[go: up one dir, main page]

CN105790940B - E-bidding system and method based on Shamir thresholding - Google Patents

E-bidding system and method based on Shamir thresholding Download PDF

Info

Publication number
CN105790940B
CN105790940B CN201610236112.6A CN201610236112A CN105790940B CN 105790940 B CN105790940 B CN 105790940B CN 201610236112 A CN201610236112 A CN 201610236112A CN 105790940 B CN105790940 B CN 105790940B
Authority
CN
China
Prior art keywords
bidding
ciphertext
bid
bidding documents
documents
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610236112.6A
Other languages
Chinese (zh)
Other versions
CN105790940A (en
Inventor
赵敏
刘义
符利华
梁宁宁
黄志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GUANGDONG ELECTRONIC CERTIFICATION AUTHORITY
Original Assignee
GUANGDONG ELECTRONIC CERTIFICATION AUTHORITY
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GUANGDONG ELECTRONIC CERTIFICATION AUTHORITY filed Critical GUANGDONG ELECTRONIC CERTIFICATION AUTHORITY
Priority to CN201610236112.6A priority Critical patent/CN105790940B/en
Publication of CN105790940A publication Critical patent/CN105790940A/en
Application granted granted Critical
Publication of CN105790940B publication Critical patent/CN105790940B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0611Request for offers or quotes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses the e-bidding system and methods based on Shamir thresholding, and the system comprises bidding servers and bid device;Bidding server, for generating encryption rule file, and in the opening of bid time, the ciphertext bidding documents uploaded to bid device is decrypted;Bid device, the encryption rule file for being generated according to bidding server encrypt plaintext bidding documents based on Shamir thresholding, obtain ciphertext bidding documents, and obtained ciphertext bidding documents is uploaded to bidding server;The described method includes: bidding server generates encryption rule file;According to the encryption rule file that bidding server generates, bid device is based on Shamir thresholding and encrypts to plaintext bidding documents, obtains ciphertext bidding documents, and obtained ciphertext bidding documents is uploaded to bidding server;Obtained ciphertext bidding documents is uploaded to bidding server by bid device;In the opening of bid time, ciphertext bidding documents is decrypted in bidding server.Present system is greatly improved in terms of the safety of ciphertext bidding documents.

Description

E-bidding system and method based on Shamir thresholding
Technical field
The present invention relates to a kind of e-bidding system and method, especially a kind of electronics based on Shamir thresholding, which is recruited, to be thrown Mark system and method belong to e-bidding technical field.
Background technique
Under internet, cloud computing, the more and more application environments of cloud storage, e-bidding field also recruits in tradition and throws Very big development, relatively traditional bidding are obtained on the basis of target, e-bidding has low cost, high efficiency and transparence The advantages of.But e-bidding is to safety that higher requirements are also raised.
In the prior art, the encryption and decryption of electric bidding document there are mainly two types of mode:
The first prior art: Chinese Patent Application No. 201410015624.0, it is entitled " to recruit and throw for electronics The application for a patent for invention of target electric bidding document multilayer encrypting and deciphering system and method ", the system include e-bidding server and Client, e-bidding server is for generating and issue electric bidding document Encryption Tool, and receives ciphertext bidding documents and to it It is decrypted, to obtain original electron bidding documents;Client is for downloading electric bidding document Encryption Tool and using plaintext bidding documents more The public key certificate of square main body carries out multi-layer security, and ciphertext bidding documents is sent to e-bidding server.But the technology is deposited In following disadvantage: 1) using the public key encryption of multi-party main body, also just imply that the private key for needing multi-party main body is decrypted, once It is any one of absent in multi-party main body, it can not all open bid, flexibility is poor;2) bidding documents of this scheme encryption does not have Non-repudiation;3) it is pre-set for being used to encrypt the symmetric key of bidding documents, once symmetric key is revealed, the safety of bidding documents Property will be unable to guarantee.
Second of prior art: Chinese Patent Application No. 200810041955.6, it is entitled " to be based on digital certificate Electronic public bidding method " application for a patent for invention, comprising: offline production encryption bidding documents, encryption bidding documents use the we of tenderer CertPubKey is encrypted;Off-line verification encrypts bidding documents, and tenderer verifies the encryption bidding documents made, and confirms ciphertext mark Book can successfully open bid and sign test;In the opening of bid time, tenderer submits opening of bid to request in Tender System, and Tender System will be close Literary bidding documents unpacks, and the signature of verifying encryption bidding documents simultaneously decrypts opening of bid.But the technology have the following disadvantages: operation be all it is offline, Mean that process is cumbersome, low efficiency leads to bidding cycle stretch-out.
Summary of the invention
The purpose of the present invention is to solve above-mentioned existing Bidding Techniques safety is poor, process is cumbersome, working efficiency is low, Bidder submits a tender the defects of at high cost, provides a kind of e-bidding system based on Shamir thresholding, which is based on Shamir thresholding carries out encryption and decryption to electric bidding document according to certain rule, not only support to encrypt multiple biddings documents simultaneously or Decryption, can also support the digital certificate of two kinds of public key algorithms of RSA and SM2, and encryption rule file and encryption obtain simultaneously Ciphertext bidding documents have specific file format, electric bidding document can be made more safe and reliable.
Another object of the present invention is to provide a kind of Bidding Methods based on above system, and this method is relative to above-mentioned The first prior art, is based on Shamir thresholding, and setting encryption rule can make bidding more flexible, reach opening of bid Thresholding can open bid, although and encrypted using the public key of multi-party main body, private key is decrypted, if multi-party Absent one in main body, and this main body be not required it is on the scene, as long as the total number of persons of opening of bid people reaches the minimum in rule and opens Mark number can open bid.It is according to shared information export come total when encryption for encrypting the symmetric key of bidding documents It enjoys information and is divided into N block, N is the total number of persons of opening of bid people in encryption rule, and the information divided to each piece is used respectively with secret Key encryption, and random key is encrypted using the CertPubKey of corresponding opening of bid people, it is all linked with one another, so encryption bidding documents Key is more difficult to crack, and safety can be higher, and higher safety is in turn ensured while flexibility is high;Meanwhile bid device pair After plaintext bidding documents encrypts successfully, ciphertext bidding documents can be uploaded to bidding server, bidding server can be to ciphertext bidding documents It directly decrypts or verifies, in this way relative to above-mentioned second of prior art, save the workload of importing and downloading, mention High efficiency.
The purpose of the present invention can be reached by adopting the following technical scheme that:
E-bidding system based on Shamir thresholding, the system comprises connected bidding server and bids Device;
The bidding server, for generating encryption rule file, and in opening of bid time, the ciphertext uploaded to bid device Bidding documents is decrypted;Wherein, the encryption rule file is xml signature file, has specific format;
The bid device, the encryption rule file for being generated according to bidding server, based on Shamir thresholding to bright Literary bidding documents is encrypted, and obtains ciphertext bidding documents, and obtained ciphertext bidding documents is uploaded to bidding server.
Further, the bidding server includes:
Encryption rule module, for generating encryption rule file;
First ciphertext bidding documents authentication module, the file structure and number of signature of the ciphertext bidding documents for verifying the upload of bid device According to the encryption rule file in ciphertext bidding documents is matched with the encryption rule file that encryption rule module generates, and shows Verification result shows ciphertext bidding documents identifying code if be proved to be successful;
Ciphertext bidding documents deciphering module, the ciphertext bidding documents for uploading to bid device are decrypted.
Further, the bid device includes:
Bidding documents encrypting module, for being encrypted, being obtained to plaintext bidding documents based on Shamir thresholding according to encryption rule file To ciphertext bidding documents;
Second ciphertext bidding documents authentication module, for verifying the file structure and signed data of ciphertext bidding documents, by ciphertext bidding documents In encryption rule file matched with the encryption rule file that bidding server generates, and show verification result, if It is proved to be successful, then shows ciphertext bidding documents identifying code.
Further, the bidding server further include:
First log module, for recording the log of bidding server;
First configuration module, the configuration item for setup time stamp server url;
The bid device further include:
Second log module, for recording work log and the user's operation procedure information of bid device;
Second configuration module, for Configuration network agency and the url of encryption rule file.
Further, the ciphertext bidding documents by SID file identification and several different types of SID data chunks at, if A dry SID data block is respectively SID file header data block, threshold parameter data block, secret papers data block, self-defined information number According to block, signing messages data block, Hash data block and SID end-of-file data block;Wherein, SID file header data block includes SID Essential information in file, threshold parameter data block include parameters used in encrypting plaintext bidding documents, secret papers data block Comprising encrypted plaintext bidding documents data, self-defined information data block includes user's self-defining data, to upper layer application to extend Space, signing messages data block include various signing messages, and Hash data block includes the hash value of SID, SID end-of-file data block For marking SID file or data flow to be over, and have to the tail portion for being placed on file.
Another object of the present invention can be reached by adopting the following technical scheme that:
Bidding Methods based on above system, the described method comprises the following steps:
S1, bidding server generate encryption rule file;
S2, the encryption rule file generated according to bidding server, bid device are based on Shamir thresholding to plaintext bidding documents It is encrypted, obtains ciphertext bidding documents;
Obtained ciphertext bidding documents is uploaded to bidding server by S3, bid device;
S4, in the opening of bid time, ciphertext bidding documents is decrypted in bidding server.
Further, step S2 is specifically included:
S21, input bidding documents original text, ciphertext bidding documents path, project number and the url for configuring encryption rule file;
S22, according to the url of project number and the encryption rule file of configuration, obtain encryption rule to bidding server File;
S23, the information added the signing certificate of bidder and confirm bidder;
S24, according to the thresholding relevant parameter in encryption rule file, if opening of bid people has N number of, the number of minimum opening of bid is t It is a, using Shamir thresholding, shared information M is divided n parts: M1, M2 ... Mn, it is one corresponding for every a information of segmentation The encrypted certificate of opening of bid people, and the sub-key being randomly generated respectively is encrypted using corresponding encrypted certificate, and sub-key Every a information of corresponding segmentation is encrypted;It is encrypted using the key pair plaintext bidding documents that shared information generates, and Encrypted sub-key, encrypted block of information and the certificate for the people that opens bid, is all stored in ciphertext bidding documents with certain format;
The ciphertext bidding documents that S25, opening obtain, verifies the file structure and signed data of ciphertext bidding documents, will be in ciphertext bidding documents Encryption rule file matched with the encryption rule file that bidding server generates, and verification result is shown, if tested It demonstrate,proves successfully, then shows ciphertext bidding documents identifying code.
Further, step S4 is specifically included:
S41, ciphertext bidding documents is opened;
S42, the current timestamp time is obtained;
S43, the opening of bid time is obtained;
S44, the file structure and signed data for verifying ciphertext bidding documents, the encryption rule file that bidding server is generated It is matched with the encryption rule file in ciphertext bidding documents;
S46, opening of bid people's information is read, attempts opening of bid;
S47, it is decrypted using the key pair ciphertext bidding documents of recovery.
Further, the file structure and signed data of the verifying ciphertext bidding documents, specifically includes:
The encryption rule file in ciphertext bidding documents is read, the file structure of ciphertext bidding documents is verified;Obtain the signature of bidder Certificate and information, to obtain the identifying code of ciphertext bidding documents.
Further, in step S46, the opening of bid of attempting refers to that the certificate for working as opening of bid people reaches opening of bid thresholding, is combined into Shared information, and key is restored by shared information.
The present invention have compared with the existing technology it is following the utility model has the advantages that
1, the present invention generates specific format encryption rule file using bidding server, and is based on Shamir thresholding pair Plaintext bidding documents is encrypted, and ciphertext bidding documents is obtained, so that the safety of ciphertext bidding documents is higher, also has better flexibility, not only It supports big files electronic bidding documents to encrypt, and supports multiple electric bidding documents while encrypting or decrypting, in the process signed and encrypted The digital certificate used supports two kinds of public key algorithms of RSA and SM2.
2, the present invention overcomes existing Bidding Techniques solution security is poor, process is cumbersome, working efficiency is low, bidder throws The problems such as at high cost is marked, solves the safety of electric bidding document in bidding project, ensure that confidentiality of the bidding documents before opening of bid, Although the present invention is encrypted as existing Bidding Techniques using public key, private key is decrypted, and the present invention not only supports RSA Algorithm also supports SM2 elliptic curve.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention A part of the embodiment to those skilled in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the e-bidding system structure diagram based on Shamir thresholding of the embodiment of the present invention 1.
Fig. 2 is the bidding flow chart of the e-bidding system based on Shamir thresholding of the embodiment of the present invention 1.
Fig. 3 is the verifying flow chart of the e-bidding system based on Shamir thresholding of the embodiment of the present invention 1.
Fig. 4 is the opening of bid flow chart of the e-bidding system based on Shamir thresholding of the embodiment of the present invention 1.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiments of the present invention, instead of all the embodiments, based on the embodiments of the present invention, ordinary skill people Member's every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Embodiment 1:
As shown in Figure 1, the e-bidding system based on Shamir thresholding of the present embodiment includes connected bidding clothes Business device and bid device;
The bidding server includes encryption rule module, the first ciphertext bidding documents authentication module, ciphertext bidding documents decryption mould Block, the first log module and the first configuration module, the concrete function of modules are as follows:
The encryption rule module, for generating encryption rule file;Wherein, the encryption rule file is xml signature File has specific format, as follows:
The first ciphertext bidding documents authentication module, the file structure and signature of the ciphertext bidding documents for verifying the upload of bid device Data, and the encryption rule file in ciphertext bidding documents is matched with the encryption rule file that encryption rule module generates, and Show that verification result shows ciphertext bidding documents identifying code if be proved to be successful;
The ciphertext bidding documents deciphering module, the ciphertext bidding documents for uploading to bid device are decrypted;
First log module, for recording the log of bidding server;
First configuration module, for setup time stamp server url (Uniform Resoure Locator, unification Resource Locator) etc. configuration items.
The bid device is client, including bidding documents encrypting module, the second ciphertext bidding documents authentication module, the second log module It is as follows with the concrete function of the second configuration module, modules:
The bidding documents encrypting module, for being added to plaintext bidding documents based on Shamir thresholding according to encryption rule file It is close, obtain ciphertext bidding documents;
Ciphertext bidding documents is the secret papers with specific format, and structure is as follows:
SID(Secret Information Document)
1 overall structure of table
SID file identification SID data block …… SID data block
It is made of in a specific sequence SID file identification and several SID data blocks.
Wherein file identification:
For a SID file, what file identification was always described by fixed byte:
2 file identification of table
Hexadecimal number 89 53 49 44 0D 0A 1A 0A
Wherein first character section 0x89 has exceeded the range of ascii character, this is in order to avoid certain softwares are by SID file It is handled as text file.
SID is by different types of data chunk at data block type is as shown in the table:
3 data block type table of table
In SID file, each data block is made of 3 parts, and the structure of data block is as follows:
4 block data structure of table
Wherein SID file header data block FHDR (File Header Chunk): it includes essential information in SID file, And to go out to have a SID file header number in SID data flow, and in a SID data flow as first data block According to block.
5 FHDR data block of table
THRP (Threshold Parameter Chunk): it includes parameters used in encrypting plaintext bidding documents
6 THRP data block of table
Wherein
The secret holder information of table 7
There must be Total secret holder information, then according to the requirement of threshold algorithm for a secret holder information Total secret holder information successively stores.
SFLE (Secret File): it includes encrypted plaintext bidding documents data.
8 SFLE data block of table
CINF (Customer information): it includes user's self-defining data, to upper layer application with extending space. It makes data block by oneself and there was only one piece in secret, custom data is written directly in file in a manner of binary.
9 CINF data block of table
Domain name claims Byte number Type Explanation
Length of Customer Data 8 bytes long long Self-defining data length
Customer Data Variable-length binary It is specified by self-defining data length
SINF (Signature Information Chunk): it includes various signing messages.
Signature object be the block before data cryptographic Hash, hash algorithm specified in FHDR.
10 SINF data block of table
HASH (Hash Chunk): it includes the hash value of SID, which breathed out to the data before HASH data block Wish resulting value.
11 HASH data block of table
Domain name claims Byte number Type Explanation
Hash Algorithm 4 bytes int Hash algorithm
Length of Hash Value 4 bytes int Cryptographic Hash length
Hash Value Variable-length binary It is specified by cryptographic Hash length
FEND (File end chunk): it is used to that SID file or data flow is marked to be over, and has to put In the tail portion of file.8 characters of ending of file seem to be such that 00 00 00 00 49 45 4E 44.
Due to the definition of block data structure, the length of IEND data block always 0 (00 00 00 00, except non-artificial additions letter Breath), Data Identification always IEND (49 45 4E 44).
The second ciphertext bidding documents authentication module, for verifying the file structure and signed data of ciphertext bidding documents, by ciphertext Encryption rule file in bidding documents is matched with the encryption rule file that bidding server generates, and shows verification result, If be proved to be successful, ciphertext bidding documents identifying code is shown, which can choose verifying after the completion of encryption, to ciphertext bidding documents;
Second log module, for recording work log and the user's operation procedure information of bid device;
Second configuration module, for Configuration network agency and url of encryption rule file etc..
As shown in Figure 2 to 4, the e-bidding method of the present embodiment, comprising the following steps:
Step 1: bidding server generates encryption rule file;
Step 2: bid device is based on Shamir thresholding in plain text according to the encryption rule file that bidding server generates Bidding documents is encrypted, and ciphertext bidding documents is obtained;
Step 3: obtained ciphertext bidding documents is uploaded to bidding server by bid device;
Step 4: in the opening of bid time, ciphertext bidding documents is decrypted in bidding server.
Above-mentioned steps second is that ciphertext bidding documents acquisition and upload procedure, specifically include:
Step 1, input bidding documents original text, ciphertext bidding documents path, project number and the url for configuring encryption rule file;
Step 2, according to the url of project number and the encryption rule file of configuration, obtain encryption rule to bidding server Then file;
Step 3, the information added the signing certificate of bidder and confirm bidder;
Step 4, according to the thresholding relevant parameter in encryption rule file, if opening of bid people has N number of, the number of minimum opening of bid is T, using Shamir thresholding, shared information M is divided n parts: M1, M2 ... Mn, it is one corresponding for every a information of segmentation The encrypted certificate of opening of bid people, and the sub-key being randomly generated respectively is encrypted using corresponding encrypted certificate, and sub-key Every a information of corresponding segmentation is encrypted;It is encrypted using the key pair plaintext bidding documents that shared information generates, and Encrypted sub-key, encrypted block of information and the certificate for the people that opens bid, is all stored in ciphertext bidding documents with certain format;
The ciphertext bidding documents that step 5, opening obtain, verifies the file structure and signed data of ciphertext bidding documents, and shows ciphertext Bidding documents identifying code and verification result;Wherein, the file structure and signed data of ciphertext bidding documents are verified, specifically:
The encryption rule file in ciphertext bidding documents is read, the file structure of ciphertext bidding documents is verified;Obtain the signature of bidder Certificate and information, to obtain the identifying code of ciphertext bidding documents.
Above-mentioned steps specifically include fourth is that opening of bid process:
Step 1 opens ciphertext bidding documents;
Step 2 obtains the current timestamp time;
Step 3 obtains the opening of bid time;
Step 4, the file structure and signed data for verifying ciphertext bidding documents, specifically:
The encryption rule file in ciphertext bidding documents is read, the file structure of ciphertext bidding documents is verified;Obtain the signature of bidder Certificate and information, to obtain the identifying code of ciphertext bidding documents.
Encryption rule file in step 4, the encryption rule file that bidding server is generated and ciphertext bidding documents carries out Matching;
Step 5, read opening of bid people's information, attempt opening of bid, i.e., when opening of bid people certificate reach opening of bid thresholding, be combined into shared Information, and key is restored by shared information;
Step 6 is decrypted using the key pair ciphertext bidding documents of recovery.
From above-described embodiment as can be seen that key to the invention is that using Shamir thresholding, after only reaching thresholding It can just open bid;According to thresholding and specific encryption rule, plaintext bidding documents is encrypted, so that the safety of ciphertext bidding documents Property is higher;Compared with existing Bidding Techniques scheme, the side for the symmetric key that plaintext bidding documents is encrypted that the present invention generates Formula is different, and symmetric key is, in opening of bid, not only first to use the signing certificate pair of bidder according to shared information export Ciphertext bidding documents is verified, and obtain encryption bidding documents symmetric key before, it is necessary to be combined into shared information;Shared information is Shared information, according to the number of opening of bid people, is divided into several one's share of expenses for a joint undertaking shared informations, needle in encryption by one section of random data To each one's share of expenses for a joint undertaking shared information, respectively generates random key and sub- shared information is encrypted using the random key, so The encrypted certificate for reusing opening of bid people afterwards encrypts the random key respectively generated, by encrypted sub- shared information and adds Random key after close is stored in some way in ciphertext Bid Documents;To be combined into shared information in decryption, then First the random key of encryption must be decrypted using the encrypted certificate of each opening of bid people, then using random key to encryption Sub- shared information block be decrypted;Etc. the minimum number for reaching opening of bid, and the corresponding block of information of successful decryption respectively, ability It is combined into monolith shared information, and then restores key, ciphertext bidding documents is decrypted using the symmetric key of recovery;In addition, opening Whether must be on the scene when can specify certain people opening of bid in mark people, if specifying someone, in opening of bid, the people must It must show up, have better flexibility in this way.
Since the file format of ciphertext bidding documents is specific, so supporting big file bidding documents encryption, and multiple marks are supported Written matter is encrypted simultaneously or is decrypted simultaneously.
More identical with existing Bidding Techniques scheme, the present invention is also to be encrypted using public key, and private key is solved It is close, but the present invention not only supports RSA Algorithm also to support SM2 elliptic curve.
In conclusion the present invention generates specific format encryption rule file using bidding server, and it is based on Shamir thresholding encrypts plaintext bidding documents, obtains ciphertext bidding documents, so that the safety of ciphertext bidding documents is higher, also has preferably Flexibility not only supports big files electronic bidding documents to encrypt, and supports that multiple electric bidding documents encrypt or decryption simultaneously, signature with The digital certificate that the process of encryption uses supports two kinds of public key algorithms of RSA and SM2.
The above, only the invention patent preferred embodiment, but the scope of protection of the patent of the present invention is not limited to This, anyone skilled in the art is in the range disclosed in the invention patent, according to the present invention the skill of patent Art scheme and its patent of invention design are subject to equivalent substitution or change, belong to the scope of protection of the patent of the present invention.

Claims (7)

1. the e-bidding system based on Shamir thresholding, it is characterised in that: the system comprises connected bidding services Device and bid device;
The bidding server, for generating encryption rule file, and in opening of bid time, the ciphertext bidding documents uploaded to bid device It is decrypted;Wherein, the encryption rule file is xml signature file, have specific format, including mechanism, project number, Project name, opening of bid time, deadline for submission of tenders, opening of bid Rule Information and bidding server signature certificate, the opening of bid rule Then information includes the open bid total number of persons of people, the minimum number of opening of bid needs, the number of each opening of bid people, the number of each opening of bid people Whether certificate and each opening of bid people necessarily participate in the information of decryption;
The bidding server includes:
Encryption rule module, for generating encryption rule file;
First ciphertext bidding documents authentication module, for verifying the file structure and signature of the ciphertext bidding documents that bid device uploads before opening of bid Encryption rule file in ciphertext bidding documents is matched with the encryption rule file that encryption rule module generates, and shown by data Show verification result, if be proved to be successful, shows ciphertext bidding documents identifying code;
Ciphertext bidding documents deciphering module, the ciphertext bidding documents for uploading to bid device are decrypted;
The bid device, the encryption rule file for being generated according to bidding server mark plaintext based on Shamir thresholding Book is encrypted, and obtains ciphertext bidding documents, and obtained ciphertext bidding documents is uploaded to bidding server;
The bid device includes:
Bidding documents encrypting module, for being encrypted, being obtained close to plaintext bidding documents based on Shamir thresholding according to encryption rule file Literary bidding documents;
Second ciphertext bidding documents authentication module will be in ciphertext bidding documents for verifying the file structure and signed data of ciphertext bidding documents Encryption rule file is matched with the encryption rule file that bidding server generates, and shows verification result, if verifying Success, then show ciphertext bidding documents identifying code;
The ciphertext bidding documents is by SID file identification and several different types of SID data chunks at several SID data blocks Respectively SID file header data block, threshold parameter data block, secret papers data block, self-defined information data block, signing messages Data block, Hash data block and SID end-of-file data block;Wherein, SID file header data block includes basic in SID file Information, threshold parameter data block include parameters used in encrypting plaintext bidding documents, and secret papers data block includes encrypted Plaintext bidding documents data, self-defined information data block includes user's self-defining data, to upper layer application with extending space, signing messages Data block includes various signing messages, and Hash data block includes the hash value of SID, and SID end-of-file data block is used to mark SID literary Part or data flow are over, and have to the tail portion for being placed on SID file.
2. the e-bidding system according to claim 1 based on Shamir thresholding, it is characterised in that: the bidding Server further include:
First log module, for recording the log of bidding server;
First configuration module, the configuration item for setup time stamp server url;
The bid device further include:
Second log module, for recording work log and the user's operation procedure information of bid device;
Second configuration module, for Configuration network agency and the url of encryption rule file.
3. the Bidding Methods based on system described in claim 1, it is characterised in that: the described method comprises the following steps:
S1, bidding server generate encryption rule file;
S2, the encryption rule file generated according to bidding server, bid device are based on Shamir thresholding and carry out to plaintext bidding documents Encryption, obtains ciphertext bidding documents;
Obtained ciphertext bidding documents is uploaded to bidding server by S3, bid device;
S4, in the opening of bid time, ciphertext bidding documents is decrypted in bidding server.
4. Bidding Methods according to claim 3, it is characterised in that: step S2 is specifically included:
S21, input bidding documents original text, ciphertext bidding documents path, project number and the url for configuring encryption rule file;
S22, according to the url of project number and the encryption rule file of configuration, obtain encryption rule file to bidding server;
S23, the information added the signing certificate of bidder and confirm bidder;
S24, according to the thresholding relevant parameter in encryption rule file, if opening of bid people has N number of, the number of minimum opening of bid is t, is made With Shamir thresholding, shared information M is divided n parts: M1, M2 ... Mn, for every a information of segmentation, a corresponding opening of bid people Encrypted certificate, and the sub-key being randomly generated respectively is encrypted using corresponding encrypted certificate, and sub-key is to correspondence Every a information of segmentation encrypted;It is encrypted using the key pair plaintext bidding documents that shared information generates, and it is encrypted Sub-key, encrypted block of information and open bid people certificate, be all stored in ciphertext bidding documents with certain format;
The ciphertext bidding documents that S25, opening obtain, verifies the file structure and signed data of ciphertext bidding documents, by adding in ciphertext bidding documents Close rule file is matched with the encryption rule file that bidding server generates, and shows verification result, if verifying at Function then shows ciphertext bidding documents identifying code.
5. Bidding Methods according to claim 3, it is characterised in that: step S4 is specifically included:
S41, ciphertext bidding documents is opened;
S42, the current timestamp time is obtained;
S43, the opening of bid time is obtained;
S44, the file structure and signed data for verifying ciphertext bidding documents;
S45, the encryption rule file that bidding server generates is matched with the encryption rule file in ciphertext bidding documents;
S46, opening of bid people's information is read, attempts opening of bid;
S47, it is decrypted using the key pair ciphertext bidding documents of recovery.
6. Bidding Methods according to claim 4 or 5, it is characterised in that: the file structure of the verifying ciphertext bidding documents And signed data, specifically:
The encryption rule file in ciphertext bidding documents is read, the file structure of ciphertext bidding documents is verified;Obtain the signing certificate of bidder And information, to obtain the identifying code of ciphertext bidding documents.
7. Bidding Methods according to claim 5, it is characterised in that: in step S46, the trial opening of bid, which refers to work as, to be opened The certificate of mark people reaches opening of bid thresholding, is combined into shared information, and restore key by shared information.
CN201610236112.6A 2016-04-14 2016-04-14 E-bidding system and method based on Shamir thresholding Active CN105790940B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610236112.6A CN105790940B (en) 2016-04-14 2016-04-14 E-bidding system and method based on Shamir thresholding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610236112.6A CN105790940B (en) 2016-04-14 2016-04-14 E-bidding system and method based on Shamir thresholding

Publications (2)

Publication Number Publication Date
CN105790940A CN105790940A (en) 2016-07-20
CN105790940B true CN105790940B (en) 2019-09-13

Family

ID=56397646

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610236112.6A Active CN105790940B (en) 2016-04-14 2016-04-14 E-bidding system and method based on Shamir thresholding

Country Status (1)

Country Link
CN (1) CN105790940B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106603233B (en) * 2017-01-04 2020-01-21 顾建明 Encryption and decryption method for remote bid opening type bidding system
CN109033811A (en) * 2018-07-10 2018-12-18 林小丽 Electric bidding document multilayer encrypting and deciphering system for e-bidding
CN108959946A (en) * 2018-07-10 2018-12-07 林小丽 Electric bidding document multilayer encipher-decipher method for e-bidding
CN110532806A (en) * 2019-07-26 2019-12-03 深圳壹账通智能科技有限公司 Bidding documents management method, system and computer readable storage medium
CN110730184B (en) * 2019-10-22 2021-11-05 江苏先安科技有限公司 Novel bidding encryption and decryption method based on SM2 cryptographic algorithm
CN111861473B (en) * 2020-07-31 2024-06-21 光奕科数据技术有限公司 Electronic bidding system and method
CN112017017A (en) * 2020-09-03 2020-12-01 罗官 Bidding method and system based on block chain
CN112468514A (en) * 2020-12-15 2021-03-09 天津普泽工程咨询有限责任公司 System and method for realizing electronic bidding encryption in VPN (virtual private network)
CN112613956B (en) * 2020-12-31 2024-02-02 中国工商银行股份有限公司 Bidding processing method and device
CN113434911B (en) * 2021-07-30 2022-05-20 四川省数字证书认证管理中心有限公司 Method for proving consistency of bid documents in response to failure of bid decryption
CN114022260B (en) * 2021-11-11 2023-03-21 陕西华春网络科技股份有限公司 Bidding method and device based on key designation, computer equipment and memory
CN116232592B (en) * 2023-05-08 2023-08-01 浙江校联信息技术有限公司 Encryption and decryption method and system for online bidding
CN120200747B (en) * 2025-03-31 2025-09-02 亿中标(北京)咨询服务有限公司 Multilayer encryption system for electronic bidding documents

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101655931A (en) * 2008-08-21 2010-02-24 东方钢铁电子商务有限公司 Electronic public bidding method based on digital certificate
CN102324080A (en) * 2011-09-06 2012-01-18 上海互联网软件有限公司 Bidding system and method
US8180701B1 (en) * 2007-03-19 2012-05-15 Columbia Capital Management, L.L.C. Secure bidding method and system
CN102664740A (en) * 2012-05-02 2012-09-12 四川建设网有限责任公司 Remote-authorization-based bidding document encryption and decryption method
CN103795523A (en) * 2014-01-14 2014-05-14 福州市勘测院 Electronic bid document multi-layer encryption and decryption system and method for electronic bidding

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7133842B2 (en) * 2000-12-29 2006-11-07 International Business Machines Corporation System, method and program for bidding for best solution process execution in a heterogeneous network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8180701B1 (en) * 2007-03-19 2012-05-15 Columbia Capital Management, L.L.C. Secure bidding method and system
CN101655931A (en) * 2008-08-21 2010-02-24 东方钢铁电子商务有限公司 Electronic public bidding method based on digital certificate
CN102324080A (en) * 2011-09-06 2012-01-18 上海互联网软件有限公司 Bidding system and method
CN102664740A (en) * 2012-05-02 2012-09-12 四川建设网有限责任公司 Remote-authorization-based bidding document encryption and decryption method
CN103795523A (en) * 2014-01-14 2014-05-14 福州市勘测院 Electronic bid document multi-layer encryption and decryption system and method for electronic bidding

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"浅析PKI技术在电子招投标中的应用";孙翔;《网络空间安全》;20121031(第10期);正文第17-18页 *
"特殊门限秘密共享方法及其应用";唐韶华;《华南理工大学学报(自然科学版)》;20071015;第35卷(第10期);正文第168-171页 *
"电子招投标系统的安全性研究";温雅敏等;《华东交通大学学报》;20060430;第23卷(第2期);正文第92-95页 *
"门限多重秘密共享方案";周洪伟等;《计算机工程与设计》;20080428;第29卷(第8期);正文第1946-1951页 *

Also Published As

Publication number Publication date
CN105790940A (en) 2016-07-20

Similar Documents

Publication Publication Date Title
CN105790940B (en) E-bidding system and method based on Shamir thresholding
CN109067524B (en) Public and private key pair generation method and system
CN103795523B (en) Electronic bid document multi-layer encryption and decryption system and method for electronic bidding
CN105162599B (en) A kind of data transmission system and its transmission method
WO2019052286A1 (en) User identity verification method, apparatus and system based on blockchain
CN101136046B (en) Electric signing verification system and method thereof
US20110145576A1 (en) Secure method of data transmission and encryption and decryption system allowing such transmission
CN105323070B (en) A kind of safety E-mail implementation method based on digital envelope
CN101459661A (en) Electronic document protection system and method
US20200169410A1 (en) Method for digital signing with multiple devices operating multiparty computation with a split key
CN111181723B (en) Method and device for offline security authentication between Internet of things devices
CN105763331A (en) Data encryption method, device, data decryption method and device
CN113824564B (en) Online signing method and system based on blockchain
CN107360002B (en) Application method of digital certificate
CN109560935B (en) Anti-quantum-computation signature method and signature system based on public asymmetric key pool
CN102594824A (en) Security electronic document distribution method based on multiple security protection mechanisms
KR20110140122A (en) Methods for producing products with certificates and keys
CN109150897A (en) A kind of communication encrypting method and device end to end
CN104200154A (en) Identity based installation package signing method and identity based installation package signing device
CN104219047A (en) A signature verification method and apparatus
CN101296083A (en) An encrypted data transmission method and system
CN105335109A (en) File printing control system based on smart password keys and achieving method thereof
CN104734847A (en) Shared symmetric key data encrypting and decrypting method for public key cryptography application
CN108933659A (en) A kind of authentication system and verification method of smart grid
CN109347923A (en) Anti- quantum calculation cloud storage method and system based on unsymmetrical key pond

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant