[go: up one dir, main page]

CN114065188A - Key seed matrix, certificateless anti-collision key generation method based on the matrix - Google Patents

Key seed matrix, certificateless anti-collision key generation method based on the matrix Download PDF

Info

Publication number
CN114065188A
CN114065188A CN202111209333.1A CN202111209333A CN114065188A CN 114065188 A CN114065188 A CN 114065188A CN 202111209333 A CN202111209333 A CN 202111209333A CN 114065188 A CN114065188 A CN 114065188A
Authority
CN
China
Prior art keywords
key
public key
seed matrix
random number
device identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111209333.1A
Other languages
Chinese (zh)
Inventor
王瑾
胡勇银
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Erdos Dimanson Cryptography Technology Co.,Ltd.
Original Assignee
Beijing Dimansen Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Dimansen Technology Co ltd filed Critical Beijing Dimansen Technology Co ltd
Priority to CN202111209333.1A priority Critical patent/CN114065188A/en
Publication of CN114065188A publication Critical patent/CN114065188A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种密钥种子矩阵、基于该矩阵的无证书防碰撞密钥生成方法,密钥生成方法包括:密钥生成中心产生200比特位随机数;并根据该随机数计算设备部分公钥;密钥生成中心根据设备标识和公钥种子矩阵,计算ZA值,并根据ZA值和设备部分公钥,计算Z值;根据Z值映射到私钥种子矩阵的坐标选取8个元素相加得到设备标识私钥,并根据该设备标识私钥计算设备标识公钥;密钥生成中心根据设备标识公钥计算设备完整公钥,同时根据随机数和设备标识私钥计算设备完整私钥;在得到设备完整公钥和设备完整私钥后,密钥生成中心将密钥对通过安全通道下发到设备端。本发明结合了组合公钥技术与无证书密码体制的优点,同时解决了两者之间的问题。The invention discloses a key seed matrix and a certificateless anti-collision key generation method based on the matrix. The key generation method includes: a key generation center generates a 200-bit random number; key; the key generation center calculates the Z A value according to the device identification and the public key seed matrix, and calculates the Z value according to the Z A value and the partial public key of the device; selects 8 elements according to the coordinates of the Z value mapped to the private key seed matrix Add the device identification private key, and calculate the device identification public key according to the device identification private key; the key generation center calculates the device complete public key according to the device identification public key, and calculates the device complete private key according to the random number and the device identification private key. ; After obtaining the complete public key of the device and the complete private key of the device, the key generation center sends the key pair to the device through a secure channel. The present invention combines the advantages of the combined public key technology and the certificateless cryptosystem, and simultaneously solves the problems between the two.

Description

Key seed matrix and certificateless anti-collision key generation method based on matrix
Technical Field
The invention relates to the technical field of information security keys, in particular to a key seed matrix generation method and a certificateless anti-collision key generation method based on the matrix, and particularly relates to a certificateless anti-collision key generation method based on a combined key for the Internet of things.
Background
The core idea of the combined public key technology based on the elliptic curve key system is as follows: and constructing a random integer matrix as a private key seed matrix, correspondingly calculating a public key seed matrix, finishing the correspondence between the user identifier and the matrix column index by using a mapping algorithm, and respectively calculating the private key and the public key by using a large integer addition and an ECC point addition. The combined public key technology provides an optimized method for solving the generation of the public key password based on identification, but the problems of linear collusion and summation collision cannot be solved, so that the combined public key technology cannot be widely used.
The certificateless public key cryptosystem is a novel public key cryptosystem provided on the basis of an identity-based public key cryptosystem, a public key certificate is not needed, and in the certificateless public key cryptosystem, a user private key is determined by two factors: one is a key related to the user identity extracted from the key generation center and the other is a random key generated by the user himself. From one of the factors, the other factor cannot be calculated. The certificateless cipher system has the characteristics of certificateless management, light weight, low communication overhead and strong non-repudiation of signature. However, this system has the disadvantage of difficult forensics in terms of encryption and decryption.
Therefore, it is necessary to develop a new key technology to overcome the shortcomings of the combined public key technology and the certificateless public key cryptography, so as to meet the existing requirements.
Disclosure of Invention
The invention provides a key seed matrix and a certificateless anti-collision key generation method based on the key seed matrix, which aim to solve the technical problems in the prior art.
The technical scheme of the invention is realized as follows:
according to one aspect of the present invention, a key seed matrix generation method is provided.
The key seed matrix generation method comprises the following steps: the key seed matrices include a private key seed matrix skm and a public key seed matrix pkm, wherein,
the private key seed matrix skm generation method comprises the following steps: representing each element of the private key seed matrix skm as a binary integer of N bits; dividing each element into a high-order anti-collision carry region occupying H bits, an anti-collision carry region occupying J bits, a low-order anti-collision carry region occupying K bits and a low-order random number region occupying L bits in sequence from low to high according to the bits; wherein, L is more than J and is more than H and K; each bit in the high anti-collision carry-in area and the low anti-collision carry-in area is 0, and the low random number area independently generates random numbers with L bits by all elements in the low random number area to obtain a low random number area with L bits; the anti-collision area is used for promoting the binary values of the anti-collision areas of any two elements in the private key seed matrix to be different;
the public key seed matrix generation method comprises the following steps: and multiplying the elliptic curve base point G generated by the server by each element in the private key seed matrix skm to obtain the public key seed matrix pkm.
Wherein the configuration of the collision avoidance zone comprises: for the ith (i ═ 1,2, …,8) row in the private key seed matrix, the anti-collision zone of each element of the row randomly fills the non-repeating binary number of M bits from the M × (i-1) +1 bit to the M × i bit from low order to high order; the other bits of the anti-collision zone of each element of the row are filled with 0.
Preferably, N is 8 x 64; h and K are both 4; the J is 48; l is 200; and M is 6.
According to another aspect of the present invention, a certificateless anti-collision key generation method based on a key seed matrix is provided.
The key generation method comprises the following steps:
key generation center produces 200-bit random number xID(ii) a And according to the random number xIDComputing device partial public key PA(ii) a The secret key generation center calculates Z according to the equipment identification and the public key seed matrixAValue (Z)AThe value is the length of the equipment identifier, the SM2 algorithm elliptic curve parameter and the SM3 hash value after public key seed matrix splicing), and according to the ZAValue and device part public key PACalculating the Z value (Z value is Z)ADevice part public key PAThe concatenated SM3 hash value); the secret key generation center selects 8 elements according to the coordinates mapped to the private key seed matrix skm by the Z value to obtain the equipment identification private key SKTAnd according to the equipment identification private key SKTComputingDevice identification public key PKT(ii) a The key generation center identifies the public key PK according to the equipmentTComputing device integrity public key PK, from random number xIDAnd a device identification private key SKTA computing device integrity private key ds; after obtaining the device complete public key PK and the device complete private key ds, the key generation center issues the key pair (ds, PK) to the device side through the secure channel.
Wherein, the key generation center calculates Z according to the equipment identification and the public key seed matrixAThe formula for the values is as follows: zA=H(IDL||ID||a||b||xG||yG||hmpk) According to ZAValue and device part public key PAThe formula for calculating the Z value is as follows:
Figure BDA0003308271670000031
wherein the ID is equipment Identification (ID)LLength is marked for equipment, a and b are the parameters of the SM2 algorithm elliptic curve, xG,yGX and y coordinates of point G, hmpkThe SM3 hash value after concatenation for all elements of the public key seed matrix,
Figure BDA0003308271670000032
are respectively PAH is the SM3 hash algorithm function.
Wherein the computing device partial public key PAThe formula of (1) is as follows: pA=PKx=[xID]G, according to the equipment identification private key SKTComputing device identification public key PKTThe formula of (1) is as follows: PKT=[SKT]G, the key generation center generates a public key PK according to the equipment identificationTThe formula for computing the device's full public key PK is as follows: PK is PA+PKTAccording to a random number xIDAnd a device identification private key SKTThe formula for the computing device full private key ds is as follows: ds ═ xID+SKT
Wherein SKTIdentifying a private key for the device; x is the number ofIDIs a 200-bit random number; g is the base point, PK, of the elliptic curve of the SM2 algorithmxRefers to a random numberxIDThe random number public key of (2).
According to another aspect of the present invention, a certificateless anti-collision key generation method based on a key seed matrix is provided.
The key generation method comprises the following steps:
device side generates 200bit random number xIDAnd based on the random number xIDCalculating a random number xIDIs a random number public key PKxTo exchange PKxSending to a key generation center; key generation center receiving PKxAnd generates a 200-bit random number yID(ii) a The key generation center generates a key based on the random number yIDCalculating a random number yIDIs a random number public key PKyAnd according to PKxAnd PKyCalculating PA(ii) a The secret key generation center calculates Z according to the equipment identification and the public key seed matrixAA value; and according to ZAValue and device part public key PACalculating a Z value; the secret key generation center selects 8 elements according to the coordinates mapped to the private key seed matrix skm by the Z value to obtain the equipment identification private key SKTAnd according to the equipment identification private key SKTComputing device identification public key PKT(ii) a The key generation center identifies the public key PK according to the equipmentTComputing device integrity public key PK, from random number xIDAnd a device identification private key SKTA computing device integrity private key ds'; key generation center partial public key P of equipmentAThe equipment complete public key PK and the equipment complete private key ds' are issued to the equipment end through a secure channel; device ds' on the device side, device public key PAAnd after the device completes the public key PK, synthesizing a complete device private key ds.
Wherein, the key generation center calculates Z according to the equipment identification and the public key seed matrixAThe formula for the values is as follows: zA=H(IDL||ID||a||b||xG||yG||hmpk) According to ZAValue and device part public key PAThe formula for calculating the Z value is as follows:
Figure BDA0003308271670000041
wherein the ID is equipment Identification (ID)LLength is marked for equipment, a and b are the parameters of the SM2 algorithm elliptic curve, xG,yGX and y coordinates of point G, hmpkThe SM3 hash value after concatenation for all elements of the system master public key,
Figure BDA0003308271670000042
are respectively PAX-coordinate and y-coordinate.
Wherein, according to the random number xIDCalculation of PKxThe formula of (1) is as follows: PKx=[xID]G, the key generation center generates a key according to the random number yIDCalculating PKyThe formula of (1) is as follows: PKy=[yID]G according to PKxAnd PKyCalculating PAThe formula of (1) is as follows: pA=PKx+PKyAccording to the device identification private key SKTComputing device identification public key PKTThe formula of (1) is as follows: PKT=[SKT]G, the key generation center generates a public key PK according to the equipment identificationTThe formula for computing the device's full public key PK is as follows: PK is PA+PKTAccording to a random number xIDAnd a device identification private key SKTThe formula for the computing device full private key ds' is as follows: ds ═ yID+SKTDevice end receiving part device ds', device part public key PAAfter the device completes the public key PK, a formula for synthesizing a complete device private key ds is as follows: ds ═ xID+ds'。
Wherein SKTIdentifying a private key for the device; x is the number ofIDIs a 200-bit random number; g is the base point of the elliptic curve of the SM2 algorithm, and H is the function of the SM3 hash algorithm.
Has the advantages that:
the invention realizes one-to-one correspondence (anti-collision) of the equipment identification ID and the equipment key by using an anti-collision summation method, simultaneously solves the collusion problem of a combined public key technology by introducing a random key, destroys the anti-collision property, realizes the elliptical curve parameter replacement prevention and partial public key replacement prevention by participating in identification mapping by SM2 elliptical curve parameters, public key seed matrixes and partial public keys, and can construct a certificateless cryptosystem
The invention not only reserves the advantages of the combined public key technology, but also solves the problem of summation collision of the combined public key technology by borrowing the construction of the anti-collision summation matrix. The introduction of the random key solves the collusion attack problem of the combined public key technology, and simultaneously, the random key participates in the calculation, realizes the implicit binding of the random key and the identification key, and solves the replacement problem of the random part of the public key of the certificateless cryptosystem. The invention combines the advantages of the combined public key technology and the certificateless cryptosystem and solves the problem between the two technologies. Standard algorithms such as SM2, ECC, etc. are compatible.
The certificateless password system constructed based on the invention has the advantages of convenient key management, high efficiency, certificateless management, light weight, low communication overhead, strong non-repudiation and the like, and is very suitable for identity authentication application in the fields of Internet of things and the like.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments of the present invention, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
According to an embodiment of the present invention, a key seed matrix generation method is provided. The method for generating the key seed matrix comprises the steps of generating a public and private key seed matrix and generating a device key.
The generation steps of the collision-resistant private key seed matrix skm (8 × 64) are as follows:
step 1, elements in the private key seed matrix skm are composed of a high anti-collision carry-in area with 4 bits, an anti-collision area with 48 bits, a low anti-collision carry-in area with 4 bits and a low random number area with 200bits, and the number of the elements is 256.
Step 2, taking the 4-bit high-order anti-collision carry-in area and the 4-bit low-order anti-collision carry-in area of all elements in the private key seed matrix skm and filling 0 in the areas;
step 3, filling an i (i ═ 1,2, …,8) th row in the private key seed matrix skm with non-repeating binary numbers of 6 bits from the 6 x (i-1) +1 th bit to the 6 x i th bit of each element of the row randomly from the lower bit to the upper bit; the other bits of the anti-collision area of each element of the row are all filled with 0;
and 4, independently generating 200-bit random numbers by all elements in the private key seed matrix skm to obtain 200-bit low-order random number areas.
The public key seed matrix pkm (8 x 64) is generated as follows: multiplying the SM2 elliptic curve base point G with each element of the private key seed matrix skm to obtain a public key seed matrix pkm.
The generation mode of the device key comprises a central centralized generation mode and a two-end generation mode, wherein the central centralized generation mode is used for independently generating a complete key and then issuing the complete key to the device end through a safety channel, and the two-end generation mode is used for jointly completing the generation of the key by the device end and the central generation mode.
The central centralized generation method comprises the following steps:
step 1, the center generates 200bits random number xID(ii) a Step 2, partial public key P of central computing equipmentA=PKx=[xID]G, wherein the point G is an SM2 algorithm elliptic curve base point; step 3, central calculation ZA=H(IDL||ID||a||b||xG||yG||hmpk) Wherein ID is device identification, IDLLength is marked for equipment, a and b are the parameters of the SM2 algorithm elliptic curve, xG,yGX and y coordinates of point G, hmpkThe SM3 hash value after concatenation for all elements of the public key seed matrix.
Step 4. center calculation
Figure BDA0003308271670000061
Wherein
Figure BDA0003308271670000062
Are respectively PAX-coordinate and y-coordinate. Step 5, the center uses the coordinate mapped by the Z value to the private key seed matrix skm to select 8 elements to be added to obtain the equipment identification private key SKT. Step 6, central calculation of standard public key PKT=[SKT]G. Step 7, the complete public key PK of the central computing device is equal to PA+PKT. Step 8, the center calculates the complete private key ds ═ x of the complete equipmentID+SKT. And 9, the center safely issues the key pair (ds, PK) to the device side.
The method for generating the two ends of the device key comprises the following steps: step 1, the equipment end generates 200bits random number xID. Step 2, calculating PK by the equipment sidex=[xID]G. Step 3, the device side sends PKxTo the center. Step 4. center receives PKxAnd generates a 200bits random number yID. Step 5. Central calculation of PKy=[yID]G. Step 6, central calculation PA=PKx+PKy
Step 7, central calculation ZA=H(IDL||ID||a||b||xG||yG||hmpk) Wherein ID is device identification, IDLLength is marked for equipment, a and b are the parameters of the SM2 algorithm elliptic curve, xG,yGX and y coordinates of point G, hmpkThe SM3 hash value after concatenation for all elements of the system master public key. Step 8, central calculation
Figure BDA0003308271670000063
Wherein
Figure BDA0003308271670000064
Are respectively PAX-coordinate and y-coordinate. Step 9, the center uses the Z value to map to the seed matrix skm coordinate of the private key to select 8 elements to add to obtain the equipment identification private key SKT. Step 10. Central computing device identification public Key PKT=[SKT]G. Step 11, the central computing device complete public key PK ═ PA+PKT. Step 12, the central computing part device private key ds ═ yID+SKT. Step 13, the center will ds' and the public key P of the device partAAnd the complete public key PK of the equipment is safely sent to the equipment end. Step 14, receiving partial device ds' at device end, device partial public key PAThe device integrity public key PK. Step 15. equipment end closingComplete equipment private key ds ═ xID+ds'。
By means of the above technical solution of the present invention, the hash value h of the public key matrix (system primary public key)mpkParticipate in the hash calculation, can prevent the public key matrix from replacing the attack effectively, some public keys PAAnd the method participates in hash calculation, and can effectively prevent partial public key replacement attack. The low-order anti-collision carry-in area with 4 bits is provided, and the anti-collision characteristic can not be damaged by introducing part of the key, so that the invention not only keeps the advantages of the combined public key technology, but also solves the problem of summation collision of the combined public key technology by borrowing the structure of the anti-collision summation matrix. The introduction of the random key solves the collusion attack problem of the combined public key technology, and simultaneously, the random key participates in the calculation, realizes the implicit binding of the random key and the identification key, and solves the replacement problem of the random part of the public key of the certificateless cryptosystem. The invention combines the advantages of the combined public key technology and the certificateless cryptosystem and solves the problem between the two technologies. Standard algorithms such as SM2, ECC, etc. are compatible.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (9)

1.一种密钥种子矩阵生成方法,其特征在于,所述密钥种子矩阵包括私钥种子矩阵skm和公钥种子矩阵pkm,其中,1. a key seed matrix generation method, is characterized in that, described key seed matrix comprises private key seed matrix skm and public key seed matrix pkm, wherein, 私钥种子矩阵skm生成方法包括:The private key seed matrix skm generation method includes: 以N个比特位的二进制整数表示所述私钥种子矩阵skm中的每一个元素;Each element in the private key seed matrix skm is represented by a binary integer of N bits; 将每个元素按比特位从低至高依次划分为占H个比特位的高位防碰撞进位区、占J比特位的防碰撞区、占K个比特位的低位防碰撞进位区和占L个比特位的低位随机数区;Divide each element into a high-order anti-collision carry area occupying H bits, an anti-collision carry area occupying J bits, a low-order anti-collision carry area occupying K bits, and a low-order anti-collision carry area occupying L bits. The low-order random number area of the bit; 其中,L>J>H=K;所述高位防碰撞进位区和所述低位防碰撞进位区中各比特位均为0,所述低位随机数区由中的所有元素独立生成L个比特位的随机数得到L个比特位的低位随机数区;所述防碰撞区用于促使所述私钥种子矩阵中任意两个元素的防碰撞区的二进制值均不相同;Wherein, L>J>H=K; each bit in the high-order anti-collision carry area and the low-order anti-collision carry area is 0, and the low-order random number area is independently generated by all elements in the L bits The random number of L obtains the low-order random number area of L bits; The anti-collision area is used to promote the binary value of the anti-collision area of any two elements in the private key seed matrix to be different; 所述公钥种子矩阵生成方法包括:将服务器生成的椭圆曲线基点G与私钥种子矩阵skm中的每个元素相乘,得到所述公钥种子矩阵pkm。The method for generating the public key seed matrix includes: multiplying the base point G of the elliptic curve generated by the server and each element in the private key seed matrix skm to obtain the public key seed matrix pkm. 2.根据权利要求1所述的密钥种子矩阵生成方法,其特征在于,所述防碰撞区的构造包括:2. The method for generating a key seed matrix according to claim 1, wherein the structure of the anti-collision zone comprises: 对于私钥种子矩阵中的第i(i=1,2,…,8)行,该行每个元素的防碰撞区从低位至高位的第M×(i-1)+1位至第M×i位随机填充M个比特位的不重复二进制数;该行每个元素的防碰撞区的其它比特位均填0。For the i-th (i=1,2,...,8) row in the private key seed matrix, the anti-collision zone of each element of the row is from the low-order to the high-order M×(i-1)+1-th to the M-th ×i bits are randomly filled with non-repetitive binary numbers of M bits; other bits in the anti-collision area of each element of the row are filled with 0. 3.根据权利要求2所述的密钥种子矩阵生成方法,其特征在于,所述N为8*64;H和K均为4;所述J为48;所述L为200;所述M为6。3. The method for generating a key seed matrix according to claim 2, wherein the N is 8*64; H and K are both 4; the J is 48; the L is 200; the M is 6. 4.一种基于密钥种子矩阵的无证书防碰撞密钥生成方法,其特征在于,基于权利要求1-3中任意一项所述的密钥种子矩阵生成方法所生成的密钥种子矩阵进行密钥生成,包括:4. a certificateless anti-collision key generation method based on a key seed matrix, is characterized in that, based on the key seed matrix generated by the key seed matrix generation method described in any one of claims 1-3. Key generation, including: 密钥生成中心产生200比特位随机数xID;并根据该随机数xID计算设备部分公钥PAThe key generation center generates a 200-bit random number x ID ; and calculates the partial public key P A of the device according to the random number x ID ; 密钥生成中心根据设备标识和公钥种子矩阵,计算ZA值,并根据ZA值和设备部分公钥PA,计算Z值;其中,ZA值为设备标识的长度、设备标识、SM2算法椭圆曲线参数、公钥种子矩阵拼接后的SM3杂凑值;Z值为ZA、设备部分公钥PA拼接后的SM3杂凑值;The key generation center calculates the Z A value according to the device identification and the public key seed matrix, and calculates the Z value according to the Z A value and the partial public key P A of the device; wherein, the Z A value is the length of the device identification, the device identification, SM2 Algorithm elliptic curve parameters, the SM3 hash value after the splicing of the public key seed matrix; the Z value is the SM3 hash value after splicing Z A and the public key P A of the device part; 密钥生成中心根据Z值映射到私钥种子矩阵skm的坐标选取8个元素相加得到设备标识私钥SKT,并根据该设备标识私钥SKT计算设备标识公钥PKTThe key generation center selects 8 elements to be added to obtain the device identification private key SK T according to the coordinates of the Z value mapped to the private key seed matrix skm, and calculates the device identification public key PK T according to the device identification private key SK T ; 密钥生成中心根据设备标识公钥PKT计算设备完整公钥PK,同时根据随机数xID和设备标识私钥SKT计算设备完整私钥ds;The key generation center calculates the complete public key PK of the device according to the device identification public key PK T , and calculates the complete private key ds of the device according to the random number x ID and the device identification private key SK T ; 在得到设备完整公钥PK和设备完整私钥ds后,密钥生成中心将密钥对(ds,PK)通过安全通道下发到设备端。After obtaining the complete public key PK of the device and the complete private key ds of the device, the key generation center sends the key pair (ds, PK) to the device through a secure channel. 5.根据权利要求4所述的基于密钥种子矩阵的无证书防碰撞密钥生成方法,其特征在于,密钥生成中心根据设备标识和公钥种子矩阵,计算ZA值的公式如下:5. the certificateless anti-collision key generation method based on key seed matrix according to claim 4, is characterized in that, key generation center, according to equipment identification and public key seed matrix, calculates the formula of Z A value as follows: ZA=H(IDL||ID||a||b||xG||yG||hmpk),Z A =H(ID L ||ID||a||b||x G ||y G ||h mpk ), 根据ZA值和设备部分公钥PA,计算Z值的公式如下:According to the Z A value and the public key P A of the device part, the formula for calculating the Z value is as follows:
Figure FDA0003308271660000021
Figure FDA0003308271660000021
 其中,ID为设备标识,IDL为设备标识长度,a、b为SM2算法椭圆曲线参数,xG,yG分别为点G的x坐标与y坐标,hmpk为公钥种子矩阵所有元素拼接后的SM3杂凑值,
Figure FDA0003308271660000022
分别为PA的x坐标与y坐标,H为SM3杂凑算法函数。Among them, ID is the device identification, ID L is the length of the device identification, a and b are the elliptic curve parameters of the SM2 algorithm, x G , y G are the x-coordinate and y-coordinate of point G respectively, h mpk is the splicing of all elements of the public key seed matrix After the SM3 hash value,
Figure FDA0003308271660000022
are the x-coordinate and y-coordinate of P A , respectively, and H is the SM3 hash algorithm function. 6.根据权利要求4所述的基于密钥种子矩阵的无证书防碰撞密钥生成方法,其特征在于,计算设备部分公钥PA的公式如下:6. the certificateless anti-collision key generation method based on key seed matrix according to claim 4, is characterized in that, the formula of computing device part public key P A is as follows: PA=PKx=[xID]G,P A =PK x =[x ID ]G, 根据该设备标识私钥SKT计算设备标识公钥PKT的公式如下:The formula for calculating the device identification public key PK T according to the device identification private key SK T is as follows: PKT=[SKT]G,PK T = [SK T ]G, 密钥生成中心根据设备标识公钥PKT计算设备完整公钥PK的公式如下:The formula for calculating the complete public key PK of the device according to the device identification public key PK T by the key generation center is as follows: PK=PA+PKTPK=P A +PK T , 根据随机数xID和设备标识私钥SKT计算设备完整私钥ds的公式如下:The formula for calculating the complete private key ds of the device according to the random number x ID and the device identification private key SK T is as follows: ds=xID+SKTds=x ID +SK T , 其中,SKT为设备标识私钥;xID为200比特位随机数;G为SM2算法椭圆曲线基点,PKx是指随机数xID的随机数公钥。Among them, SK T is the device identification private key; x ID is a 200-bit random number; G is the elliptic curve base point of the SM2 algorithm, and PK x refers to the random number public key of the random number x ID . 7.一种基于密钥种子矩阵的无证书防碰撞密钥生成方法,其特征在于,基于权利要求1-3中任意一项所述的密钥种子矩阵生成方法所生成的密钥种子矩阵进行密钥生成,包括:7. a certificateless anti-collision key generation method based on a key seed matrix, is characterized in that, based on the key seed matrix generated by the key seed matrix generation method described in any one of claims 1-3. Key generation, including: 设备端产生200比特位随机数xID,并根据该随机数xID计算随机数xID的随机数公钥PKx,将随机数公钥PKx发送到密钥生成中心;The device side generates a 200-bit random number x ID , and calculates the random number public key PK x of the random number x ID according to the random number x ID , and sends the random number public key PK x to the key generation center; 密钥生成中心接收PKx,并产生200比特位随机数yIDThe key generation center receives PK x and generates a 200-bit random number y ID ; 密钥生成中心根据随机数yID,计算随机数yID的随机数公钥PKy,并根据PKx和PKy计算PAThe key generation center calculates the random number public key PK y of the random number y ID according to the random number y ID , and calculates P A according to PK x and PK y ; 密钥生成中心根据设备标识和公钥种子矩阵,计算ZA值;并根据ZA值和设备部分公钥PA,计算Z值,其中,ZA值为设备标识的长度、设备标识、SM2算法椭圆曲线参数、公钥种子矩阵拼接后的SM3杂凑值;Z值为ZA、设备部分公钥PA拼接后的SM3杂凑值;The key generation center calculates the Z A value according to the device identification and the public key seed matrix; and calculates the Z value according to the Z A value and the partial public key P A of the device, where the Z A value is the length of the device identification, the device identification, SM2 Algorithm elliptic curve parameters, the SM3 hash value after the splicing of the public key seed matrix; the Z value is the SM3 hash value after splicing Z A and the public key P A of the device part; 密钥生成中心根据Z值映射到私钥种子矩阵skm的坐标选取8个元素相加得到设备标识私钥SKT,并根据该设备标识私钥SKT计算设备标识公钥PKTThe key generation center selects 8 elements to be added to obtain the device identification private key SK T according to the coordinates of the Z value mapped to the private key seed matrix skm, and calculates the device identification public key PK T according to the device identification private key SK T ; 密钥生成中心根据设备标识公钥PKT计算设备完整公钥PK,同时根据随机数xID和设备标识私钥SKT计算设备完整私钥ds';The key generation center calculates the complete public key PK of the device according to the device identification public key PK T , and calculates the complete private key ds' of the device according to the random number x ID and the device identification private key SK T ; 密钥生成中心将设备部分公钥PA、设备完整公钥PK和设备完整私钥ds'通过安全通道下发到设备端; The key generation center sends the partial public key PA of the device, the complete public key PK of the device and the complete private key ds' of the device to the device through a secure channel; 设备端收部分设备ds',设备部分公钥PA,设备完整公钥PK后,合成完整设备私钥ds。The device receives the partial device ds', the partial public key P A of the device, and the complete device public key PK, and then synthesizes the complete device private key ds. 8.根据权利要求7所述的基于密钥种子矩阵的无证书防碰撞密钥生成方法,其特征在于,密钥生成中心根据设备标识和公钥种子矩阵,计算ZA值的公式如下:8. the certificateless anti-collision key generation method based on key seed matrix according to claim 7, is characterized in that, key generation center calculates the formula of Z A value according to equipment identification and public key seed matrix as follows: ZA=H(IDL||ID||a||b||xG||yG||hmpk),Z A =H(ID L ||ID||a||b||x G ||y G ||h mpk ), 根据ZA值和设备部分公钥PA,计算Z值的公式如下:According to the Z A value and the public key P A of the device part, the formula for calculating the Z value is as follows:
Figure FDA0003308271660000031
Figure FDA0003308271660000031
 其中,ID为设备标识,IDL为设备标识长度,a、b为SM2算法椭圆曲线参数,xG,yG分别为点G的x坐标与y坐标,hmpk为系统主公钥所有元素拼接后的SM3杂凑值,
Figure FDA0003308271660000041
分别为PA的x坐标与y坐标,H为SM3杂凑算法函数。Among them, ID is the device identification, ID L is the length of the device identification, a and b are the elliptic curve parameters of the SM2 algorithm, x G , y G are the x-coordinate and y-coordinate of point G respectively, h mpk is the splicing of all elements of the system master public key After the SM3 hash value,
Figure FDA0003308271660000041
are the x-coordinate and y-coordinate of P A , respectively, and H is the SM3 hash algorithm function. 9.根据权利要求7所述的基于密钥种子矩阵的无证书防碰撞密钥生成方法,其特征在于,根据该随机数xID计算PKx的公式如下:9. the certificateless anti-collision key generation method based on key seed matrix according to claim 7, is characterized in that, the formula that calculates PK x according to this random number x ID is as follows: PKx=[xID]G,PK x = [x ID ]G, 密钥生成中心根据随机数yID,计算PKy的公式如下:According to the random number y ID , the key generation center calculates the formula for PK y as follows: PKy=[yID]G,PK y =[y ID ]G, 根据PKx和PKy计算PA的公式如下: The formula for calculating PA from PK x and PK y is as follows: PA=PKx+PKyP A =PK x +PK y , 根据该设备标识私钥SKT计算设备标识公钥PKT的公式如下:The formula for calculating the device identification public key PK T according to the device identification private key SK T is as follows: PKT=[SKT]G,PK T = [SK T ]G, 密钥生成中心根据设备标识公钥PKT计算设备完整公钥PK的公式如下:The formula for calculating the complete public key PK of the device according to the device identification public key PK T by the key generation center is as follows: PK=PA+PKTPK=P A +PK T , 根据随机数xID和设备标识私钥SKT计算设备完整私钥ds'的公式如下:The formula for calculating the complete private key ds' of the device according to the random number x ID and the device identification private key SK T is as follows: ds′=yID+SKTds′=y ID +SK T , 设备端收部分设备ds',设备部分公钥PA,设备完整公钥PK后,合成完整设备私钥ds的公式如下:After the device receives part of the device ds', part of the device's public key P A , and the device's complete public key PK, the formula for synthesizing the complete device's private key ds is as follows: ds=xID+ds′,ds= xID +ds′, 其中,SKT为设备标识私钥;xID为200比特位随机数;G为SM2算法椭圆曲线基点。Among them, SK T is the device identification private key; x ID is a 200-bit random number; G is the base point of the SM2 algorithm elliptic curve.
CN202111209333.1A 2021-10-18 2021-10-18 Key seed matrix, certificateless anti-collision key generation method based on the matrix Pending CN114065188A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111209333.1A CN114065188A (en) 2021-10-18 2021-10-18 Key seed matrix, certificateless anti-collision key generation method based on the matrix

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111209333.1A CN114065188A (en) 2021-10-18 2021-10-18 Key seed matrix, certificateless anti-collision key generation method based on the matrix

Publications (1)

Publication Number Publication Date
CN114065188A true CN114065188A (en) 2022-02-18

Family

ID=80234806

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111209333.1A Pending CN114065188A (en) 2021-10-18 2021-10-18 Key seed matrix, certificateless anti-collision key generation method based on the matrix

Country Status (1)

Country Link
CN (1) CN114065188A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785527A (en) * 2022-06-17 2022-07-22 深圳市深圳通有限公司 Data transmission method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1909445A (en) * 2006-08-09 2007-02-07 华为技术有限公司 Mapping method for identification and key
CN102025491A (en) * 2010-12-15 2011-04-20 北京联合智华微电子科技有限公司 Generation method of bimatrix combined public key
CN105450396A (en) * 2016-01-11 2016-03-30 长沙市迪曼森信息科技有限公司 Certificate-free combined secret key generation and application method
CN105553658A (en) * 2015-12-31 2016-05-04 南京邮电大学 Method for solving key collision problem of combined public key (CPK)
CN105790941A (en) * 2016-04-22 2016-07-20 长沙市迪曼森信息科技有限公司 Identity-based combined key generation and authentication method with field partition

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1909445A (en) * 2006-08-09 2007-02-07 华为技术有限公司 Mapping method for identification and key
CN102025491A (en) * 2010-12-15 2011-04-20 北京联合智华微电子科技有限公司 Generation method of bimatrix combined public key
CN105553658A (en) * 2015-12-31 2016-05-04 南京邮电大学 Method for solving key collision problem of combined public key (CPK)
CN105450396A (en) * 2016-01-11 2016-03-30 长沙市迪曼森信息科技有限公司 Certificate-free combined secret key generation and application method
CN105790941A (en) * 2016-04-22 2016-07-20 长沙市迪曼森信息科技有限公司 Identity-based combined key generation and authentication method with field partition

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785527A (en) * 2022-06-17 2022-07-22 深圳市深圳通有限公司 Data transmission method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109377360B (en) Blockchain Asset Transaction Transfer Method Based on Weighted Threshold Signature Algorithm
CN113536389B (en) Fine-grained controllable decentralized editable block chain construction method and system
CN101702804B (en) Two-Party Key Agreement Method Based on Self-certified Public Key
CN107566128A (en) A kind of two side's distribution SM9 digital signature generation methods and system
CN109412810B (en) Key generation method based on identification
WO2009143713A1 (en) Two-factor combined public key generation and authentication method
CN108540291A (en) Data integrity verification method in the cloud storage of identity-based
CN117614624B (en) Identity authentication security trust method based on key agreement in Internet of vehicles
CN111447065B (en) An active and secure two-party generation method of SM2 digital signature
CN106059775B (en) CFL manages mode implementation method concentratedly
CN114362932A (en) Chebyshev polynomial multiple registration center anonymous authentication key agreement protocol
CN115442050A (en) Privacy protection federal learning method based on SM9 algorithm
CN110336664B (en) Cross-domain authentication method of information service entity based on SM2 cryptographic algorithm
Rawat et al. Efficient extended diffie-hellman key exchange protocol
CN109547209A (en) A kind of two side's SM2 digital signature generation methods
CN117220877A (en) Certificate-free aggregation signature method for protecting private key applicable to Internet of vehicles
CN110943845A (en) Method and medium for cooperatively generating SM9 signature by two light-weight parties
CN117241267A (en) A blockchain-based quantum group key distribution method suitable for V2I scenarios
CN114065188A (en) Key seed matrix, certificateless anti-collision key generation method based on the matrix
CN113343261B (en) A transaction privacy protection method based on threshold audit
CN105187208A (en) Non-authorized certificateless strong designated verifier signature system
CN113326530A (en) Key negotiation method suitable for sharing keys of two communication parties
CN114079561A (en) Distributed key center implementation method, device and medium based on SM9 encryption algorithm
CN113938275B (en) Quantum homomorphic signature method based on d-dimension Bell state
CN114640468B (en) Block chain privacy protection method based on online offline attribute encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20221107

Address after: 017010 No. 1, No. 4, Dongwei Second Road North, Ordos, Inner Mongolia Autonomous Region (the fifth floor of the original Huatai Automobile Factory office building)

Applicant after: Erdos Dimanson Cryptography Technology Co.,Ltd.

Address before: 1101, floor 11, building 1, No. 108, Zhichun Road, Haidian District, Beijing 100086

Applicant before: BEIJING DIMANSEN TECHNOLOGY Co.,Ltd.