[go: up one dir, main page]

CN113572594B - CPK key generation method, device, entity and key center - Google Patents

CPK key generation method, device, entity and key center Download PDF

Info

Publication number
CN113572594B
CN113572594B CN202110844650.4A CN202110844650A CN113572594B CN 113572594 B CN113572594 B CN 113572594B CN 202110844650 A CN202110844650 A CN 202110844650A CN 113572594 B CN113572594 B CN 113572594B
Authority
CN
China
Prior art keywords
key
preset
entity
matrix
byte
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110844650.4A
Other languages
Chinese (zh)
Other versions
CN113572594A (en
Inventor
南相浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jin Shang Bo Chuang Beijing Science&technology Co ltd
Original Assignee
Jin Shang Bo Chuang Beijing Science&technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jin Shang Bo Chuang Beijing Science&technology Co ltd filed Critical Jin Shang Bo Chuang Beijing Science&technology Co ltd
Priority to CN202110844650.4A priority Critical patent/CN113572594B/en
Publication of CN113572594A publication Critical patent/CN113572594A/en
Application granted granted Critical
Publication of CN113572594B publication Critical patent/CN113572594B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明实施例提供一种CPK密钥生成方法、装置、实体及密钥中心,属信息安全技术领域。所述方法应用于密钥中心,所述方法包括:接收实体的密钥申请消息,所述密钥申请消息中包括所述实体标识;利用预设私钥矩阵的阶数确定密钥的运算周期,并根据所述运算周期与预设运算轮数,得到所需字节数量;利用哈希密钥对所述实体标识进行哈希变换,得到变换后的所述所需字节数量对应的运算字节;根据所述预设私钥矩阵、所述运算字节以及预设参数生成规则,得到所述实体标识对应的私钥,并将所述私钥发送至所述实体。本发明实施例适用于数字签名与验证过程。

The embodiment of the present invention provides a CPK key generation method, device, entity and key center, belonging to the field of information security technology. The method is applied to the key center, and the method includes: receiving a key application message of an entity, wherein the key application message includes the entity identification; determining the operation cycle of the key using the order of a preset private key matrix, and obtaining the required number of bytes according to the operation cycle and the preset number of operation rounds; performing a hash transformation on the entity identification using a hash key to obtain the operation bytes corresponding to the transformed required number of bytes; obtaining the private key corresponding to the entity identification according to the preset private key matrix, the operation bytes and the preset parameter generation rules, and sending the private key to the entity. The embodiment of the present invention is applicable to the digital signature and verification process.

Description

CPK key generation method, device, entity and key center
Technical Field
The invention relates to the technical field of information security, in particular to a CPK (compact public key) key generation method, a device, an entity and a key center.
Background
CPK (Combined Public Key ) is the first internationally identified based public key regime with digital signature and key encryption functions. CPK is simple in programming, extremely large in combination amount and extremely high in operation speed, but in the face of gradually developing and mature quantum computing, the possibility of preventing quantum exhaustion is inevitably faced.
Disclosure of Invention
The embodiment of the invention aims to provide a CPK key generation method, a device, an entity and a key center, which solve the problem that the CPK system in the prior art cannot avoid quantum exhaustion.
In order to achieve the above objective, an embodiment of the present invention provides a CPK key generation method, which is applied to a key center, and the method includes receiving a key application message of an entity, where the key application message includes an entity identifier, determining an operation period of a key by using an order of a preset private key matrix, obtaining a required number of bytes according to the operation period and a preset operation round number, performing hash transformation on the entity identifier by using a hash key to obtain an operation byte corresponding to the required number of bytes after transformation, obtaining a private key corresponding to the entity identifier according to the preset private key matrix, the operation byte and a preset parameter generation rule, and sending the private key to the entity.
Further, the step of determining the operation cycle of the key by using the order of the preset private key matrix and obtaining the required byte number according to the operation cycle and the preset operation round number includes obtaining the operation cycle of the key according to t=h/4, wherein T is the operation cycle, h is the order of the preset private key matrix, and obtaining the required byte number according to k=6xTxw, wherein k is the required byte number, and w is the preset operation round number.
Further, performing Hash transformation on the entity identifier by using a Hash key to obtain operation bytes corresponding to the number of the required bytes after transformation, wherein the operation bytes v 0,v1,v2,…,vk corresponding to the number of the required bytes after transformation are obtained according to Hash Hkey(Alice)=v0,v1,v2,…,vk, hash is a Hash function, alice is the entity identifier, hkey is the Hash key, k is the number of the required bytes, and the Hash key is published.
Further, the obtaining the private key corresponding to the entity identifier according to the preset private key matrix, the operation bytes and the preset parameter generation rule comprises the steps of forming a group of byte parameters from each three bytes in the operation bytes, respectively indicating two row coordinates of the preset private key matrix after the operation of modulo h on the upper half section of the first two bytes in each group of byte parameters, respectively indicating two column coordinates of the preset private key matrix after the operation of modulo h on the lower half section of the first two bytes, wherein h is the order of the preset private key matrix, determining two matrix variables from the preset private key matrix according to the two groups of row coordinates and column coordinates indicated in each group of byte parameters, determining the third byte in each group of byte parameters as a layering parameter, and obtaining the private key corresponding to the entity identifier according to the matrix variables and the layering parameter.
Further, the obtaining the private key corresponding to the entity identifier according to the matrix variable and the hierarchical parameter includes:
According to Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, and k is the required byte number.
Further, obtaining the private key corresponding to the entity identifier according to the matrix variable and the hierarchical parameter includes defining a current year private key and a current year public key, and publishing the current year public key according to the matrix variable and the hierarchical parameter Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, k is the required byte number, and year is the current annual private key.
Correspondingly, the embodiment of the invention also provides a CPK key generation method which is applied to the entity, and comprises the steps of determining the operation period of a key by utilizing the order of a preset public key matrix when the public key corresponding to the entity identifier of another entity is monitored, obtaining the required byte number according to the operation period and the preset operation round number, carrying out hash transformation on the entity identifier of the other entity by utilizing a hash key to obtain operation bytes corresponding to the required byte number after transformation, and obtaining the public key corresponding to the entity identifier of the other entity according to the preset public key matrix, the operation bytes and a preset parameter generation rule.
Further, the method further comprises the step of obtaining a hash key published by the key center and presetting a public key matrix.
Further, the step of determining the operation cycle of the key by using the order of the preset public key matrix and obtaining the required byte number according to the operation cycle and the preset operation round number includes obtaining the operation cycle of the key according to t=h/4, wherein T is the operation cycle, h is the order of the preset public key matrix, and obtaining the required byte number according to k=6xTxw, wherein k is the required byte number, and w is the preset operation round number.
Further, performing Hash transformation on the entity identifier of the other entity by using a Hash key to obtain operation bytes corresponding to the transformed required byte number includes obtaining operation bytes u 0,u1,u2,…,uk corresponding to the transformed required byte number according to Hash Hkey(Bob)=u0,u1,u2,…,uk, where Hash is a Hash function, bob is the entity identifier of the other entity, hkey is the Hash key, and k is the required byte number.
Further, the obtaining the public key corresponding to the entity identifier of the other entity according to the preset public key matrix, the operation bytes and the preset parameter generation rule comprises the steps of forming each three bytes in the operation bytes into a group of byte parameters, respectively indicating two row coordinates of the preset public key matrix after the upper half sections of the first two bytes in each group of byte parameters are subjected to modulo h operation, respectively indicating two column coordinates of the preset public key matrix after the lower half sections corresponding to the first two bytes are subjected to modulo h operation, wherein h is the order of the preset public key matrix, determining two matrix variables from the preset public key matrix according to the two groups of row coordinates and column coordinates indicated in each group of byte parameters, determining the third byte in each group of byte parameters as a layering parameter, and obtaining the public key corresponding to the entity identifier of the other entity according to the matrix variables and the layering parameter.
Further, the obtaining the public key corresponding to the entity identifier of the other entity according to the matrix variable and the hierarchical parameter comprises the steps of And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, and k is the required byte number.
Further, the obtaining the public key corresponding to the entity identifier of the other entity according to the matrix variable and the hierarchical parameter includes obtaining a current year public key published by a key center, and obtaining the public key according to the current year public key published by the key center And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, k is the required byte number, and YEAR is the current annual public key.
Correspondingly, the embodiment of the invention also provides a CPK key generation device which is applied to a key center and comprises a receiving module, a first processing module, a second processing module and a third processing module, wherein the receiving module is used for receiving a key application message of an entity, the key application message comprises an entity identifier, the first processing module is used for determining an operation period of the key by utilizing the order of a preset private key matrix and obtaining the number of required bytes according to the operation period and the preset operation round number, the second processing module is used for carrying out hash transformation on the entity identifier by utilizing a hash key to obtain operation bytes corresponding to the number of required bytes after transformation, the third processing module is used for obtaining a private key corresponding to the entity identifier according to the preset private key matrix, the operation bytes and a preset parameter generation rule, and the sending module is used for sending the private key to the entity.
Further, the first processing module is specifically configured to obtain an operation period of the key according to t=h/4, where T is the operation period, h is an order of the preset private key matrix, and obtain a required byte number according to k=6×t×w, where k is the required byte number, and w is the preset operation round number.
Further, the second processing module is specifically configured to obtain operation bytes v 0,v1,v2,…,vk corresponding to the converted required byte number according to Hash Hkey(Alice)=v0,v1,v2,…,vk, where Hash is a Hash function, alice is the entity identifier, hkey is the Hash key, k is the required byte number, and publish the Hash key.
The third processing module is specifically configured to construct a set of byte parameters from each three bytes in the operation byte, respectively indicate two row coordinates of the preset private key matrix after modulo h operation on an upper half of the first two bytes in each set of byte parameters, respectively indicate two column coordinates of the preset private key matrix after modulo h operation on a lower half of the first two bytes, wherein h is an order of the preset private key matrix, determine two matrix variables from the preset private key matrix according to the two sets of row coordinates and the column coordinates indicated in each set of byte parameters, determine a third byte in each set of byte parameters as a layering parameter, and obtain a private key corresponding to the entity identifier according to the matrix variables and the layering parameter.
Further, the third processing module is also used for controlling the processing according to the following conditions Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, and k is the required byte number.
Further, the third processing module is further configured to define a current year private key and a current year public key, and publish the current year public key, according to the current year private key and the current year public key Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, k is the required byte number, and year is the current annual private key.
Correspondingly, the embodiment of the invention also provides a CPK key generation device which is applied to the entity, and comprises a first processing module, a second processing module and a third processing module, wherein the first processing module is used for determining the operation period of a key by utilizing the order of a preset public key matrix when monitoring the public key corresponding to the entity identifier of the other entity to be called, obtaining the required byte number according to the operation period and the preset operation round number, the second processing module is used for carrying out hash transformation on the entity identifier of the other entity by utilizing the hash key to obtain the operation byte corresponding to the required byte number after transformation, and the third processing module is used for obtaining the public key corresponding to the entity identifier of the other entity according to the preset public key matrix, the operation byte and a preset parameter generation rule.
Further, the device also comprises an acquisition module for acquiring the hash key published by the key center and a preset public key matrix.
Further, the first processing module is specifically configured to obtain an operation period of the key according to t=h/4, where T is the operation period, h is an order of the preset public key matrix, and obtain a required byte number according to k=6×t×w, where k is the required byte number, and w is the preset operation round number.
Further, the second processing module is specifically configured to obtain, according to Hash Hkey(Bob)=u0,u1,u2,…,uk, an operation byte u 0,u1,u2,…,uk corresponding to the converted required byte number, where Hash is a Hash function, bob is an entity identifier of the other entity, hkey is the Hash key, and k is the required byte number.
The third processing module is specifically configured to construct a set of byte parameters from each three bytes in the operation byte, respectively indicate two row coordinates of the preset public key matrix after modulo h operation on an upper half of the first two bytes in each set of byte parameters, respectively indicate two column coordinates of the preset public key matrix after modulo h operation on a lower half of the first two bytes, wherein h is an order of the preset public key matrix, determine two matrix variables from the preset public key matrix according to the two sets of row coordinates and the column coordinates indicated in each set of byte parameters, determine a third byte in each set of byte parameters as a layering parameter, and obtain a public key corresponding to an entity identifier of the other entity according to the matrix variables and the layering parameter.
Further, the third processing module is also used for controlling the processing according to the following conditions And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, and k is the required byte number.
Further, the obtaining module is further used for obtaining the current year public key published by the key center, and the third processing module is further used for obtaining the current year public key published by the key center according to the following condition And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, k is the required byte number, and YEAR is the current annual public key.
Correspondingly, the embodiment of the invention also provides a key center, which comprises the CPK key generation device applied to the key center.
Correspondingly, the embodiment of the invention also provides an entity, which comprises the CPK key generation device applied to the entity.
According to the technical scheme, the operation period of the key is determined by utilizing the order of the preset key matrix, the key corresponding to the entity identifier is obtained according to the operation period and the preset operation round number, and compared with the key obtained through multi-period and multi-round operation in the prior art, the complexity and the safety of the key are improved while the calculation resources are saved.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain, without limitation, the embodiments of the invention. In the drawings:
fig. 1 is a schematic flow chart of a CPK key generating method according to an embodiment of the present invention;
fig. 2 is a flow chart of another CPK key generating method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a CPK key generating apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of another CPK key generating apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of still another CPK key generating apparatus according to an embodiment of the present invention.
Detailed Description
The following describes the detailed implementation of the embodiments of the present invention with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.
Fig. 1 is a flow chart of a CPK key generating method according to an embodiment of the present invention. As shown in fig. 1, the method is applied to a key center, and comprises the following steps:
Step 101, receiving a key application message of an entity, wherein the key application message comprises the entity identifier;
step 102, determining an operation period of a secret key by using an order of a preset private key matrix, and obtaining the required byte number according to the operation period and the preset operation round number;
step 103, carrying out hash transformation on the entity identifier by utilizing a hash key to obtain operation bytes corresponding to the number of the required bytes after transformation;
Step 104, obtaining a private key corresponding to the entity identifier according to the preset private key matrix, the operation byte and the preset parameter generation rule, and sending the private key to the entity.
The embodiment of the invention is realized based on an elliptic curve E: y 2=x3 +ax+b (p), wherein the curve parameter T= (a, b, G, p, n), wherein G is a base point and n is the order of the base point G. The key center defines a hash key, a preset private key matrix, a preset public key matrix, a current annual private key and a current annual public key in advance. Wherein the hash key is denoted by Hkey, and the preset private key matrix and the preset public key matrix are denoted by R i,j and R i,j, respectively. Where R is a random integer less than n, R is r×g, and G is an elliptic curve generator (base point). In addition, after the hash key, the preset public key matrix and the current annual public key are published by the key center, the hash key, the preset public key matrix and the current annual public key are kept by each entity, and the preset private key matrix and the current annual private key are kept by the key center. The entity may be a terminal, a sensor, a telephone number, an account number, etc.
In the embodiment of the invention, the private key is determined by the operation period and the preset operation round number. Different operation periods can be obtained for preset private key matrixes with different orders, specifically, the operation period of the key is obtained according to t=h/4, wherein T is the operation period, and h is the order of the preset private key matrix. For example, when the size of the preset private key matrix is 4×4, i.e., the order is 4, one round of operations is composed of 1 cycle, when the size of the preset private key matrix is 8×8, i.e., the order is 8, one round of operations is composed of 2 cycles, and when the size of the preset private key matrix is 16×16, i.e., the order is 16, one round of operations is composed of 4 cycles.
For the operation period (the order of the preset private key matrix) and the preset operation round number, the actual network application environment determines the operation period and the preset operation round number, and the operation period and the preset operation round number in the network can be set by a user, and when the operation period and the preset operation round number in the network are once set, the secret key center in the network calculates the private key according to the set operation period and the preset operation round number.
For the required number of bytes of operation bytes required for the subsequent calculation of the private key, the required number of bytes can be obtained according to k=6ttxw, where k is the required number of bytes and w is the preset number of operation rounds. For example, when the private key is configured in two cycles of one round, the required number of bytes is k=6x2x1=12, that is, the required number of bytes is 12, and when the private key is configured in two cycles of two round, the required number of bytes is k=6x2x2=24, that is, the required number of bytes is 24.
Taking the entity Alice applies for the private key as an example, in step 103, an operation byte v 0,v1,v2,…,vk corresponding to the converted required byte number is obtained according to Hash Hkey(Alice)=v0,v1,v2,…,vk, where Hash is a Hash function, alice is the entity identifier, and k is the required byte number. Wherein each byte is 8 bits in length. That is, when the entity identification is hashed by using the hash key, since the required number of bytes is already determined, only the required number of operation bytes is generated, and the data operation amount is reduced.
Then, in step 104, each three bytes in the operation bytes form a group of byte parameters, the upper half sections of the first two bytes in each group of byte parameters are subjected to modulo h operation to respectively indicate two row coordinates of the preset private key matrix, and the lower half sections corresponding to the first two bytes are subjected to modulo h operation to respectively indicate two column coordinates of the preset private key matrix, wherein h is the order of the preset private key matrix. And then, according to the two sets of row coordinates and column coordinates indicated in each set of byte parameters, determining two matrix variables from the preset private key matrix, and determining the third byte in each set of byte parameters as a layering parameter.
For example, taking the example that the private key is formed by a round period, that is, the number of required bytes is k=6x1x1=6, that is, the obtained operation bytes are v 0,v1,v2,v3,v4,v5, v 0,v1,v2 forms the first set of byte parameters, and v 3,v4,v5 forms the second set of byte parameters. The upper half section of the first two bytes in the first group of byte parameters is subjected to modulo h operation to respectively indicate two row coordinates of the preset private key matrix, and as each byte is 8 bits, the upper half section of v 0,v1 is 4 bits, namely the upper half section 4 bits of v 0,v1 are subjected to modulo 4 operation, the obtained values after modulo 4 operation respectively indicate the two row coordinates of the preset private key matrix, and then the lower half section 4 bits of v 0,v1 are subjected to modulo 4 operation, and the obtained values after modulo 4 operation respectively indicate the column coordinates of the preset private key matrix. Thus, the two values obtained after the modulo operation of the upper and lower halves of v 0 are respectively used as row and column coordinates, thereby obtaining the first matrix variable indicated in the preset private key matrix. Similarly, the two values obtained after the modulo operation of the upper half and the lower half of v 1 are respectively used as row coordinates and column coordinates, so as to obtain a second matrix variable indicated in the preset private key matrix. In addition, a third byte v 2 in the first set of byte parameters is determined as a hierarchical parameter.
Likewise, a third matrix variable and a fourth matrix variable indicated in the preset private key matrix are obtained by v 3,v4 in a second set of byte parameters, and a third byte v 5 in the second set of byte parameters is determined as a hierarchical parameter. Thus, in the one round-period example, four matrix variables and two layering parameters are obtained. That is, one cycle includes four matrix variables and two hierarchical parameters determined from two sets of byte parameters.
And then, obtaining a private key corresponding to the entity identifier according to the matrix variable and the layering parameter. In particular, according to Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, and k is the required byte number.
When the private key composition is specified to include the current year private key, then the method can be based on Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, k is the required byte number, and year is the current annual private key.
Taking the above cycle by cycle as an example, four matrix variables can be obtained by v 0,v1,v3,v4 respectively, namelyAndThe layering parameters are v 2 and v 5. Thus, in the example of one round and one period, the obtained private key corresponding to the entity identifier is When the private key composition comprises the current year private key, the obtained private key corresponding to the entity identifier is
If the private key is configured with one round of two periods, the required byte number is k=6x2x1=12, the operation byte of the required byte number after transformation is v 0,v1,v2,…,v11, and the private key corresponding to the entity identifier includes two period private keys, namely:
alice=(alice[1]+alice[2])mod n
when the private key composition comprises the current year private key, the private key corresponding to the obtained entity identifier is alice = (alice [1] + alice [2] +year) mod n.
If the private key is configured by two cycles, the required byte number is k=6x2x2=24, the operation byte of the required byte number after transformation is v 0,v1,v2,…,v23, and the private key corresponding to the entity identifier is equivalent to the private key including four cycles, namely:
alice=(alice[1]+alice[2]+alice[3]+alice[4])mod n
When the private key composition comprises the current year private key, the private key corresponding to the obtained entity identifier is alice = (alice [1] + alice [2] + alice [3] + alice [4] +year) mod n.
And then, the key center can send the obtained private key corresponding to the entity identifier to the entity.
According to the embodiment of the invention, for the generated private key with one cycle, one partition is formed by multiplying the sum of two matrix variables by one layering parameter, and the other partition is formed by multiplying the sum of the other two matrix variables by the other layering parameter. Thus, in a round of one-cycle private keys, each block is composed of matrix variables and hierarchical parameters, and then one private key is a combination of matrix equations composed of the matrix variables and coefficient equations composed of the hierarchical parameters. Therefore, the coefficient equation plays a certain role in protecting the matrix equation, and layering parameters among blocks are mutually protected and cannot be eliminated. When the first block layering parameters are adjusted, the second block layering parameters are also changed, so that an indelible independent variable and dependent variable relation is formed. In addition, in the embodiment of the invention, the mode of generating the private key by taking the combination of matrix variables in the prior art is changed into the mode of generating the private key by combining unit variables, so that the private key is flexible and changeable, and the complexity of the private key is improved while saving storage resources in a multi-round and multi-period mode according to the requirements of the industrial Internet.
As shown in table 1 below, which lists the relationship between the number of rounds of operations and the amount of change for various matrix sizes:
TABLE 1
hxh W=1 W=2 W=3
4x4 Not recommended use (4.294.967.296)2=1.8x1019 (4.294.967.296)3=7.9x1028
8x8 (64x64x256)4=1.2x1024 (1.2x1024)2=1.4x1048 (1.2x1024)3=1.7x1072
16x16 (256x256x256)8=6.2x1057 (6.2x1057)2=10114
Therefore, when the private key is formed by multiple rounds and periods, the limited resource is expanded in an infinite way, and the 8 multiplied by 8 matrix circulation is equivalent to the 32 multiplied by 32 variation of the original CPK key generation of 32 multiplied by 32=1.4×1048, so that the operation speed is doubled, and the matrix is reduced by 16 times. According to the theory of aroma (the complexity is exponentially improved by repeated simple operation), the complexity is greatly improved by multiple rounds of operation on the basis of the segmentation of the private key. The CPK with multiple blocks of segmentation and multiple rounds of operation improves the pure combined operation of the original CPK to a new height, greatly saves system resources, greatly increases the variation and complexity, can meet the requirement of global open network authentication, can also meet the authentication requirement of a closed local network, and can flexibly select the size of a matrix and the number of operation rounds according to different requirements by a client. The variation of the 4×4 matrix in one round of operation period is too small, so that the use of the matrix is not recommended in practical application.
Correspondingly, fig. 2 is a schematic flow chart of a CPK key generating method according to an embodiment of the present invention. As shown in fig. 2, the method is applied to an entity, which may be a terminal, a sensor, a phone number, an account number, etc., and the method includes the steps of:
step 201, when it is monitored that a public key corresponding to an entity identifier of another entity needs to be called, determining an operation period of the key by using an order of a preset public key matrix, and obtaining a required byte number according to the operation period and a preset operation round number;
Step 202, performing hash transformation on the entity identifier of the other entity by using the hash key to obtain operation bytes corresponding to the number of the required bytes after transformation;
And 203, obtaining a public key corresponding to the entity identifier of the other entity according to the preset public key matrix, the operation bytes and a preset parameter generation rule.
The key center publishes the hash key, the combined public key matrix and the current year public key, so that when the entity receives the digital signature data packet of another entity, the public key corresponding to the information and the entity identifier of the other entity can be utilized to verify the digital signature of the entity.
In the embodiment of the invention, the private key is determined by the operation period and the preset operation round number, and the corresponding public key is also determined by the operation period and the preset operation round number. Different operation periods can be obtained for preset public key matrixes with different orders, specifically, the operation period of the key is obtained according to t=h/4, wherein T is the operation period, and h is the order of the preset public key matrix. For example, when the size of the preset public key matrix is 4×4, i.e., the order is 4, one round of operations is composed of 1 cycle, when the size of the preset public key matrix is 8×8, i.e., the order is 8, one round of operations is composed of 2 cycles, and when the size of the preset public key matrix is 16×16, i.e., the order is 16, one round of operations is composed of 4 cycles. For the operation period (the order of the preset public key matrix) and the preset operation round number, the actual network application environment determines the operation period and the preset operation round number, and the operation period and the preset operation round number in the network can be set by a user, and once the operation period and the preset operation round number in the network are set, the entity communicating in the network calculates the public key according to the set operation period and the preset operation round number. That is, the entity and the key center existing in the same network use a uniform operation period and a preset operation round number, so as to ensure that the produced private key and the public key correspond to each other.
Then, in step 201, the required number of bytes may be obtained according to k=6×t×w, where k is the required number of bytes and w is the preset number of operation rounds. For example, when the public key is set to be formed in two cycles of one round, the required byte number is k=6x2x1=12, that is, the required byte number is 12, and when the public key is set to be formed in two cycles of two round, the required byte number is k=6x2x2=24, that is, the required byte number is 24.
Taking the public key of another entity Bob as an example, in step 202, according to Hash Hkey(Bob)=u0,u1,u2,…,uk, obtaining operation bytes u 0,u1,u2,…,uk corresponding to the converted required byte number, where Hash is a Hash function, bob is an entity identifier of the other entity, hkey is the Hash key, and k is the required byte number. Wherein each byte is 8 bits in length. That is, when the hash key is used to perform the hash transformation on the entity identifier, since the required number of bytes is already determined, only the operation bytes corresponding to the required number need to be generated, and the data operation amount is reduced.
Then, in step 203, each three bytes in the operation bytes form a group of byte parameters, the upper half sections of the first two bytes in each group of byte parameters are subjected to modulo h operation to respectively indicate two row coordinates of the preset public key matrix, and the lower half sections corresponding to the first two bytes are subjected to modulo h operation to respectively indicate two column coordinates of the preset public key matrix, wherein h is the order of the preset public key matrix. And then, according to the two sets of row coordinates and column coordinates indicated in each set of byte parameters, determining two matrix variables from the preset public key matrix, and determining the third byte in each set of byte parameters as a layering parameter.
For example, taking the case that the public key is formed by a round period, that is, the number of required bytes is k=6x1x1=6, that is, the obtained operation bytes are u 0,u1,u2,u3,u4,u5, u 0,u1,u2 forms a first set of byte parameters, and u 3,u4,u5 forms a second set of byte parameters. The upper half section of the first two bytes in the first group of byte parameters is subjected to modulo h operation and then respectively indicates two row coordinates of the preset public key matrix, and as each byte is 8 bits, the upper half section of u 0,u1 is 4 bits, namely the upper half section 4 bits of u 0,u1 is subjected to modulo 4 operation and then the obtained value obtained by modulo 4 operation respectively indicates the two row coordinates of the preset public key matrix, and then the lower half section 4 bits of u 0,u1 is subjected to modulo 4 operation and then the obtained value obtained by modulo 4 operation respectively indicates the column coordinates of the preset public key matrix. Thus, the two values obtained after the modulo operation of the upper and lower halves of u 0 are respectively used as row and column coordinates, thereby obtaining the first matrix variable indicated in the preset public key matrix. Similarly, the two values obtained after the modulo operation of the upper half and the lower half of u 1 are respectively used as row coordinates and column coordinates, so as to obtain a second matrix variable indicated in the preset public key matrix. In addition, a third byte u 2 in the first set of byte parameters is determined as a hierarchical parameter.
Likewise, a third matrix variable and a fourth matrix variable indicated in the preset public key matrix are obtained by u 3,u4 in the second set of byte parameters, and a third byte u 5 in the second set of byte parameters is determined as a hierarchical parameter. Thus, in the one round-period example, four matrix variables and two layering parameters are obtained.
And then, according to the matrix variable and the layering parameter, obtaining a public key corresponding to the entity identifier of the other entity.
In particular, according to And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, and k is the required byte number.
When the public key composition is specified to include the current year public key, then the method can be based on And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, k is the required byte number, and YEAR is the current annual public key.
Taking the above round and cycle as an example, four matrix variables can be obtained by u 0,u1,u3,u4, namelyAndThe layering parameters are u 2 and u 5. Thus, in the example of one round and one period, the obtained public key corresponding to the entity identifier is When the public key composition comprises the current year public key, the obtained public key corresponding to the entity identifier is
If the public key is configured by two cycles, the number of bytes required is k=6x2x1=12, the operation bytes of the number of bytes required after transformation is u 0,u1,u2,…,u11, and the public key corresponding to the entity identifier includes two cycle public keys, namely:
BOB=BOB[1]+BOB[2]
When the public key composition comprises the current YEAR public key, the obtained public key corresponding to the entity identifier is BOB=BOB1+BOB2+YEAR.
If the public key is configured by two cycles, the number of bytes required is k=6x2x2=24, the operation bytes of the number of bytes required after transformation is u 0,u1,u2,…,u23, and the obtained public key corresponding to the entity identifier is equivalent to a public key comprising four cycles, namely:
BOB=BOB[1]+BOB[2]+BOB[3]+BOB[4]
when the public key composition comprises the current YEAR public key, the public key corresponding to the obtained entity identifier is BOB=BOB1+BOB2+BOB3+BOB4+YEAR.
And then, the entity can verify the digital signature in the digital signature data packet by utilizing the public key corresponding to the entity identifier of the other entity.
In addition, the private key in the embodiment of the present invention is represented in a lower case italic, and the public key is represented in an upper case italic.
Through the embodiment, when the entity needs to execute the digital signature, the private key can be applied to the key center, for example, a key application message is sent, and the entity identifier is included in the key application message, so that the private key obtained through multi-period and multi-round operation is obtained, and the complexity and the safety of the private key are improved. In addition, when the entity needs to verify by using the public keys of other entities, the public keys obtained through multi-period and multi-round operation can be obtained.
In the embodiment of the present invention, the key matrix (i.e. the operation period) and the preset operation number may be set according to the network environment of the practical application, for example, for a sensor network in a small range, the size of the key matrix is set to 4×4, and the preset operation number is only required to be one round. If the key matrix is an industrial internet in a larger range, the key matrix can be set to be 8×8 or 16×16, and the preset operation number of the operation rounds is one round, two rounds, three rounds and the like, and the key matrix can be specifically set according to the requirements of users and the use environment.
Fig. 3 is a schematic structural diagram of a CPK key generating apparatus according to an embodiment of the present invention. As shown in fig. 3, the device is applied to a key center, and the device 30 includes a receiving module 31 configured to receive a key application message of an entity, where the key application message includes the entity identifier, a first processing module 32 configured to determine an operation period of the key by using an order of a preset private key matrix, obtain a required number of bytes according to the operation period and a preset operation round number, a second processing module 33 configured to perform hash transformation on the entity identifier by using a hash key to obtain an operation byte corresponding to the required number of bytes after transformation, a third processing module 34 configured to obtain a private key corresponding to the entity identifier according to the preset private key matrix, the operation byte, and a preset parameter generation rule, and a transmitting module 35 configured to transmit the private key to the entity.
Further, the first processing module is specifically configured to obtain an operation period of the key according to t=h/4, where T is the operation period, h is an order of the preset private key matrix, and obtain a required byte number according to k=6×t×w, where k is the required byte number, and w is the preset operation round number.
Further, the second processing module is specifically configured to obtain operation bytes v 0,v1,v2,…,vk corresponding to the converted required byte number according to Hash Hkey(Alice)=v0,v1,v2,…,vk, where Hash is a Hash function, alice is the entity identifier, hkey is the Hash key, k is the required byte number, and publish the Hash key.
The third processing module is specifically configured to construct a set of byte parameters from each three bytes in the operation byte, respectively indicate two row coordinates of the preset private key matrix after modulo h operation on an upper half of the first two bytes in each set of byte parameters, respectively indicate two column coordinates of the preset private key matrix after modulo h operation on a lower half of the first two bytes, wherein h is an order of the preset private key matrix, determine two matrix variables from the preset private key matrix according to the two sets of row coordinates and the column coordinates indicated in each set of byte parameters, determine a third byte in each set of byte parameters as a layering parameter, and obtain a private key corresponding to the entity identifier according to the matrix variables and the layering parameter.
Further, the third processing module is also used for controlling the processing according to the following conditions Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, and k is the required byte number.
Further, the third processing module is further configured to define a current year private key and a current year public key, and publish the current year public key, according to the current year private key and the current year public key Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, k is the required byte number, and year is the current annual private key.
The operation process and beneficial effects of the device refer to the implementation process and beneficial effects of the CPK key generation method applied to the key center.
Correspondingly, fig. 4 is a schematic structural diagram of a CPK key generating apparatus according to an embodiment of the present invention. As shown in fig. 4, the device 40 is applied to an entity, and the device includes a first processing module 41 configured to determine an operation period of a key by using an order of a preset public key matrix when monitoring that a public key corresponding to an entity identifier of another entity needs to be invoked, and obtain a required number of bytes according to the operation period and a preset operation round number, a second processing module 42 configured to perform hash transformation on the entity identifier of the other entity by using a hash key to obtain an operation byte corresponding to the required number of bytes after transformation, and a third processing module 43 configured to obtain a public key corresponding to the entity identifier of the other entity according to the preset public key matrix, the operation byte, and a preset parameter generation rule.
Further, as shown in fig. 5, the apparatus further includes an obtaining module 51, configured to obtain the hash key published by the key center and a preset public key matrix.
Further, the first processing module is specifically configured to obtain an operation period of the key according to t=h/4, where T is the operation period, h is an order of the preset public key matrix, and obtain a required byte number according to k=6×t×w, where k is the required byte number, and w is the preset operation round number.
Further, the second processing module is specifically configured to obtain, according to Hash Hkey(Bob)=u0,u1,u2,…,uk, an operation byte u 0,u1,u2,…,uk corresponding to the converted required byte number, where Hash is a Hash function, bob is an entity identifier of the other entity, hkey is the Hash key, and k is the required byte number.
The third processing module is specifically configured to construct a set of byte parameters from each three bytes in the operation byte, respectively indicate two row coordinates of the preset public key matrix after modulo h operation on an upper half of the first two bytes in each set of byte parameters, respectively indicate two column coordinates of the preset public key matrix after modulo h operation on a lower half of the first two bytes, wherein h is an order of the preset public key matrix, determine two matrix variables from the preset public key matrix according to the two sets of row coordinates and the column coordinates indicated in each set of byte parameters, determine a third byte in each set of byte parameters as a layering parameter, and obtain a public key corresponding to an entity identifier of the other entity according to the matrix variables and the layering parameter.
Further, the third processing module is also used for controlling the processing according to the following conditions And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, and k is the required byte number.
Further, the obtaining module is further used for obtaining the current year public key published by the key center, and the third processing module is further used for obtaining the current year public key published by the key center according to the following condition And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, k is the required byte number, and YEAR is the current annual public key.
The operation process and beneficial effects of the device refer to the implementation process and beneficial effects of the CPK key generation method applied to the entity.
Correspondingly, the embodiment of the invention also provides a key center, which comprises the CPK key generation device applied to the key center.
Correspondingly, the embodiment of the invention also provides an entity, which comprises the CPK key generation device applied to the entity.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims (24)

1. A CPK key generation method, wherein the method is applied to a key center, the method comprising:
receiving a key application message of an entity, wherein the key application message comprises an entity identifier;
Determining the operation period of the secret key by using the order of a preset private key matrix, and obtaining the required byte number according to the operation period and the preset operation round number;
Performing hash transformation on the entity identifier by using a hash key to obtain operation bytes corresponding to the number of the required bytes after transformation;
Obtaining a private key corresponding to the entity identifier according to the preset private key matrix, the operation byte and a preset parameter generation rule, and sending the private key to the entity, wherein the method comprises the following steps:
every three bytes in the operation bytes form a group of byte parameters;
respectively indicating two row coordinates of the preset private key matrix after modulo-h operation on the upper half section of the first two bytes in each group of byte parameters, and respectively indicating two column coordinates of the preset private key matrix after modulo-h operation on the lower half section corresponding to the first two bytes, wherein h is the order of the preset private key matrix;
Determining two matrix variables from the preset private key matrix according to two groups of row coordinates and column coordinates indicated in each group of byte parameters;
determining a third byte in each set of byte parameters as a hierarchical parameter;
and obtaining a private key corresponding to the entity identifier according to the matrix variable and the layering parameter.
2. The CPK key generation method according to claim 1, wherein determining an operation period of the key using an order of a preset private key matrix, and obtaining the required number of bytes according to the operation period and a preset operation round number comprises:
obtaining an operation period of a secret key according to T=h/4, wherein T is the operation period, and h is the order of the preset private key matrix;
and obtaining the required byte number according to k=6xTxw, wherein k is the required byte number, and w is the preset operation round number.
3. The CPK key generation method according to claim 1, wherein said performing hash transformation on said entity identifier using a hash key, obtaining operation bytes corresponding to said required number of bytes after transformation, comprises:
Obtaining operation bytes v 0,v1,v2,…,vk corresponding to the converted required byte number according to Hash Hkey(Alice)=v0,v1,v2,…,vk, wherein Hash is a Hash function, alice is the entity identifier, hkey is the Hash key, and k is the required byte number;
And publishing the hash key.
4. The CPK key generation method according to claim 1, wherein said obtaining a private key corresponding to the entity identifier according to the matrix variable and the hierarchical parameter includes:
According to Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, k is the required byte number, and n is the order of elliptic curve generator.
5. The CPK key generation method according to claim 1, wherein said obtaining a private key corresponding to the entity identifier according to the matrix variable and the hierarchical parameter includes:
Defining a current annual private key and a current annual public key, and publishing the current annual public key;
According to
Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, k is the required byte number, year is the current annual private key, and n is the order of elliptic curve generator.
6. A CPK key generation method, wherein the method is applied to an entity, the method comprising:
When the public key corresponding to the entity identifier of another entity is monitored, determining the operation period of the key by utilizing the order of a preset public key matrix, and obtaining the required byte number according to the operation period and the preset operation round number;
Performing hash transformation on the entity identifier of the other entity by using the hash key to obtain operation bytes corresponding to the number of the required bytes after transformation;
Obtaining a public key corresponding to the entity identifier of the other entity according to the preset public key matrix, the operation byte and a preset parameter generation rule, wherein the public key comprises the following components:
every three bytes in the operation bytes form a group of byte parameters;
respectively indicating two row coordinates of the preset public key matrix after modulo h operation on the upper half section of the first two bytes in each group of byte parameters, and respectively indicating two column coordinates of the preset public key matrix after modulo h operation on the lower half section corresponding to the first two bytes, wherein h is the order of the preset public key matrix;
determining two matrix variables from the preset public key matrix according to two groups of row coordinates and column coordinates indicated in each group of byte parameters;
determining a third byte in each set of byte parameters as a hierarchical parameter;
and obtaining a public key corresponding to the entity identifier of the other entity according to the matrix variable and the layering parameter.
7. The CPK key generation method according to claim 6, further comprising:
and acquiring a hash key published by a key center and presetting a public key matrix.
8. The CPK key generation method according to claim 6, wherein determining an operation period of the key using an order of a preset public key matrix, and obtaining the required number of bytes according to the operation period and a preset operation round number comprises:
obtaining an operation period of a key according to t=h/4, wherein T is the operation period, and h is the order of the preset public key matrix;
and obtaining the required byte number according to k=6xTxw, wherein k is the required byte number, and w is the preset operation round number.
9. The CPK key generation method according to claim 6, wherein said performing a hash transformation on the entity identifier of the other entity using the hash key, to obtain operation bytes corresponding to the number of required bytes after the transformation, includes:
Obtaining operation bytes u 0,u1,u2,…,uk corresponding to the converted required byte number according to Hash Hkey(Bob)=u0,u1,u2,…,uk, wherein Hash is a Hash function, bob is an entity identifier of the other entity, hkey is the Hash key, and k is the required byte number.
10. The CPK key generation method according to claim 6, wherein said obtaining a public key corresponding to an entity identifier of the other entity according to the matrix variable and the hierarchical parameter includes:
According to And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, and l is the required byte number.
11. The CPK key generation method according to claim 6, wherein said obtaining a public key corresponding to an entity identifier of the other entity according to the matrix variable and the hierarchical parameter includes:
acquiring a current annual public key published by a key center;
According to And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, k is the required byte number, and YEAR is the current annual public key.
12. A CPK key generating apparatus, said apparatus being applied to a key center, said apparatus comprising:
the receiving module is used for receiving a key application message of an entity, wherein the key application message comprises an entity identifier;
The first processing module is used for determining the operation period of the secret key by utilizing the order of a preset private key matrix and obtaining the required byte number according to the operation period and the preset operation round number;
the second processing module is used for carrying out hash transformation on the entity identifier by utilizing a hash key to obtain operation bytes corresponding to the number of the required bytes after transformation;
a third processing module, configured to obtain a private key corresponding to the entity identifier according to the preset private key matrix, the operation byte and a preset parameter generation rule,
The third processing module is specifically configured to:
every three bytes in the operation bytes form a group of byte parameters;
respectively indicating two row coordinates of the preset private key matrix after modulo-h operation on the upper half section of the first two bytes in each group of byte parameters, and respectively indicating two column coordinates of the preset private key matrix after modulo-h operation on the lower half section corresponding to the first two bytes, wherein h is the order of the preset private key matrix;
Determining two matrix variables from the preset private key matrix according to two groups of row coordinates and column coordinates indicated in each group of byte parameters;
determining a third byte in each set of byte parameters as a hierarchical parameter;
Obtaining a private key corresponding to the entity identifier according to the matrix variable and the layering parameter;
and the sending module is used for sending the private key to the entity.
13. The CPK key generating apparatus according to claim 12, wherein said first processing module is specifically configured to:
obtaining an operation period of a secret key according to T=h/4, wherein T is the operation period, and h is the order of the preset private key matrix;
and obtaining the required byte number according to k=6xTxw, wherein k is the required byte number, and w is the preset operation round number.
14. The CPK key generating apparatus according to claim 12, wherein said second processing module is specifically configured to:
Obtaining operation bytes v 0,v1,v2,…,vk corresponding to the converted required byte number according to Hash Hkey(Alice)=v0,v1,v2,…,vk, wherein Hash is a Hash function, alice is the entity identifier, hkey is the Hash key, and k is the required byte number;
And publishing the hash key.
15. The CPK key generating apparatus according to claim 12, wherein said third processing module is further configured to:
According to Obtaining a private key corresponding to the entity identifier, wherein aiice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, k is the required byte number, and n is the order of elliptic curve generator.
16. The CPK key generating apparatus according to claim 12, wherein said third processing module is further configured to:
Defining a current annual private key and a current annual public key, and publishing the current annual public key;
According to Obtaining a private key corresponding to the entity identifier, wherein alice is the private key corresponding to the entity identifier, r is the preset private key matrix, v is the operation byte, k is the required byte number, year is the current annual private key, and n is the order of elliptic curve generator.
17. A CPK key generating apparatus, the apparatus being applied to an entity, the apparatus comprising:
The first processing module is used for determining the operation period of the key by utilizing the order of a preset public key matrix when the public key corresponding to the entity identifier of another entity is monitored, and obtaining the required byte number according to the operation period and the preset operation round number;
the second processing module is used for carrying out hash transformation on the entity identifier of the other entity by utilizing the hash key to obtain operation bytes corresponding to the number of the required bytes after transformation;
A third processing module, configured to obtain a public key corresponding to the entity identifier of the other entity according to the preset public key matrix, the operation byte and a preset parameter generation rule,
The third processing module is specifically configured to:
every three bytes in the operation bytes form a group of byte parameters;
respectively indicating two row coordinates of the preset public key matrix after modulo h operation on the upper half section of the first two bytes in each group of byte parameters, and respectively indicating two column coordinates of the preset public key matrix after modulo h operation on the lower half section corresponding to the first two bytes, wherein h is the order of the preset public key matrix;
determining two matrix variables from the preset public key matrix according to two groups of row coordinates and column coordinates indicated in each group of byte parameters;
determining a third byte in each set of byte parameters as a hierarchical parameter;
and obtaining a public key corresponding to the entity identifier of the other entity according to the matrix variable and the layering parameter.
18. The CPK key generating apparatus as claimed in claim 17, further comprising:
the acquisition module is used for acquiring the hash key published by the key center and a preset public key matrix.
19. The CPK key generating apparatus according to claim 17, wherein said first processing module is specifically configured to:
obtaining an operation period of a key according to t=h/4, wherein T is the operation period, and h is the order of the preset public key matrix;
and obtaining the required byte number according to k=6xTxw, wherein k is the required byte number, and w is the preset operation round number.
20. The CPK key generating apparatus according to claim 17, wherein said second processing module is specifically configured to:
Obtaining operation bytes u 0,u1,u2,…,uk corresponding to the converted required byte number according to Hash Hkey(Bob)=u0,u1,u2,…,uk, wherein Hash is a Hash function, bob is an entity identifier of the other entity, hkey is the Hash key, and k is the required byte number.
21. The CPK key generating apparatus as claimed in claim 17, wherein said third processing module is further configured to:
According to And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, and k is the required byte number.
22. The CPK key generating apparatus as claimed in claim 18, wherein,
The acquisition module is also used for acquiring the current annual public key published by the key center;
the third processing module is also used for according to And obtaining a public key corresponding to the entity identifier of the other entity, wherein BOB is the public key corresponding to the entity identifier of the other entity, R is the preset public key matrix, u is the operation byte, k is the required byte number, and YEAR is the current annual public key.
23. A key center, characterized in that the key center comprises the CPK key generating apparatus according to any one of claims 12 to 16.
24. An entity, characterized in that it comprises a CPK key generating device according to any of claims 17-22.
CN202110844650.4A 2021-07-26 2021-07-26 CPK key generation method, device, entity and key center Active CN113572594B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110844650.4A CN113572594B (en) 2021-07-26 2021-07-26 CPK key generation method, device, entity and key center

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110844650.4A CN113572594B (en) 2021-07-26 2021-07-26 CPK key generation method, device, entity and key center

Publications (2)

Publication Number Publication Date
CN113572594A CN113572594A (en) 2021-10-29
CN113572594B true CN113572594B (en) 2024-12-27

Family

ID=78167433

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110844650.4A Active CN113572594B (en) 2021-07-26 2021-07-26 CPK key generation method, device, entity and key center

Country Status (1)

Country Link
CN (1) CN113572594B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987515B (en) * 2023-03-21 2023-08-08 深圳市永达电子信息股份有限公司 CPK authentication system construction method and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830237A (en) * 2019-11-29 2020-02-21 晋商博创(北京)科技有限公司 CPK key generation method, device, entity and key center based on time
CN112560091A (en) * 2020-12-17 2021-03-26 北京百度网讯科技有限公司 Digital signature method, signature information verification method, related device and electronic equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4622222B2 (en) * 2003-09-30 2011-02-02 ソニー株式会社 Cryptographic processing apparatus, cryptographic processing method, and computer program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830237A (en) * 2019-11-29 2020-02-21 晋商博创(北京)科技有限公司 CPK key generation method, device, entity and key center based on time
CN112560091A (en) * 2020-12-17 2021-03-26 北京百度网讯科技有限公司 Digital signature method, signature information verification method, related device and electronic equipment

Also Published As

Publication number Publication date
CN113572594A (en) 2021-10-29

Similar Documents

Publication Publication Date Title
CN110348231B (en) Data homomorphic encryption and decryption method and device for realizing privacy protection
KR101594553B1 (en) Method of generating a cryptographic key, network and computer program therefor
CN109714157B (en) SDN cross-domain access control method for resisting encryption of key exposure attribute
CN113572594B (en) CPK key generation method, device, entity and key center
CN110995419A (en) A method, device and medium for symmetric encryption and decryption based on on-chain data
CN114491455A (en) Method and apparatus, processor and electronic device for directory authorization
CN116846557A (en) Data encryption method, device, computer equipment and storage medium
CN115473643B (en) Trusted efficiency consensus system and method suitable for alliance chains
CN116756185A (en) Keyword trace query method and device based on homomorphic encryption
Vanitha et al. Bio-medical image encryption using the modified chaotic image encryption method
CN115982424A (en) Privacy keyword query method and device and electronic equipment
Huang et al. Block-Level Message-Locked Encryption with Polynomial Commitment for IoT Data.
CN114444108B (en) Homomorphic encryption processing method and related equipment
CN114697001B (en) Information encryption transmission method, equipment and medium based on blockchain
Ma et al. A general two-server cryptosystem supporting complex queries
CN116318738B (en) Signature method, signature system, electronic equipment and storage medium
CN113922960A (en) PSI (program specific information) acquisition method, device and system based on SM2
CN116484443A (en) Trusted security storage method and device based on hong Monte-go system
CN115865302A (en) Multi-party matrix multiplication method with privacy protection attribute
Li et al. Unified attribute-based encryption scheme for Industrial Internet of Things
CN118764170B (en) Data processing method, system, device, storage medium and program product
CN105978696A (en) Revocable quick data outsourcing packaging method and device
CN109951282A (en) A Pseudorandom Sequence Generation Method Based on Subsection CUBIC Chaos Map
CN115906106B (en) Data access control method and attribute authority server
CN115589293B (en) Privacy query method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PP01 Preservation of patent right

Effective date of registration: 20250414

Granted publication date: 20241227

PP01 Preservation of patent right