[go: up one dir, main page]

CN119602946A - A hybrid encryption and decryption method and device for post-quantum cryptography and national secret algorithm - Google Patents

A hybrid encryption and decryption method and device for post-quantum cryptography and national secret algorithm Download PDF

Info

Publication number
CN119602946A
CN119602946A CN202411608129.0A CN202411608129A CN119602946A CN 119602946 A CN119602946 A CN 119602946A CN 202411608129 A CN202411608129 A CN 202411608129A CN 119602946 A CN119602946 A CN 119602946A
Authority
CN
China
Prior art keywords
encryption
key
ciphertext
national
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411608129.0A
Other languages
Chinese (zh)
Inventor
胡川
龙翔
胡雪纯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Quantum Technology Co ltd
Original Assignee
China Telecom Quantum Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Quantum Technology Co ltd filed Critical China Telecom Quantum Technology Co ltd
Priority to CN202411608129.0A priority Critical patent/CN119602946A/en
Publication of CN119602946A publication Critical patent/CN119602946A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Computing Systems (AREA)
  • Electromagnetism (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a method and equipment for mixed encryption and decryption of a postquantum password and a national encryption algorithm, and relates to the technical field of password application. The mixed encryption method comprises the steps of obtaining a mixed encryption public key of a receiver and plaintext data to be encrypted, conducting unpacking processing on the mixed encryption public key to obtain a first national encryption public key component and a post quantum key packing public key component, generating a first national encryption ciphertext and a post quantum key packing ciphertext, generating a first temporary key according to a first random number corresponding to the first national encryption ciphertext and a symmetric key corresponding to the post quantum key packing ciphertext, encrypting the plaintext data to be encrypted by adopting a second national encryption algorithm according to the first temporary key to obtain a second national encryption message ciphertext, conducting third national encryption algorithm hash operation on the plaintext data to be encrypted to obtain a message hash value, and conducting packing processing on the first national encryption ciphertext, the post quantum key packing ciphertext, the second national encryption message ciphertext and the message hash value to obtain the mixed encryption ciphertext.

Description

Mixed encryption and decryption method and equipment for post quantum cryptography and national encryption algorithm
Technical Field
The invention relates to the technical field of password application, in particular to a method and equipment for mixed encryption and decryption of a postquantum password and a national encryption algorithm.
Background
With the development of quantum computing, a quantum computer applies quantum Shor and other algorithms to encrypt an elliptic curve SM2 public key realized based on the mathematical problem of discrete logarithm of an elliptic curve, and the public key can be broken in polynomial time.
In order to resist quantum computing threat and improve public key encryption safety, a mode of fusing a Post-Quantum Cryptography algorithm is adopted, but in the implementation process, the method is directly migrated from an SM2 algorithm to a PQC algorithm, the safety of the PQC algorithm is not fully verified in a standardized transition period, coexistence with an SM2 classical key is not considered, and how to safely and stably transition to a Post-quantum era is not considered.
Disclosure of Invention
The invention aims to provide a method and equipment for mixed encryption and decryption of a postquantum password and a national encryption algorithm, aiming at the defects in the prior art, so as to realize mixed encryption of the postquantum password and the national encryption algorithm and realize safer and smoother transition to the postquantum era.
In order to achieve the above purpose, the technical scheme adopted by the embodiment of the application is as follows:
In a first aspect, an embodiment of the present application provides a hybrid encryption method of a postquantum cryptography and a national encryption algorithm, which is applied to a sender, and the method includes:
Acquiring a mixed encryption public key of a receiver and plaintext data to be encrypted;
The mixed encryption public key is subjected to unpacking treatment to obtain a first national encryption public key component and a post quantum key package public key component, wherein the first national encryption public key component is an encryption public key component obtained by a first national encryption algorithm;
generating a first national encryption ciphertext and a rear quantum key encapsulation ciphertext according to the first national encryption public key component and the rear quantum key encapsulation public key component respectively;
generating a first temporary key according to a first random number corresponding to the first national encryption ciphertext and a symmetric key corresponding to the post quantum key encapsulation ciphertext;
Encrypting the plaintext data to be encrypted by adopting a second national encryption algorithm according to the first temporary key to obtain a second national encryption message ciphertext;
Performing hash operation of a third cryptographic algorithm on the plaintext data to be encrypted to obtain a message hash value;
And carrying out packaging processing on the first country encryption ciphertext, the post quantum key packaging ciphertext, the second country encryption message ciphertext and the message hash value to obtain a mixed encryption ciphertext.
In an optional embodiment, the generating a first national encryption ciphertext and a post quantum key encapsulation ciphertext according to the first national encryption public key component and the post quantum key encapsulation public key component respectively includes:
Encrypting the first random number by adopting the first national encryption algorithm according to the first national encryption public key component to obtain the first national encryption ciphertext;
And adopting a post quantum key encapsulation algorithm to encapsulate the post quantum key encapsulation public key component to obtain the post quantum key encapsulation ciphertext and the symmetric key.
In an optional implementation manner, the generating a first temporary key according to the first random number corresponding to the first cryptographic ciphertext and the symmetric key corresponding to the post quantum key encapsulation ciphertext includes:
and performing key derivative operation on the first random number and the symmetric key to generate the first temporary key.
In an optional embodiment, before the generating the first national encryption ciphertext and the post quantum key encapsulation ciphertext according to the first national encryption public key component and the post quantum key encapsulation public key component, the method further includes:
and sending a random number request to the national secret code operation module so that the national secret code operation module returns the first random number.
In a second aspect, the embodiment of the application also provides a mixed decryption method of the postquantum cryptography and the national cryptography algorithm, which is applied to a receiver, and the method comprises the following steps:
The method comprises the steps of obtaining a mixed encryption ciphertext to be decrypted, wherein the mixed encryption ciphertext to be decrypted is ciphertext obtained by carrying out mixed encryption on plaintext data to be encrypted by a sender by adopting a mixed encryption public key;
the mixed encryption ciphertext to be decrypted is subjected to unpacking treatment to obtain a first national encryption ciphertext to be decrypted, a quantum key package ciphertext to be decrypted, a second national encryption message ciphertext to be decrypted and a first message hash value;
Decrypting the first national encryption ciphertext to be decrypted and the quantum key encapsulation ciphertext to be decrypted respectively according to a first national encryption private key component and a post quantum key encapsulation private key component in the mixed encryption private key to obtain a second temporary key, wherein the first national encryption private key component is an encryption private key component obtained by a first national encryption algorithm;
Decrypting the second national encryption message ciphertext to be decrypted by adopting a second national encryption decryption algorithm according to the second temporary key to obtain plaintext data to be verified;
Performing third cryptographic algorithm hash operation on the plaintext data to be verified to obtain a second message hash value;
And comparing the first message hash value with the second message hash value to determine target plaintext data.
In an optional embodiment, the decrypting the first country encryption ciphertext to be decrypted and the post quantum key encapsulation ciphertext to be decrypted according to the first country encryption private key component and the post quantum key encapsulation private key component in the hybrid encryption private key to obtain a second temporary key includes:
According to the first country encryption private key component, a first country encryption algorithm is adopted to decrypt the first country encryption ciphertext to be decrypted, and a first secret key is obtained;
according to the post quantum key package private key component, a post quantum key package algorithm is adopted to conduct unpacking treatment on the post quantum key package ciphertext to be decrypted, and a second key is obtained;
And performing key derivative operation on the first key and the second key to generate the second temporary key.
In an optional embodiment, the comparing the first message hash value with the second message hash value, and determining the target plaintext data includes:
and if the first message hash value is the same as the second message hash value, determining that the comparison is successful, and determining that the plaintext data to be verified is the target plaintext data.
In an optional embodiment, the comparing the first message hash value with the second message hash value, and determining the target plaintext data includes:
if the first message hash value is different from the second message hash value, determining that the comparison fails, and determining that the plaintext data to be verified is not the target plaintext data.
In an alternative embodiment, the method further comprises:
calling a first national encryption algorithm to generate a key pair interface, and generating a first national encryption key pair, wherein the first national encryption key pair comprises a first national encryption private key component and a first national encryption public key component;
Calling a post quantum key encapsulation algorithm to generate a key pair interface and generating a post quantum key encapsulation key pair, wherein the post quantum key encapsulation key pair comprises a post quantum key encapsulation private key component and a post quantum key encapsulation public key component;
encapsulating the first national encryption private key component and the post quantum key encapsulation private key component to obtain the hybrid encryption private key;
and packaging the post quantum key packaging public key component of the first national encryption public key component to obtain the hybrid encryption public key and disclose the hybrid encryption public key.
In a third aspect, an embodiment of the present application further provides a computer device, including a processor, a storage medium, and a bus, where the storage medium stores program instructions executable by the processor, where the processor communicates with the storage medium through the bus, and the processor executes the program instructions to perform the steps of the hybrid encryption method of the postquantum cryptography and the cryptographic algorithm of any one of the first aspects, or perform the steps of the hybrid decryption method of the postquantum cryptography and the cryptographic algorithm of any one of the second aspects.
The beneficial effects of the application are as follows:
The embodiment of the application provides a mixed encryption and decryption method and equipment for a post quantum cipher and a national encryption algorithm, wherein the mixed encryption method comprises the steps of obtaining a mixed encryption public key and plaintext data to be encrypted of a receiver, conducting unpacking treatment on the mixed encryption public key to obtain a first national encryption public key component and a post quantum key packing public key component, wherein the first national encryption public key component is an encryption public key component obtained by the first national encryption algorithm, respectively generating a first national encryption ciphertext and a post quantum key packing ciphertext according to the first national encryption public key component and the post quantum key packing public key component, generating a first temporary key according to a first random number corresponding to the first national encryption ciphertext and a symmetric key corresponding to the post quantum key packing ciphertext, encrypting the plaintext data to be encrypted according to the first temporary key, conducting a third national encryption algorithm hash operation on the plaintext data to be encrypted to obtain a message hash value, and finally conducting mixed encryption on the first national encryption ciphertext, the post quantum key packing and the second national message hash value. The mixed encryption of the post quantum cipher and the national cipher algorithm is realized, the transition to the post quantum era can be safer and more stable, in addition, the mixed encryption ciphertext comprises a plurality of components, an attacker can obtain plaintext data to be encrypted by cracking at the same time, the safety of the mixed encryption operation is improved, the mixed encryption operation has quantum attack resistance, and finally, the mixed encryption operation of the post quantum cipher and the national cipher algorithm is completely compatible with interfaces, functions and the like of the encryption operation of the national cipher algorithm, so that the difficulty and the workload of an upper-layer cipher protocol and the migration of the application of the national cipher algorithm to the post quantum algorithm are greatly reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a hybrid encryption method of a post quantum cryptography and a national encryption algorithm according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of another hybrid encryption method of a post quantum cryptography and a national encryption algorithm provided by an embodiment of the application;
Fig. 3 is a flow chart of a mixed decryption method of a post quantum cryptography and a national encryption algorithm provided by the embodiment of the application;
FIG. 4 is a flow chart of another hybrid decryption method of a post quantum cryptography and a national encryption algorithm provided by an embodiment of the application;
FIG. 5 is a schematic flow chart of a hybrid encryption password pair of a generated quantum password and a national encryption algorithm according to an embodiment of the present application;
Fig. 6 is a schematic diagram of a functional module of a hybrid encryption device of a post quantum cryptography and a national encryption algorithm according to an embodiment of the present application;
fig. 7 is a schematic diagram of a functional module of a hybrid decryption device for a post quantum cryptography and a cryptographic algorithm according to an embodiment of the present application;
fig. 8 is a schematic diagram of a computer device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention.
Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In the description of the present application, it should be noted that, if the terms "upper", "lower", and the like indicate an azimuth or a positional relationship based on the azimuth or the positional relationship shown in the drawings, or an azimuth or the positional relationship conventionally put in use of the product of the application, it is merely for convenience of describing the present application and simplifying the description, and it is not indicated or implied that the apparatus or element referred to must have a specific azimuth, be configured and operated in a specific azimuth, and thus should not be construed as limiting the present application.
Furthermore, the terms first, second and the like in the description and in the claims and in the above-described figures, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the features of the embodiments of the present application may be combined with each other without conflict.
In order to realize double encryption protection of plaintext data to be encrypted so as to have quantum attack resistance, the embodiment of the application provides a mixed encryption method of a post quantum cryptography and a national encryption algorithm, wherein the post quantum cryptography (Post Quantum Cryptography, PQC) is a novel encryption algorithm capable of resisting attack of a quantum computer, and the post quantum cryptography not only can safely run on a traditional computer, but also can resist attack of a future quantum computer. The cryptographic algorithm comprises a first cryptographic algorithm, a second cryptographic algorithm and a third cryptographic algorithm, wherein the first cryptographic algorithm is an SM2 algorithm, elliptic curve cryptography is adopted as a mathematical basis of the cryptographic algorithm, the cryptographic algorithm is an asymmetric cryptographic algorithm used for digital signature and key exchange, the second cryptographic algorithm is an SM4 cryptographic algorithm and is a symmetric cryptographic algorithm used for data encryption and decryption, the packet length is 128 bits, the key length can be 128 bits, 192 bits or 256 bits, the cryptographic algorithm is suitable for various data encryption scenes, the third cryptographic algorithm is an SM3 algorithm and is a cryptographic hash algorithm, the cryptographic algorithm is suitable for generation and verification of digital signature and verification message authentication codes and generation of random numbers in cryptographic application, and the cryptographic algorithm can meet the security requirements of various cryptographic applications.
The method comprises the steps of generating a first national encryption ciphertext and a post quantum key encapsulation ciphertext according to a first national encryption public key component and a post quantum key encapsulation public key component respectively, generating a first temporary key according to a first random number corresponding to the first national encryption ciphertext and a symmetric key corresponding to the post quantum key encapsulation ciphertext, encrypting the plaintext data to be encrypted according to the first temporary key by adopting a second national encryption algorithm to obtain a second national encryption message ciphertext, carrying out third national encryption algorithm hash operation on the plaintext data to be encrypted to obtain a message hash value, and finally carrying out encapsulation processing on the first national encryption ciphertext, the post quantum key encapsulation ciphertext, the second national encryption message ciphertext and the message hash value to obtain a mixed encryption ciphertext which comprises a plurality of components, wherein an attacker can obtain the plaintext data to be encrypted only by cracking the first temporary key at the same time, so that the security of the mixed encryption operation can be improved, and the method has quantum attack resistance.
The post quantum cryptography and the national encryption algorithm hybrid encryption method provided by the embodiment of the application are explained in detail by specific examples with reference to the accompanying drawings. Fig. 1 is a flow chart of a mixed encryption method of a post quantum cryptography and a national encryption algorithm, which is provided by the embodiment of the application, and as shown in fig. 1, the method comprises the following steps:
s101, acquiring a mixed encryption public key of a receiver and plaintext data to be encrypted.
In this embodiment, the receiver discloses the hybrid encryption public key in advance, so that the sender obtains the hybrid encryption public key of the receiver, and the plaintext data to be encrypted is the data output by the service system in the client of the sender, and is also the data to be transmitted to the receiver.
The sender encrypts plaintext data to be encrypted by using the hybrid encryption public key to obtain a hybrid encryption ciphertext, and sends the hybrid encryption ciphertext to the receiver, and the following examples explain the process of obtaining the hybrid encryption ciphertext.
S102, performing unpacking processing on the mixed encryption public key to obtain a first national encryption public key component and a post quantum key package public key component.
The first national encryption public key component is an encryption public key component obtained by a first national encryption algorithm.
Specifically, the first national encryption algorithm is an SM2 algorithm, and the first national encryption public key component is a public key component in a public-private key pair of the first national encryption algorithm of the receiver, namely an SM2 encryption public key.
The post quantum key package public key component is a public key component in a public-private key pair of a post quantum key package (Key Encapsulation Mechanism, KEM) algorithm of a receiver, namely a PQC KEM public key, wherein the post quantum key package algorithm can adopt a post quantum cryptography standard kyber algorithm.
The receiver encapsulates the first national encryption public key component and the post quantum key encapsulation public key component to obtain the hybrid encryption public key, so that the sender performs decapsulation processing on the hybrid encryption public key to obtain the first national encryption public key component and the post quantum key encapsulation public key component.
S103, according to the first national encryption public key component and the post quantum key encapsulation public key component, a first national encryption ciphertext and a post quantum key encapsulation ciphertext are respectively generated.
S104, generating a first temporary key according to a first random number corresponding to the first national encryption ciphertext and a symmetric key corresponding to the post quantum key encapsulation ciphertext.
Specifically, the sender generates a first national encryption ciphertext and a post quantum key encapsulation ciphertext according to the first national encryption public key component and the post quantum key encapsulation public key component, namely, generates an SM2 encryption ciphertext and a PQC KEM ciphertext.
And generating a first temporary KEY according to a first random number K1 corresponding to the first national encryption ciphertext and a symmetric KEY K2 corresponding to the post quantum KEY encapsulation ciphertext.
Optionally, a key derivation operation is performed on the first random number and the symmetric key to generate a first temporary key.
Specifically, the key derivation operation may use an exclusive-or operation, and then the first random number and the symmetric key are subjected to an exclusive-or operation, so as to generate a first temporary key.
And S105, encrypting the plaintext data to be encrypted by adopting a second national encryption algorithm according to the first temporary key to obtain a second national encryption message ciphertext.
Specifically, the second cryptographic algorithm is an SM4 cryptographic algorithm, and according to the first temporary key, the SM4 cryptographic algorithm is adopted to perform symmetric encryption operation on the plaintext data to be encrypted, so as to obtain an SM4 message ciphertext.
S106, performing third cryptographic algorithm hash operation on the plaintext data to be encrypted to obtain a message hash value.
Specifically, the third cryptographic algorithm is an SM3 algorithm, and SM3 algorithm hash operation is performed on plaintext data to be encrypted to obtain an SM3 message hash value.
And S107, carrying out packaging processing on the first country encryption ciphertext, the post quantum key packaging ciphertext, the second country encryption message ciphertext and the message hash value to obtain a mixed encryption ciphertext.
Specifically, four components of an SM2 encrypted ciphertext, a PQC KEM ciphertext, an SM4 message ciphertext and an SM3 message hash value are spliced and packaged to obtain a mixed encrypted ciphertext, and then the mixed encrypted ciphertext is sent to a receiver.
It should be noted that, the upper layer application and the cryptographic protocol provide an interface compatible with the SM2 cryptographic algorithm in advance, so that the post quantum cryptography is completely compatible with the interface, the function and the like of the cryptographic operation of the first national cryptographic algorithm.
In summary, the embodiment of the application provides a hybrid encryption method of a post quantum cryptography and a quantum cryptography algorithm, which includes the steps of obtaining a hybrid encryption public key of a receiver and plaintext data to be encrypted, performing decapsulation processing on the hybrid encryption public key to obtain a first quantum cryptography public key component and a post quantum cryptography public key encapsulation public key component, wherein the first quantum cryptography public key component is an encryption public key component obtained by the first quantum cryptography algorithm, respectively generating a first quantum cryptography ciphertext and a post quantum cryptography secret key encapsulation ciphertext according to the first quantum cryptography public key component and the post quantum cryptography public key encapsulation public key component, generating a first temporary key according to a first random number corresponding to the first quantum cryptography ciphertext and a symmetric key corresponding to the post quantum cryptography secret encapsulation ciphertext, encrypting the plaintext data to be encrypted by the second quantum cryptography encryption algorithm according to the first temporary key to obtain a second state cryptography message ciphertext, performing a third ciphertext encryption algorithm hash operation on the plaintext data to obtain a message hash value, and finally performing hybrid encryption processing on the first state cryptography ciphertext, the post quantum cryptography secret key encapsulation and the second state cryptography message hash value to obtain the encrypted ciphertext. The mixed encryption of the post quantum cipher and the national cipher algorithm is realized, the transition to the post quantum era can be safer and more stable, in addition, the mixed encryption ciphertext comprises a plurality of components, an attacker can obtain plaintext data to be encrypted by cracking at the same time, the safety of the mixed encryption operation is improved, the mixed encryption operation has quantum attack resistance, and finally, the mixed encryption operation of the post quantum cipher and the national cipher algorithm is completely compatible with interfaces, functions and the like of the encryption operation of the national cipher algorithm, so that the difficulty and the workload of an upper-layer cipher protocol and the migration of the application of the national cipher algorithm to the post quantum algorithm are greatly reduced.
On the basis of the mixed encryption of the postquantum password and the national encryption algorithm provided by the embodiment, the embodiment of the application also provides another possible implementation manner of the mixed encryption method of the postquantum password and the national encryption algorithm, and fig. 2 is a flow diagram of another mixed encryption method of the postquantum password and the national encryption algorithm provided by the embodiment of the application. As shown in fig. 2, generating a first national encryption ciphertext and a post quantum key package ciphertext from the first national encryption public key component and the post quantum key package public key component, respectively, includes:
And S201, encrypting the first random number by adopting a first national encryption algorithm according to the first national encryption public key component to obtain a first national encryption ciphertext.
In this embodiment, the sender performs encryption operation on the first random number by using an SM2 encryption algorithm according to the first national encryption public key component, that is, the SM2 encryption public key component, to obtain an SM2 encryption ciphertext.
Optionally, before generating the first national encryption ciphertext and the post quantum key encapsulation ciphertext according to the first national encryption public key component and the post quantum key encapsulation public key component, respectively, the method further includes:
and sending a random number request to the national secret code operation module so that the national secret code operation module returns the first random number.
The cryptographic operation module is used for providing cryptographic operation service, including cryptographic algorithms such as SM2, SM4, SM3, and the like, and simultaneously providing a first random number to a sender according to a random number request.
S202, adopting a post quantum key encapsulation algorithm to encapsulate the post quantum key encapsulation public key component to obtain a post quantum key encapsulation ciphertext and a symmetric key.
Specifically, a random number is generated in a mechanism of the post quantum key encapsulation algorithm, the generated random number is encrypted by adopting the post quantum key encapsulation algorithm according to a post quantum key encapsulation public key component, namely a PQC KEM public key component, so as to obtain a PQC KEM ciphertext, and the symmetric key is a plaintext of the random number generated in the mechanism of the post quantum key encapsulation algorithm.
The first state encryption ciphertext is obtained by encrypting a first random number, the post quantum key encapsulation ciphertext is obtained by encrypting one random number generated in a mechanism of a post quantum key encapsulation algorithm, and two random numbers are obtained in different manners.
In the method provided by the embodiment of the application, according to the first national encryption public key component, the first random number is encrypted by adopting a first national encryption algorithm to obtain a first national encryption ciphertext, the post-quantum key packaging public key component is packaged by adopting a post-quantum key packaging algorithm to obtain a post-quantum key packaging ciphertext and a symmetric key, and the mixed encryption of the post-quantum password and the national encryption algorithm is realized.
After receiving the mixed encryption ciphertext sent by the sender, the receiver needs to decrypt the mixed encryption ciphertext, so that the embodiment of the application also provides a mixed decryption method of the postquantum password and the national encryption algorithm, which is applied to the receiver, and the mixed decryption method of the postquantum password and the national encryption algorithm provided by the embodiment of the application is explained in detail by a specific example with reference to the attached drawings. Fig. 3 is a flow chart of a mixed decryption method of a post quantum cryptography and a national encryption algorithm, which is provided by the embodiment of the application, and as shown in fig. 3, the method comprises the following steps:
s301, acquiring a mixed encryption ciphertext to be decrypted.
The mixed encryption ciphertext to be decrypted is ciphertext obtained by the sender performing mixed encryption on plaintext data to be encrypted by adopting a mixed encryption public key.
In this embodiment, the receiving side receives the mixed encrypted ciphertext to be decrypted sent by the sending side, and the step of generating the mixed encrypted ciphertext to be decrypted may refer to the steps S101 to S202, which are not described herein.
S302, decapsulating the mixed encryption ciphertext to be decrypted to obtain a first national encryption ciphertext to be decrypted, a quantum key encapsulation ciphertext to be decrypted, a second national encryption message ciphertext to be decrypted and a first message hash value.
The method comprises the steps that a sender encapsulates a first national encryption ciphertext, a post quantum key encapsulation ciphertext, a second national encryption message ciphertext and a message hash value to obtain a mixed encryption ciphertext, and then a receiver de-encapsulates the mixed encryption ciphertext to be decrypted to obtain a first national encryption ciphertext to be decrypted, a post quantum key encapsulation ciphertext to be decrypted, the second national encryption message ciphertext to be decrypted and the first message hash value to obtain an SM2 encryption ciphertext to be decrypted, a PQC KEM ciphertext to be decrypted, an SM4 message ciphertext to be decrypted and a first SM3 message hash value.
S303, decrypting the first national encryption ciphertext to be decrypted and the quantum key encapsulation ciphertext to be decrypted according to the first national encryption private key component and the post quantum key encapsulation private key component in the mixed encryption private key to obtain a second temporary key.
The first national encryption private key component is an encryption private key component obtained by a first national encryption algorithm.
The first national encryption algorithm is an SM2 encryption algorithm, a receiver performs decapsulation processing on the mixed encryption private key to obtain a first national encryption private key component and a post quantum key encapsulation private key component, and then the SM2 encryption private key component and the PQC KEM private key component are obtained.
And the receiver decrypts the SM2 encrypted ciphertext to be decrypted and the PQC KEM ciphertext to be decrypted respectively according to the SM2 encrypted private key component and the PQC KEM private key component to obtain a second temporary key.
S304, according to the second temporary key, a second national encryption decryption algorithm is adopted to decrypt the second national encryption message ciphertext to be decrypted, and plaintext data to be verified are obtained.
Specifically, the second national encryption algorithm is an SM4 encryption algorithm, and according to the second temporary key, the SM4 encryption algorithm is adopted to decrypt the second national encryption message ciphertext to be decrypted, so as to obtain plaintext data to be verified.
S305, performing third cryptographic algorithm hash operation on the plaintext data to be verified to obtain a second message hash value.
Specifically, the third cryptographic algorithm is an SM3 algorithm, and SM3 algorithm hash operation is performed on plaintext data to be verified to obtain a second SM3 message hash value.
S306, comparing the first message hash value with the second message hash value to determine target plaintext data.
Optionally, if the first message hash value is the same as the second message hash value, determining that the comparison is successful, and determining that the plaintext data to be verified is the target plaintext data.
The receiver compares the first SM3 message hash value with the second SM3 message hash value, and determines that the two message hash values are the same, and the comparison is successful, so that the plaintext data to be verified is determined to be the target plaintext data.
Optionally, if the first message hash value and the second message hash value are different, determining that the comparison fails, and determining that the plaintext data to be verified is not the target plaintext data.
The receiver compares the first SM3 message hash value with the second SM3 message hash value, and determines that the two message hash values are different, if the comparison fails, the mixed encryption ciphertext is illegally tampered, so that the plaintext data to be verified is not the target plaintext data.
In summary, the embodiment of the application provides a mixed decryption method of a post quantum cipher and a national cipher algorithm, which comprises the steps of obtaining a mixed encryption ciphertext to be decrypted, wherein the mixed encryption ciphertext to be decrypted is ciphertext obtained by mixing encryption of plaintext data to be encrypted by a sender through a mixed encryption public key, performing decapsulation processing on the mixed encryption ciphertext to be decrypted to obtain a first national cipher ciphertext to be decrypted, a post quantum key encapsulation ciphertext to be decrypted, a second national message ciphertext to be decrypted and a first message hash value, performing decryption on the first national cipher ciphertext to be decrypted and the post quantum key encapsulation ciphertext to obtain a second temporary key according to a first national cipher ciphertext component and a post quantum key encapsulation ciphertext in the mixed encryption private key, the first national cipher ciphertext to be decrypted is the encryption private key component obtained by the first national cipher encryption algorithm, decrypting the second national cipher ciphertext to be decrypted through a second cryptographic decryption algorithm to obtain plaintext data to be verified according to the second temporary key, performing a first national cipher hash algorithm to be decrypted on the second national cipher ciphertext to be decrypted, obtaining a second message hash value to be verified, and comparing the first and second hash value with the second hash value to determine target plaintext data. The receiver needs to decrypt the four components in the mixed encryption text to be decrypted at the same time, finally compares the first message hash value with the second message hash value to determine target plaintext data, and realizes mixed decryption of the post-quantum cryptography and the national encryption algorithm.
On the basis of the mixed decryption of the postquantum password and the national encryption algorithm provided by the embodiment, the embodiment of the application also provides another possible implementation manner of the mixed decryption method of the postquantum password and the national encryption algorithm, and fig. 4 is a flow diagram of the mixed decryption method of the other postquantum password and the national encryption algorithm provided by the embodiment of the application. As shown in fig. 4, according to a first country encryption private key component and a post quantum key encapsulation private key component in the hybrid encryption private key, decrypting a first country encryption ciphertext to be decrypted and a post quantum key encapsulation ciphertext to be decrypted respectively to obtain a second temporary key, including:
s401, according to the first country encryption private key component, a first country encryption algorithm is adopted to decrypt the first country encryption ciphertext to be decrypted, and a first secret key is obtained.
In this embodiment, the receiver performs decryption operation on the SM2 encrypted ciphertext to be decrypted by using an SM2 encryption algorithm according to the first national encryption private key component, that is, the SM2 encryption private key component, to obtain the first key.
S402, according to the post quantum key package private key component, a post quantum key package algorithm is adopted to conduct unpacking treatment on the to-be-decrypted post quantum key package ciphertext, and a second key is obtained.
Specifically, according to the post quantum key encapsulation private key component, namely the PQC KEM private key component, a post quantum key encapsulation algorithm is adopted to perform decapsulation operation on the PQC KEM ciphertext to be decrypted, so as to obtain a second key.
S403, performing key derivative operation on the first key and the second key to generate a second temporary key.
Specifically, the key derivation operation may use an exclusive-or operation, and then the first key and the second key are subjected to an exclusive-or operation to generate the second temporary key.
The method provided by the embodiment of the application comprises the steps of decrypting a first national encryption ciphertext to be decrypted by adopting a first national encryption decryption algorithm according to a first national encryption private key component to obtain a first key, performing decapsulation processing on the to-be-decrypted quantum key encapsulation ciphertext by adopting a post-quantum key encapsulation algorithm according to a post-quantum key encapsulation private key component to obtain a second key, performing key derivative operation on the first key and the second key to generate a second temporary key, and decrypting a second national encryption message ciphertext to be decrypted.
In the embodiment of the application, another possible implementation manner of the mixed decryption method of the post-quantum password and the national encryption algorithm is provided by generating the mixed encryption key pair, and fig. 5 is a schematic flow chart of the generated mixed encryption key pair of the post-quantum password and the national encryption algorithm. As shown in fig. 5, the method further includes:
S501, a first national encryption algorithm generation key pair interface is called to generate a first national encryption key pair.
The first country encryption key pair comprises a first country encryption private key component and a first country encryption public key component.
In this embodiment, the receiver generates an SM2 encryption key pair by calling an SM2 algorithm to generate a key pair interface, the SM2 encryption key pair including an SM2 encryption private key component and an SM2 encryption public key component.
S502, a key pair interface is generated by calling a post-quantum key encapsulation algorithm, and a post-quantum key encapsulation key pair is generated.
The post quantum key encapsulation key pair comprises a post quantum key encapsulation private key component and a post quantum key encapsulation public key component.
The receiver generates a PQC KEM key pair by calling a PQC KEM algorithm to generate a key pair interface, wherein the PQC KEM key pair comprises a PQC KEM private key component and a PQC KEM public key component.
And S503, packaging the first national encryption private key component and the post quantum key packaging private key component to obtain the hybrid encryption private key.
Specifically, the SM2 encryption private key component and the PQC KEM private key component are serially packaged to obtain a hybrid encryption private key, and it should be noted that the hybrid encryption private key is stored in a device of a receiver as key sensitive data, and has security protection measures such as confidentiality and integrity, and does not appear outside the device of the receiver in a plaintext form.
S504, the first national encryption public key component and the post quantum key encapsulation public key component are encapsulated to obtain a mixed encryption public key and are disclosed.
Specifically, the SM2 encrypted public key component and the PQC KEM public key component are serially packaged to obtain a hybrid encrypted private key, and it should be noted that the hybrid encrypted public key is used as a public key and is safely stored in a nonvolatile storage area of a device of a receiving party, and the receiving party and the transmitting party can use the hybrid encrypted public key of the other party to perform hybrid encryption protection on important data by exchanging the hybrid encrypted public key or a certificate containing the hybrid encrypted public key.
In the method provided by the embodiment of the application, the mixed encryption operation of the post quantum cryptography and the national encryption algorithm is packaged, and an interface compatible with the SM2 encryption algorithm is provided, so that when the SM2 encryption operation is migrated to the PQC algorithm, the modification of upper-layer application and the cryptographic protocol is minimum, and the migration difficulty and workload are greatly reduced.
The following further explains the post-quantum cryptography and the hybrid encryption device of the cryptographic algorithm, the post-quantum cryptography and the hybrid decryption device of the cryptographic algorithm and the computer device, which are provided in any of the embodiments of the present application, in a specific implementation process and the technical effects that are the same as those of the corresponding method embodiments, and for brevity, no reference is made to the corresponding contents in the method embodiments in this embodiment.
Fig. 6 is a schematic diagram of a functional module of a hybrid encryption device of a post quantum cryptography and a cryptographic algorithm according to an embodiment of the present application. As shown in fig. 6, the hybrid encryption device 100 for post quantum cryptography and the cryptographic algorithm includes:
a first obtaining module 110, configured to obtain a hybrid encryption public key of a receiver and plaintext data to be encrypted;
The first unpacking processing module 120 is configured to unpack the hybrid encryption public key to obtain a first national encryption public key component and a post quantum key package public key component;
A first generation module 130, configured to generate a first national encryption ciphertext and a post quantum key encapsulation ciphertext according to the first national encryption public key component and the post quantum key encapsulation public key component, respectively;
the first generating module 130 is further configured to generate a first temporary key according to a first random number corresponding to the first cryptographic ciphertext and a symmetric key corresponding to the post quantum key encapsulation ciphertext;
The encryption module 140 is configured to encrypt the plaintext data to be encrypted by using a second national encryption algorithm according to the first temporary key, so as to obtain a second national encryption message ciphertext;
The first operation module 150 is configured to perform a hash operation of a third cryptographic algorithm on plaintext data to be encrypted, to obtain a message hash value;
the first encapsulation processing module 160 is configured to encapsulate the first state encrypted ciphertext, the post quantum key encapsulation ciphertext, the second state encrypted message ciphertext, and the message hash value, to obtain a hybrid encrypted ciphertext.
Optionally, the first generating module 130 is further configured to encrypt the first random number with a first cryptographic algorithm according to the first cryptographic public key component to obtain a first cryptographic ciphertext, and encapsulate the first cryptographic public key component with a post quantum key encapsulation algorithm to obtain a post quantum key encapsulation ciphertext and a symmetric key.
Optionally, the first generating module 130 is further configured to perform a key derivation operation on the first random number and the symmetric key to generate a first temporary key.
Optionally, the apparatus further comprises:
And the sending module is used for sending a random number request to the national secret code operation module so that the national secret code operation module returns the first random number.
Fig. 7 is a schematic diagram of a functional module of a hybrid decryption device for a postquantum cryptography and a cryptographic algorithm according to an embodiment of the present application. As shown in fig. 7, the hybrid decryption device 200 for the postquantum cryptography and the cryptographic algorithm comprises:
The second obtaining module 210 is configured to obtain a mixed encrypted ciphertext to be decrypted, where the mixed encrypted ciphertext to be decrypted is a ciphertext obtained by performing mixed encryption on plaintext data to be encrypted by a sender using a mixed encryption public key;
The second decapsulation module 220 is configured to decapsulate the hybrid encrypted ciphertext to be decrypted to obtain a first national encrypted ciphertext to be decrypted, a quantum key encapsulated ciphertext to be decrypted, a second national encrypted message ciphertext to be decrypted, and a first message hash value;
The decryption module 230 is configured to decrypt a first national encryption ciphertext to be decrypted and a post quantum key encapsulation ciphertext to be decrypted according to a first national encryption private key component and a post quantum key encapsulation private key component in the hybrid encryption private key, to obtain a second temporary key;
the decryption module 230 is further configured to decrypt, according to the second temporary key, the ciphertext of the second national encryption message to be decrypted by using a second national encryption decryption algorithm, so as to obtain plaintext data to be verified;
a second operation module 240, configured to perform a hash operation of a third cryptographic algorithm on the plaintext data to be verified, to obtain a second message hash value;
the determining module 250 is configured to compare the first message hash value and the second message hash value, and determine target plaintext data.
Optionally, the decryption module 230 is further configured to decrypt the first cryptographic ciphertext to be decrypted by using a first cryptographic algorithm according to the first cryptographic private key component to obtain a first key, decapsulate the second cryptographic key by using a post quantum key encapsulation algorithm according to the post quantum key encapsulation private key component to obtain a second key, and perform key derivation operation on the first cryptographic key and the second cryptographic key to generate a second temporary key.
Optionally, the determining module 250 is further configured to determine that the comparison is successful if the first message hash value and the second message hash value are the same, and determine that the plaintext data to be verified is the target plaintext data.
Optionally, the determining module 250 is further configured to determine that the comparison fails if the first message hash value and the second message hash value are different, and determine that the plaintext data to be verified is not the target plaintext data.
Optionally, the apparatus further comprises:
the second generation module is used for calling a first national encryption algorithm to generate a key pair interface and generating a first national encryption key pair, wherein the first national encryption key pair comprises a first national encryption private key component and a first national encryption public key component;
the second generation module is also used for calling a post quantum key encapsulation algorithm to generate a key pair interface and generating a post quantum key encapsulation key pair, wherein the post quantum key encapsulation key pair comprises a post quantum key encapsulation private key component and a post quantum key encapsulation public key component;
The second encapsulation processing module is used for encapsulating the first national encryption private key component and the post quantum key encapsulation private key component to obtain a mixed encryption private key;
and the second packaging processing module is also used for packaging the quantum key packaging public key component after the public key component is encrypted by the first country, so as to obtain a mixed encryption public key and disclose the mixed encryption public key.
The foregoing apparatus is used for executing the method provided in the foregoing embodiment, and its implementation principle and technical effects are similar, and are not described herein again.
The modules above may be one or more integrated circuits configured to implement the above methods, such as one or more Application SPECIFIC INTEGRATED Circuits (ASICs), or one or more microprocessors, or one or more field programmable gate arrays (Field Programmable GATE ARRAY, FPGAs), or the like. For another example, when a module above is implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a central processing unit (Central Processing Unit, CPU) or other processor that may invoke the program code. For another example, the modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Fig. 8 is a schematic diagram of a computer device according to an embodiment of the present application, where if the computer device is a computer device corresponding to a sender, the computer device may be used for hybrid encryption of a postquantum cryptography and a cryptographic algorithm. If the computer equipment is the computer equipment corresponding to the receiving party, the method can be used for mixed decryption of the post quantum cryptography and the national encryption algorithm. As shown in FIG. 8, the computer device includes a processor 310, a storage medium 320, and a bus 330.
The storage medium 320 stores machine-readable instructions executable by the processor 310. When the computer device is running, the processor 310 communicates with the storage medium 320 via the bus 330, and the processor 310 executes the machine-readable instructions to perform the steps of the method embodiments described above. The specific implementation manner and the technical effect are similar, and are not repeated here.
Optionally, the present application further provides a storage medium 320, where the storage medium 320 stores a computer program, which when executed by a processor performs the steps of the above-mentioned method embodiments. The specific implementation manner and the technical effect are similar, and are not repeated here.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
The integrated units implemented in the form of software functional units described above may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (english: processor) to perform some of the steps of the methods according to the embodiments of the invention. The storage medium includes various media capable of storing program codes, such as a U disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk or an optical disk.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily appreciate variations or alternatives within the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (10)

1. A post quantum cryptography and national encryption algorithm hybrid encryption method, characterized in that it is applied to a sender, the method comprising:
Acquiring a mixed encryption public key of a receiver and plaintext data to be encrypted;
The mixed encryption public key is subjected to unpacking treatment to obtain a first national encryption public key component and a post quantum key package public key component, wherein the first national encryption public key component is an encryption public key component obtained by a first national encryption algorithm;
generating a first national encryption ciphertext and a rear quantum key encapsulation ciphertext according to the first national encryption public key component and the rear quantum key encapsulation public key component respectively;
generating a first temporary key according to a first random number corresponding to the first national encryption ciphertext and a symmetric key corresponding to the post quantum key encapsulation ciphertext;
Encrypting the plaintext data to be encrypted by adopting a second national encryption algorithm according to the first temporary key to obtain a second national encryption message ciphertext;
Performing hash operation of a third cryptographic algorithm on the plaintext data to be encrypted to obtain a message hash value;
And carrying out packaging processing on the first country encryption ciphertext, the post quantum key packaging ciphertext, the second country encryption message ciphertext and the message hash value to obtain a mixed encryption ciphertext.
2. The method of claim 1, wherein the generating the first national encryption ciphertext and the post quantum key encapsulation ciphertext from the first national encryption public key component and the post quantum key encapsulation public key component, respectively, comprises:
Encrypting the first random number by adopting the first national encryption algorithm according to the first national encryption public key component to obtain the first national encryption ciphertext;
And adopting a post quantum key encapsulation algorithm to encapsulate the post quantum key encapsulation public key component to obtain the post quantum key encapsulation ciphertext and the symmetric key.
3. The method of claim 1, wherein the generating a first temporary key from the first random number corresponding to the first cryptographically encrypted ciphertext and the symmetric key corresponding to the post quantum key encapsulation ciphertext comprises:
and performing key derivative operation on the first random number and the symmetric key to generate the first temporary key.
4. The method of claim 1, wherein before generating the first national encryption ciphertext and the post quantum key encapsulation ciphertext from the first national encryption public key component and the post quantum key encapsulation public key component, respectively, the method further comprises:
and sending a random number request to the national secret code operation module so that the national secret code operation module returns the first random number.
5. A method for mixed decryption of a postquantum cipher and a national cipher algorithm, which is characterized by being applied to a receiver, the method comprising:
The method comprises the steps of obtaining a mixed encryption ciphertext to be decrypted, wherein the mixed encryption ciphertext to be decrypted is ciphertext obtained by carrying out mixed encryption on plaintext data to be encrypted by a sender by adopting a mixed encryption public key;
the mixed encryption ciphertext to be decrypted is subjected to unpacking treatment to obtain a first national encryption ciphertext to be decrypted, a quantum key package ciphertext to be decrypted, a second national encryption message ciphertext to be decrypted and a first message hash value;
Decrypting the first national encryption ciphertext to be decrypted and the quantum key encapsulation ciphertext to be decrypted respectively according to a first national encryption private key component and a post quantum key encapsulation private key component in the mixed encryption private key to obtain a second temporary key, wherein the first national encryption private key component is an encryption private key component obtained by a first national encryption algorithm;
Decrypting the second national encryption message ciphertext to be decrypted by adopting a second national encryption decryption algorithm according to the second temporary key to obtain plaintext data to be verified;
Performing third cryptographic algorithm hash operation on the plaintext data to be verified to obtain a second message hash value;
And comparing the first message hash value with the second message hash value to determine target plaintext data.
6. The method according to claim 5, wherein decrypting the first national encryption ciphertext to be decrypted and the post quantum key encapsulation ciphertext to be decrypted, respectively, based on the first national encryption private key component and the post quantum key encapsulation private key component in the hybrid encryption private key, to obtain the second temporary key comprises:
According to the first country encryption private key component, a first country encryption algorithm is adopted to decrypt the first country encryption ciphertext to be decrypted, and a first secret key is obtained;
according to the post quantum key package private key component, a post quantum key package algorithm is adopted to conduct unpacking treatment on the post quantum key package ciphertext to be decrypted, and a second key is obtained;
And performing key derivative operation on the first key and the second key to generate the second temporary key.
7. The method of claim 5, wherein comparing the first message hash value and the second message hash value to determine target plaintext data comprises:
and if the first message hash value is the same as the second message hash value, determining that the comparison is successful, and determining that the plaintext data to be verified is the target plaintext data.
8. The method of claim 5, wherein comparing the first message hash value and the second message hash value to determine target plaintext data comprises:
if the first message hash value is different from the second message hash value, determining that the comparison fails, and determining that the plaintext data to be verified is not the target plaintext data.
9. The method of claim 5, wherein the method further comprises:
calling a first national encryption algorithm to generate a key pair interface, and generating a first national encryption key pair, wherein the first national encryption key pair comprises a first national encryption private key component and a first national encryption public key component;
Calling a post quantum key encapsulation algorithm to generate a key pair interface and generating a post quantum key encapsulation key pair, wherein the post quantum key encapsulation key pair comprises a post quantum key encapsulation private key component and a post quantum key encapsulation public key component;
encapsulating the first national encryption private key component and the post quantum key encapsulation private key component to obtain the hybrid encryption private key;
and packaging the post quantum key packaging public key component of the first national encryption public key component to obtain the hybrid encryption public key and disclose the hybrid encryption public key.
10. A computer device comprising a processor, a storage medium and a bus, the storage medium storing program instructions executable by the processor, the processor and the storage medium communicating via the bus when the computer device is running, the processor executing the program instructions to perform the steps of the post quantum cryptography and national encryption algorithm hybrid encryption method of any one of claims 1 to 4 or the steps of the post quantum cryptography and national encryption algorithm hybrid decryption method of any one of claims 5 to 9.
CN202411608129.0A 2024-11-12 2024-11-12 A hybrid encryption and decryption method and device for post-quantum cryptography and national secret algorithm Pending CN119602946A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411608129.0A CN119602946A (en) 2024-11-12 2024-11-12 A hybrid encryption and decryption method and device for post-quantum cryptography and national secret algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411608129.0A CN119602946A (en) 2024-11-12 2024-11-12 A hybrid encryption and decryption method and device for post-quantum cryptography and national secret algorithm

Publications (1)

Publication Number Publication Date
CN119602946A true CN119602946A (en) 2025-03-11

Family

ID=94833284

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411608129.0A Pending CN119602946A (en) 2024-11-12 2024-11-12 A hybrid encryption and decryption method and device for post-quantum cryptography and national secret algorithm

Country Status (1)

Country Link
CN (1) CN119602946A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120856331A (en) * 2025-09-17 2025-10-28 上海图灵智算量子科技有限公司 Session key generation method, device, electronic device and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120856331A (en) * 2025-09-17 2025-10-28 上海图灵智算量子科技有限公司 Session key generation method, device, electronic device and storage medium

Similar Documents

Publication Publication Date Title
EP3073668B1 (en) Apparatus and method for authenticating network devices
CN109831430A (en) Safely controllable efficient data sharing method and system under a kind of cloud computing environment
CN111614621B (en) Internet of things communication method and system
CN110889696A (en) Storage method, device, equipment and medium for alliance block chain secret key based on SGX technology
CN109891423A (en) It is controlled using the data encryption of multiple control mechanisms
CN116866029B (en) Random number encryption data transmission method, device, computer equipment and storage medium
CN118944894B (en) Method, device, system and equipment for issuing hybrid dual certificates of post-quantum and national secrets
WO2020155622A1 (en) Method, device and system for enhancing security of image data transmission, and storage medium
CN105991569A (en) Safe transmission method of TLS communication data
CN118540163B (en) Anti-quantum security enhancement method for national secret SSL VPN protocol
US20250124142A1 (en) Enhanced security systems and methods using a hybrid security solution
CN119276494B (en) Session key generation method and related device
CN119652525B (en) IPSec hybrid anti-quantum computing security method and electronic equipment
CN118694528B (en) Anti-quantum security enhancement method for on-line certificate issuing and key pair distribution
CN115333839B (en) Data security transmission method, system, equipment and storage medium
CN114785527B (en) Data transmission method, device, equipment and storage medium
CN119483944A (en) A hybrid signature and verification method and device for post-quantum cryptography and national secret algorithm
CN119766437A (en) SSL VPN remote access method, system and related device supporting post quantum algorithm
CN111490874B (en) Distribution network safety protection method, system, device and storage medium
CN119602946A (en) A hybrid encryption and decryption method and device for post-quantum cryptography and national secret algorithm
WO2024260532A1 (en) Apparatus and method for remote attestation using symmetric keys
CN119583061B (en) Post quantum key negotiation method and device
CN119728101A (en) Key management method, key encryption method, data encryption method and related equipment
JPS63176043A (en) Secret information communicating system
CN119675864B (en) A data encryption method, data decryption method, apparatus, device, and medium.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination