may be calculated as follows: KA ═ a ] PB; the PB is a second public key formed by the negotiation object according to the second random number, and preferably, the second public key may be calculated in the following manner: PB ═ b ] G.
Step 400, determining a first verification identifier according to the shared secret, the second public key and the second shared key;
in some embodiments, the shared secret is secret information known to both communication parties, and the first authentication identifier is identification information used to authenticate whether the two parties negotiate success. For example, taking the shared key negotiation process of the dual-path processor as an example, the shared secret information may be a root key of the processor. For the first authentication identity, for example, the following calculation may be performed: MID2 ═ Hash (data2+ shared secret + PB + KA); data2 can be any information.
Step 500, receiving an identifier to be verified sent by a negotiation object; the identification to be verified is a first identification to be verified determined according to the second public key, the first shared secret key and the shared secret;
in some embodiments, the first to-be-verified identifier is information that is used by the negotiation object to indicate an identity of the negotiation object, and the identity of the communication peer may be determined by verifying the first to-be-verified identifier with the first verification identifier. The first identifier to be verified may be calculated as follows: SID2 ═ Hash (data2+ shared secret + PB + KB); wherein data2 is the same information as data2 in step 400. In the step, the first to-be-verified mark is verified through the verification mark, and in the verification process, only the first to-be-verified mark needs to be transmitted, and the first shared key or the second shared key does not need to be transmitted, so that information cannot be leaked even if hijacked by a third party. Meanwhile, the first to-be-verified identifier and the first verification identifier are formed based on the first shared key and the second shared key, so that the negotiation result of the shared key can be verified by comparing the first to-be-verified identifier and the second to-be-verified identifier.
Step 600, verifying a current shared key negotiation result according to the first verification identifier and the first identifier to be verified.
In some embodiments, through comparison between the first authentication identifier and the second identifier to be authenticated, when the first authentication identifier and the second identifier to be authenticated are the same, it may be determined that the first shared key and the second shared key are the same, that is, the key agreement is successful, and when the first authentication identifier and the second identifier are different, it may be determined that the first shared key and the second shared key are different, that is, the key agreement is failed.
In the technical scheme provided by this embodiment, the processor performs shared key calculation through public key information sent by the other party, and the shared key is not directly transmitted or cannot be calculated through messages exchanged between CPUs, so that confidentiality of the shared key can be ensured. And, the shared key participates in the calculation of the identification information. If the message in the negotiation stage is tampered, the shared key generated by the two parties is different, and the identity identifications calculated based on the shared key are also different, so that the first verification information is different from the first information to be verified, which also results in the failure of the negotiation of the shared key. Although the shared secret is fixed, the two do not participate in the calculation of the shared key; the public-private key pair is randomly generated in each key agreement process, so even if the secret is shared, the data encrypted by using the old shared key is still safe.
On the basis of the above-mentioned embodiment shown in fig. 1, as an alternative implementation, as shown in fig. 2, step 400 includes:
step 410, splicing the shared secret, the second public key and the second shared key with the first fixed data to obtain spliced data;
in some embodiments, the shared secret and the first fixed data of the two communication parties are fixed, and the second public key and the second shared key are respectively generated randomly, and by splicing the shared secret, the second public key and the second shared key with the first fixed data, in a subsequent verification process, if one of the information changes, the verification will fail, so that the integrity of the verified information can be ensured.
Step 420, performing hash operation on the spliced data to obtain a hash value of the spliced data;
in some embodiments, the hash operation is different for each different piece of information, and the hash values of the two pieces of information can be made the same only if the pieces of information are identical. Therefore, it can be ensured that the authenticated information in the key agreement process is identical.
Step 430, using the hash value as the first verification identifier.
In some embodiments, as described in step 420, the hash value is used as the first authentication identifier, and the first to-be-authenticated identifier sent by the negotiation object is also used as the hash value, and the two are the same, that is, it can be confirmed that the information of the two is identical.
In the embodiment, a plurality of information splicing modes are adopted for verification, so that the information which is verified successfully is complete and reliable, and meanwhile, the hash algorithm is used for accurately and quickly verifying the consistency of the information because the obtained value is unique.
On the basis of the embodiment shown in fig. 1, as shown in fig. 3, the method further includes:
step 010, determining a second to-be-verified identifier according to the shared secret, the first public key and the second shared key;
in some embodiments, in the verification process of whether the negotiation is successful or not, a mode that both communication parties respectively perform verification is adopted, and therefore, in this embodiment, a second to-be-verified identifier is also generated.
Step 020, sending the second identifier to be verified to a negotiation object, so that the negotiation object verifies the negotiation result of the shared key.
In some embodiments, the second identifier to be verified is sent to the negotiation object for verification, and in some preferred embodiments, the verification process of the second identifier to be verified may be performed in the same manner as the verification method of the first identifier to be verified.
In this embodiment, the second shared key generated by the negotiation object of the local terminal is verified by generating the second identifier to be verified. Therefore, the security of the key agreement method can be further improved.
On the basis of the embodiment shown in fig. 3, as shown in fig. 4, step 020 includes:
step 021, encrypting the second identifier to be verified by adopting a second public key;
in some embodiments, in order to ensure the transmission security of the second identifier to be verified, the second public key is used for encryption and then transmitted to the negotiation object. Since the second public key is a public key corresponding to the private key held by the negotiation object, the negotiation object may decrypt the information using the private key and then process the decrypted information.
And 022, sending the encrypted second identifier to be verified to a negotiation object.
In some embodiments, the encrypted second identifier to be verified is sent to the negotiation object, and the negotiation object performs comparison and verification after being decrypted by using a private key held by the negotiation object. The verification method can be performed in the same way as the comparison and verification process of the first identifier to be verified.
In this embodiment, the second public key is used for encryption and then sent to the negotiation object, the negotiation object possesses the private key corresponding to the second public key, the ciphertext encrypted by the second public key can be decrypted, and the third party without the private key cannot decrypt the ciphertext, so that the security of the negotiation verification process can be enhanced.
On the basis of the embodiment shown in fig. 3, as shown in fig. 5, step 010 includes:
step 011, splicing the shared secret, the first public key and the second shared key with the second fixed data to obtain spliced data;
in some embodiments, the step uses the data obtained by splicing the shared secret, the first public key, the second shared secret key, and the second fixed data as a basis for subsequently forming the second identifier to be verified. Those skilled in the art will understand that the negotiation object should generate the second verification identifier according to the shared secret, the first public key and the first shared key, so as to verify the second to-be-verified identifier.
Step 012, performing a hash operation on the concatenated data to obtain a hash value of the concatenated data;
in some embodiments, since the hash operation has a unique operation result for any information, subsequent verification of the hash value obtained by the hash operation can ensure the consistency of the information, and meanwhile, all data can be verified by comparing one hash value, and the comparison method is simple and quick.
And 013, taking the hash value as the second identifier to be verified.
In some embodiments, the hash value is used as the second identifier to be verified, and the consistency of all data participating in the hash operation can be determined through comparison of one hash value, so that the operation amount in the comparison process can be reduced.
In the embodiment, the data needing to be operated are subjected to hash comparison, so that the integrity and consistency of the data can be ensured, meanwhile, the operation amount can be reduced, and the operation efficiency is improved.
As an alternative embodiment, the shared secret includes at least a root key of the processor. The shared secret should be information that both parties of the negotiation know and that the third party cannot know, so that since the shared secret participates in the subsequent verification, the security can be further improved by using information that the third party does not know.
On the basis of the embodiment shown in fig. 1, as shown in fig. 6, step 100 includes:
step 110, acquiring a first random number, and using the first random number as a first private key;
in some embodiments, the random number is used as the private key to perform the subsequent negotiation process before each communication, so that the probability of being known by a third party can be reduced, and the security of the negotiation process is improved.
Step 120, acquiring an elliptic curve base point;
in some embodiments, the base point of the elliptic curve is an important ring for generating the public key by adopting an elliptic curve encryption algorithm, and the base point of the elliptic curve obtained in the step provides a basis for the subsequent generation of the first public key.
Step 130, determining a first public key according to the private key and the elliptic curve base point.
In some embodiments, the elliptic curve algorithm is adopted to generate the public key due to the characteristic that the elliptic curve is difficult to reversely calculate the private key, so that the protection of the private key after the public key is issued is facilitated.
In the embodiment, the public key is generated by adopting an elliptic curve algorithm, and due to the characteristic that the elliptic curve is difficult to calculate reversely, the safety of the private key can be ensured even if the public key is hijacked, so that the hijacked condition is judged in the subsequent authentication process.
On the basis of the embodiment shown in fig. 1, step 600 includes:
when the first verification identifier is the same as the first to-be-verified identifier, determining that the current shared key negotiation result is successful in verification;
and when the first verification identifier is different from the first identifier to be verified, determining that the current shared key negotiation result is verification failure.
In this embodiment, on the basis of calculating the shared key and not transmitting the shared key, the security is further enhanced by using an authentication method, so as to ensure the identities of both parties in negotiation.
As an optional implementation manner, the determination process of the first public key, the first shared key, the second public key, and the second shared key is calculated in a manner conforming to the commutative law. By adopting a calculation mode conforming to the exchange law, the two parties in negotiation can be ensured to obtain the same verification identifier and the identifier to be verified through the exchange of the exchange law after adopting different calculation data for calculation.
Based on the embodiment shown in fig. 1, as shown in fig. 7, the step 400 includes:
step 440, encrypting the second public key and the second shared key with a shared secret;
in some embodiments, in the authentication process, the second public key and the second shared key may be encrypted by using a shared secret, and since the shared secret is information that cannot be known by the third party, only the two parties can encrypt data by using the shared secret, so as to obtain the same information, thereby being capable of ensuring security in the authentication process.
Step 450, determining a first authentication identifier according to the shared secret and the encrypted second public key and the encrypted second shared key.
In some embodiments, the encrypted data is used as the first authentication identifier, and since only two parties in negotiation can know the shared secret, the third party cannot encrypt the data in the same way, which makes it difficult to hijack and replace the first authentication identifier.
In this embodiment, the first authentication identifier can be prevented from being hijacked and replaced by encrypting and authenticating only the information that both parties can know, and thus, the security of the negotiation process can be further improved.
As shown in fig. 8, taking the key negotiation process of the dual-path processor as an example, a specific negotiation process for negotiating both parties is provided, which includes:
g is the base point of the recommended parameters of the elliptic curve, and both parties of the key agreement know
The CPU A acquires a random number a from the random number module as a first private key;
the CPU B acquires a random number B from the random number module as a second private key;
the CPU A calculates PA ═ a ] G to obtain a first public key PA;
CPU B calculates PB ═ B ] G to obtain a second public key PB;
the CPU A sends the PA to the CPU B;
the CPU B sends the PB to the CPU A;
the CPU a receives PB, calculates [ a ] PB, and obtains a second shared key KA ([ a ] PB ═ a ] [ b ] G);
after receiving PA, CPU B calculates [ B ] PA to obtain first shared key KB
([b]PA=[b][a]G=[a][b]G);
The CPU A respectively calculates the following information by using a hash function to obtain two identity identifications:
determining a second identifier MID1 to be verified according to the shared secret + KA + PA + fixed data 1
Determining a first authentication identifier MID2 from the shared secret + KA + PB + fixed data2
Fixed data 1 and fixed data2 may be any data, but it is necessary to ensure that they must be different, while CPU A and CPU B must remain the same.
The CPU B uses a hash function to respectively calculate the following information to obtain two identity identifications:
determining a second authentication identity SID1 from "shared secret + KB + PA + fixed data 1";
determining a first to-be-verified identity SID2 from "shared secret + KB + PB + anchor data 2";
fixed data 1 and fixed data2 may be any data, but it is necessary to ensure that they must be different, while CPU A and CPU B must remain the same.
The CPU A sends the identity MID1 to the CPU B;
the CPU B sends the identification SID2 to the CPU A;
the CPU A judges whether the received CPU B identity SID2 is equal to the MID2, if so, the key agreement is successful, otherwise, the key agreement is failed;
and the CPU B judges whether the received CPU A identity MID1 is equal to SID1, if so, the key agreement is successful, otherwise, the key agreement is failed.
An embodiment of the present invention further provides a key negotiation apparatus, as shown in fig. 9, including
A key pair obtaining module 1010, configured to obtain a first random number, and generate a first public-private key pair according to the first random number;
in some embodiments, the first random number is generated by a random number generation module, and the generation of the first public-private key pair is based on the first random number, for example, the first random number is used as the first private key, and the first public key is generated with the first random number and an elliptic curve base point. For example, the first random number is a, the first random number a is used as a private key, and a first public key PA ═ a ] G is formed according to the first random number.
A public key sending module 1020, configured to send the first public key in the public-private key pair to the negotiation object; to cause the negotiation object to calculate a first shared key;
in some embodiments, the first public key is sent to the negotiation object, the negotiation object generates the first shared key according to the second random number and the first public key obtained by the negotiation object, and the first shared key is the shared key successfully negotiated under the condition that negotiation is successful. For example, the first shared key may be obtained by the following calculation: KB ═ b ] PA; wherein b is a second random number obtained by the negotiation object.
A public key receiving module 1030, configured to receive a second public key sent by the negotiation object, and generate a second shared secret key according to the second public key;
in some embodiments, the second public key is a second public key in a second public-private key pair formed by the negotiation object, the second shared key is a shared key generated according to the first random number and the second public key, and the second shared key is the same as the first shared key in case of successful negotiation. For example, the second shared key may be calculated as follows: KA ═ a ] PB; the PB is a second public key formed by the negotiation object according to the second random number, and preferably, the second public key may be calculated in the following manner: PB ═ b ] G.
The verification identifier generating module 1040 is configured to determine the first verification identifier according to the shared secret, the second public key, and the second shared key;
in some embodiments, the shared secret is secret information known to both communication parties, and the first authentication identifier is identification information used to authenticate whether the two parties negotiate success. For example, taking the shared key negotiation process of the dual-path processor as an example, the shared secret information may be a root key of the processor. For the first authentication identity, for example, the following calculation may be performed: MID2 ═ Hash (data2+ shared secret + PB + KA); data2 can be any information.
A to-be-verified identifier receiving module 1050, configured to receive a to-be-verified identifier sent by a negotiation object; the identification to be verified is a first identification to be verified determined according to the second public key, the first shared secret key and the shared secret;
in some embodiments, the first to-be-verified identifier is information that is used by the negotiation object to indicate an identity of the negotiation object, and the identity of the communication peer may be determined by verifying the first to-be-verified identifier with the first verification identifier. The first identifier to be verified may be calculated as follows: SID2 ═ Hash (data2+ shared secret + PB + KB); wherein data2 is the same information as data2 in step 400. In the step, the first to-be-verified mark is verified through the verification mark, and in the verification process, only the first to-be-verified mark needs to be transmitted, and the first shared key or the second shared key does not need to be transmitted, so that information cannot be leaked even if hijacked by a third party. Meanwhile, the first to-be-verified identifier and the first verification identifier are formed based on the first shared key and the second shared key, so that the negotiation result of the shared key can be verified by comparing the first to-be-verified identifier and the second to-be-verified identifier.
The verification module 1060 is configured to verify a current shared key negotiation result according to the first verification identifier and the first identifier to be verified.
In some embodiments, through comparison between the first authentication identifier and the second identifier to be authenticated, when the first authentication identifier and the second identifier to be authenticated are the same, it may be determined that the first shared key and the second shared key are the same, that is, the key agreement is successful, and when the first authentication identifier and the second identifier are different, it may be determined that the first shared key and the second shared key are different, that is, the key agreement is failed.
In the technical scheme provided by this embodiment, the processor performs shared key calculation through public key information sent by the other party, and the shared key is not directly transmitted or cannot be calculated through messages exchanged between CPUs, so that confidentiality of the shared key can be ensured. And, the shared key participates in the calculation of the identification information. If the message in the negotiation stage is tampered, the shared key generated by the two parties is different, and the identity identifications calculated based on the shared key are also different, so that the first verification information is different from the first information to be verified, which also results in the failure of the negotiation of the shared key. Although the shared secret is fixed, the two do not participate in the calculation of the shared key; the public-private key pair is randomly generated in each key agreement process, so even if the secret is shared, the data encrypted by using the old shared key is still safe.
On the basis of the above-mentioned embodiment shown in fig. 9, as an alternative implementation, as shown in fig. 10, the verified identity generating module 1040 includes:
a data splicing unit 1041, configured to splice the shared secret, the second public key, and the second shared key with the first fixed data to obtain spliced data;
in some embodiments, the shared secret and the first fixed data of the two communication parties are fixed, and the second public key and the second shared key are respectively generated randomly, and by splicing the shared secret, the second public key and the second shared key with the first fixed data, in a subsequent verification process, if one of the information changes, the verification will fail, so that the integrity of the verified information can be ensured.
A hash operation unit 1042, configured to perform a hash operation on the spliced data to obtain a hash value of the spliced data;
in some embodiments, the hash operation is different for each different piece of information, and the hash values of the two pieces of information can be made the same only if the pieces of information are identical. Therefore, it can be ensured that the authenticated information in the key agreement process is identical.
A verification identifier generating unit 1043, configured to use the hash value as the first verification identifier.
In some embodiments, as described in step 420, the hash value is used as the first authentication identifier, and the first to-be-authenticated identifier sent by the negotiation object is also used as the hash value, and the two are the same, that is, it can be confirmed that the information of the two is identical.
In the embodiment, a plurality of information splicing modes are adopted for verification, so that the information which is verified successfully is complete and reliable, and meanwhile, the hash algorithm is used for accurately and quickly verifying the consistency of the information because the obtained value is unique.
It will be understood by those skilled in the art that all or part of the processes of the embodiments of the methods described above may be implemented by a computer program, which may be stored in a computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (12)

1.一种密钥协商方法,其特征在于,包括:1. a key agreement method, is characterized in that, comprises: 获取第一随机数,并依据所述第一随机数生成第一公私密钥对;obtaining a first random number, and generating a first public-private key pair according to the first random number; 将所述公私密钥对中的第一公钥发送至协商对象;以使所述协商对象计算第一共享密钥;sending the first public key in the public-private key pair to the negotiation object; so that the negotiation object calculates the first shared key; 接收协商对象发送的第二公钥,并依据所述第二公钥生成第二共享密钥;receiving the second public key sent by the negotiation object, and generating a second shared key according to the second public key; 依据共享秘密、第二公钥和第二共享密钥,确定第一验证标识;determining the first verification identifier according to the shared secret, the second public key and the second shared secret; 接收协商对象发送的待验证标识;所述待验证标识为依据第二公钥、第一共享密钥和共享秘密确定的第一待验证标识;Receive the identifier to be verified sent by the negotiation object; the identifier to be verified is the first identifier to be verified determined according to the second public key, the first shared key and the shared secret; 依据所述第一验证标识和所述第一待验证标识,验证当前的共享密钥协商结果。Verify the current shared key negotiation result according to the first verification identifier and the first to-be-verified identifier. 2.根据权利要求1所述的密钥协商方法,其特征在于,依据共享秘密、第二公钥和第二共享密钥,确定第一验证标识包括:2. The key agreement method according to claim 1, wherein determining the first verification identifier according to the shared secret, the second public key and the second shared key comprises: 将所述共享秘密、第二公钥和第二共享密钥与第一固定数据进行拼接,以得到拼接数据;splicing the shared secret, the second public key and the second shared secret with the first fixed data to obtain spliced data; 将所述拼接数据进行哈希运算,以得到所述拼接数据的哈希值;Hash operation is performed on the spliced data to obtain a hash value of the spliced data; 将所述哈希值作为所述第一验证标识。The hash value is used as the first verification identifier. 3.根据权利要求1所述的密钥协商方法,其特征在于,还包括:3. The key agreement method according to claim 1, further comprising: 依据共享秘密、第一公钥和第二共享密钥,确定第二待验证标识;determining the second identifier to be verified according to the shared secret, the first public key and the second shared secret; 将所述第二待验证标识发送至协商对象,以使所述协商对象验证所述共享密钥的协商结果。The second identifier to be verified is sent to the negotiation object, so that the negotiation object verifies the negotiation result of the shared key. 4.根据权利要求3所述的密钥协商方法,其特征在于,将所述第二待验证标识发送至协商对象包括:4. The key agreement method according to claim 3, wherein sending the second identifier to be verified to the negotiation object comprises: 将所述第二待验证标识采用第二公钥进行加密;encrypting the second identifier to be verified using a second public key; 将加密后的第二待验证标识发送至协商对象。Send the encrypted second identifier to be verified to the negotiation object. 5.根据权利要求3所述的密钥协商方法,其特征在于,依据共享秘密、第一公钥和第二共享密钥,确定第二待验证标识包括:5. The key agreement method according to claim 3, wherein determining the second identifier to be verified according to the shared secret, the first public key and the second shared secret comprises: 将所述共享秘密、第一公钥和第二共享密钥与第二固定数据进行拼接,以得到拼接数据;splicing the shared secret, the first public key and the second shared secret with the second fixed data to obtain spliced data; 将所述拼接数据进行哈希运算,以得到所述拼接数据的哈希值;Hash operation is performed on the spliced data to obtain a hash value of the spliced data; 将所述哈希值作为所述第二待验证标识。The hash value is used as the second identifier to be verified. 6.根据权利要求1所述的密钥协商方法,其特征在于,所述共享秘密至少包括处理器的根密钥。6. The key agreement method according to claim 1, wherein the shared secret comprises at least the root key of the processor. 7.根据权利要求1所述的密钥协商方法,其特征在于,所述获取第一随机数,并依据所述第一随机数生成第一公私密钥对包括:7. The key agreement method according to claim 1, wherein the obtaining a first random number and generating a first public-private key pair according to the first random number comprises: 获取第一随机数,将所述第一随机数作为第一私钥;obtaining a first random number, and using the first random number as the first private key; 获取椭圆曲线基点;Get the base point of the elliptic curve; 依据所述私钥和所述椭圆曲线基点,确定第一公钥。The first public key is determined according to the private key and the base point of the elliptic curve. 8.根据权利要求1所述的密钥协商方法,其特征在于,依据所述第一验证标识和所述第一待验证标识,验证当前的共享密钥协商结果包括:8. The key agreement method according to claim 1, wherein, according to the first verification identifier and the first to-be-verified identifier, verifying the current shared key agreement result comprises: 当所述第一验证标识与所述第一待验证标识相同时,确定当前的共享密钥协商结果为验证成功;When the first verification identifier is the same as the first to-be-verified identifier, determine that the current shared key negotiation result is a successful verification; 当所述第一验证标识与所述第一待验证标识不相同时,确定当前的共享密钥协商结果为验证失败。When the first verification identifier is different from the first identifier to be verified, it is determined that the current shared key negotiation result is verification failure. 9.根据权利要求1所述的密钥协商方法,其特征在于,所述第一公钥、第一共享密钥、第二公钥和第二共享密钥的确定过程采用符合交换律的方式进行计算。9 . The key agreement method according to claim 1 , wherein the determination process of the first public key, the first shared key, the second public key and the second shared key adopts a commutative law-compliant manner. 10 . Calculation. 10.根据权利要求1所述的密钥协商方法,其特征在于,依据共享秘密、第二公钥和第二共享密钥,确定第一验证标识包括:10. The key agreement method according to claim 1, wherein determining the first verification identifier according to the shared secret, the second public key and the second shared key comprises: 采用共享秘密对所述第二公钥和所述第二共享密钥进行加密;encrypting the second public key and the second shared key with a shared secret; 依据所述共享秘密以及加密后的第二公钥和第二共享密钥,确定第一验证标识。The first verification identifier is determined according to the shared secret and the encrypted second public key and the second shared key. 11.一种密钥协商装置,其特征在于,包括:11. A key agreement device, comprising: 密钥对获取模块,用于获取第一随机数,并依据所述第一随机数生成第一公私密钥对;a key pair obtaining module, configured to obtain a first random number, and generate a first public-private key pair according to the first random number; 公钥发送模块,用于将所述公私密钥对中的第一公钥发送至协商对象;以使所述协商对象计算第一共享密钥;a public key sending module, configured to send the first public key in the public-private key pair to the negotiation object; so that the negotiation object calculates the first shared key; 公钥接收模块,用于接收协商对象发送的第二公钥,并依据所述第二公钥生成第二共享密钥;a public key receiving module, configured to receive the second public key sent by the negotiation object, and generate a second shared key according to the second public key; 验证标识生成模块,用于依据共享秘密、第二公钥和第二共享密钥,确定第一验证标识;a verification identification generation module, configured to determine the first verification identification according to the shared secret, the second public key and the second shared secret; 待验证标识接收模块,用于接收协商对象发送的待验证标识;所述待验证标识为依据第二公钥、第一共享密钥和共享秘密确定的第一待验证标识;a to-be-verified identifier receiving module, configured to receive the to-be-verified identifier sent by the negotiation object; the to-be-verified identifier is the first to-be-verified identifier determined according to the second public key, the first shared key and the shared secret; 验证模块,用于依据所述第一验证标识和所述第一待验证标识,验证当前的共享密钥协商结果。A verification module, configured to verify the current shared key negotiation result according to the first verification identifier and the first to-be-verified identifier. 12.根据权利要求1所述的密钥协商方法,其特征在于,验证标识生成模块包括:12. The key agreement method according to claim 1, wherein the verification identification generation module comprises: 数据拼接单元,用于将所述共享秘密、第二公钥和第二共享密钥与第一固定数据进行拼接,以得到拼接数据;a data splicing unit for splicing the shared secret, the second public key and the second shared key with the first fixed data to obtain spliced data; 哈希运算单元,用于将所述拼接数据进行哈希运算,以得到所述拼接数据的哈希值;a hash operation unit, configured to perform hash operation on the spliced data to obtain a hash value of the spliced data; 验证标识生成单元,用于将所述哈希值作为所述第一验证标识。A verification identification generation unit, configured to use the hash value as the first verification identification.
CN202011464621.7A 2020-12-11 2020-12-11 Key agreement method and device Pending CN112636906A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011464621.7A CN112636906A (en) 2020-12-11 2020-12-11 Key agreement method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011464621.7A CN112636906A (en) 2020-12-11 2020-12-11 Key agreement method and device

Publications (1)

Publication Number Publication Date
CN112636906A true CN112636906A (en) 2021-04-09

Family

ID=75312456

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011464621.7A Pending CN112636906A (en) 2020-12-11 2020-12-11 Key agreement method and device

Country Status (1)

Country Link
CN (1) CN112636906A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114039727A (en) * 2021-12-09 2022-02-11 施耐德电气(中国)有限公司 A data transmission method, device, intelligent terminal and gateway device
CN115134074A (en) * 2022-06-29 2022-09-30 海光信息技术股份有限公司 Multi-chip key agreement method and multi-chip identity verification method
CN115150078A (en) * 2022-06-29 2022-10-04 海光信息技术股份有限公司 Key agreement method and device
CN119011303A (en) * 2024-10-24 2024-11-22 浙江省邮电工程建设有限公司 Encryption communication method and system for metadata business service
CN120128322A (en) * 2025-02-24 2025-06-10 本源量子计算科技(合肥)股份有限公司 A method, system and electronic device for generating a key between two terminals

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015195978A1 (en) * 2014-06-18 2015-12-23 Visa International Service Association Efficient methods for authenticated communication
CN106127079A (en) * 2016-07-15 2016-11-16 中电长城网际系统应用有限公司 A kind of data sharing method and device
CN107040369A (en) * 2016-10-26 2017-08-11 阿里巴巴集团控股有限公司 Data transmission method, device and system
WO2018076740A1 (en) * 2016-10-31 2018-05-03 华为技术有限公司 Data transmission method and related device
US20190089546A1 (en) * 2016-03-29 2019-03-21 Koninklijke Philips N.V. System and method for distribution of identity based key material and certificate
CN110896348A (en) * 2019-11-26 2020-03-20 飞天诚信科技股份有限公司 Method and system for key agreement
CN111130769A (en) * 2019-12-14 2020-05-08 武汉玖保慧信息科技有限公司 Internet of things terminal encryption method and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015195978A1 (en) * 2014-06-18 2015-12-23 Visa International Service Association Efficient methods for authenticated communication
US20190089546A1 (en) * 2016-03-29 2019-03-21 Koninklijke Philips N.V. System and method for distribution of identity based key material and certificate
CN106127079A (en) * 2016-07-15 2016-11-16 中电长城网际系统应用有限公司 A kind of data sharing method and device
CN107040369A (en) * 2016-10-26 2017-08-11 阿里巴巴集团控股有限公司 Data transmission method, device and system
WO2018076740A1 (en) * 2016-10-31 2018-05-03 华为技术有限公司 Data transmission method and related device
CN110896348A (en) * 2019-11-26 2020-03-20 飞天诚信科技股份有限公司 Method and system for key agreement
CN111130769A (en) * 2019-12-14 2020-05-08 武汉玖保慧信息科技有限公司 Internet of things terminal encryption method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114039727A (en) * 2021-12-09 2022-02-11 施耐德电气(中国)有限公司 A data transmission method, device, intelligent terminal and gateway device
CN115134074A (en) * 2022-06-29 2022-09-30 海光信息技术股份有限公司 Multi-chip key agreement method and multi-chip identity verification method
CN115150078A (en) * 2022-06-29 2022-10-04 海光信息技术股份有限公司 Key agreement method and device
CN119011303A (en) * 2024-10-24 2024-11-22 浙江省邮电工程建设有限公司 Encryption communication method and system for metadata business service
CN119011303B (en) * 2024-10-24 2025-04-11 浙江省邮电工程建设有限公司 A method and system for encrypted communication of metadata business services
CN120128322A (en) * 2025-02-24 2025-06-10 本源量子计算科技(合肥)股份有限公司 A method, system and electronic device for generating a key between two terminals

Similar Documents

Publication Publication Date Title
CN110380852B (en) Two-way authentication method and communication system
CN107948189B (en) Asymmetric password identity authentication method and device, computer equipment and storage medium
CN112636906A (en) Key agreement method and device
CN103338215B (en) The method setting up TLS passage based on the close algorithm of state
CN112383395B (en) Key agreement method and device
US20210367753A1 (en) Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption
CN110048849B (en) Multi-layer protection session key negotiation method
CN113806772A (en) Information encryption transmission method and device based on block chain
KR102591826B1 (en) Apparatus and method for authenticating device based on certificate using physical unclonable function
CN111552270B (en) Safety authentication and data transmission method and device for vehicle-mounted diagnosis
CN114884659B (en) Key agreement method, gateway, terminal device, storage medium
CN114978542B (en) IoT device identity authentication method, system and storage medium for full life cycle
US8572387B2 (en) Authentication of a peer in a peer-to-peer network
CN113630248A (en) A session key negotiation method
CN112165386A (en) Data encryption method and system based on ECDSA
CN114760046A (en) Identity authentication method and device
JP2021528935A (en) Decentralized authentication method
CN118764315B (en) SSH login authentication method based on cryptographic algorithm, communication system and storage medium
CN114826659A (en) Encryption communication method and system
CN112653554A (en) Signature method, system, equipment and readable storage medium
CN111294212A (en) Security gateway key negotiation method based on power distribution
CN115174114A (en) SSL tunnel establishment method, server and client
JP2004274134A (en) Communication method and communication system, server and client using this communication method
CN113660271A (en) Security authentication method and device for Internet of vehicles
KR101256114B1 (en) Message authentication code test method and system of many mac testserver

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination