[go: up one dir, main page]

CN114692128B - A quantum attack-resistant electronic contract signing method and system - Google Patents

A quantum attack-resistant electronic contract signing method and system Download PDF

Info

Publication number
CN114692128B
CN114692128B CN202011639032.8A CN202011639032A CN114692128B CN 114692128 B CN114692128 B CN 114692128B CN 202011639032 A CN202011639032 A CN 202011639032A CN 114692128 B CN114692128 B CN 114692128B
Authority
CN
China
Prior art keywords
signing
signature
information
key
electronic contract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011639032.8A
Other languages
Chinese (zh)
Other versions
CN114692128A (en
Inventor
请求不公布姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Original Assignee
Shandong Institute Of Quantum Science And Technology Co ltd
Quantumctek Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Institute Of Quantum Science And Technology Co ltd, Quantumctek Co Ltd filed Critical Shandong Institute Of Quantum Science And Technology Co ltd
Priority to CN202011639032.8A priority Critical patent/CN114692128B/en
Publication of CN114692128A publication Critical patent/CN114692128A/en
Application granted granted Critical
Publication of CN114692128B publication Critical patent/CN114692128B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/18Legal services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Tourism & Hospitality (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Primary Health Care (AREA)
  • Bioethics (AREA)
  • Marketing (AREA)
  • Human Resources & Organizations (AREA)
  • Technology Law (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

本公开提供了一种抗量子攻击的电子合同签署方法及系统,可信中心通过量子密码网络向各签署方分发共享密钥;可信中心根据第一签署方利用共享密钥生成的请求,生成第一签名信息和签名隐藏信息,并发送给第一签署方;第一签署方将签名隐藏信息发送给第二签署方,第二签署方向可信中心验证签名隐藏信息正确后利用共享密钥向可信中心请求第二签名信息;第一签署方接收第二签署方发来的第二签名信息,到可信中心验证第二签名信息正确后,第一签署方将第一签名信息发送给第二签署方;第二签署方将接收到的第一签名信息到可信中心验证签名信息正确后,电子合同签署完成;从根本上消除了基于PKI的传统电子合同签署方法其安全性基于计算安全的缺陷。

The present invention provides a quantum-attack-resistant electronic contract signing method and system, in which a trusted center distributes a shared key to each signatory through a quantum cryptography network; the trusted center generates first signature information and signature hidden information according to a request generated by the first signatory using the shared key, and sends the information to the first signatory; the first signatory sends the signature hidden information to the second signatory, and the second signatory verifies with the trusted center that the signature hidden information is correct and then requests the trusted center for second signature information using the shared key; the first signatory receives the second signature information sent by the second signatory, and after verifying that the second signature information is correct at the trusted center, the first signatory sends the first signature information to the second signatory; the second signatory verifies that the received first signature information is correct at the trusted center, and then the electronic contract is signed; the defect of the traditional PKI-based electronic contract signing method that its security is based on computational security is fundamentally eliminated.

Description

Quantum attack resistant electronic contract signing method and system
Technical Field
The present disclosure relates to the field of encrypted communications of quantum cryptography networks, and in particular, to a method and system for signing an electronic contract against quantum attack.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
Electronic contracts, also called e-commerce contracts, occur with the development of computer technology and automatic office technology, and are essentially information transferred by electronic pulses, which changes the traditional way of using paper as an original credential, wherein the credential is a group of electronic information. In general, an electronic contract may be defined as an agreement between two or more parties in electronic form via an electronic information network to establish, alter, terminate, or otherwise obligate the property civil right. In short, an electronic contract is an electronically contracted contract, which refers primarily to an agreement that a party to the contract has under network conditions.
The core technology of the current electronic contract signing system is PKI technology, the core of the PKI technology is to adopt a digital certificate to carry out authentication, a seal is stamped in an electronic document through an electronic signature, and digital signature information of the document is embedded in the electronic document, so that the authenticity, the uniqueness, the source confirmatory and the non-repudiation of the document are ensured.
In the prior art, PKI is described to ensure the identity authenticity of parties of a contract through a digital certificate, reliable contract receiving and dispatching time evidence is provided through a digital timestamp service, the confidential integrity of contract contents is ensured by utilizing a digital signature, and related electronic evidence of contract implementation is effectively stored and searched, so that the arbitratability and non-repudiation of the electronic contract based on PKI are realized.
The current electronic contracts are basically realized based on PKI technology, the identity authentication of signers is realized based on PKI technology, and the anti-repudiation signature of data is realized by using RSA asymmetric keys. As known, the RSA asymmetric key encryption algorithm is computationally secure, and is facing research and construction of foreseeable quantum computers, and security concerns exist in a cryptographic system based on computational complexity, so that potential safety hazards exist in the current electronic contract signing method based on the asymmetric key technology.
Disclosure of Invention
In order to solve the defects of the prior art, the present disclosure provides an electronic contract signing method and system for resisting quantum attack, which fundamentally eliminates the defect that the security is based on computational security of the traditional electronic contract signing method based on PKI.
According to some embodiments, the present disclosure employs the following technical solutions:
A first object of the present disclosure is to provide an electronic contract signing method that is resistant to quantum attacks.
An electronic contract signing method for resisting quantum attack, comprising the following steps:
The trusted center distributes a shared secret key to each signing party through a quantum cryptography network;
The trusted center generates first signature information and signature hiding information according to a request generated by the first signing party by using the shared key, and sends the first signature information and the signature hiding information to the first signing party;
the first signing party sends the signature hidden information to the second signing party, the second signing party requests the second signature information from the trusted center by using the shared key after verifying that the signature hidden information is correct, and the trusted center sends the generated second signature information to the second signing party;
The first signing party receives second signature information sent by the second signing party, and sends the first signature information to the second signing party after the trusted center verifies that the second signature information is correct;
And after the second signing party verifies that the received first signature information is correct to the trusted center, the electronic contract signing is completed.
As an alternative implementation manner, the trusted center verifies that the first signature information is incorrect or the second signing party does not receive the first signature information, and the second signing party encrypts and sends the electronic contract, the second signature information and the signature hiding information to the trusted center;
The trusted center verifies the correctness of the received data, decrypts the signature hidden information, obtains the first signature information of the first signing party, sends the first signature information to the second signing party, and sends the second signature information to the first signing party;
The second signing party receives the first signature information, the first signing party receives the second signature information, the second signing party respectively verifies the correctness of the received signature information to the trusted center, and if the received signature information is correct, the received signature information is respectively stored, and the signing of the electronic contract is completed.
As an alternative embodiment, the first signing party encrypts the electronic contract with the first shared key to obtain an electronic contract ciphertext, calculates a key-related message authentication code with the second shared key, and sends the identity of the trusted center, the number of the first shared key, the number of the second shared password, the identity of the first signing party, the electronic contract ciphertext and the encrypted message authentication code to the trusted center.
As an alternative embodiment, the second signing party encrypts the electronic contract with the third shared key to obtain an electronic contract ciphertext, calculates a key-related message authentication code with the fourth shared key, and sends the identity of the trusted center, the number of the third shared key, the number of the fourth shared password, the identity of the second signing party, the electronic contract ciphertext and the encrypted message authentication code to the trusted center.
As a further limitation, the first signature information is encrypted with the first key and signature hidden information of the first signature information is obtained.
As a further limitation, the second signing party verifies whether the signature ciphertext in the received signature hidden information is the encrypted ciphertext of the first signature information by the first key, and requests the second signature information from the trusted party after verifying that the signature ciphertext is correct.
As an alternative embodiment, each shared key is used followed by a marking of the used state.
As an alternative implementation manner, the trusted center stores the identity registration information and the shared key of each signing party in a database, each signing party stores the shared key safely, and the shared key is divided into keys and numbered synchronously according to the length of the shared key used each time together with the shared key in the trusted center database.
A second object of the present disclosure is to provide an electronic contract signing system that is resistant to quantum attacks.
An electronic contract signing system based on quantum attack resistance, comprising:
An electronic contract signing server configured to serve as a trusted third party in the electronic contract signing process, distribute a shared key to signing parties of all clients through a quantum cryptography network, sign the electronic contract with a symmetric key, encrypt signature information to obtain signature hidden information, divide keys of a true random number digital signature key library by keys according to the length used by each digital signature, and sequentially number to verify the electronic contract signature;
and the clients are configured to provide information services in the process of signing the contract for each signing party respectively, and communicate information with the electronic contract signing server by using the shared secret key.
As an alternative embodiment, the electronic contract signing server distributes the shared key to the authenticated signers of the clients, saves the identity registration information of the signers and the shared key, saves the shared key by the clients, and performs key division and synchronous sequence numbering on the shared key together with the shared key in the electronic contract signing server database according to the length of each time the shared key is used.
As an alternative embodiment, each communication of information between each client and the electronic contract signing server uses a different number of keys in turn.
As an alternative implementation manner, each client and the electronic contract signing server obtain a shared key through quantum key distribution, and when the number of the shared keys is lower than a set value, the signing party of each client uses the unused shared key to carry out mutual identity authentication with the contract signing server;
After the identity authentication is successful, the contract signing server distributes quantum keys to signing parties of all clients through a quantum secret channel of a quantum cryptographic network, the contract signing server and all clients encrypt the newly distributed quantum keys by using unused keys, ciphertext is used as a new shared key, and the new shared keys are subjected to key division and serial numbering.
Compared with the prior art, the beneficial effects of the present disclosure are:
the invention provides an electronic contract signing method for resisting quantum attack, which utilizes the characteristics of small mathematical operand, high encryption speed and easy processing of a symmetric cryptosystem, and simultaneously has the characteristic of resisting quantum attack, thereby fundamentally eliminating the defect that the security is based on computational security of the traditional electronic contract signing method based on PKI.
The method is achieved based on a quantum cryptography network by marking the used secret key to prevent repeated use, and has unconditional security by adopting a one-time pad encryption method.
The electronic contract signing method provided by the disclosure strictly follows a fair exchange agreement, and ensures the fairness of electronic contract signing.
Additional aspects of the disclosure will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the disclosure.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure, illustrate and explain the exemplary embodiments of the disclosure and together with the description serve to explain the disclosure, and do not constitute an undue limitation on the disclosure.
FIG. 1 is a diagram showing the relationship between a signer and a trusted center according to the first embodiment;
FIG. 2 is a flowchart of an electronic contract signing method according to the first embodiment;
fig. 3 is a system configuration diagram of the second embodiment.
Detailed Description
The disclosure is further described below with reference to the drawings and examples.
It should be noted that the following detailed description is illustrative and is intended to provide further explanation of the present disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments in accordance with the present disclosure. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
Embodiments of the present disclosure and features of embodiments may be combined with each other without conflict.
Example 1:
The symmetric key algorithm is a cryptographic algorithm in which both encryption and decryption are transformed using the same secret key. The cipher system features small mathematical operation, fast encryption speed, easy processing and difficult distribution of symmetric key. The occurrence of the quantum cryptography network solves the problem of symmetric key distribution, and through the quantum cryptography network, both encryption parties can conveniently obtain a shared symmetric key by means of quantum key distribution.
The embodiment relies on the abundant symmetric key resources of the quantum cryptography network to realize an electronic contract signing method for resisting quantum attack. FIG. 1 is a diagram showing the relationship between signing parties and trusted centers, and the functions of the components are described in detail below:
The trusted center is a third party trusted authority and is used for digital signature of the electronic contract, identity registration of the electronic contract signer, identity authentication of the signer during electronic contract signing and a trusted third party for solving electronic contract signing disputes. And establishing a true random digital signature key library in the trusted center for digital signature of the electronic contract data. Dividing the keys of the key library according to the length used by each digital signature, and numbering the divided keys sequentially.
And the electronic contract signer realizes signing parties of the electronic contract signing through a trusted center. Before signing the electronic contract, a signer of the electronic contract submits an identity registration application to a trusted center through a quantum cryptography network terminal by adopting a quantum secret channel. The quantum secret channel is provided with a shared quantum key, and secret submission of identity registration information is realized through encryption and decryption of the shared key. After the trusted center accepts the identity registration application of the signer, the trusted center respectively examines the materials submitted by the signer. After the examination is qualified, the trusted center distributes the shared key to the signer through a quantum secret channel of the quantum cryptography network, the trusted center stores the identity registration information of the signer and the shared key in a database, the signer safely stores the shared key, and the shared key is divided into keys and synchronously numbered sequentially together with the shared key in the database of the trusted center according to the length of each time of using the shared key.
The present embodiment is a two-party-based electronic contract signing method, assuming that two parties participating in electronic contract signing are a and B (a and B represent the identity of the signer of the contract, respectively, a and B have completed identity registration in the trusted center in advance), and the contract to be signed by a and B is C (a and B have agreed on the content of C in advance). Fig. 2 is a flow chart of implementation of the electronic contract signing (a is the initiator of the contract signing) according to the present embodiment, and the following details are given:
s1, an initiator A signed by the electronic contract initiates an electronic contract signing information and signature hiding information request to a trusted center.
A encrypts a contract C with an unused shared key K1 of the trusted center to obtain a ciphertext E K1 (C), calculates a message authentication code HMAC (A TP E K1 (C) N1N 2; K2) (TP is an identity code of the trusted center, N1 and N2 respectively represent serial numbers of the keys K1 and K2, |represents a data connection operation) related to the key by using the unused shared key K2 of the trusted center, A sends an electronic contract signing information request and a signature hiding information request to the trusted center, and sends A, TP, N1, N2, E K1 (C) and HMAC (A TP E K1 (C) N1|N 2; K2) to the trusted center, and marks the keys K1 and K2 as used.
And S2, the trusted center verifies the identity of the A, generates signature information of the A on the electronic contract C, encrypts the signature information to generate signature hidden information, and encrypts and sends the signature information and the signature hidden information to the A.
After receiving the signature request sent by the trusted center A, the signature hiding information request and the data A, TP, N1, N2, E K1 (C) and the HMAC (A|N 2, K2) and marking the shared key K2 with the A by the trusted center to the shared key K K1 (C) with the sequence number N2, if the K2 is used, rejecting the request of A, otherwise verifying the request by the HMAC (A|B|N 1 (C) |N2, K2) and the identity authentication of A by the trusted center to the shared key K K1 (C) with the sequence number N1, and marking the shared key K1 and K2 as used, and carrying out symmetric key signature on the contract C by the non-used key SK1 in the database to obtain the data of the HMAC (C|A|TS) and the shared key DS 1 (DS 1) by the trusted center to the shared key K1, otherwise verifying the shared key K|S 1 (C|TS) and the shared key DS 1) by the trusted center to be used, and sending the shared key (S1) to the shared key (S1) by the trusted center B|B|TS 1) to the encrypted key (S1) and the encrypted key (S1) by the trusted center B|4) to be used as the encrypted key (S1) and the encrypted key (S) to be used as the encrypted key 1) and the encrypted key (S) and the encrypted key 1) to be used.
And S3, receiving signature information sent by the trusted center, sending signature hidden information of the electronic contract C by the A to the B, and verifying the correctness of the signature hidden information by the B.
A receives DS A||SN1||E(DSA) ciphertext and a message authentication code thereof, verifies the legality of the data DS A||SN1||E(DSA) through the message authentication code, decrypts DS A||SN1||E(DSA) ciphertext by using a shared key with a trusted center if verification is successful, obtains data DS A and SN 1I E (DS A), stores DS A, generates SN 1I E (DS A) to B, verifies the correctness of the SN 1I E (DS A) to the trusted center after the B receives the data (verifies whether E (DS A) is ciphertext encrypted by a trusted center digital signature key library key with a sequence number of SN1 for signature information of A of contract C), and terminates the electronic contract signing process if a verification result is wrong, otherwise, carries out the next step.
And S4, B applies the digital signature of the electronic contract C to the trusted center and sends the digital signature information of the B to the A.
B obtains ciphertext E K3 (C) by encrypting contract C with unused shared key K3 of the trusted center, calculates a message authentication code HMAC (B TP E K1 (C) N3N 4; K4) (TP is an identity code of the trusted center, N3 and N4 respectively represent serial numbers of keys K3 and K4, |represents data connection operation) related to the key by using the unused shared key K4 of the trusted center, B sends an electronic contract signing request to the trusted center, and sends B, TP, N3, N4, E K3 (C) and HMAC (B TP E K3 (C) N3|N 4; K4) to the trusted center, and marks the keys K3 and K4 as used.
After receiving the signature request and data B, TP, N3, N4, E K3 (C) and HMAC (A|N 4) sent by the trusted center, the trusted center obtains contract C by reading a shared key K4 with the sequence number N4 from the database, if K4 is used, the shared key K4 with the sequence number N4 is refused to accept the signature request and data of B, otherwise, the shared key (B|TP|N 24 (C) |N 3|N 4) is verified, if the shared key K3 with the sequence number B is read by the trusted center, decryption E K3 (C) obtains contract C by the shared key K3 and the shared key K4, the shared key DS 2 with the sequence number of SN2 is signed by the trusted center, otherwise, the shared key DS 2 is refused to accept the signature request and data of B, otherwise, the shared key DS is used by the trusted center is verified, the shared key DS 2 is sent by the trusted center, and the shared key DS 4 is used by the shared key DS 2 is sent by the trusted center to the shared key DS 4, and the shared key DS 2 is used by the shared key DS 4 with the sequence number N3 and the shared key DS 2, and the shared key DS 2 is used by the shared key DS 4 is used by the shared key DS 2 with the shared key DS 4.
B receives DS B ciphertext and a message authentication code sent by the trusted center, uses a shared key to verify the correctness of the message authentication code, and uses the shared key to decrypt and obtain DS B if verification is successful, and B sends DS B to A.
And S5, after receiving the signature information of the B of the electronic contract C sent by the B, the A verifies the correctness of the signature information of the B in the trusted center. If not, the electronic contract fails to sign, and if so, the A sends signature information of the electronic contract C to the B.
After receiving signature information DS B of contract C sent by B, A verifies the correctness of DS B to a trusted center. If not, the electronic contract fails to sign, and if so, A sends signature information DS A of the contract C to B.
And S6, if the B receives the signature information of the electronic contract C sent by the A, the B verifies the correctness of the signature information of the A to the trusted center, if the signature information is correct, the B stores the signature information, the signing of the electronic contract C is successful, and the signing process is ended. If the trusted center verifies that the signature information of A is incorrect or B does not receive the signature information of A sent to the electronic contract C, B uses the shared key with the trusted center to encrypt and send the signature information of the electronic contract C, B and the signature hidden information of A to the trusted center.
If B receives the signature information DS A sent by A to the contract C, B verifies the correctness of the DS A to the trusted center, if the signature information DS A is correct, B stores the DS A, the signing of the contract C is successful, and the signing process is ended. If the trust center verifies that DS A is incorrect or B does not receive the signature information sent by A for the partner C, B sends C, DS B and SN 1I E (DS A) to the trust center using the shared key with the trust center.
And S7, the trusted center verifies the correctness of the received data, decrypts the signature hidden information of the A, obtains the signature information of the A, sends the signature information of the A to the B, and sends the signature information of the B to the A.
After receiving the cryptograph of C, DS B and SN 1I E (DS A), the trusted center uses the shared key to decrypt and obtain C, DS B and SN 1I E (DS A), verifies the correctness of DS B and SN 1I E (DS A), decrypts E (DS A) by using a key with a sequence number of SN1 in a signature key library to obtain signature information of A of contract C, encrypts and transmits DS A to B, and simultaneously encrypts and transmits DS B to A.
And S8, after receiving the signature information of the A, the B verifies the correctness of the signature information of the A to the trusted center, if the signature information is correct, the A saves the signature information, and after receiving the signature information of the B, the A verifies the correctness of the signature information of the B to the trusted center, and if the signature information is correct, the A saves the signature information. Signing of the electronic contract C is completed.
The method comprises the steps that a shared secret key is obtained through quantum secret key distribution between a trusted center and an electronic contract signer, when the shared secret key between the trusted center and the electronic contract signer is about to be used, the electronic contract signer uses an unused shared secret key to carry out mutual identity authentication with the trusted center, after the identity authentication is successful, the trusted center distributes the quantum secret key to the electronic contract signer through a quantum secret channel of a quantum cryptography network, the trusted center and the electronic contract signer encrypt the newly distributed quantum secret key by using the unused secret key, ciphertext is used as a new shared secret key, and the new shared secret key is subjected to secret key division and sequential numbering.
The fairness exchange protocol is a basic security protocol to be followed in the process of signing an electronic contract, and is mainly used for guaranteeing the security and fairness of information exchange and related conditions in a network environment. The fair exchange protocol may enable two parties involved in the exchange to exchange information in a fair manner, such that either one party may obtain information from the other party or both parties may not obtain information from the other party. It can also be said that if the transaction can be normally conducted, the protocol ensures that both parties can obtain the information required by each, and if the protocol is abnormally terminated, the protocol should ensure that both parties are equally located, and neither party takes advantage.
Generally, the contract signing initiator (the party who sends the signature information first) is in a disadvantageous position in the contract signing process, and if the other party receives the signature and does not return the signature information, the contract signing initiator is disadvantageous. To address this problem, this patent introduces hidden information for the initiator signature. The sponsor (offerer) of the contract signs the signature hidden information to the other party (offerer) first, only receives the correct signature information of the offerer, the offerer sends own signature information to the offerer. If the offerer receives the signature information of the offerer and does not send the signature information of the offerer to the offerer, the offerer can obtain the signature information of the offerer through a trusted third party (a trusted center) by utilizing the hidden information of the signature. In order to prevent the offeree from directly obtaining the offeree signature through the trusted center by using the signature hiding message, the trusted center must receive the signature information of the offeree to obtain the signature information of the offeree through the signature hiding message, and send the signature of the offeree to the offeree, and simultaneously send the signature information of the offeree to the offeree. The electronic contract signing flow of the embodiment strictly follows a fair exchange protocol. In the signing process, the status of both signing parties is always fair.
Embodiment two:
in this embodiment, an electronic contract signing system resistant to quantum attack is provided, including:
An electronic contract signing server configured to serve as a trusted third party in the electronic contract signing process, distribute a shared key to signers of all clients through a quantum cryptography network, sign the electronic contract with a symmetric key, encrypt the digital signature to obtain signature hidden information, divide keys of a true random number digital signature key library by keys according to the length used by each digital signature, and perform sequential labeling to verify the electronic contract signature;
and the clients are configured to provide information services in the process of signing the contract for each signer respectively, and communicate information with the electronic contract signing server by using the shared secret key.
The electronic contract signing server distributes the shared secret key to the authentication signer of each client, saves the identity registration information of the signer and the shared secret key, saves the shared secret key by the client, and performs secret key division and synchronous sequence numbering on the shared secret key together with the shared secret key in the database of the electronic contract signing server according to the length of each time using the shared secret key.
Each information communication between each client and the electronic contract signing server sequentially adopts keys with different numbers;
each client and the electronic contract signing server acquire a shared key through quantum key distribution, and when the number of the shared keys is lower than a set value, signers of each client use unused shared keys to mutually authenticate identity with the contract signing server;
After the identity authentication is successful, the contract signing server distributes quantum keys to signing parties of all clients through a quantum secret channel of a quantum cryptographic network, the contract signing server and all clients encrypt the newly distributed quantum keys by using unused keys, ciphertext is used as a new shared key, and the new shared keys are subjected to key division and serial numbering.
The working method of the system is the same as the electronic contract signing method for quantum attack resistance provided in embodiment 1, and is not repeated here.
It will be apparent to those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, magnetic disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), or the like.
The foregoing description of the preferred embodiments of the present disclosure is provided only and not intended to limit the disclosure so that various modifications and changes may be made to the present disclosure by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (7)

1. A quantum attack resistant electronic contract signing method is characterized by comprising the following steps:
The trusted center distributes a quantum key to each signing party through a quantum cryptography network as a shared key, the identity registration information and the shared key of each signing party are stored in a database, each signing party safely stores the shared key, and the shared key is divided into keys and numbered synchronously in sequence together with the shared key in the trusted center database according to the length of each shared key;
The trusted center generates first signature information and signature hiding information according to a request generated by the first signing party by using the shared key, and sends the first signature information and the signature hiding information to the first signing party;
the first signing party sends the signature hidden information to the second signing party, the second signing party requests the second signature information from the trusted center by using the shared key after verifying that the signature hidden information is correct, and the trusted center sends the generated second signature information to the second signing party;
The first signing party receives second signature information sent by the second signing party, and sends the first signature information to the second signing party after the trusted center verifies that the second signature information is correct;
the second signing party verifies that the received first signature information is correct to the trusted center, and then the electronic contract signing is completed;
Wherein each shared key is used followed by a marking of the used state.
2. The quantum attack resistant electronic contract signing method according to claim 1, wherein:
The trusted center verifies that the first signature information is incorrect or the second signing party does not receive the first signature information, and the second signing party encrypts and sends the electronic contract, the second signature information and the signature hiding information to the trusted center;
The trusted center verifies the correctness of the received data, decrypts the signature hidden information, obtains the first signature information of the first signing party, sends the first signature information to the second signing party, and sends the second signature information to the first signing party;
The second signing party receives the first signature information, the first signing party receives the second signature information, the second signing party respectively verifies the correctness of the received signature information to the trusted center, and if the received signature information is correct, the received signature information is respectively stored, and the signing of the electronic contract is completed.
3. The quantum attack resistant electronic contract signing method according to claim 1, wherein:
the first signing party encrypts the electronic contract by using the first shared secret key to obtain an electronic contract ciphertext, calculates a message authentication code related to the secret key by using the second shared secret key, and sends the identity recognition code of the trusted center, the number of the first shared secret key, the number of the second shared secret key, the identity recognition code of the first signing party, the electronic contract ciphertext and the encrypted message authentication code to the trusted center;
Or the second signing party encrypts the electronic contract by using the third shared key to obtain an electronic contract ciphertext, calculates a message authentication code related to the key by using the fourth shared key, and sends the identity recognition code of the trusted center, the number of the third shared key, the number of the fourth shared password, the identity recognition code of the second signing party, the electronic contract ciphertext and the encrypted message authentication code to the trusted center.
4. A quantum attack resistant electronic contract signing method as claimed in claim 3, wherein:
and encrypting the first signature information by using the first key and obtaining signature hidden information of the first signature information.
5. A quantum attack resistant electronic contract signing method as claimed in claim 3, wherein:
The second signing party verifies whether the signature ciphertext in the received signature hidden information is the encrypted ciphertext of the first signature information by the first key or not, and requests the second signature information from the trusted center after verification is correct.
6. An electronic contract signing system based on quantum attack resistance is characterized by comprising the following components:
The electronic contract signing server is configured to serve as a trusted third party in the electronic contract signing process, a quantum key is distributed to signing parties of all clients through a quantum cryptographic network to serve as a shared key, identity registration information of the signing parties and the shared key are stored, symmetric key signing is conducted on the electronic contract, signature information is encrypted to obtain signature hidden information, keys of a true random number digital signature key library are divided according to the length used by each digital signature, sequential numbering is conducted, and verification of the electronic contract signature is conducted;
The clients are configured to store the shared secret key, carry out secret key division on the shared secret key together with the shared secret key in the database of the electronic contract signing server according to the length of each time of using the shared secret key and synchronize sequence numbers, respectively provide information service in the contract signing process for each signing party, and carry out information communication with the electronic contract signing server by using the shared secret key;
Wherein each shared key is used followed by a marking of the used state.
7. The quantum attack resistant electronic contract signing system as set forth in claim 6, wherein:
Each information communication between each client and the electronic contract signing server sequentially adopts keys with different numbers;
Or each client and the electronic contract signing server acquire a shared key through quantum key distribution, and when the number of the shared keys is lower than a set value, signing parties of each client use unused shared keys to carry out mutual identity authentication with the contract signing server;
After the identity authentication is successful, the contract signing server distributes quantum keys to signing parties of all clients through a quantum secret channel of a quantum cryptographic network, the contract signing server and all clients encrypt the newly distributed quantum keys by using unused keys, ciphertext is used as a new shared key, and the new shared keys are subjected to key division and serial numbering.
CN202011639032.8A 2020-12-31 2020-12-31 A quantum attack-resistant electronic contract signing method and system Active CN114692128B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011639032.8A CN114692128B (en) 2020-12-31 2020-12-31 A quantum attack-resistant electronic contract signing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011639032.8A CN114692128B (en) 2020-12-31 2020-12-31 A quantum attack-resistant electronic contract signing method and system

Publications (2)

Publication Number Publication Date
CN114692128A CN114692128A (en) 2022-07-01
CN114692128B true CN114692128B (en) 2025-06-24

Family

ID=82135672

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011639032.8A Active CN114692128B (en) 2020-12-31 2020-12-31 A quantum attack-resistant electronic contract signing method and system

Country Status (1)

Country Link
CN (1) CN114692128B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104271A (en) * 2017-06-20 2018-12-28 山东量子科学技术研究院有限公司 A kind of methods, devices and systems of digital signature
CN109756485A (en) * 2018-12-14 2019-05-14 平安科技(深圳)有限公司 Electronic contract signs method, apparatus, computer equipment and storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7246240B2 (en) * 2001-04-26 2007-07-17 Massachusetts Institute Of Technology Quantum digital signatures
GB2604540B (en) * 2016-02-03 2023-01-11 Luther Systems System and method for secure management of digital contracts
CN106452790B (en) * 2016-11-11 2019-12-17 浙江神州量子网络科技有限公司 Multi-quantum digital signature method without trust center
CN107844946A (en) * 2017-06-19 2018-03-27 深圳法大大网络科技有限公司 A kind of method, apparatus and server of electronic contract signature
CN111404694B (en) * 2020-03-12 2021-02-09 成都信息工程大学 A single photon-based quantum electronic contract signing method and system
CN111539032B (en) * 2020-06-17 2023-03-03 上海安密信科技有限公司 Electronic signature application system resistant to quantum computing disruption and implementation method thereof
CN112104453B (en) * 2020-08-06 2022-08-09 如般量子科技有限公司 Anti-quantum computation digital signature system and signature method based on digital certificate

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104271A (en) * 2017-06-20 2018-12-28 山东量子科学技术研究院有限公司 A kind of methods, devices and systems of digital signature
CN109756485A (en) * 2018-12-14 2019-05-14 平安科技(深圳)有限公司 Electronic contract signs method, apparatus, computer equipment and storage medium

Also Published As

Publication number Publication date
CN114692128A (en) 2022-07-01

Similar Documents

Publication Publication Date Title
US11108565B2 (en) Secure communications providing forward secrecy
CN112887338B (en) Identity authentication method and system based on IBC identification password
CN109714167B (en) Identity authentication and key agreement method and equipment suitable for mobile application signature
US10708072B2 (en) Mutual authentication of confidential communication
US10742426B2 (en) Public key infrastructure and method of distribution
EP1376976A1 (en) Methods for authenticating potential members invited to join a group
CN112766962A (en) Method for receiving and sending certificate, transaction system, storage medium and electronic device
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN112351037B (en) Information processing method and device for secure communication
CN114697040B (en) Electronic signature method and system based on symmetric key
CN114244502B (en) Signature key generation method, device and computer equipment based on SM9 algorithm
CN114692218A (en) Electronic signature method, equipment and system for individual user
CN101090316A (en) Identity authentication method between memory card and terminal device in offline state
CN110572257B (en) Identity-based data source identification method and system
CN114697038B (en) A quantum attack-resistant electronic signature method and system
CN114692219B (en) Electronic contract signing method and system based on electronic signature
CN108600240A (en) A kind of communication system and its communication means
CN114692128B (en) A quantum attack-resistant electronic contract signing method and system
CN114764510B (en) A quantum computing-resistant electronic contract signing system and method
WO2022229971A1 (en) System and method for collective trust identity and authentication
CN114692216B (en) Electronic contract signing method, system, storage medium and device based on symmetric key
CN114692215B (en) Electronic contract signing method and system based on delivery anti-repudiation
CN114692220B (en) Fair electronic contract signing methods, storage media, devices and systems for multiple parties
Surya et al. Single sign on mechanism using attribute based encryption in distributed computer networks
CN114692129B (en) A quantum computing-resistant electronic contract signing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant