[go: up one dir, main page]

CN116846558A - Data encryption method, system, electronic equipment and medium based on RSA algorithm - Google Patents

Data encryption method, system, electronic equipment and medium based on RSA algorithm Download PDF

Info

Publication number
CN116846558A
CN116846558A CN202311001279.0A CN202311001279A CN116846558A CN 116846558 A CN116846558 A CN 116846558A CN 202311001279 A CN202311001279 A CN 202311001279A CN 116846558 A CN116846558 A CN 116846558A
Authority
CN
China
Prior art keywords
modulus
data encryption
rsa algorithm
quality factor
prime
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311001279.0A
Other languages
Chinese (zh)
Inventor
大卫·纳卡什
杨嘉诚
雷虹
张永欣
包子健
陈邦道
周胜平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yunhai Chain Holdings Co ltd
Original Assignee
Yunhai Chain Holdings Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yunhai Chain Holdings Co ltd filed Critical Yunhai Chain Holdings Co ltd
Priority to CN202311001279.0A priority Critical patent/CN116846558A/en
Publication of CN116846558A publication Critical patent/CN116846558A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本申请公开了一种基于RSA算法的数据加密方法、系统、电子设备及介质,所属的技术领域为数据安全技术。所述基于RSA算法的数据加密方法包括:若接收到数据加密请求,则确定所述数据加密请求对应的目标数据,并从第三方平台获取RSA算法的模数n;判断所述模数n是否仅存在2个大于1且小于n的质因子;其中,2个质因子包括质因子p和质因子q;若所述模数n仅存在2个大于1且小于n的质因子,则判断所述质因子p和所述质因子q的数值相似度是否符合预设要求;若符合预设要求,则利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作。本申请能够降低检测模数n安全性的复杂度,提高使用RSA算法加密数据的执行效率。

This application discloses a data encryption method, system, electronic device and medium based on the RSA algorithm. The technical field to which it belongs is data security technology. The data encryption method based on the RSA algorithm includes: if a data encryption request is received, determining the target data corresponding to the data encryption request, and obtaining the modulus n of the RSA algorithm from a third-party platform; determining whether the modulus n is There are only 2 prime factors greater than 1 and less than n; among them, the 2 prime factors include prime factor p and prime factor q; if the modulus n has only 2 prime factors greater than 1 and less than n, then determine Whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements; if it meets the preset requirements, use the modulus n to perform a data encryption operation based on the RSA algorithm on the target data. This application can reduce the complexity of detecting the security of modulus n and improve the execution efficiency of using RSA algorithm to encrypt data.

Description

基于RSA算法的数据加密方法、系统、电子设备及介质Data encryption method, system, electronic equipment and media based on RSA algorithm

技术领域Technical field

本申请涉及数据安全技术领域,特别涉及一种基于RSA算法的数据加密方法、系统、电子设备及介质。This application relates to the field of data security technology, and in particular to a data encryption method, system, electronic equipment and media based on the RSA algorithm.

背景技术Background technique

RSA算法由Ron Rivest、Adi Shamir、Leonard Adleman提出,根据数论,寻求两个大素数比较简单,而将它们的乘积进行因式分解却极其困难,因此可以将乘积公开作为加密密钥。RSA算法体制构造基于数论的欧拉定理,其安全性依赖大数因子分解的困难性。RSA面临的较大威胁主要来自于计算能力的持续提高和因子分解算法的不断改进。为了提高RSA算法的安全性,需要保证选取的模数n是规定大小的安全素数p、q的乘积,相关技术中通常使用Camenisch–Michels协议检测模数n的安全性,但是其协议中的伪素性测试的计算操作较多,计算开销较高,执行效率低。The RSA algorithm was proposed by Ron Rivest, Adi Shamir, and Leonard Adleman. According to number theory, it is relatively simple to find two large prime numbers, but it is extremely difficult to factor their product, so the product can be disclosed as an encryption key. The RSA algorithm system is constructed based on Euler's theorem of number theory, and its security relies on the difficulty of factorizing large numbers. The biggest threats facing RSA mainly come from the continuous improvement of computing power and the continuous improvement of factorization algorithms. In order to improve the security of the RSA algorithm, it is necessary to ensure that the selected modulus n is the product of secure prime numbers p and q of specified sizes. In related technologies, the Camenisch–Michels protocol is usually used to detect the security of the modulus n, but the pseudo- Primeness testing requires many calculation operations, high computational overhead, and low execution efficiency.

因此,如何降低检测模数n安全性的复杂度,提高使用RSA算法加密数据的执行效率是本领域技术人员目前需要解决的技术问题。Therefore, how to reduce the complexity of detecting the security of modulus n and improve the execution efficiency of encrypting data using the RSA algorithm is a technical problem that those skilled in the art currently need to solve.

发明内容Contents of the invention

本申请的目的是提供一种基于RSA算法的数据加密方法、系统、电子设备及介质,用于解决如何降低检测模数n安全性的复杂度,提高使用RSA算法加密数据的执行效率这一技术问题。The purpose of this application is to provide a data encryption method, system, electronic equipment and media based on the RSA algorithm, which is used to solve the technology of how to reduce the complexity of detecting the security of modulus n and improve the execution efficiency of using the RSA algorithm to encrypt data. question.

为解决上述技术问题,本申请提供一种基于RSA算法的数据加密方法,该基于RSA算法的数据加密方法包括:In order to solve the above technical problems, this application provides a data encryption method based on the RSA algorithm. The data encryption method based on the RSA algorithm includes:

若接收到数据加密请求,则确定所述数据加密请求对应的目标数据,并从第三方平台获取RSA算法的模数n;If a data encryption request is received, the target data corresponding to the data encryption request is determined, and the modulus n of the RSA algorithm is obtained from the third-party platform;

判断所述模数n是否仅存在2个大于1且小于n的质因子;其中,2个质因子包括质因子p和质因子q;Determine whether the modulus n has only two prime factors greater than 1 and less than n; wherein, the two prime factors include prime factor p and prime factor q;

若所述模数n仅存在2个大于1且小于n的质因子,则判断所述质因子p和所述质因子q的数值相似度是否符合预设要求;If there are only two prime factors greater than 1 and less than n in the modulus n, determine whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements;

若符合预设要求,则利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作。If the preset requirements are met, the modulus n is used to perform a data encryption operation based on the RSA algorithm on the target data.

可选的,判断所述模数n是否仅存在2个大于1且小于n的质因子,包括:Optionally, determine whether the modulus n has only two prime factors greater than 1 and less than n, including:

从目标集合中选择m个随机值ρiSelect m random values ρ i from the target set;

判断所述随机值ρi是否为所述模数n的二次剩余;若是,则将所述随机值ρi的平方根添加至验证者集合;若否,则将0添加至所述验证者集合;Determine whether the random value ρ i is the quadratic remainder of the modulus n; if so, add the square root of the random value ρ i to the verifier set; if not, add 0 to the verifier set ;

判断所述验证者集合中非零元素的数量是否大于预设数量,得到第一判断结果;Determine whether the number of non-zero elements in the verifier set is greater than a preset number, and obtain the first judgment result;

判断所述模数n是否为正奇数、且不为质数或质数幂,得到第二判断结果;Determine whether the modulus n is a positive odd number and not a prime number or a prime power, and obtain a second judgment result;

若所述第一判断结果和所述第二判断结果均为是,则判定所述模数n仅存在2个大于1且小于n的质因子;If the first judgment result and the second judgment result are both yes, it is determined that the modulus n has only two prime factors greater than 1 and less than n;

若所述第一判断结果和所述第二判断结果不均为是,则判定所述模数n不符合安全性要求。If the first judgment result and the second judgment result are not both yes, it is judged that the modulus n does not meet the safety requirements.

可选的,将所述随机值ρi的平方根添加至验证者集合,包括:Optionally, add the square root of the random value ρ i to the verifier set, including:

从所述随机值ρi的所有平方根中随机选取一个平方根添加至验证者集合。A square root is randomly selected from all square roots of the random value ρ i and added to the verifier set.

可选的,在从目标集合中选择m个随机值ρi之前,还包括:Optionally, before selecting m random values ρ i from the target set, it also includes:

根据统计安全参数κ计算m的值;其中, Calculate the value of m according to the statistical safety parameter κ; where,

相应的,在判断所述验证者集合中非零元素的数量是否大于预设数量之前,还包括:Correspondingly, before judging whether the number of non-zero elements in the verifier set is greater than the preset number, it also includes:

将所述预设数量设置为3m/8。Set the preset number to 3m/8.

可选的,判断所述质因子p和所述质因子q的数值相似度是否符合预设要求,包括:Optionally, determine whether the numerical similarity between the prime factor p and the prime factor q meets preset requirements, including:

判断所述质因子p和所述质因子q的位数差或数值差是否小于预设数值;Determine whether the digit difference or numerical difference between the prime factor p and the prime factor q is less than a preset value;

若是,则判定所述质因子p和所述质因子q的数值相似度符合预设要求;If so, it is determined that the numerical similarity between the prime factor p and the prime factor q meets the preset requirements;

若否,则判定所述质因子p和所述质因子q的数值相似度不符合预设要求。If not, it is determined that the numerical similarity between the prime factor p and the prime factor q does not meet the preset requirements.

可选的,判断质因子p和质因子q的数值相似度是否符合预设要求,包括:Optionally, determine whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements, including:

利用GPS签名算法判断所述质因子p和所述质因子q的数值相似度是否符合预设要求。The GPS signature algorithm is used to determine whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements.

可选的,还包括:Optional, also includes:

若所述模数n不存在所述质因子p和所述质因子q,或,所述质因子p和所述质因子q的数值相似度不符合预设要求,则判定所述模数n不符合安全性要求。If the prime factor p and the prime factor q do not exist in the modulus n, or the numerical similarity between the prime factor p and the prime factor q does not meet the preset requirements, then it is determined that the modulus n Does not meet security requirements.

本申请还提供了一种基于RSA算法的数据加密系统,该系统包括:This application also provides a data encryption system based on the RSA algorithm, which includes:

模数获取模块,用于若接收到数据加密请求,则确定所述数据加密请求对应的目标数据,并从第三方平台获取RSA算法的模数n;A modulus acquisition module, used to determine the target data corresponding to the data encryption request if a data encryption request is received, and obtain the modulus n of the RSA algorithm from a third-party platform;

数量判断模块,用于判断所述模数n是否仅存在2个大于1且小于n的质因子;其中,2个质因子包括质因子p和质因子q;A quantity judgment module, used to judge whether the modulus n has only two prime factors greater than 1 and less than n; wherein the two prime factors include the prime factor p and the prime factor q;

相似度判断模块,用于若所述模数n仅存在2个大于1且小于n的质因子,则判断所述质因子p和所述质因子q的数值相似度是否符合预设要求;A similarity judgment module, used to judge whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements if there are only two prime factors greater than 1 and less than n in the modulus n;

加密模块,用于若数值相似度符合预设要求,则利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作。An encryption module, configured to use the modulus n to perform a data encryption operation based on the RSA algorithm on the target data if the numerical similarity meets the preset requirements.

本申请还提供了一种存储介质,其上存储有计算机程序,所述计算机程序执行时实现上述基于RSA算法的数据加密方法执行的步骤。This application also provides a storage medium on which a computer program is stored. When the computer program is executed, the steps of performing the above data encryption method based on the RSA algorithm are implemented.

本申请还提供了一种电子设备,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器调用所述存储器中的计算机程序时实现上述基于RSA算法的数据加密方法执行的步骤。This application also provides an electronic device, including a memory and a processor. A computer program is stored in the memory. When the processor calls the computer program in the memory, it implements the steps of performing the above-mentioned RSA algorithm-based data encryption method. .

本申请提供了一种基于RSA算法的数据加密方法,包括:若接收到数据加密请求,则确定所述数据加密请求对应的目标数据,并从第三方平台获取RSA算法的模数n;判断所述模数n是否仅存在2个大于1且小于n的质因子;其中,2个质因子包括质因子p和质因子q;若所述模数n仅存在2个大于1且小于n的质因子,则判断所述质因子p和所述质因子q的数值相似度是否符合预设要求;若符合预设要求,则利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作。This application provides a data encryption method based on the RSA algorithm, which includes: if a data encryption request is received, determining the target data corresponding to the data encryption request, and obtaining the modulus n of the RSA algorithm from a third-party platform; judging the Whether the modulus n has only 2 prime factors greater than 1 and less than n; among them, the 2 prime factors include prime factor p and prime factor q; if the modulus n has only 2 prime factors greater than 1 and less than n factor, then determine whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements; if it meets the preset requirements, use the modulus n to perform data encryption based on the RSA algorithm on the target data. operate.

本申请在接收到数据加密请求后从第三方平台获取RSA算法的模数n,判断模数n是否仅存在符合1<p<n、1<q<n这一规则的2个质因子。若模数n仅存在2个大于1且小于n的质因子,则继续判断质因子p和质因子q的数值相似度是否符合预设要求,若数值相似度符合预设要求则利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作。本申请从模数n的质因子数量和质因子数值相似度这两个维度对模数n的安全性进行检测,能够高效、低开销地避免第三方提供的n可能带来的安全性问题。因此本申请能够降低检测模数n安全性的复杂度,提高使用RSA算法加密数据的执行效率。本申请同时还提供了一种基于RSA算法的数据加密系统、一种存储介质和一种电子设备,具有上述有益效果,在此不再赘述。After receiving the data encryption request, this application obtains the modulus n of the RSA algorithm from the third-party platform, and determines whether the modulus n has only two prime factors that comply with the rules of 1<p<n and 1<q<n. If there are only 2 prime factors greater than 1 and less than n in the modulus n, continue to determine whether the numerical similarity of the prime factor p and the prime factor q meets the preset requirements. If the numerical similarity meets the preset requirements, use the module Number n performs a data encryption operation based on the RSA algorithm on the target data. This application detects the security of the modulus n from the two dimensions of the number of prime factors of the modulus n and the numerical similarity of the prime factors, and can efficiently and low-costly avoid the security problems that may be caused by n provided by a third party. Therefore, this application can reduce the complexity of detecting the security of modulus n and improve the execution efficiency of using RSA algorithm to encrypt data. This application also provides a data encryption system based on the RSA algorithm, a storage medium and an electronic device, which have the above beneficial effects and will not be described again here.

附图说明Description of the drawings

为了更清楚地说明本申请实施例,下面将对实施例中所需要使用的附图做简单的介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present application more clearly, the drawings required to be used in the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, As far as workers are concerned, other drawings can also be obtained based on these drawings without exerting creative work.

图1为本申请实施例所提供的一种基于RSA算法的数据加密方法的流程图;Figure 1 is a flow chart of a data encryption method based on the RSA algorithm provided by an embodiment of the present application;

图2为本申请实施例所提供的一种基于RSA算法的数据加密系统的结构示意图。Figure 2 is a schematic structural diagram of a data encryption system based on the RSA algorithm provided by an embodiment of the present application.

具体实施方式Detailed ways

为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments These are part of the embodiments of this application, but not all of them. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of this application.

下面请参见图1,图1为本申请实施例所提供的一种基于RSA算法的数据加密方法的流程图。Please refer to Figure 1 below. Figure 1 is a flow chart of a data encryption method based on the RSA algorithm provided by an embodiment of the present application.

具体步骤可以包括:Specific steps may include:

S101:若接收到数据加密请求,则确定所述数据加密请求对应的目标数据,并从第三方平台获取RSA算法的模数n;S101: If a data encryption request is received, determine the target data corresponding to the data encryption request, and obtain the modulus n of the RSA algorithm from the third-party platform;

其中,本实施例可以应用于具有使用RSA算法加密数据功能的电子设备,在收到数据加密请求后,可以确定数据加密请求对应的目标数据,还可以从第三方平台中获取使用RSA算法加密数据所需的模数n。Among them, this embodiment can be applied to electronic devices with the function of using the RSA algorithm to encrypt data. After receiving the data encryption request, the target data corresponding to the data encryption request can be determined, and the data encrypted using the RSA algorithm can also be obtained from a third-party platform. The required modulus n.

S102:判断所述模数n是否仅存在2个大于1且小于n的质因子;若是,则进入S103;若否,则结束流程;S102: Determine whether the modulus n has only two prime factors greater than 1 and less than n; if so, enter S103; if not, end the process;

其中,本步骤的目的为:判断第三方平台提供的模数n是否仅存在2个大于1且小于n的质因子,上述2个质因子包括质因子p和质因子q。若模数n不满足仅存在2个大于1且小于n的质因子这一条件,则判定模数n不安全。Among them, the purpose of this step is to determine whether the modulus n provided by the third-party platform has only two prime factors greater than 1 and less than n. The above two prime factors include the prime factor p and the prime factor q. If the modulus n does not satisfy the condition that there are only two prime factors greater than 1 and less than n, then the modulus n is judged to be unsafe.

S103:若所述模数n仅存在2个大于1且小于n的质因子,则判断所述质因子p和所述质因子q的数值相似度是否符合预设要求;S103: If there are only two prime factors greater than 1 and less than n in the modulus n, determine whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements;

其中,本步骤建立在模数n仅存在2个大于1且小于n的质因子p和质因子q的基础上,此时可以对质因子p和质因子q的相似性进行判断。本步骤可以判断所述质因子p和所述质因子q的数值相似度是否符合预设要求;具体的,可以判断所述质因子p和所述质因子q的位数差或数值差是否小于预设数值;若是,则判定所述质因子p和所述质因子q的数值相似度符合预设要求;若否,则判定所述质因子p和所述质因子q的数值相似度不符合预设要求。Among them, this step is based on the fact that the modulus n has only two prime factors p and q that are greater than 1 and less than n. At this time, the similarity of the prime factors p and q can be judged. This step can determine whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements; specifically, it can be determined whether the digit difference or the numerical difference between the prime factor p and the prime factor q is less than Preset numerical value; if yes, it is determined that the numerical similarity between the prime factor p and the prime factor q meets the preset requirements; if not, it is determined that the numerical similarity between the prime factor p and the prime factor q does not meet the preset requirements Default requirements.

S104:若符合预设要求,则利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作。S104: If the preset requirements are met, use the modulus n to perform a data encryption operation based on the RSA algorithm on the target data.

其中,若质因子p和质因子q的数值相似度符合预设要求,则可以利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作,得到密文数据。If the numerical similarity between the prime factor p and the prime factor q meets the preset requirements, the modulus n can be used to perform a data encryption operation based on the RSA algorithm on the target data to obtain ciphertext data.

本实施例在接收到数据加密请求后从第三方平台获取RSA算法的模数n,判断模数n是否仅存在符合1<p<n、1<q<n这一规则的2个质因子。若模数n仅存在2个大于1且小于n的质因子,则继续判断质因子p和质因子q的数值相似度是否符合预设要求,若数值相似度符合预设要求则利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作。本实施例从模数n的质因子数量和质因子数值相似度这两个维度对模数n的安全性进行检测,能够高效、低开销地避免第三方提供的n可能带来的安全性问题。因此本实施例能够降低检测模数n安全性的复杂度,提高使用RSA算法加密数据的执行效率。This embodiment obtains the modulus n of the RSA algorithm from the third-party platform after receiving the data encryption request, and determines whether the modulus n has only two prime factors that conform to the rules of 1<p<n and 1<q<n. If there are only 2 prime factors greater than 1 and less than n in the modulus n, continue to determine whether the numerical similarity of the prime factor p and the prime factor q meets the preset requirements. If the numerical similarity meets the preset requirements, use the module Number n performs a data encryption operation based on the RSA algorithm on the target data. This embodiment detects the security of the modulus n from the two dimensions of the number of prime factors of the modulus n and the numerical similarity of the prime factors. It can efficiently and low-costly avoid the security problems that may be caused by n provided by a third party. . Therefore, this embodiment can reduce the complexity of detecting the security of modulus n and improve the execution efficiency of encrypting data using the RSA algorithm.

作为一种可行的实施方式,本实施例可以通过以下方式判断模数n的质因子的数量:从目标集合中选择m个随机值ρi;判断所述随机值ρi是否为所述模数n的二次剩余;若是,则将所述随机值ρi的平方根添加至验证者集合;若否,则将0添加至所述验证者集合;判断所述验证者集合中非零元素的数量是否大于预设数量,得到第一判断结果;判断所述模数n是否为正奇数、且模数n不是质数或质数幂,得到第二判断结果;若所述第一判断结果和所述第二判断结果均为是,则判定所述模数n仅存在2个大于1且小于n的质因子;若所述第一判断结果和所述第二判断结果不均为是,则判定所述模数n不符合安全性要求。具体的,若模数n为正奇数、模数n不是质数或质数幂,则第二判断结果为是;若模数n不为正奇数,或,模数n是质数或质数幂,则第二判断结果为否。上述目标集合为满足雅可比符号为1的集合的一个子集合。As a feasible implementation, this embodiment can determine the number of prime factors of modulus n in the following manner: select m random values ρ i from the target set; determine whether the random value ρ i is the modulus The quadratic remainder of n; if yes, add the square root of the random value ρ i to the verifier set; if not, add 0 to the verifier set; determine the number of non-zero elements in the verifier set Whether it is greater than the preset number, the first judgment result is obtained; it is judged whether the modulus n is a positive odd number, and the modulus n is not a prime number or a power of a prime number, the second judgment result is obtained; if the first judgment result and the third If the two judgment results are both yes, then it is judged that the modulus n has only 2 prime factors greater than 1 and less than n; if the first judgment result and the second judgment result are not both yes, then it is judged that the Modulo n does not meet security requirements. Specifically, if the modulus n is a positive odd number and the modulus n is not a prime number or a prime power, then the second judgment result is yes; if the modulus n is not a positive odd number, or the modulus n is a prime number or a prime power, then the second judgment result is yes. 2. The judgment result is no. The above target set is a subset of the set that satisfies the Jacobian symbol of 1.

在上述过程中一个随机值ρi可以存在多个平方根,因此可以从所述随机值ρi的所有平方根中随机选取一个平方根添加至验证者集合。In the above process, a random value ρ i can have multiple square roots, so a square root can be randomly selected from all the square roots of the random value ρ i and added to the verifier set.

进一步的,在从目标集合中选择m个随机值ρi之前,还可以根据统计安全参数κ计算m的值;其中,相应的,在判断所述验证者集合中非零元素的数量是否大于预设数量之前,还可以将所述预设数量设置为3m/8(即0.375m)。统计安全参数(statistical security parameter)指:约束攻击者在线交互时偏离协议(而不被发现)的概率。Furthermore, before selecting m random values ρ i from the target set, the value of m can also be calculated based on the statistical security parameter κ; where, Correspondingly, before judging whether the number of non-zero elements in the verifier set is greater than the preset number, the preset number can also be set to 3m/8 (that is, 0.375 m ). Statistical security parameters refer to constraining the probability of an attacker deviating from the protocol (without being discovered) during online interactions.

作为一种可行的实施方式,可以通过以下方式判断质因子p和质因子q的数值相似度:利用GPS(Girault-Poupard-Stern)签名算法判断所述质因子p和所述质因子q的数值相似度是否符合预设要求。GPS签名算法是本领域中已有的算法,实现过程具体见论文On theFly Authentication and Signature Schemes Based on Groups of Unknown Order。As a feasible implementation, the numerical similarity of the prime factor p and the prime factor q can be determined in the following way: using the GPS (Girault-Poupard-Stern) signature algorithm to determine the numerical similarity of the prime factor p and the prime factor q. Whether the similarity meets the preset requirements. The GPS signature algorithm is an existing algorithm in this field. For details on the implementation process, see the paper On theFly Authentication and Signature Schemes Based on Groups of Unknown Order.

作为一种可行的实施方式,若所述模数n不存在所述质因子p和所述质因子q,或,所述质因子p和所述质因子q的数值相似度不符合预设要求,则判定所述模数n不符合安全性要求。若模数n不符合安全性要求,则可以拒绝上述数据加密请求,不对目标数据执行加密操作。As a feasible implementation, if the prime factor p and the prime factor q do not exist in the modulus n, or the numerical similarity between the prime factor p and the prime factor q does not meet the preset requirements , then it is determined that the modulus n does not meet the safety requirements. If the modulus n does not meet the security requirements, the above data encryption request can be rejected and no encryption operation is performed on the target data.

下面通过在实际应用中的实施例说明上述实施例描述的流程。The processes described in the above embodiments are described below through examples in practical applications.

相关技术中,通常使用Camenisch–Michels协议对模数n的安全性进行检测,但是上述方式中的伪素性测试的计算操作较多,计算开销较高,执行效率低,且Camenisch–Michels协议的核心是伪素性证明,与离散对数、合数等零知识证明相结合,涉及操作和通信较多且复杂,不易于理解,协议的实现和安全性分析较困难。因此上述相关技术的计算开销高、效率低、不易于实现和分析。In related technologies, the Camenisch–Michels protocol is usually used to detect the security of modulus n. However, the pseudoprimality test in the above method requires many calculation operations, has high computational overhead, and has low execution efficiency, and the core of the Camenisch–Michels protocol It is a pseudo-primality proof, which is combined with zero-knowledge proofs such as discrete logarithms and composite numbers. It involves many and complex operations and communications and is not easy to understand. The implementation and security analysis of the protocol are difficult. Therefore, the above related technologies have high computational overhead, low efficiency, and are not easy to implement and analyze.

本实施例提供了一种RSA模数n安全性证明方法,该方法基于Joy08协议生成参数p、q和n,其中p、q不被人为干预控制,实现p、q和n的密码学安全性,通过GRSB模量测试算法对RSA模数n进行验证,检测其是否恰好仅有一对p、q值,并利用GPS签名算法验证质因子p,q大小是否相似。本发明技术方案能够高效、低开销地避免第三方提供的n可能带来的安全性问题。Joy08协议是本领域中常见的生成RSA算法参数p、q和n的协议,其具体实现过程可以见论文RSA Moduli with a Predetermined Portion:Techniques and Applications。This embodiment provides a method for proving the security of RSA modulus n. This method generates parameters p, q and n based on the Joy08 protocol, where p and q are not controlled by human intervention, realizing the cryptographic security of p, q and n. , verify the RSA modulus n through the GRSB modulus test algorithm to detect whether it has exactly one pair of p and q values, and use the GPS signature algorithm to verify whether the prime factors p and q are similar in size. The technical solution of the present invention can efficiently and at low cost avoid the security problems that may be caused by n provided by a third party. The Joy08 protocol is a common protocol in this field for generating RSA algorithm parameters p, q and n. Its specific implementation process can be found in the paper RSA Moduli with a Predetermined Portion: Techniques and Applications.

本实施例使用以下符号:This example uses the following symbols:

(a)a|b表示a和b串联,其中a,b为位串。(a)a|b means a and b are connected in series, where a and b are bit strings.

(b)表示c的空间大小,即写入c所需的最小位数,其中c为整数。(b) Indicates the space size of c, that is, the minimum number of bits required to write c, where c is an integer.

(c)表示/>位全零字符串。(c) Express/> A string of all zeros.

(d)[A]表示集合{0,1,...,A-1},表示自然数的集合。(d)[A] represents the set {0,1,...,A-1}, Represents a set of natural numbers.

(e)表示从X中均匀随机取样,其中X是有限集。(e) Represents uniform random sampling from X, where X is a finite set.

作为一种可行的实施方式,p、q和n的安全生成方法如下:As a feasible implementation, the safe generation method of p, q and n is as follows:

使用Joy08协议,生成一对素数(p,q),其乘积n=pq的位串具有已知固定模式π(如字符串FFF....FFF),以实现(p,q)不被控制,进而达到n的密码学安全性,其中心思想如下:Using the Joy08 protocol, generate a pair of prime numbers (p, q), the bit string of whose product n = pq has a known fixed pattern π (such as the string FFF....FFF), so that (p, q) is not controlled , and then achieve the cryptographic security of n. The central idea is as follows:

①形成一个字符串x:=π|ρ,其中ρ为随机的比特串。① Form a string x:=π|ρ, where ρ is a random bit string.

②生成一个素数p,且 ② Generate a prime number p, and

③使得q递增,直到其为素数。③Increase q until it is a prime number.

Joy08协议能够达到s长度的位串的部分为固定的模式串NH=π:The Joy08 protocol can achieve bit strings of length s Part of the fixed pattern string N H =π:

给定长度s,s0,κ,素数p的位串长度|p|2=s-s0,素数q的位串长度|q|2=s0,固定模式位串NH(长度为κ,为n位串形式的高位部分)。Given lengths s, s 0 , κ, the bit string length of prime number p |p| 2 =ss 0 , the bit string length of prime number q |q| 2 =s 0 , fixed pattern bit string N H (length is κ, is the high-order part of n-bit string form).

位串NL(为n位串形式的低位部分),RSA模数n(n的位串长度|n|2=s):|n|2=|pq|2=|NH|NL|2The bit string N L (is the low-order part of the n-bit string form), RSA modulus n (the bit string length of n |n| 2 = s): |n| 2 =|pq| 2 =|N H |N L | 2 .

①随机选择一个整数p0,位串长度|p0|2=s-s0,定义:① Randomly select an integer p 0 , bit string length |p 0 | 2 = ss 0 , definition:

②使用递归方式定义三元组(di,ui,vi),di表示第一辅助生成参数,ui表示第二辅助生成参数,vi表示第三辅助生成参数,i=0,1,2……;② Use a recursive method to define the triplet (d i , u i , vi ) , d i represents the first auxiliary generation parameter, u i represents the second auxiliary generation parameter, vi represents the third auxiliary generation parameter, i=0, 1,2…;

(d0,u0,v0)=(p0,0,1)(d 0 ,u 0 ,v 0 )=(p 0 ,0,1)

(d-1,u-1,v-1)=(q0,1,0)(d -1 ,u -1 ,v -1 )=(q 0 ,1,0)

③使用递归方式定义三元组(xi,yi,zi),xi表示第一生成参数,yi表示第二生成参数,zi表示第三生成参数,i=0,1,2……;③Use a recursive method to define the triplet (x i , y i , z i ), xi represents the first generation parameter, yi represents the second generation parameter, z i represents the third generation parameter, i=0,1,2 ...;

(x0,y0,z0)=(0,0,[NH2s-κmod p0]+2s-κ-1);(x 0 ,y 0 ,z 0 )=(0,0,[N H 2 s-κ mod p 0 ]+2 s-κ-1 );

若三元组(xi,yi,zi)满足|zi-xiyi|<2s-κ-1,则加入到列表若不满足,则跳出递归定义,中止循环。If the triplet (x i ,y i ,z i ) satisfies |z i -x i y i |<2 s-κ-1 , then add it to the list If it is not satisfied, jump out of the recursive definition and terminate the loop.

④从列表中找出一个满足以下条件的(xi,yi,zi):④From list Find a (x i ,y i ,z i ) that satisfies the following conditions:

p=p0+xi p=p 0 + xi

q=q0+yi q=q 0 +y i

使得p,q均为质数。如果查找未果,则返回步骤①重新开始。Make p and q both prime numbers. If the search fails, return to step ① and start again.

⑤输出n=(p0+xi)(q0+yi),NL=nmod2s-κ。为使得n的素因子p,q相关的(如p-1,q+1等)光滑数更稀少,优先选取比预设的正常值大62%的模数n。n可以通过满足额外的短冗余度(如:SHA(n)mod224=0)实现更高的安全性,但需要更大的资源开销。⑤Output n=(p 0 +x i )(q 0 +y i ), N L =nmod2 s-κ . In order to make smooth numbers related to prime factors p and q of n (such as p-1, q+1, etc.) rarer, it is preferable to select a modulus n that is 62% larger than the preset normal value. n can achieve higher security by satisfying additional short redundancy (such as: SHA(n)mod2 24 =0), but it requires greater resource overhead.

作为一种可行的实施方式,验证n恰好有两个质因子p、q的过程如下:As a feasible implementation method, the process of verifying that n has exactly two prime factors p and q is as follows:

本实施例使用Goldberg-Rey Zin-Sagga-Baldimtsi(GRSB)模量测试验证n恰好有两个质因子,GRSB为本领域已有的质因子验证方法,具体实现过程可以见论文EfficientNoninteractive Certification of RSA Moduli and Beyond。This embodiment uses the Goldberg-Rey Zin-Sagga-Baldimtsi (GRSB) modulus test to verify that n has exactly two prime factors. GRSB is an existing prime factor verification method in this field. The specific implementation process can be found in the paper EfficientNoninteractive Certification of RSA Moduli and Beyond.

(a)定义如下符号:(a) Define the following symbols:

①Jn表示满足雅可比符号为1的集合的一个子集合。①J n represents the set that satisfies the Jacobian symbol of 1 a subset of .

②QRn表示Jn中模n的二次剩余组成的子集合。②QR n represents the subset composed of the quadratic remainder of module n in J n .

③κ为统计安全参数。③κ is a statistical safety parameter.

(b)GRSB模量测试协议:(b)GRSB modulus test protocol:

①证明者P和验证者V均令 ①The prover P and the verifier V both let

②验证者V选择m个随机值ρi∈Jn,并发送至P等待证明。②The verifier V selects m random values ρ i ∈J n and sends them to P to wait for proof.

③证明者P检查每个ρi是否为模n的二次剩余(即是否属于QRn,满足ρi 2modn=ρi),如果属于QRn,则证明者P返回ρi的平方根σi至V,反之P返回σi=0至V(P在ρi四个平方根中,P随机选择一个)。③The prover P checks whether each ρ i is a quadratic remainder modulo n (that is, whether it belongs to QR n and satisfies ρ i 2 modn=ρ i ), if it belongs to QR n , the prover P returns the square root of ρ i σ i to V, otherwise P returns σ i =0 to V (P is randomly selected among the four square roots of ρ i one).

④验证者V验证n是否为正奇数,并且不是素数或者素数幂,否则协议失败。④Verifier V verifies whether n is a positive odd number and not a prime number or a prime power, otherwise the protocol fails.

⑤验证者检查是否有至少3m/8个非零σi,并且每个非零σi满足σi 2=ρi modn,如果是则n恰好有两个质因子,反之协议失败。⑤The verifier checks whether there are at least 3m/8 non-zero σ i , and each non-zero σ i satisfies σ i 2i modn. If so, n has exactly two prime factors, otherwise the protocol fails.

作为一种可行的实施方式,验证质因子p、q大小相似的过程如下:As a feasible implementation method, the process of verifying that the prime factors p and q are similar in size is as follows:

本实施例使用Girault-Poupard-Stern(GPS)签名算法验证质因子p,q大小相似。This embodiment uses the Girault-Poupard-Stern (GPS) signature algorithm to verify that the prime factors p and q are similar in size.

GPS算法由设置、密钥生成、签名、验证四部分组成:The GPS algorithm consists of four parts: setting, key generation, signature, and verification:

(a)GPS.Setup(λ)—→pp:(a)GPS.Setup(λ)—→pp:

设置协议公共参数(the public parameters,pp):Set the protocol public parameters (the public parameters, pp):

①设置整数A,B,S。①Set integers A, B, S.

②哈希函数h:{0,1}*-→[B]。②Hash function h:{0,1}*-→[B].

以实现安全级别λ。其中,安全级别λ是一个加密基元(如一个密文或者一个哈希函数)所能达到的安全强度的测量,其单位通常为bit。to achieve security level λ. Among them, the security level λ is a measurement of the security strength that an encryption primitive (such as a ciphertext or a hash function) can achieve, and its unit is usually bit.

(b)GPS.Keygen(pp)—→(sk,pk):(b)GPS.Keygen(pp)—→(sk,pk):

签名者选择两个安全素数p,q,n=pq。选择元素满足g的阶能够被pq整除(当且仅当gcd(g-1,n)=gcd(g+1,n)=1),/>表示g属于一个群。签名者私钥公钥pk:=gsThe signer chooses two safe prime numbers p, q, n=pq. Select element The order satisfying g can be divisible by pq (if and only if gcd(g-1,n)=gcd(g+1,n)=1),/> Indicates that g belongs to a group. Signer's private key Public key pk:=g s .

(c)GPS.Sign(pp,sk,msg)-→σ:(c)GPS.Sign(pp,sk,msg)-→σ:

②x=grmodn;②x=g r modn;

③c=h(msg,x);③c=h(msg,x);

④y=r+c·sk;④y=r+c·sk;

⑤如果y≥A,则使用新的r值回到步骤①,重新开始。⑤ If y ≥ A, use the new r value to return to step ① and start again.

其中msg为明文信息,产生签名σ=(x,c,y)。Where msg is plain text information, generating signature σ = (x, c, y).

(d)GPS.Verify(pp,pk,msg,σ)-→{valid,invalid},valid表示验证结果有效,invalid表示验证结果无效:(d)GPS.Verify(pp,pk,msg,σ)-→{valid,invalid}, valid means the verification result is valid, invalid means the verification result is invalid:

验证者V检查以下范围:Validator V checks the following scopes:

x>0 and x∈[n]and c∈[B]and y∈[A+(B-1)(S-1)];x>0 and x∈[n]and c∈[B]and y∈[A+(B-1)(S-1)];

以上范围的检查项中如果有任何一项失败,则签名无效,反之验证者V继续计算:If any of the above range of check items fails, the signature is invalid, otherwise the verifier V continues to calculate:

表示(msg,x)的哈希输出结果,/>和x表示公钥。如果/>且/>则σ有效,反之无效。 Represents the hash output result of (msg,x),/> and x represents the public key. if/> and/> Then σ is valid, otherwise it is invalid.

本实施例利用以Joy08协议、GRSB模量测试算法、GPS签名算法实现RSA模数n在密码学上的安全性,低开销实现模数n位串的部分固定为指定模式串,防止第三方人为干预,计算操作少,计算成本低,执行效率高。本实施例协议通信复杂度比Camenisch-Michels协议低,较为简单,易于理解,协议的实现和安全性分析较为容易。This embodiment uses the Joy08 protocol, the GRSB modulus test algorithm, and the GPS signature algorithm to realize the cryptographic security of the RSA modulus n, and realize the modulus n-digit string with low overhead. Parts are fixed to specified pattern strings to prevent third-party human intervention, with fewer calculation operations, low calculation costs, and high execution efficiency. The communication complexity of the protocol in this embodiment is lower than that of the Camenisch-Michels protocol, which is simpler and easier to understand. The implementation and security analysis of the protocol are relatively easy.

本实施例基于Joy08协议、GRSB模量测试算法、GPS签名算法,针对如何证明RSA模数n的安全性问题构建了相应的技术方案,提供一种基于数论知识的更简单、更高效的RSA模数n安全性证明方法,使得证明者及验证者以更少的操作和通信实现验证功能。本实施例为RSA模数n提供安全性证明,可以应用于RSA加密通信等方面。This embodiment is based on the Joy08 protocol, the GRSB modulus test algorithm, and the GPS signature algorithm. It constructs a corresponding technical solution for the issue of how to prove the security of the RSA modulus n, and provides a simpler and more efficient RSA module based on number theory knowledge. The number-n security proof method allows the prover and verifier to implement the verification function with fewer operations and communications. This embodiment provides security proof for RSA modulus n, and can be applied to RSA encrypted communication and other aspects.

请参见图2,图2为本申请实施例所提供的一种基于RSA算法的数据加密系统的结构示意图,该系统可以包括:Please refer to Figure 2. Figure 2 is a schematic structural diagram of a data encryption system based on the RSA algorithm provided by an embodiment of the present application. The system may include:

模数获取模块201,用于若接收到数据加密请求,则确定所述数据加密请求对应的目标数据,并从第三方平台获取RSA算法的模数n;The modulus acquisition module 201 is used to determine the target data corresponding to the data encryption request if a data encryption request is received, and obtain the modulus n of the RSA algorithm from the third-party platform;

数量判断模块202,用于判断所述模数n是否仅存在2个大于1且小于n的质因子;其中,2个质因子包括质因子p和质因子q;The quantity judgment module 202 is used to judge whether the modulus n has only two prime factors greater than 1 and less than n; wherein the two prime factors include the prime factor p and the prime factor q;

相似度判断模块203,用于若所述模数n仅存在2个大于1且小于n的质因子,则判断所述质因子p和所述质因子q的数值相似度是否符合预设要求;The similarity judgment module 203 is used to judge whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements if there are only two prime factors greater than 1 and less than n in the modulus n;

加密模块204,用于若数值相似度符合预设要求,则利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作。The encryption module 204 is configured to use the modulus n to perform a data encryption operation based on the RSA algorithm on the target data if the numerical similarity meets the preset requirements.

本实施例在接收到数据加密请求后从第三方平台获取RSA算法的模数n,判断模数n是否仅存在符合1<p<n、1<q<n这一规则的2个质因子。若模数n仅存在2个大于1且小于n的质因子,则继续判断质因子p和质因子q的数值相似度是否符合预设要求,若数值相似度符合预设要求则利用所述模数n对所述目标数据执行基于RSA算法的数据加密操作。本实施例从模数n的质因子数量和质因子数值相似度这两个维度对模数n的安全性进行检测,能够高效、低开销地避免第三方提供的n可能带来的安全性问题。因此本实施例能够降低检测模数n安全性的复杂度,提高使用RSA算法加密数据的执行效率。This embodiment obtains the modulus n of the RSA algorithm from the third-party platform after receiving the data encryption request, and determines whether the modulus n has only two prime factors that conform to the rules of 1<p<n and 1<q<n. If there are only 2 prime factors greater than 1 and less than n in the modulus n, continue to determine whether the numerical similarity of the prime factor p and the prime factor q meets the preset requirements. If the numerical similarity meets the preset requirements, use the module Number n performs a data encryption operation based on the RSA algorithm on the target data. This embodiment detects the security of the modulus n from the two dimensions of the number of prime factors of the modulus n and the numerical similarity of the prime factors. It can efficiently and low-costly avoid the security problems that may be caused by n provided by a third party. . Therefore, this embodiment can reduce the complexity of detecting the security of modulus n and improve the execution efficiency of encrypting data using the RSA algorithm.

进一步的,数量判断模块202判断所述模数n是否仅存在2个大于1且小于n的质因子的过程包括:从目标集合中选择m个随机值ρi;判断所述随机值ρi是否为所述模数n的二次剩余;若是,则将所述随机值ρi的平方根添加至验证者集合;若否,则将0添加至所述验证者集合;判断所述验证者集合中非零元素的数量是否大于预设数量,得到第一判断结果;判断所述模数n是否为正奇数、且不为质数或质数幂,得到第二判断结果;若所述第一判断结果和所述第二判断结果均为是,则判定所述模数n仅存在2个大于1且小于n的质因子;若所述第一判断结果和所述第二判断结果不均为是,则判定所述模数n不符合安全性要求。Further, the process of the quantity judgment module 202 judging whether the modulus n has only 2 prime factors greater than 1 and less than n includes: selecting m random values ρ i from the target set; judging whether the random value ρ i is the quadratic remainder of the modulus n; if yes, add the square root of the random value ρ i to the verifier set; if not, add 0 to the verifier set; determine whether Whether the number of non-zero elements is greater than the preset number, the first judgment result is obtained; whether the modulus n is a positive odd number and not a prime number or a power of a prime number, the second judgment result is obtained; if the first judgment result and If the second judgment results are all yes, then it is judged that the modulus n has only 2 prime factors greater than 1 and less than n; if the first judgment result and the second judgment result are not both yes, then It is determined that the modulus n does not meet the safety requirements.

进一步的,数量判断模块202将所述随机值ρi的平方根添加至验证者集合的过程包括:从所述随机值ρi的所有平方根中随机选取一个平方根添加至验证者集合。Further, the process of the quantity judgment module 202 adding the square root of the random value ρ i to the verifier set includes: randomly selecting one square root from all the square roots of the random value ρ i and adding it to the verifier set.

进一步的,在从目标集合中选择m个随机值ρi之前,数量判断模块202还用于根据统计安全参数κ计算m的值;其中, Further, before selecting m random values ρ i from the target set, the quantity judgment module 202 is also used to calculate the value of m according to the statistical security parameter κ; where,

相应的,在判断所述验证者集合中非零元素的数量是否大于预设数量之前,数量判断模块202还用于将所述预设数量设置为3m/8。Correspondingly, before judging whether the number of non-zero elements in the verifier set is greater than the preset number, the number judgment module 202 is also used to set the preset number to 3m/8.

进一步的,相似度判断模块203判断所述质因子p和所述质因子q的数值相似度是否符合预设要求的过程包括:判断所述质因子p和所述质因子q的位数差或数值差是否小于预设数值;若是,则判定所述质因子p和所述质因子q的数值相似度符合预设要求;若否,则判定所述质因子p和所述质因子q的数值相似度不符合预设要求。Further, the process of determining whether the numerical similarity between the prime factor p and the prime factor q meets the preset requirements by the similarity judgment module 203 includes: judging the digit difference between the prime factor p and the prime factor q or Whether the numerical difference is less than the preset value; if so, determine that the numerical similarity of the prime factor p and the prime factor q meets the preset requirements; if not, determine the numerical similarity of the prime factor p and the prime factor q The similarity does not meet the preset requirements.

进一步的,相似度判断模块203判断所述质因子p和所述质因子q的数值相似度是否符合预设要求的过程包括:利用GPS签名算法判断所述质因子p和所述质因子q的数值相似度是否符合预设要求。Further, the process of the similarity judgment module 203 judging whether the numerical similarity of the prime factor p and the prime factor q meets the preset requirements includes: using the GPS signature algorithm to judge the numerical similarity of the prime factor p and the prime factor q. Whether the numerical similarity meets the preset requirements.

进一步的,还包括:Furthermore, it also includes:

报错模块,用于若所述模数n不存在所述质因子p和所述质因子q,或,所述质因子p和所述质因子q的数值相似度不符合预设要求,则判定所述模数n不符合安全性要求。An error reporting module is used to determine if the prime factor p and the prime factor q do not exist in the modulus n, or the numerical similarity between the prime factor p and the prime factor q does not meet the preset requirements. The modulus n does not meet security requirements.

由于系统部分的实施例与方法部分的实施例相互对应,因此系统部分的实施例请参见方法部分的实施例的描述,这里暂不赘述。Since the embodiments of the system part correspond to the embodiments of the method part, please refer to the description of the embodiments of the method part for the embodiments of the system part, and will not be described again here.

本申请还提供了一种存储介质,其上存有计算机程序,该计算机程序被执行时可以实现上述实施例所提供的步骤。该存储介质可以包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。This application also provides a storage medium on which a computer program is stored. When the computer program is executed, the steps provided in the above embodiments can be implemented. The storage medium may include: U disk, mobile hard disk, read-only memory (ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other various media that can store program code.

本申请还提供了一种电子设备,可以包括存储器和处理器,所述存储器中存有计算机程序,所述处理器调用所述存储器中的计算机程序时,可以实现上述实施例所提供的步骤。当然所述电子设备还可以包括各种网络接口,电源等组件。This application also provides an electronic device, which may include a memory and a processor. A computer program is stored in the memory. When the processor calls the computer program in the memory, the steps provided in the above embodiments can be implemented. Of course, the electronic device may also include various network interfaces, power supplies and other components.

说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的系统而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请原理的前提下,还可以对本申请进行若干改进和修饰,这些改进和修饰也落入本申请权利要求的保护范围内。Each embodiment in the specification is described in a progressive manner. Each embodiment focuses on its differences from other embodiments. The same and similar parts between the various embodiments can be referred to each other. As for the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple. For relevant details, please refer to the description in the method section. It should be noted that for those of ordinary skill in the art, several improvements and modifications can be made to the present application without departing from the principles of the present application, and these improvements and modifications also fall within the protection scope of the claims of the present application.

还需要说明的是,在本说明书中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的状况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should also be noted that in this specification, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that these entities or operations There is no such actual relationship or sequence between operations. Furthermore, the terms "comprises," "comprises," or any other variation thereof are intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus that includes a list of elements includes not only those elements, but also those not expressly listed other elements, or elements inherent to the process, method, article or equipment. Without further limitation, an element defined by the statement "comprises a..." does not exclude the presence of additional identical elements in a process, method, article, or device that includes the stated element.

Claims (10)

1. A data encryption method based on RSA algorithm, comprising:
if a data encryption request is received, determining target data corresponding to the data encryption request, and acquiring a modulus n of an RSA algorithm from a third-party platform;
judging whether the modulus n only has 2 quality factors which are more than 1 and less than n; wherein the 2 plasma factors include a plasma factor p and a plasma factor q;
if the modulus n only has 2 quality factors which are more than 1 and less than n, judging whether the numerical similarity of the quality factor p and the quality factor q meets the preset requirement;
and if the data meets the preset requirement, executing data encryption operation based on RSA algorithm on the target data by using the modulus n.
2. The RSA algorithm-based data encryption method according to claim 1, wherein determining whether the modulus n has only 2 prime factors greater than 1 and less than n comprises:
selecting m random values ρ from a target set i
Judging the random value rho i Whether the modulus n is twice the remainder; if yes, the random value rho is obtained i Adding the square root of (2) to the verifier set; if not, adding 0 to the verifier set;
judging whether the number of non-zero elements in the verifier set is larger than a preset number or not to obtain a first judgment result;
judging whether the modulus n is positive odd number and is not prime number or prime power to obtain a second judging result;
if the first judging result and the second judging result are both yes, judging that the modulus n only has 2 quality factors which are more than 1 and less than n;
and if the first judging result and the second judging result are not equal, judging that the modulus n does not meet the safety requirement.
3. The RSA algorithm-based data encryption method according to claim 2, wherein the random value ρ is i Adding to the verifier set a square root of (c) comprising:
from the random value ρ i Randomly selected one of the square roots of (a) is added to the verifier set.
4. The method for encrypting data based on RSA algorithm according to claim 2, wherein m random values ρ are selected from the target set i Before, still include:
calculating the value of m according to the statistical safety parameter kappa; wherein,
correspondingly, before judging whether the number of non-zero elements in the verifier set is greater than a preset number, the method further comprises:
the preset number is set to 3m/8.
5. The RSA algorithm-based data encryption method according to claim 1, wherein determining whether the numerical similarity of the quality factor p and the quality factor q meets a preset requirement comprises:
judging whether the digit difference or the numerical value difference between the quality factor p and the quality factor q is smaller than a preset numerical value;
if yes, judging that the numerical similarity of the quality factor p and the quality factor q meets the preset requirement;
if not, judging that the numerical similarity of the quality factor p and the quality factor q does not meet the preset requirement.
6. The RSA algorithm-based data encryption method according to claim 1, wherein determining whether the numerical similarity of the quality factor p and the quality factor q meets a preset requirement comprises:
and judging whether the numerical similarity of the quality factor p and the quality factor q meets the preset requirement or not by using a GPS signature algorithm.
7. The RSA algorithm-based data encryption method according to any one of claims 1 to 6, further comprising:
and if the modulus n does not have the quality factor p and the quality factor q, or the numerical similarity of the quality factor p and the quality factor q does not meet the preset requirement, judging that the modulus n does not meet the safety requirement.
8. A data encryption system based on RSA algorithm, comprising:
the module acquisition module is used for determining target data corresponding to the data encryption request if the data encryption request is received, and acquiring a module n of an RSA algorithm from a third-party platform;
the quantity judging module is used for judging whether the modulus n only has 2 quality factors which are more than 1 and less than n; wherein the 2 plasma factors include a plasma factor p and a plasma factor q;
the similarity judging module is used for judging whether the numerical similarity of the quality factor p and the quality factor q meets the preset requirement if the modulus n only has 2 quality factors which are more than 1 and less than n;
and the encryption module is used for executing data encryption operation based on RSA algorithm on the target data by utilizing the modulus n if the numerical similarity meets the preset requirement.
9. An electronic device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the RSA algorithm-based data encryption method according to any one of claims 1 to 7 when the computer program in the memory is invoked by the processor.
10. A storage medium having stored therein computer executable instructions which when loaded and executed by a processor implement the steps of the RSA algorithm-based data encryption method according to any one of claims 1 to 7.
CN202311001279.0A 2023-08-09 2023-08-09 Data encryption method, system, electronic equipment and medium based on RSA algorithm Pending CN116846558A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311001279.0A CN116846558A (en) 2023-08-09 2023-08-09 Data encryption method, system, electronic equipment and medium based on RSA algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311001279.0A CN116846558A (en) 2023-08-09 2023-08-09 Data encryption method, system, electronic equipment and medium based on RSA algorithm

Publications (1)

Publication Number Publication Date
CN116846558A true CN116846558A (en) 2023-10-03

Family

ID=88167328

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311001279.0A Pending CN116846558A (en) 2023-08-09 2023-08-09 Data encryption method, system, electronic equipment and medium based on RSA algorithm

Country Status (1)

Country Link
CN (1) CN116846558A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830261A (en) * 2019-10-12 2020-02-21 平安普惠企业管理有限公司 Encryption method, device, computer equipment and storage medium
WO2020155758A1 (en) * 2019-01-28 2020-08-06 平安科技(深圳)有限公司 Data encryption transmission control method and device, computer apparatus, and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020155758A1 (en) * 2019-01-28 2020-08-06 平安科技(深圳)有限公司 Data encryption transmission control method and device, computer apparatus, and storage medium
CN110830261A (en) * 2019-10-12 2020-02-21 平安普惠企业管理有限公司 Encryption method, device, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
RÉMI GÉRAUD-STEWART,DAVID NACCACHE: "Elementary Attestation of Cryptographically Useful Composite Moduli", CRYPTOLOGY EPRINT ARCHIVES, pages 1 - 13 *

Similar Documents

Publication Publication Date Title
US9313026B2 (en) Key negotiation method and apparatus according to SM2 key exchange protocol
US7912216B2 (en) Elliptic curve cryptosystem optimization using two phase key generation
CA2768861C (en) Incorporating data into ecdsa signature component
EP2582088A2 (en) Verifying Implicit Certificates and Digital Signatures
JP2012019559A (en) Custom static diffie-hellman groups
CN102883321A (en) Digital signature authentication method facing mobile widget
CN112737778B (en) Digital signature generation and verification method and device, electronic device and storage medium
KR101089121B1 (en) Fast set verification method and device
JP4988448B2 (en) Batch verification apparatus, program, and batch verification method
CN101714919B (en) Forward Secure Digital Signature Algorithm Based on RSA Algorithm
KR102364047B1 (en) Method and apparatus for public-key cryptography based on structured matrices
CN112887096B (en) Prime order elliptic curve generation method and system for signature and key exchange
CN115694822A (en) Verification method, device and system, equipment and medium based on zero-knowledge proof
CN111711524A (en) A certificate-based lightweight outsourcing data auditing method
CN114826551B (en) A method and system for protecting data of the entire life cycle of a smart grid
CN116846558A (en) Data encryption method, system, electronic equipment and medium based on RSA algorithm
Yokubov et al. Comprehensive comparison of post-quantum digital signature schemes in blockchain
WO2022104132A1 (en) Systems and methods for energy efficient and useful blockchain proof of work
CN111654369B (en) Digital signature method and system with security only depending on discrete logarithm
CN117353934B (en) Block node selection method, device and equipment based on verifiable random function
JP4769147B2 (en) Batch proof verification method, proof device, verification device, batch proof verification system and program
CN115865386A (en) Authentication method and system for dynamic access of measuring instrument testing equipment to information system
Liu et al. eMLE-Sig 2.0: A Signature Scheme based on Embedded Multilayer Equations with Heavy Layer Randomization
CN115174052A (en) Adapter signature generation method and device based on SM9 signature
EP4569734A1 (en) Improved blockchain system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20231003