CN111211910B - Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof - Google Patents
Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof Download PDFInfo
- Publication number
- CN111211910B CN111211910B CN201911395270.6A CN201911395270A CN111211910B CN 111211910 B CN111211910 B CN 111211910B CN 201911395270 A CN201911395270 A CN 201911395270A CN 111211910 B CN111211910 B CN 111211910B
- Authority
- CN
- China
- Prior art keywords
- public key
- certificate
- holder
- user
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a quantum computation resistant CA and certificate issuing system based on a secret shared public key pool and an issuing and verifying method thereof. The invention uses the random number of the pointer of the public key unit and the secret fragment of the user public key to replace the public key, so that the public key in the digital certificate is not public, therefore, a quantum computer can not crack the corresponding private key through the public key, and only needs to sign the actual content of the certificate which can not be known by an enemy in the digital certificate, thereby reducing the calculation pressure and simultaneously improving the security and the reliability of the quantum computation resistance of the digital certificate.
Description
Technical Field
The invention relates to the technical field of asymmetric cryptosystems and digital certificate systems, in particular to an anti-quantum computation CA and certificate issuing system based on a secret shared public key pool and an issuing and verifying method thereof.
Background
Digital signatures, also known as public key digital signatures, electronic signatures, etc., are a method for authenticating digital information using public key encryption techniques. A set of digital signatures typically defines two complementary operations, one for signing and the other for verification. The digital signature is a digital string which can be generated only by a sender of the information and cannot be forged by others, and the digital string is a valid proof of the authenticity of the information sent by the sender of the information.
Generally, a digital signature is some data appended to a data unit or a cryptographic transformation performed on a data unit. Such data or transformations allow the recipient of the data unit to verify the source of the data unit and the integrity of the data unit and to protect the data against counterfeiting by a person (e.g., the recipient). Which is a method of signing a message in electronic form, a signed message being capable of being transmitted in a communication network. The digital signature includes a general digital signature and a special digital signature. Common digital signature algorithms include RSA, elGamal, fiat-Shamir, guillou-Quisquarter, schnorr, ong-Schnorr-Shamir, DSA, elliptic curve digital signature algorithm, and the like. The special digital signature includes blind signature, proxy signature, group signature, undeniable signature, fair blind signature, threshold signature, signature with message recovery function, etc., and is closely related to a specific application environment. Obviously, the application of digital signatures is related to legal issues, and the federal government of the united states has established its own Digital Signature Standard (DSS) based on discrete logarithm problems over a finite field.
In today's field of cryptography, there are two main types of cryptosystems, one being symmetric key cryptosystems, i.e. the same encryption key and decryption key are used. The other is a public key cryptosystem, i.e. the encryption key and the decryption key are different, one of which may be public. And the digital certificate is realized based on an asymmetric cryptosystem.
However, with the development of quantum computers, the classical asymmetric key encryption algorithm is no longer secure, and no matter the encryption and decryption method, the digital signature method or the key exchange method, the quantum computer can obtain a private key through public key calculation, so that the current classical digital certificate becomes overwhelming in the quantum era.
In order to solve the above problem of quantum computation resistance, reduce the computation amount of the digital certificate and reduce the burden of the key fob, it is necessary to improve the existing system and method for issuing digital certificates, thereby reducing the efficiency of certificate issuing and the efficiency of certificate verification.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the defects in the prior art, the invention discloses a quantum computation resistant CA based on a secret sharing public key pool, a certificate issuing system and an issuing and verifying method thereof.
The technical scheme is as follows: in order to achieve the technical purpose, the invention adopts the following technical scheme:
a quantum computation resistant CA and certificate issuing system based on secret shared public key pool is characterized in that: the CA server and each user are provided with a key fob in which the same public key pool and respective public and private key pairs are stored, the CA server issues the key fob and a digital certificate, and the CA server obtains a user public key secret fragment I and a user public key secret fragment II for each user public key in a secret sharing mode;
the public key pool stores public key units corresponding to the number of users in the group, and each public key unit comprises a public key unit pointer random number used for representing user public key information, a public key pointer function, a user public key secret fragment I and a public key algorithm;
the user key card also stores a CA public key, a user public key secret fragment II and a public key unit pointer random number;
the digital certificate includes certificate information, issuer information, holder information, and an issuer digital signature.
Preferably, when both the issuer and the holder of the digital certificate are CA servers, the CA servers generate an anti-quantum certificate as a CA root certificate from a signature, and the holder information includes the holder name, the holder public key algorithm and the hash value of the CA public key; when the issuer and the holder of the digital certificate are different, the anti-quantum certificate generated by the CA server is used as a common digital certificate, and the holder information comprises a holder name, a holder public key algorithm, a public key unit pointer random number and a public key secret fragment II.
Preferably, the public key pointer function includes a public key pointer function algorithm ID and an internal parameter, and the position pointer value of the public key unit is obtained by calculation with the random number of the pointer of the public key unit as an input quantity.
A method for issuing anti-quantum computation CA and certificate based on secret sharing public key pool is characterized in that the digital certificate issuing step is as follows:
generating certificate information comprising a version number, a serial number and a validity period;
generating issuer information including an issuer name;
generating holder information which comprises a holder name, a holder public key algorithm, a holder public key unit pointer random number and a holder public key secret fragment II of the holder after the holder public key is subjected to secret sharing in the step (2, 2);
generating a CA digital signature, finding a corresponding public key secret fragment I by a CA server through a public key unit pointer random number of a holder before the digital signature is carried out, carrying out secret recovery calculation by combining a holder public key secret fragment II disclosed by the holder to obtain a holder public key and obtain actual holder information, wherein the actual holder information comprises a holder name, a holder public key algorithm, a holder public key unit pointer random number and a holder public key;
taking the certificate information, the issuer information and the actual holder information as actual certificate contents, and performing digital signature calculation on the actual certificate contents by using a CA (certificate authority) private key to obtain a digital signature;
and sending the signed anti-quantum certificate to a corresponding user.
A method for resisting quantum computation CA and certificate verification based on secret shared public key pool is characterized in that the method for verifying CA root certificate is as follows:
the user takes out the CA public key stored in the key fob, the hash value obtained by carrying out hash operation on the CA public key is compared with the hash value in the digital certificate, if the CA public key is the same, the next step is carried out, otherwise, the process is ended;
the user adopts the CA public key to verify the digital signature of the issuer in the root certificate, the next step is entered after the verification, otherwise, the process is finished;
and the user checks the validity period of the digital certificate, if the digital certificate is in the validity period, the root certificate is successfully verified and stored in the root certificate set, otherwise, the authentication of the root certificate fails.
A quantum computation resistant CA and certificate verification method based on secret shared public key pool is characterized in that the quantum computation resistant CA and certificate verification method comprises the following steps:
the user verifies whether the holder of the anti-quantum digital certificate is the issuer CA server, if so, the authentication process of the CA root certificate is started; if not, entering the next common digital certificate verification process;
before the digital signature verification, a user finds a matched public key unit in a public key pool according to a public key unit pointer random number in a certificate;
the user takes out the secret fragment I in the matched public key unit, performs secret recovery calculation by combining with the corresponding secret fragment II in the digital certificate to obtain the public key of the holder, obtains actual holder information, and takes the certificate information, the issuer information and the actual holder information as the actual content of the certificate;
the user adopts the CA public key and utilizes the actual content of the certificate to verify the digital signature of an issuer in the digital certificate, the next step is entered after the verification is passed, otherwise, the process is ended;
the user checks the validity period of the digital certificate, if the digital certificate is in the validity period, the digital certificate is successfully verified, otherwise, the digital certificate is failed to be verified.
Preferably, the step of searching the matched public key unit by the user is as follows: the user searches the public key unit with the same pointer random number of the public key unit in the public key pool according to the pointer random number of the public key unit, if the public key unit is not found, the verification fails, and the process is finished; if the random number is found, calculating the pointer random number of the public key unit according to the public key pointer function in the matched public key unit, and comparing the calculated position pointer value of the public key unit with the position pointer of the public key unit; if the public key units are identical, the verification is passed, and the units are matched public key units.
Has the advantages that: due to the adoption of the technical scheme, the invention has the following technical effects:
(1) In the invention, the public key is replaced by the random number of the pointer of the public key unit and the secret fragment obtained by secret sharing of the user public key in the public key pool, so that the public key in the digital certificate is not public, and therefore, the quantum computer cannot crack the corresponding private key through the public key; such a scheme ensures the security of the asymmetric algorithm system of the CA server and the holder, so that the certificate has the capability of resisting quantum computation.
(2) The invention does not need extra encryption step to protect the signature in the digital certificate, and only needs to sign the actual content of the certificate which can not be known by the enemy, so that the signature can realize anti-quantum computation without increasing the computation pressure of a CA server and a user on the signature and verification of the digital certificate; the principle is that since the public key and the private key of the signature of the CA server are not disclosed and the input of the digital signature is not disclosed, the output of the public digital signature does not cause any one of the public key, the private key and the input of the digital signature to be cracked by the quantum computer.
(3) In the invention, the used key fob is an independent hardware isolation device, other related parameters such as a public key, a private key, a true random number and the like are generated in the CA server, and the key is stored in the key fob after being distributed, so that the possibility that a user steals the key by malicious software or malicious operation is greatly reduced when the key fob is used, and the key fob cannot be acquired and cracked by a quantum computer; the public keys and related algorithm parameters in all asymmetric algorithms used by the digital certificate system do not participate in network transmission, so that the possibility that the public and private keys of two communication parties are stolen and cracked is low.
Drawings
FIG. 1 is a key zone layout of a CA key fob of the present invention;
FIG. 2 is a key zone layout of a user key fob of the present invention;
fig. 3 is a structural diagram of a digital certificate of the present invention.
Detailed Description
The scheme is further explained by combining the attached drawings.
Fig. 1 is a schematic structural diagram of an embodiment of a quantum computation resistant CA and certificate issuing system based on a secret shared public key pool according to the present invention, which implements a quantum computation resistant digital certificate system based on a secret shared public key pool. The scenario realized by the invention is a group consisting of members with the same public key pool. The CA servers in the group have CA key fobs, while the other members have user key fobs. The key fob of the present invention can not only store large amounts of data, but also have the ability to process information. In the present invention, all key fobs have the corresponding required algorithms.
The key fob is described in the patent application No. 201610843210.6. In the case of a mobile terminal, the key fob is preferably a key SD card; when a fixed terminal is used, the key fob is preferably a key USBKey or a host key fob.
The mechanism of key fob issuance differs from that of the patent application No. 201610843210.6. The key fob issuer of the present invention is the owner of the key fob, typically the management of a group, such as the management of an enterprise or business; the key fob is issued as a member of the key fob's master management, typically an employee at each level of a business or institution. The user first applies for opening an account to the owner of the key fob. When the user side has approved registration, a key fob (having a unique key fob ID) will be obtained. The key fob stores customer registration information. The user side keys in the key fobs are all downloaded from the CA service station and the pool of keys stored in each key fob it issues is completely consistent for the owner of the same key fob. The key pool size stored in the key fob may be 1G, 2G, 4G, 8G, 16G, 32G, 64G, 128G, 256G, 512G, 1024G, 2048G, 4096G, etc.
Key fobs have evolved from smart card technology as identity authentication and encryption/decryption products that incorporate true random number generators (preferably quantum random number generators), cryptography, and hardware security isolation techniques. The embedded chip and operating system of the key fob may provide secure storage of keys and cryptographic algorithms, among other functions. Due to its independent data processing capabilities and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob is protected by a hardware PIN code, the PIN code and hardware constituting two essential factors for the user to use the key fob. So-called "two-factor authentication", a user can log in to the system only by simultaneously acquiring a key fob and a user PIN code, which store relevant authentication information. Even if the PIN code of the user is leaked, the identity of the legal user cannot be counterfeited as long as the key card held by the user is not stolen; if the key card of the user is lost, the finder can not imitate the identity of the legal user because the user PIN code is not known.
Description of the System
PK Unit
The public key pool is composed of N PK units, namely public key units, and the number of N is the number of all user members in the group. The PK unit consists of four parts of PKR, FPOS information, (x 1, PK 1) and PK algorithm, and the PK unit structure is shown as follows. The PKR is a random number of a pointer of a public key unit (storage position parameter of the public key), the FPOS is a public key pointer function, the (x 1, PK 1) is a secret fragment obtained after secret sharing of the public key PK through the (2, 2), and the PK algorithm, namely the public key algorithm, comprises a signature algorithm number and related algorithm parameters.
The principle of the secret sharing algorithm is as follows:
n different non-zero elements x1, x2, \ 8230;, xn, are randomly selected from a finite field GF (q) of prime order q, and are divided into n groups of secret fragments, denoted as Pi (i =1,2, \ 8230;, n). If the shared secret information is M, t-1 elements a1, a2, 8230are selected from GF (q), a (t-1) are used to construct a polynomialThen there is Mi = f (xi) (1. Ltoreq. I. Ltoreq.n). (xi, mi) as secret patches Pi.
Obtaining any t secret shards from the n secret shards to obtain the shared secret information M, which comprises the following specific steps: according to the formulaT lagrangian parameters λ i can be found, so M can be found according to the formula M = f (0) =Σλ i × Mi.
After the CA server performs (2,2) secret sharing calculation for each PK, the secret fragments (x 1, PK 1) and (x 2, PK 2) are obtained. Assuming that PK is generated based on ECC algorithm, i.e. the pattern of elliptic curve points (x, y), the concatenation of x and y is used as a secret for sharing. The secret shards (x 1, PK 1) are stored in PK units of a public key pool. Other users can recover the initial PK by collecting 2 groups of secrets when obtaining corresponding public keys, and the specific recovery steps are as follows:
2 sets of secrets to derive Lagrangian parameters:
λ1=(-x2)/(x1-x2)
λ2=(-x1)/(x2-x1)
obtaining PK = λ 1 PK1+ λ 2 PK2= (x 1 PK2-x2 PK 1)/(x 1-x 2)
PK unit:
PKR | FPOS information | (x1,PK1) | PK algorithm |
Wherein the FPOS information includes the FPOS algorithm ID and internal parameters, as shown below.
FPOS information:
FPOS Algorithm ID | Internal parameters |
The algorithm of the FPOS may have various calculation modes, for example, FPOS (PKR) = (a × PKR + b)% n. Wherein% is modulo arithmetic; PKR is an input variable; n (number of PK units) is an external parameter; a. b is an internal parameter; or FPOS (PKR) = (PKR ^ c) × d% n; wherein ^ is power operation,% is modulus operation; PKR is an input variable; n (number of PK units) is an external parameter; c. d is an internal parameter. The above two algorithms are only used as references, and the present invention is not limited to the two calculation methods.
The PK algorithm refers to a specific public key algorithm (asymmetric cryptographic algorithm), and there may be a variety of public key algorithms, such as RSA/DSA/ECC.
2. Key fob
Key fobs in the present invention are divided into two key fobs, one is a CA key fob for a CA system and the other is a user key fob. The CA key card comprises a public key pool and a CA public-private key pair; the user key fob includes a pool of public keys, a pair of user public and private keys, a user public key secret shard (x 2, PK 2), a public key unit pointer random number, and a CA public key. The public key pool of the CA key fob is the same as the public key pool in the user key fob. The key fob distribution is as shown in fig. 1 and 2.
The CA server creates a public key pool file having a size of at least N sp and a private key pool file having a size of at least N ss before issuing the key fob. sp is the size of 1 PK unit, ss is the size of 1 SK, and SK is the private key. The CA server will generate N PK/SK pairs, denoted PKv/SKv, v ∈ [1, N ]. And (2, 2) secret sharing calculation is carried out on the public key PKv to obtain (x 1, PK 1) v, (x 2, PK 2) v, and v belongs to [1, N ]. The CA server generates a PKR, which is a true random number, preferably a quantum random number. And the CA server randomly generates an FPOS algorithm ID and FPOS internal parameters, and calculates to obtain PKPOS, wherein the PKPOS is a position pointer of a public key unit. And the CA server assigns the position of the public key pool file PKPOS, namely writes PKR, FPOS information, (x 1, PK 1) v and PK algorithm. And the CA server assigns the position of the private key pool file PKPOS, namely writes the SK. If the position of the PKPOS is assigned, replacing 1 or more of the PKR, the FPOS algorithm ID and the FPOS internal parameters, and executing the process again until the position which is not assigned is found.
The CA server generates a public and private key pair PKCA/SKCA based on RSA algorithm as the key of the CA server. And sending the CA public and private key pair PKCA/SKCA and the public key pool to the CA key card in a secure mode by taking the issued first key card as the CA key card. And the key fob issued subsequently is a user key fob, the CA public key and the public key pool are sent to the user key fob in a secure manner, an unassigned public key unit or private key is found from the public key pool or the private key pool of the CA server, and a corresponding public and private key pair PKv/SKv, a corresponding public key unit pointer random number and a corresponding public key secret shard (x 2, PK 2) v are issued to the user key fob.
The method of secure transmission may be any of the following 6 cases:
(1) The user key fob is directly connected to the CA key fob through a USB or network interface or the like, and information is transmitted by the CA key fob;
(2) The user key card and the CA key card are both connected to a certain security host approved by CA through a USB or network interface and the like, and the host transfers information;
(3) The CA key fob and the user key fob are distributed with pre-shared keys, the CA key fob encrypts information by using the pre-shared keys, and the information is decrypted by the user key fob after being transmitted to the user key fob by a network;
(4) A quantum key distribution network is arranged between the CA key fob and the user key fob, and the CA key fob encrypts information by using a key distributed by the quantum key, transmits the information to the user key fob and is decrypted by the user key fob;
(5) Copying information directly into a user key fob via a secure storage medium;
(6) Other secure transmission means not mentioned.
Example one
1.1 digital certificate Generation
The structure of the digital certificate is shown in fig. 3.
In this embodiment, the digital certificate includes four parts, namely certificate information, issuer information, holder information, and an issuer digital signature. The certificate information comprises a version number, a serial number and a validity period; the information of the issuer is the name of the issuer; the holder information comprises a holder name, a holder public key algorithm, a holder public key unit pointer random number and a holder public key PKv (x 2, PK 2) v after secret sharing by (2, 2); the issuer digital signature includes a CA digital signature.
The generation of the CA digital signature is as follows:
before carrying out digital signature, the CA server finds out corresponding secret fragments (x 1, PK 1) through a public key unit pointer random number of the holder, carries out secret recovery calculation by combining the secret fragments (x 2, PK 2) disclosed by the holder to obtain a holder public key PKv, and obtains actual holder information. The actual holder information includes the holder name, the holder public key algorithm, the holder's public key unit pointer random number, and the holder public key PKv.
The certificate information, the issuer information and the actual holder information are collectively called as actual content of the certificate, named PCERT3, the CA server utilizes a private key SKCA of the CA server to perform signature calculation of an RSA algorithm on the PCERT3, and a signature SIGCA = HASH (PCERT 3) ^ SKCAmod n is obtained, wherein HASH () represents a HASH algorithm used in the RSA algorithm and used for calculating a HASH value; n is the parameter of the RSA algorithm, i.e. the product of 2 large prime numbers.
In particular, the quantum computation resistant root certificate is a CA self-signed certificate: the issuer is the holder, i.e. the CA server. The main difference between the root certificate and the ordinary digital certificate is that the holder information of the root certificate is as follows: holder name, public key algorithm, HASH of CA public key HASH (PKCA).
Before using a common digital certificate, a user generally downloads and installs a CA root certificate in advance, verifies the validity of the CA root certificate, and sets the CA root certificate as a trusted certificate. The CA root certificate is used to authenticate other digital certificates.
1.2. Digital certificate verification
1.2.1 authentication of generic digital certificates
The classical digital certificate is generated by including the holder public key, but the digital certificate in the embodiment has no public key, and only the random number of the public key unit pointer and the public key PKv share the generated (x 2, PK 2) v through (2, 2) secret. Therefore, an adversary cannot crack the corresponding private keys, including the private key of the user and the private key of the CA server, through the digital certificate. The security of the digital certificate is guaranteed.
Before verifying the digital certificate, the user firstly matches in the public key pool according to the random number PKR of the pointer of the public key unit, whether the PK unit with the same PKR can be found or not is judged, if not, the verification fails, and the process is ended. If found, the PKR is then calculated based on the FPOS information in the matched PK unit, and the resulting value is compared to the PKPOS for that PK unit. If so, the PKR verification is passed. And taking out the secret fragments (x 1, PK 1) v in the PK unit, and carrying out secret recovery calculation by combining the corresponding secret fragments (x 2, PK 2) v in the digital certificate to obtain the holder public key PKv. Verification of the digital signature is then performed.
First the user takes the CA public key PKCA stored inside the key fob and verifies the issuer digital signature in the digital certificate using PCERT3 (certificate information, issuer information and actual holder information). If the signature verification fails, the digital certificate is false. Otherwise, the validity period of the digital certificate is verified, and if the validity period is within the validity period, the digital certificate is successfully verified. Otherwise, the digital certificate fails to verify.
1.2.2 authentication of root certificates
If the user verifies a digital certificate, the issuer of the certificate is found to be the holder, and then the verification process of the root certificate is entered.
The specific process of root certificate verification is as follows:
firstly, a user takes out a CA public key PKCA stored in a key fob, HASH operation is carried out on the public key PKCA to obtain HASH (PKCA) ', the HASH (PKCA) ' is compared with a HASH value HASH (PKCA) in a digital certificate, if the HASH (PKCA) ' is different from the HASH value HASH (PKCA), verification of the digital certificate is failed, and the process is ended. Otherwise, the next verification is carried out. The issuer digital signature in the root certificate is verified using the public key PKCA. If the signature verification fails, the digital certificate is declared to be false. Otherwise, further verification is carried out. And checking the validity period of the digital certificate and verifying whether the certificate is positioned in the validity period. If the root certificate is successfully verified within the validity period, the root certificate can be stored in the root certificate set. Otherwise, the root certificate authentication fails.
1.3. Digital certificate verification of subsequent instances
The user is verifying the holder's digital certificate and obtaining the digital certificate holder's public key. If the holder's public-private key pair is based on the ECDSA algorithm, the signature computed by the private key can be denoted as r, s. Because r in the signature is easy to be cracked by a quantum computer, the private key is leaked, so that the offset calculation needs to be carried out on r, and the negotiation of the offset can be realized through a public key pool. In the example, a secret fragment (x 1, PK 1) v of the public key unit of the signer is taken, a HASH value algorithm is performed on the secret fragment (x 1, PK 1) v | | s in combination with an s parameter in the signature to obtain HASH ((x 1, PK 1) v | | s), an offset is performed on r by using the HASH value to obtain r + HASH ((x 1, PK 1) v | | s), and the final signature is expressed as (r + HASH ((x 1, PK 1) v | | s), s). Since HASH ((x 1, PK 1) v | | | s) cannot be known by an enemy, r cannot be known by the enemy, and therefore the cracking of r by a quantum computer can be prevented.
In summary, the invention provides security and reliability of quantum computation resistance for the digital certificate by means of secret sharing of the user public key without affecting the generation efficiency.
The above description is only of the preferred embodiments of the present invention, and it should be noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the invention and these are intended to be within the scope of the invention.
Claims (4)
1. A method for issuing anti-quantum computation CA and certificates based on a secret sharing public key pool is applied to an anti-quantum computation CA and certificate issuing system based on a secret sharing public key pool, the system comprises CA servers and users which are positioned in the same group, the CA servers and the users are both provided with key fobs in which the same public key pool and respective public and private key pairs are stored, the CA servers issue the key fobs and digital certificates, and the CA servers obtain a first user public key secret fragment and a second user public key secret fragment for each user public key in a secret sharing mode;
the public key pool stores public key units corresponding to the number of users in the group, and each public key unit comprises a public key unit pointer random number used for representing user public key information, a public key pointer function, a user public key secret fragment I and a public key algorithm;
the user key card also stores a CA public key, a user public key secret fragment II and a public key unit pointer random number;
the digital certificate comprises certificate information, issuer information, holder information, and an issuer digital signature;
when an issuer and a holder of the digital certificate are both CA servers, the CA servers generate anti-quantum certificates serving as CA root certificates through self-signing, and holder information comprises holder names, holder public key algorithms and hash values of CA public keys; when the issuer and the holder of the digital certificate are different, the anti-quantum certificate generated by the CA server is used as a common digital certificate, and the holder information comprises a holder name, a holder public key algorithm, a public key unit pointer random number and a public key secret fragment II;
the public key pointer function comprises a public key pointer function algorithm ID and internal parameters, and a position pointer value of a public key unit is obtained by calculation by taking a random number of a pointer of the public key unit as an input quantity;
the digital certificate issuing step is as follows:
generating certificate information comprising a version number, a serial number and a validity period;
generating issuer information including an issuer name;
generating holder information which comprises a holder name, a holder public key algorithm, a holder public key unit pointer random number and a holder public key secret fragment II of the holder after the holder public key is subjected to secret sharing in the step (2, 2);
generating a CA digital signature, finding a corresponding public key secret fragment I by a CA server through a public key unit pointer random number of a holder before the digital signature is carried out, carrying out secret recovery calculation by combining a holder public key secret fragment II disclosed by the holder to obtain a holder public key and obtain actual holder information, wherein the actual holder information comprises a holder name, a holder public key algorithm, a holder public key unit pointer random number and a holder public key;
taking the certificate information, the issuer information and the actual holder information as actual contents of the certificate, and performing digital signature calculation on the actual contents of the certificate by using a CA (certificate authority) private key to obtain a digital signature;
and sending the signed anti-quantum certificate to a corresponding user.
2. A verification method of anti-quantum computation CA and certificate based on secret sharing public key pool is applied to an anti-quantum computation CA and certificate issuing system based on secret sharing public key pool, the system comprises CA servers and users which are located in the same group, the CA servers and the users are both provided with key fobs in which the same public key pool and respective public and private key pairs are stored, the CA servers issue the key fobs and digital certificates, and the CA servers obtain a user public key secret fragment I and a user public key secret fragment II for each user public key in a secret sharing mode;
the public key pool stores public key units corresponding to the number of users in the group, and each public key unit comprises a public key unit pointer random number used for representing user public key information, a public key pointer function, a user public key secret fragment I and a public key algorithm;
the user key card also stores a CA public key, a user public key secret fragment II and a public key unit pointer random number;
the digital certificate comprises certificate information, issuer information, holder information, and an issuer digital signature;
when an issuer and a holder of the digital certificate are both CA servers, the CA servers generate anti-quantum certificates serving as CA root certificates through self-signing, and holder information comprises holder names, holder public key algorithms and hash values of CA public keys; when the issuer and the holder of the digital certificate are different, the anti-quantum certificate generated by the CA server is used as a common digital certificate, and the holder information comprises a holder name, a holder public key algorithm, a public key unit pointer random number and a public key secret fragment II;
the public key pointer function comprises a public key pointer function algorithm ID and internal parameters, and a position pointer value of the public key unit is obtained by calculation by taking a random number of a pointer of the public key unit as an input quantity;
the CA root certificate verification method comprises the following steps:
the user takes out the CA public key stored in the key fob, the hash value obtained by carrying out hash operation on the CA public key is compared with the hash value in the digital certificate, if the CA public key is the same, the next step is carried out, otherwise, the process is ended;
the user adopts the CA public key to verify the digital signature of the issuer in the root certificate, the next step is entered after the verification, otherwise, the process is finished;
and the user checks the validity period of the digital certificate, if the digital certificate is in the validity period, the root certificate is successfully verified and stored in the root certificate set, otherwise, the authentication of the root certificate fails.
3. The secret shared public key pool-based quantum computation CA and certificate verification method according to claim 2, wherein the quantum computation CA and certificate verification method comprises:
the user verifies whether the holder of the anti-quantum digital certificate is the issuer CA server, if so, the authentication process of the CA root certificate is started; if not, entering the next common digital certificate verification process;
before the digital signature verification, a user finds a matched public key unit in a public key pool according to a pointer random number of the public key unit;
the user takes out the secret fragment I in the matched public key unit, performs secret recovery calculation by combining with the corresponding secret fragment II in the digital certificate to obtain the public key of the holder, obtains actual holder information, and takes the certificate information, the issuer information and the actual holder information as the actual content of the certificate;
the user adopts the CA public key and utilizes the actual content of the certificate to verify the digital signature of an issuer in the digital certificate, the next step is entered after the verification is passed, otherwise, the process is ended;
the user checks the validity period of the digital certificate, if the validity period is within the validity period, the digital certificate is successfully verified, otherwise, the digital certificate fails to be verified.
4. The secret shared public key pool-based quantum computation-resistant CA and certificate verification method according to claim 3, wherein: the step of searching the matched public key unit by the user is as follows: the user searches the public key unit with the same pointer random number of the public key unit in the public key pool according to the pointer random number of the public key unit, if the public key unit is not found, the verification fails, and the process is finished; if the random number is found, calculating the pointer random number of the public key unit according to the public key pointer function in the matched public key unit, and comparing the calculated position pointer value of the public key unit with the position pointer of the public key unit; if the public key units are identical, the verification is passed, and the units are matched public key units.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911395270.6A CN111211910B (en) | 2019-12-30 | 2019-12-30 | Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911395270.6A CN111211910B (en) | 2019-12-30 | 2019-12-30 | Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111211910A CN111211910A (en) | 2020-05-29 |
CN111211910B true CN111211910B (en) | 2023-04-14 |
Family
ID=70786448
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911395270.6A Active CN111211910B (en) | 2019-12-30 | 2019-12-30 | Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111211910B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112037054B (en) * | 2020-07-21 | 2023-10-03 | 杜晓楠 | Method and computer readable medium for hiding user's asset line in a decentralized identity system |
EP3952201A1 (en) * | 2020-08-07 | 2022-02-09 | ABB Schweiz AG | Trust establishment through certificate management in open platform communications unified architecture |
CN114362952B (en) * | 2020-10-13 | 2024-05-14 | 如般量子科技有限公司 | Anti-quantum computing transaction method and system for digital currency of sender offline |
CN113541972B (en) * | 2021-09-17 | 2021-12-17 | 杭州天谷信息科技有限公司 | Digital certificate generation method and electronic signature method |
CN113919005B (en) * | 2021-10-18 | 2024-06-14 | 北京理工大学 | Digital certificate issuing method based on Schnorr aggregate signature |
CN113742760A (en) * | 2021-11-04 | 2021-12-03 | 武汉泰乐奇信息科技有限公司 | Big data calling method and device for preventing data increase |
CN113986845B (en) * | 2021-12-27 | 2022-03-29 | 南京大学 | Method and system for issuing unconditional trusted timestamp |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002344438A (en) * | 2001-05-14 | 2002-11-29 | Nippon Telegr & Teleph Corp <Ntt> | Key sharing system, key sharing device and program thereof |
WO2016209939A1 (en) * | 2015-06-22 | 2016-12-29 | Cyphre, Llc | Accelerated encryption and decryption of files with shared secret and method therefor |
CN109918888B (en) * | 2019-01-15 | 2020-09-08 | 如般量子科技有限公司 | Anti-quantum certificate issuing method and issuing system based on public key pool |
CN109672537B (en) * | 2019-01-18 | 2021-08-10 | 如般量子科技有限公司 | Anti-quantum certificate acquisition system and method based on public key pool |
CN110519046B (en) * | 2019-07-12 | 2023-10-13 | 如般量子科技有限公司 | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD |
-
2019
- 2019-12-30 CN CN201911395270.6A patent/CN111211910B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN111211910A (en) | 2020-05-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111211910B (en) | Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof | |
CN109672537B (en) | Anti-quantum certificate acquisition system and method based on public key pool | |
US9967239B2 (en) | Method and apparatus for verifiable generation of public keys | |
CN109918888B (en) | Anti-quantum certificate issuing method and issuing system based on public key pool | |
US9705683B2 (en) | Verifiable implicit certificates | |
US9800418B2 (en) | Signature protocol | |
US20160269397A1 (en) | Reissue of cryptographic credentials | |
US8595505B2 (en) | Apparatus and method for direct anonymous attestation from bilinear maps | |
KR20230024369A (en) | Creation of Secret Shares | |
CN110661613B (en) | Anti-quantum-computation implicit certificate issuing method and system based on alliance chain | |
US8356182B2 (en) | Electronic signature system and electronic signature verifying method | |
EP3496331A1 (en) | Two-party signature device and method | |
CN110545169B (en) | Block chain method and system based on asymmetric key pool and implicit certificate | |
US20150006900A1 (en) | Signature protocol | |
KR20230093432A (en) | Identification of Denial of Service Attacks | |
CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity | |
TW202318833A (en) | Threshold signature scheme | |
CN110572257B (en) | Identity-based data source identification method and system | |
CN110838918B (en) | Anti-quantum certificate issuing method and system based on public key pool and signature offset | |
WO2016187689A1 (en) | Signature protocol | |
Hanaoka et al. | Cryptanalysis of Aggregate $\Gamma $-Signature and Practical Countermeasures in Application to Bitcoin | |
EP4385169A1 (en) | Generating digital signatures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |