CN107425971B  Certificateless data encryption/decryption method and device and terminal  Google Patents
Certificateless data encryption/decryption method and device and terminal Download PDFInfo
 Publication number
 CN107425971B CN107425971B CN201710277898.0A CN201710277898A CN107425971B CN 107425971 B CN107425971 B CN 107425971B CN 201710277898 A CN201710277898 A CN 201710277898A CN 107425971 B CN107425971 B CN 107425971B
 Authority
 CN
 China
 Prior art keywords
 decryption
 key
 encryption
 calculating
 identification
 Prior art date
 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
 Active
Links
 238000009795 derivation Methods 0.000 claims abstract description 46
 230000000875 corresponding Effects 0.000 claims abstract description 11
 238000004364 calculation method Methods 0.000 claims description 38
 238000000034 method Methods 0.000 description 13
 238000010586 diagram Methods 0.000 description 5
 239000000126 substance Substances 0.000 description 4
 238000005516 engineering process Methods 0.000 description 2
 238000011084 recovery Methods 0.000 description 2
 230000001808 coupling Effects 0.000 description 1
 238000010168 coupling process Methods 0.000 description 1
 238000005859 coupling reaction Methods 0.000 description 1
 125000004122 cyclic group Chemical group 0.000 description 1
 230000004048 modification Effects 0.000 description 1
 238000006011 modification reaction Methods 0.000 description 1
Classifications

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
 H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyperelliptic curves

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L63/00—Network architectures or network communication protocols for network security
 H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
 H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
 H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
 H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, nonrepudiation, key authentication or verification of credentials
 H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, nonrepudiation, key authentication or verification of credentials involving digital signatures
 H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, nonrepudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Abstract
The invention discloses a certificateless data encryption/decryption method, a certificateless data encryption/decryption device and a terminal, wherein the method comprises the following steps: the encryption terminal acquires system parameters disclosed by the key generation center through the decryption terminal to generate a key pair of an encryption public key and a decryption private key; generating an encryption key U based on an identification encryption method by using a random number, the system parameter and an identification ID _ B of a decryption end, generating an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypting the message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key to generate an encryption ciphertext of the message M; and decrypting the encrypted ciphertext by using the system parameter, the identification decryption private key D _ B corresponding to the identification ID _ B and the decryption private key through the decryption end. The invention does not need a certificate management system and ensures that only a determined ciphertext receiver can decrypt the ciphertext.
Description
Technical Field
The invention relates to the field of data encryption, in particular to a certificateless data encryption/decryption method, a certificateless data encryption/decryption device and a certificateless data encryption/decryption terminal.
Background
Conventional public key encryption systems require a secure public key issuing mechanism, such as certificatebased PKI (public key infrastructure) to associate a user's identity with the user's public key. The identity of the user in the identity cryptosystem can be used as the public key of the user, more precisely: the public key of the user is calculated by a specified method by using the specified identification of the user and a public system parameter. In this case, the user does not need to apply for and exchange certificates, thereby greatly simplifying the complexity of identity cryptosystem management.
The user's private key is computationally generated by a trusted third party in the identity cryptosystem, such as a "key generation center," using an identity private key generation method. The identification cryptosystem is a key entrusted system, namely, a controller of a key generation center can generate a private key of any identification so as to decrypt all ciphertexts.
How to need no certificate and ensure that only a determined ciphertext receiver can decrypt the ciphertext is the problem to be solved.
Disclosure of Invention
The invention mainly aims to provide a method and a device for encrypting/decrypting certificateless data, wherein the method is simple.
In order to achieve the above object, the present invention provides a certificateless data encryption/decryption method, including:
the encryption terminal acquires system parameters disclosed by the key generation center through the decryption terminal to generate a key pair of an encryption public key and a decryption private key;
generating an encryption key U based on an identification encryption method by using a random number, the system parameter and an identification ID _ B of a decryption end, generating an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypting the message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key to generate an encryption ciphertext of the message M;
and decrypting the encrypted ciphertext by using the system parameter, the identification decryption private key D _ B corresponding to the identification ID _ B and the decryption private key through the decryption end.
Further, the key generation center discloses the system parameters of<E,e,P_{1},P_{2},[s]P_{1},H,KDF，MAC>(ii) a Wherein the content of the first and second substances,
e is an elliptic curve selected by the key generation center;
e is a bilinear pair;
P_{1}and P_{2}Is a point group G_{1}And G_{2}Two points in (1); g_{1}And G_{2}Two point groups with prime number q of the order on the elliptic curve E are formed;
s is a master private key, which is a randomly selected integer between 0 and q;
[s]p1 is s P_{1}Adding;
h is a mapping function which maps a bit string O to [1, q1 ];
KDF is a standard key derivation function;
MAC is a standard message authentication code function.
Further, the identification decryption private key D _ B of the decryption end is:
D_B＝[s/(H(1ID_B)+s)]P_{2}。
further, the step of the encryption terminal obtaining the system parameters disclosed by the key generation center and generating the key pair of the encrypted public key and the decrypted private key includes:
the system parameters disclosed by the encryption terminal through the key generation center acquired by the decryption terminal are<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>；
Randomly selecting an integer x of 0< x < q by a decryption end, and taking the x as the decryption private key;
by selecting G at the decryption side_{1}A point F in_{1}Calculate [ x ]]F_{1}Will [ x ]]F_{1}As the encrypted public key.
Further, said F_{1}＝P_{1}。
Further, the step of generating an encryption key U based on an identification encryption method by using the random number, the system parameter and the identification ID _ B of the decryption end, generating an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypting the message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key to generate an encrypted ciphertext of the message M includes:
calculating the integer h_{1}＝H(1ID_B)；
Calculating public key Q _ B ═ h of decryption end_{1}]P_{1}+[s]P_{1}；
Generating a random number r ∈ [1, q1 ];
calculating X ═ r]Q _ B, converting X data type into bit string C_{1}；
Calculating Y ═ r]F_{1}Converting the Y data type into a bit string C_{2}；
Calculating w ═ g^{r}Converting the data type of w into a bit string U, where g ═ e ([ s ]]P_{1}，P_{2})；
Calculating Z ═ r][x]F_{1}Converting the data type of Z into a bit string V;
preparing a key derivation input XI, wherein the XI comprises a concatenation of U and V;
calculating K_{1}K_{2}＝KDF(XI)；
Calculating C_{3}＝M⊕K_{1}；
Calculating C_{4}＝MAC(K_{2}，M)；
Will be provided with<C_{1},C_{2},C_{3},C_{4}>As an output.
Further, the step of decrypting the encrypted ciphertext by the decryption end using the system parameter, the identification decryption private key D _ B corresponding to the identification ID _ B, and the decryption private key includes:
through the decryption end, C_{1}Is converted into a point X on the elliptic curve, and X is checked to be equal to G_{1}Whether the result is true or not;
if X belongs to G_{1}If not, directly judging that the verification fails through the decryption end;
through the decryption end, C_{2}Is converted into a point Y on the elliptic curve, and Y e G is checked_{1}Whether the result is true or not;
if Y is equal to G_{1}If not, directly judging that the verification fails through the decryption end;
if X belongs to G_{1}And Y ∈ G_{1}If both are true, calculating w ═ e (X, D _ B) by the decryption side; converting the data type of w into a bit string U;
calculating Z ═ x ] Y by the decryption end; converting the data type of Z into a bit string V;
preparing, by the decryption side, a key derivation input XI, wherein the XI comprises a concatenation of U and V;
calculating K by the decryption end_{1}K_{2}＝KDF(XI)；
Calculating M ═ C by the decryption side_{3}⊕K_{1}；
Calculating C ═ M by the decryption sideAC(K_{2}，M)；
Verifying by said decryption side that C ═ C_{4}If yes, the verification is passed, and M is output; otherwise, the verification fails and an error is output.
The invention also provides a certificateless data encryption/decryption device, which comprises:
the generating unit is used for the encrypting terminal to obtain the system parameters disclosed by the key generating center through the decrypting terminal to generate a key pair of an encrypted public key and a decrypted private key;
the encryption unit is used for generating an encryption key U based on an identification encryption method by using a random number, the system parameter and an identification ID _ B of a decryption end, generating an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypting the message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key to generate an encryption ciphertext of the message M;
and the decryption unit is used for decrypting the encrypted ciphertext by using the system parameter, the identification decryption private key D _ B corresponding to the identification ID _ B and the decryption private key through the decryption end.
Further, the key generation center discloses the system parameters of<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>(ii) a Wherein the content of the first and second substances,
e is an elliptic curve selected by the key generation center;
e is a bilinear pair;
P_{1}and P_{2}Is a point group G_{1}And G_{2}Two points in (1); g_{1}And G_{2}Two point groups with prime number q of the order on the elliptic curve E are formed;
s is a master private key, which is a randomly selected integer between 0 and q;
[s]p1 is s P_{1}Adding;
h is a mapping function which maps a bit string O to [1, q1 ];
KDF is a standard key derivation function;
MAC is a standard message authentication code function.
Further, the identification decryption private key D _ B of the decryption end is:
D_B＝[s/(H(1ID_B)+s)]P_{2}。
further, the generation unit includes:
the acquisition module is used for acquiring system parameters disclosed by the key generation center through the decryption end by the encryption end as<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>；
The first selection module is used for randomly selecting an integer x with 0< x < q through a decryption end, and taking the x as the decryption private key;
a second selection module for selecting G via the decryption end_{1}A point F in_{1}Calculate [ x ]]F_{1}Will [ x ]]F_{1}As the encrypted public key.
Further, said F_{1}＝P_{1}。
Further, the encryption unit includes:
a first calculation module for calculating an integer h_{1}＝H(1ID_B)；
A second calculation module for calculating a public key Q _ B ═ h at the decryption end_{1}]P_{1}+[s]P_{1}；
A selection module for generating a random number r ∈ [1, q1 ];
a third calculation module for calculating X ═ r]Q _ B, converting X data type into bit string C_{1}；
A fourth calculation module for calculating Y ═ r]F_{1}Converting the Y data type into a bit string C_{2}；
A fifth calculation module for calculating wg^{r}Converting the data type of w into a bit string U, where g ═ e ([ s ]]P_{1}，P_{2})；
A sixth calculation module for calculating Z ═ r][x]F_{1}Converting the data type of Z into a bit string V;
a key derivation module to prepare a key derivation input XI, wherein the XI comprises a concatenation of U and V
An encrypted seventh calculation module for calculating K_{1}K_{2}＝KDF(C1C2UVID_B)；
An encrypted eighth calculation module for calculating C_{3}＝M⊕K_{1}；
A ninth calculation module for calculating C_{4}＝MAC(K_{2}，M)；
An output module for connecting<C_{1},C_{2},C_{3},C_{4}>As an output.
Further, the decryption unit includes:
a first selection judgment module for judging C via the decryption terminal_{1}Is converted into a point X on the elliptic curve, and X is checked to be equal to G_{1}Whether the result is true or not;
a first verification module for determining if X belongs to G_{1}If not, directly judging that the verification fails through the decryption end;
a second selection judgment module for judging C via the decryption terminal_{2}Is converted into a point Y on the elliptic curve, and Y e G is checked_{1}Whether the result is true or not;
a second verification module for verifying if Y ∈ G_{1}If not, directly judging that the verification fails through the decryption end;
a first calculation module for decrypting if X belongs to G_{1}And Y ∈ G_{1}If both are true, calculating w ═ e (X, D _ B) by the decryption side; converting the data type of w into a bit string U;
the decryption second calculation module is used for calculating Z ═ x ] Y through the decryption end; converting the data type of Z into a bit string V;
a decryption derivation module, configured to prepare a key derivation input XI through the decryption end, where the XI includes concatenation of U and V;
a third decryption computation module for computing K through the decryption end_{1}K_{2}＝KDF(XI)；
A decryption fourth calculation module for calculating M ═ C by the decryption side_{3}⊕K_{1}；
A fifth decryption calculation module for calculating C ═ MAC (K) through the decryption side_{2}，M)；
A third verification module for verifying, by the decryption side, that C ═ C_{4}If yes, the verification is passed, and M is output; otherwise, the verification fails and an error is output.
The invention also provides a certificateless data encryption/decryption terminal, which comprises a memory and a processor; the memory is used for storing a program for supporting a device for encrypting/decrypting certificateless data to execute the method for encrypting/decrypting the certificateless data in any one of the above manners; the processor is configured to execute programs stored in the memory.
The certificateless data encryption/decryption method, the certificateless data encryption/decryption device and the certificateless data encryption/decryption terminal generate an encryption key U based on an identification encryption method by using a random number, the system parameter and an identification ID _ B of a decryption end, generate an encryption key V based on a public key encryption method by using the random number and the encryption key, encrypt a message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key, do not need a certificate management system, and simultaneously ensure that only a determined ciphertext receiving party can decrypt a ciphertext.
Drawings
FIG. 1 is a flowchart illustrating a certificateless data encryption/decryption method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for generating a key pair for encrypting a public key and decrypting a private key according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for generating an encrypted file according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a method for decrypting an encrypted file according to an embodiment of the present invention;
FIG. 5 is a block diagram illustrating an apparatus for certificateless data encryption/decryption in accordance with an embodiment of the present invention;
FIG. 6 is a block diagram illustrating the structure of a generating unit according to an embodiment of the present invention;
FIG. 7 is a block diagram illustrating the structure of an encryption unit according to an embodiment of the present invention;
FIG. 8 is a block diagram illustrating the structure of a decryption unit according to an embodiment of the present invention;
fig. 9 is a block diagram illustrating a structure of a terminal according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, an embodiment of the present invention provides a certificateless data encryption/decryption method, including:
s1, the encryption terminal acquires the system parameters disclosed by the key generation center through the decryption terminal to generate a key pair of an encryption public key and a decryption private key;
s2, generating an encryption key U based on an identification encryption method by using a random number, the system parameter and an identification ID _ B of a decryption end, generating an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypting the message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key to generate an encrypted ciphertext of the message M;
s3, decrypting the encrypted ciphertext through the decryption end by using the system parameter, the identification decryption private key D _ B corresponding to the identification ID _ B and the decryption private key.
As described in step S1, the encryption side and the decryption side are both intelligent electronic devices, such as a computer, a notebook computer, a smart phone, a tablet computer, and the like; the intelligent electronic device is an encryption end when in encryption and is a decryption end when in decryption. The key generation center is a key management center, is an important component of public key infrastructure, provides key services such as key generation, storage, backup, update, recovery, query and the like, and can solve the key management problem brought by largescale cryptographic technology application in a distributed enterprise application environment. The system parameters disclosed by the key generation center are<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>(ii) a Wherein the content of the first and second substances,
e is an elliptic curve selected by the key generation center;
e is a bilinear pair;
P_{1}and P_{2}Is a point group G_{1}And G_{2}Two points in (1); g_{1}And G_{2}Two point groups with prime number q of the order on the elliptic curve E are formed;
s is a master private key, which is a randomly selected integer between 0 and q;
[s]p1 is s P_{1}Adding;
h is a mapping function which maps a bit string O to [1, q1 ];
KDF is a standard key derivation function;
MAC is a standard message authentication code function.
In the above system parameters, g ═ e ([ s ]) can be added]P_{1}，P_{2}) I.e. the system parameter is<E,e,P_{1},P_{2},[s]P_{1},g＝e([s]P_{1}，P_{2}),H,KDF,MAC>Because g ═ e ([ s ])]P_{1}，P_{2}) Can be calculated from known parameters and can be added or not added to the system parameters as desired.
The encryption public key and the decryption private key are calculated by using parameters in system parameters, but are not required to be generated in a key generation center, but are finished at an encryption signature end, and the message M is not required to be sent to the key generation center for encryption processing and the like.
As described in step S2, the encrypted ciphertext is obtained by encrypting the message M with the encryption key U, the encryption key V, and the key derivation function KDF derived data encryption key is obtained by encrypting the message M, so that the message is not tampered. And the length of the encrypted ciphertext is short.
As described in step S3, the decryption end obtains the specified parameters by using the preset rule to decrypt the encrypted ciphertext. In the decryption process, the identification decryption private key D _ B is the identification ID _ B and the identification ID _ B of the end which utilizes decryption and signature verificationPreset calculation rules, in the present embodiment, D _ B ═ s/(H (1  ID _ B) + s)]P_{2}. In the decryption process, a value certificate of a third party and the like do not need to be called, and a certificate management system is not needed.
Referring to fig. 2, the step S1, in which the encryption side obtains the system parameters disclosed by the key generation center through the decryption side, and generates a key pair of the encryption public key and the decryption private key, includes:
s101, the encryption end obtains the system parameters disclosed by the key generation center through the decryption end and the system parameters are<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>；
S102, randomly selecting an integer x with 0< x < q by a decryption end, and taking the x as the decryption private key;
s103, selecting G through a decryption end_{1}A point F in_{1}Calculate [ x ]]F_{1}Will [ x ]]F_{1}As the encrypted public key.
As described in the above steps S101 to S103, the process is a key pair process for generating the encryption public key and the encryption private key. In this embodiment, F can be selected_{1}＝P_{1}And laterperiod encryption and decryption are facilitated.
Referring to fig. 3, in this embodiment, the step S2 of generating an encryption key U based on an identifier encryption method by using a random number, the system parameter, and an identifier ID _ B of a decryption end, generating an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypting the message M by using the encryption key U, the encryption key V, and a key derivation function KDF derived data encryption key to generate an encrypted ciphertext of the message M includes:
s201, calculating an integer h_{1}＝H(1ID_B)；
S202, calculating a public key Q _ B ═ h of a decryption end_{1}]P_{1}+[s]P_{1}；
S203, generating a random number r belongs to [1, q1 ];
s204, calculating X ═ r]Q _ B, converting X data type into bit string C_{1}；
S205, calculating Y ═ r]F_{1}Converting the Y data type into a bit string C_{2}；
S206, calculating w ═ g^{r}Converting the data type of w into a bit string U, where g ═ e ([ s ]]P_{1}，P_{2})；
S207, calculating Z ═ r][x]F_{1}Converting the data type of Z into a bit string V;
s208, preparing a key derivation input XI, wherein the XI comprises U and V splicing, optionally C_{1}、C_{2}、ID_B；
S209, calculating K_{1}K_{2}＝KDF(XI)；
S210, calculating C_{3}＝M⊕K_{1}；
S211, calculating C_{4}＝MAC(K_{2}，M)；
S212, mixing<C_{1},C_{2},C_{3},C_{4}>As an output.
As described in the above steps S201 to S212, that is, in the specific process of encrypting the message M by using the parameters such as the above encryption public key and encryption private key, the length of the encrypted ciphertext is small. Compared with the prior art, after the malicious attacker obtains the encrypted ciphertext, even if the system parameter, the encryption key U and the like are obtained, the malicious attacker cannot obtain the encryption key V and cannot decrypt the encrypted ciphertext.
Referring to fig. 4, the step S3 of decrypting the encrypted ciphertext by the decryption end using the system parameter, the identification decryption private key D _ B corresponding to the identification ID _ B, and the decryption private key includes:
s301, decoding C through the decryption end_{1}Is converted into a point X on the elliptic curve, and X is checked to be equal to G_{1}Whether the result is true or not;
s302, if X belongs to G_{1}If not, directly judging that the verification fails through the decryption end;
s303, decoding C through the decryption end_{2}Is converted into a point Y on the elliptic curve, and Y e G is checked_{1}Whether the result is true or not;
s304, if Y ∈ G_{1}If not, directly judging that the verification fails through the decryption end;
s305, if X belongs to G_{1}And Y ∈ G_{1}If both are true, calculating w ═ e (X, D _ B) by the decryption side; converting the data type of w into a bit string U;
s306, calculating Z ═ x ] Y through the decryption end; converting the data type of Z into a bit string V;
s307, key derivation input XI is prepared through the decryption end, wherein the XI comprises U and V splicing, and optionally C_{1}、C_{2}、ID_B；
S308, calculating K through the decryption end_{1}K_{2}＝KDF(XI)；
S309, calculating M ═ C through the decryption end_{3}⊕K_{1}；
S310, calculating C ═ MAC (K) by the decryption side_{2}，M)；
S311, verifying that C ═ C by the decryption side_{4}If yes, the verification is passed, and M is output; otherwise, the verification fails and an error is output.
As described in steps S301 to S311, that is, in the process of decrypting the encrypted ciphertext, the decryption process does not need to call a certificate, and is simple and secure.
In a specific embodiment, in the whole encryption and decryption process, threeparty cooperation is required, that is, a key generation center, an encryption end and a decryption end, and the process specifically includes:
a bilinear pair is a binary map e with three properties G_{1}xG_{2}→G_{t}
1. Binary linearity: e ([ s ]]P,[t]Q)＝e(P,Q)^{st}.s,t∈Z/Zq.P∈G_{1}，Q∈G_{2,}G_{1}Is a cyclic group of order q, G_{2}Is a power q group whose subgroup has the order q]P denotes s P additions.
2. Nondegradability: there are non0way P and Q, e (P, Q) ≠ 1.
3. Calculability: there is a polynomial time method to calculate e (P, Q).
Bilinear pairings are now known as Weil, Tate, Ate, RAte, optimized Ate, and the like on elliptic curves.
And step A, selecting an elliptic curve E by a key generation center, wherein the elliptic curve E is characterized by having a bilinear pair E which can be efficiently calculated. Determining two point groups G of prime order q on curve E_{1}And G_{2}. Respectively select G_{1}And G_{2}Two points P in_{1}And P_{2}. Randomly select 0<s<q as the primary private key, calculate s]P_{1}And g ═ e ([ s ]]P1, P2). Wherein [ s ]]P denotes the standard s P additions. Key generation center public parameters<E,e,P_{1},P_{2},[s]P_{1},g＝e([s]P_{1}，P_{2}),H,KDF，MAC>. Wherein the message mapping function H maps a bit string O to [1, q1]]KDF is a standard key derivation function and MAC is a standard message authentication code function.
B, the key generation center generates an identification decryption private key corresponding to the identification ID _ B of the decryption end: d _ B [ s/(H (1  ID _ B) + s) ] P2.
Step C, the decryption end obtains the public parameter of the key generation center<E,e,P_{1},P_{2},[s]P_{1},g＝e([s]P_{1}，P_{2}),H,KDF,MAC>Then, randomly select 0<x<q is an integer x, G is selected_{1}A point F in_{1}Calculate [ x ]]F_{1}Will [ x ]]F_{1}As its public key data, x serves as the decryption private key. An alternative method is to set F_{1}＝P_{1}。
Step D, the encryption terminal obtains system parameters<E,e,P_{1},P_{2},[s]P_{1},g＝e([s]P_{1}，P_{2}),H,KDF,MAC>And encrypting the public key x]F_{1}The message M is then encrypted to the identity ID _ B. The encryption method comprises the following steps:
d1: calculating the integer h_{1}＝H(1ID_B)；
D2: calculate Q _ B ═ h_{1}]P_{1}+[s]P_{1}；
D3: generating a random number r 1, q1;
d4: calculating X ═ r]Q _ B, converting X data type into bit string C_{1}；
D5: calculating Y ═ r]F1, converting the Y data type into a bit string C_{2}；
D6: calculating w ═ g^{r}Converting the data type of w into a bit string U;
d7: calculating Z ═ r][x]F_{1}Converting the data type of Z into a bit string V;
d8: calculating K_{1}K_{2}＝KDF(C_{1}C_{2}UVID_B)；
D9: calculating C_{3}＝M⊕K_{1}；
D10: calculating C_{4}＝MAC(K_{2}，M)；
D11: will be provided with<C_{1},C_{2},C_{3},C_{4}>As an output.
Step E, the decryption end uses the system parameters<E,e,P_{1},P_{2},[s]P1,g＝e([s]P_{1}，P_{2}),H,KDF,MAC>And identifying the decryption private key x, for the ciphertext<C_{1},C_{2},C_{3},C_{4}>And (6) decrypting.
E1: c is to be_{1}Is converted into a point X on the elliptic curve, and X is checked to be equal to G_{1}Whether the decryption is established or not, if not, the decryption fails;
e2: c is to be_{2}Is converted into a point Y on the elliptic curve, and Y e G is checked_{1}Whether the decryption is established or not, if not, the decryption fails;
e3: calculating w ═ e (X, D _ B); converting the data type of w into a bit string U;
e4: calculating Z ═ x ] Y; converting the data type of Z into a bit string V;
Z＝[r][x]F_{1}＝[x][r]F_{1}＝[x]Y
e5: calculating K_{1}K_{2}＝KDF(C_{1}C_{2}UVID_B)；
E6: calculating M ═ C_{3}⊕K_{1}；
E7: calculate C ═ MAC (K)_{2}，M)；
E8: checking whether C' is true or not, if so, verifying to pass, and outputting M; otherwise, the verification is not passed, and an error is output.
The certificateless data encryption/decryption method provided by the embodiment of the invention generates an encryption key U based on an identification encryption method by using a random number, the system parameter and an identification ID _ B of a decryption end, generates an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypts a message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key without a certificate management system, and simultaneously ensures that only a determined ciphertext receiver can decrypt a ciphertext.
Referring to fig. 5, an embodiment of the present invention further provides a device for certificateless data encryption/decryption, including:
the generating unit 10 is used for the encrypting terminal to obtain the system parameters disclosed by the key generating center through the decrypting terminal, and generate a key pair of an encrypted public key and a decrypted private key;
an encryption unit 20, configured to generate an encryption key U based on an identifier encryption method by using a random number, the system parameter, and an identifier ID _ B of a decryption end, generate an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypt the message M by using the encryption key U, the encryption key V, and a key derivation function KDF derived data encryption key, so as to generate an encrypted ciphertext of the message M;
and the decryption unit 30 is configured to decrypt the encrypted ciphertext through the decryption end by using the system parameter, the identification decryption private key D _ B corresponding to the identification ID _ B, and the decryption private key.
As for the generating unit 10, the encryption terminal and the decryption terminal are both intelligent electronic devices, such as a computer, a notebook computer, a smart phone, a tablet computer, and the like; the intelligent electronic device is an encryption end when in encryption and is a decryption end when in decryption. The key generation center is a key management center, is an important component of public key infrastructure, provides key services such as key generation, storage, backup, update, recovery, query and the like, and can solve the key management problem brought by largescale cryptographic technology application in a distributed enterprise application environment. The system parameters disclosed by the key generation center are<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>(ii) a Wherein the content of the first and second substances,
e is an elliptic curve selected by the key generation center;
e is a bilinear pair;
P_{1}and P_{2}Is a point group G_{1}And G_{2}Two points in (1); g_{1}And G_{2}Two point groups with prime number q of the order on the elliptic curve E are formed;
s is a master private key, which is a randomly selected integer between 0 and q;
[s]p1 is s P_{1}Adding;
h is a mapping function which maps a bit string O to [1, q1 ];
KDF is a standard key derivation function;
MAC is a standard message authentication code function.
In the above system parameters, g ═ e ([ s ]) can be added]P_{1}，P_{2}) I.e. the system parameter is<E,e,P_{1},P_{2},[s]P_{1},g＝e([s]P_{1}，P_{2}),H,KDF,MAC>Because g ═ e ([ s ])]P_{1}，P_{2}) Can be calculated from known parameters and can be added or not added to the system parameters as desired.
The encryption public key and the decryption private key are calculated by using parameters in system parameters, but are not required to be generated in a key generation center, but are finished at an encryption signature end, and the message M is not required to be sent to the key generation center for encryption processing and the like.
As the encryption unit 20, the encrypted ciphertext is obtained by encrypting the message M with the encryption key U, the encryption key V and the key derivation function KDF derived data encryption key, and the key derivation function KDF derived data encryption key is obtained by encrypting the message M, so that the message is ensured not to be tampered. And the length of the encrypted ciphertext is short.
As described above, the decryption unit 30 obtains the specified parameters to decrypt the encrypted ciphertext by using the preset rule through the decryption side. In the decryption process, the identifier decryption private key D _ B is obtained by using the identifier ID _ B of the decryption verification end and a preset calculation rule, in this embodiment, D _ B ═ s/(H (1  ID \ )B)+s)]P_{2}. In the decryption process, a value certificate of a third party and the like do not need to be called, and a certificate management system is not needed.
Referring to fig. 6, the generating unit 10 includes:
an obtaining module 101, configured to obtain, by the encryption side through the decryption side, a system parameter that is disclosed by the key generation center as<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>；
A first selection module 102, configured to randomly select an integer x with 0< x < q by a decryption end, where x is used as the decryption private key;
a second selection module 103 for selecting G via the decryption end_{1}A point F in_{1}Calculate [ x ]]F_{1}Will [ x ]]F_{1}As the encrypted public key.
The obtaining module 101, the first selecting module 102, and the second selecting module 103 are modules for generating an encrypted public key and an encrypted private key. In this embodiment, F can be selected_{1}＝P_{1}And laterperiod encryption and decryption are facilitated.
Referring to fig. 7, the encryption unit 20 includes:
a first calculation module 201 for calculating an integer h_{1}＝H(1ID_B)；
A second calculating module 202 for calculating a public key Q _ B ═ h at the decrypting end_{1}]P_{1}+[s]P_{1}；
A selection module 203 for generating a random number r ∈ [1, q1 ];
a third calculation block 204 for calculating X ═ r]Q _ B, converting X data type into bit string C_{1}；
An encryption fourth calculation block 205 for calculating Y ═ r]F_{1}Converting the Y data type into a bit string C_{2}；
An encrypted fifth calculation module 206 for calculating wg^{r}Converting the data type of w into a bit string U, where g ═ e ([ s ]]P_{1}，P_{2})；
A sixth calculation block 207 for calculating Z ═ r][x]F_{1}Converting the data type of Z intoConverting into a bit string V;
an encryption derivation module 208 for preparing a key derivation input XI, wherein the XI comprises a concatenation of U and V, and optionally C_{1}、C_{2}、ID_B；
An encrypted seventh calculation module 209 for calculating K_{1}K_{2}＝KDF(XI)；
An encrypted eighth calculation module 210 for calculating C_{3}＝M⊕K_{1}；
An encrypted ninth calculation module 211 for calculating C_{4}＝MAC(K_{2}，M)；
An output module 212 for coupling<C_{1},C_{2},C_{3},C_{4}>As an output.
The above is a specific module for encrypting the message M by using the parameters such as the encryption public key, the encryption private key and the like, and the length of the encrypted ciphertext is small. Compared with the prior art, after the malicious attacker obtains the encrypted ciphertext, even if the system parameter, the encryption key U and the like are obtained, the malicious attacker cannot obtain the encryption key V and cannot decrypt the encrypted ciphertext.
Referring to fig. 8, the decryption unit 30 includes:
a first selection judging module 301, configured to select C through the decryption end_{1}Is converted into a point X on the elliptic curve, and X is checked to be equal to G_{1}Whether the result is true or not;
a first verification module 302 for if X ∈ G_{1}If not, directly judging that the verification fails through the decryption end;
a second selection judgment module 303, configured to send C through the decryption end_{2}Is converted into a point Y on the elliptic curve, and Y e G is checked_{1}Whether the result is true or not;
a second verification module 304 for verifying if Y ∈ G_{1}If not, directly judging that the verification fails through the decryption end;
a first calculation module 305 of decryption for if X ∈ G_{1}And Y ∈ G_{1}If both are true, calculating w ═ e (X, D _ B) by the decryption side; converting the data type of w into a bit string U;
a decryption second calculating module 306, configured to calculate Z ═ x ] Y through the decryption end; converting the data type of Z into a bit string V;
a decryption derivation module 307, configured to decrypt, by the decryption end, the third computation module to prepare a key derivation input XI, where the XI includes concatenation of U and V, and optionally, may further include C_{1}、C_{2}、ID_B；
A third decryption computation module 308 for computing K through the decryption end_{1}K_{2}＝KDF(XI)；
A decryption fourth calculating module 309, configured to calculate M ═ C through the decryption side_{3}⊕K_{1}；
A fifth decryption calculation module 310 for calculating C ═ MAC (K) through the decryption side_{2}，M)；
A third verification module 311 for verifying C' ═ C by the decryption side_{4}If yes, the verification is passed, and M is output; otherwise, the verification fails and an error is output.
The module for decrypting the encrypted ciphertext is simple and safe, and a certificate and the like are not required to be called in the decryption process.
The certificateless data encryption/decryption device provided by the embodiment of the invention generates an encryption key U based on an identification encryption method by using a random number, the system parameter and an identification ID _ B of a decryption end, generates an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypts a message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key without a certificate management system, and simultaneously ensures that only a determined ciphertext receiver can decrypt a ciphertext.
Referring to fig. 9, an embodiment of the present invention further provides a certificatefree data encryption/decryption terminal 400, which includes a memory 401 and a processor 402; the memory 401 is used for storing a program for enabling a device for certificateless data encryption/decryption to execute the certificateless data encryption/decryption method described in any one of the above embodiments; the processor 402 is configured to execute programs stored in the memory.
The terminal 400 may be an intelligent electronic device, such as a computer, a notebook computer, a smart phone, a tablet computer, and the like.
The terminal 400 is an encryption terminal when encrypting, and is a decryption terminal when decrypting.
In the terminal 400 of the embodiment of the present invention, the random number, the system parameter, and the identifier ID _ B of the decryption end are used to generate the encryption key U based on the identifier encryption method, the random number and the encryption key are used to generate the encryption key V based on the public key encryption method, and the encryption key U, the encryption key V, and the key derivation function KDF derived data encryption key are used to encrypt the message M, so that a certificate management system is not required, and it is ensured that only a certain ciphertext receiver can decrypt the ciphertext.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (9)
1. A certificateless data encryption/decryption method, comprising:
the encryption terminal acquires system parameters disclosed by the key generation center through the decryption terminal to generate a key pair of an encryption public key and a decryption private key; the system parameters disclosed by the key generation center are<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>(ii) a Wherein E is an elliptic curve selected by the key generation center; e is a bilinear pair; p_{1}And P_{2}Is a point group G_{1}And G_{2}Two points in (1); g_{1}And G_{2}Two point groups with prime number q of the order on the elliptic curve E are formed; s is a master private key, which is a randomly selected integer between 0 and q; [ s ] of]P_{1}Is s P_{1}Adding; h is a mapping function that maps a bit string O to [1, q1]]The above step (1); KDF is a standard key derivation function; MAC is a standard message authentication code function;
generating an encryption key U based on an identification encryption method by using a random number, the system parameter and an identification ID _ B of a decryption end, generating an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypting the message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key to generate an encryption ciphertext of the message M; the derivation input of the key derivation function KDF comprises splicing of an encryption key U and an encryption key V;
decrypting the encrypted ciphertext by the decryption end by using the system parameter, an identification decryption private key D _ B corresponding to the identification ID _ B and the decryption private key;
the method comprises the following steps that the encryption terminal obtains system parameters disclosed by a key generation center through a decryption terminal to generate a key pair of an encryption public key and a decryption private key, and comprises the following steps:
the system parameters disclosed by the encryption terminal through the key generation center acquired by the decryption terminal are<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>；
Randomly selecting an integer x of 0< x < q by a decryption end, and taking the x as the decryption private key;
by selecting G at the decryption side_{1}A point F in_{1}Calculate [ x ]]F_{1}Will [ x ]]F_{1}As the encryption public key, and F_{1}＝P_{1}。
2. The certificateless data encryption/decryption method according to claim 1, wherein the identification decryption private key D _ B of the decryption side is:
D_B＝[s/(H(1ID_B)+s)]P_{2}。
3. the certificateless data encryption/decryption method according to claim 1, wherein the step of generating an encryption key U based on an identification encryption method using a random number, the system parameter and an identification ID _ B of a decryption side, generating an encryption key V based on a public key encryption method using the random number and the encryption public key, and encrypting the message M using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key to generate an encrypted ciphertext of the message M comprises:
calculating the integer h_{1}＝H(1ID_B)；
Calculating public key Q _ B ═ h of decryption end_{1}]P_{1}+[s]P_{1}；
Generating a random number r ∈ [1, q1 ];
calculating X ═ r]Q _ B, converting X data type into bit string C_{1}；
Calculating Y ═ r]F_{1}Converting the Y data type into a bit string C_{2}；
Calculating w ═ g^{r}Converting the data type of w into a bit string U, where g ═ e ([ s ]]P_{1}，P_{2})；
Calculating Z ═ r][x]F_{1}Converting the data type of Z into a bit string V;
preparing a key derivation input XI, wherein the XI comprises a concatenation of U and V;
calculating K_{1}K_{2}＝KDF(XI)；
Calculating C_{3}＝M⊕K_{1}；
Calculating C_{4}＝MAC(K_{2}，M)；
Will be provided with<C_{1},C_{2},C_{3},C_{4}>As an output.
4. The certificateless data encryption/decryption method according to claim 3, wherein the step of decrypting the encrypted ciphertext by the decryption side using the system parameter, an identification decryption private key D _ B corresponding to the identification ID _ B, and the decryption private key comprises:
through the decryption end, C_{1}Is converted into a point X on the elliptic curve, and X is checked to be equal to G_{1}Whether the result is true or not;
if X belongs to G_{1}If not, directly judging that the verification fails through the decryption end;
through the decryption end, C_{2}Is converted into a point Y on the elliptic curve, and Y e G is checked_{1}Whether or not it is established；
If Y is equal to G_{1}If not, directly judging that the verification fails through the decryption end;
if X belongs to G_{1}And Y ∈ G_{1}If both are true, calculating w ═ e (X, D _ B) by the decryption side; converting the data type of w into a bit string U;
calculating Z ═ x ] Y by the decryption end; converting the data type of Z into a bit string V;
preparing, by the decryption side, a key derivation input XI, wherein the XI comprises a concatenation of U and V;
calculating K by the decryption end_{1}K_{2}＝KDF(XI)；
Calculating M ═ C by the decryption side_{3}⊕K_{1}；
Calculating C ═ MAC (K) by the decryption side_{2}，M)；
Verifying by said decryption side that C ═ C_{4}If yes, the verification is passed, and M is output; otherwise, the verification fails and an error is output.
5. An apparatus for certificateless data encryption/decryption, comprising:
the generating unit is used for the encrypting terminal to obtain the system parameters disclosed by the key generating center through the decrypting terminal to generate a key pair of an encrypted public key and a decrypted private key; the system parameters disclosed by the key generation center are<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>(ii) a Wherein E is an elliptic curve selected by the key generation center; e is a bilinear pair; p_{1}And P_{2}Is a point group G_{1}And G_{2}Two points in (1); g_{1}And G_{2}Two point groups with prime number q of the order on the elliptic curve E are formed; s is a master private key, which is a randomly selected integer between 0 and q; [ s ] of]P_{1}Is s P_{1}Adding; h is a mapping function that maps a bit string O to [1, q1]]The above step (1); KDF is a standard key derivation function; MAC is a standard message authentication code function;
the encryption unit is used for generating an encryption key U based on an identification encryption method by using a random number, the system parameter and an identification ID _ B of a decryption end, generating an encryption key V based on a public key encryption method by using the random number and the encryption public key, and encrypting the message M by using the encryption key U, the encryption key V and a key derivation function KDF derived data encryption key to generate an encryption ciphertext of the message M; the derivation input of the key derivation function KDF comprises splicing of an encryption key U and an encryption key V;
the decryption unit is used for decrypting the encrypted ciphertext through the decryption end by using the system parameter, the identification decryption private key D _ B corresponding to the identification ID _ B and the decryption private key;
wherein the generating unit includes:
the acquisition module is used for acquiring system parameters disclosed by the key generation center through the decryption end by the encryption end as<E,e,P_{1},P_{2},[s]P_{1},H,KDF,MAC>；
The first selection module is used for randomly selecting an integer x with 0< x < q through a decryption end, and taking the x as the decryption private key;
a second selection module for selecting G via the decryption end_{1}A point F in_{1}Calculate [ x ]]F_{1}Will [ x ]]F_{1}As the encryption public key, and F_{1}＝P_{1}。
6. The certificateless data encryption/decryption apparatus according to claim 5, wherein the identification decryption private key D _ B of the decryption side is:
D_B＝[s/(H(1ID_B)+s)]P_{2}。
7. the certificateless data encryption/decryption apparatus according to claim 5, wherein the encryption unit comprises:
a first calculation module for calculating an integer h_{1}＝H(1ID_B)；
A second calculation module for calculating a public key Q _ B ═ h at the decryption end_{1}]P_{1}+[s]P_{1}；
A selection module for generating a random number r ∈ [1, q1 ];
a third calculation module for calculating X ═ r]Q _ B, converting X data type into bit string C_{1}；
A fourth calculation module for calculating Y ═ r]F_{1}Converting the Y data type into a bit string C_{2}；
A fifth calculation module for calculating wg^{r}Converting the data type of w into a bit string U, where g ═ e ([ s ]]P_{1}，P_{2})；
A sixth calculation module for calculating Z ═ r][x]F_{1}Converting the data type of Z into a bit string V;
an encryption derivation module, configured to prepare a key derivation input XI, where the XI includes a concatenation of U and V;
an encrypted seventh calculation module for calculating K_{1}K_{2}＝KDF(XI)；
An encrypted eighth calculation module for calculating C_{3}＝M⊕K_{1}；
A ninth calculation module for calculating C_{4}＝MAC(K_{2}，M)；
An output module for connecting<C_{1},C_{2},C_{3},C_{4}>As an output.
8. The certificateless data encryption/decryption apparatus according to claim 7, wherein the decryption unit comprises:
a first selection judgment module for judging C via the decryption terminal_{1}Is converted into a point X on the elliptic curve, and X is checked to be equal to G_{1}Whether the result is true or not;
a first verification module for determining if X belongs to G_{1}If not, directly judging that the verification fails through the decryption end;
a second selection judgment module for judging C via the decryption terminal_{2}Is converted into a point Y on the elliptic curve, and Y e G is checked_{1}Whether the result is true or not;
a second verification module for verifying if Y ∈ G_{1}If not, directly judging that the verification fails through the decryption end;
a first calculation module for decrypting if X belongs to G_{1}And Y ∈ G_{1}If both are true, calculating w ═ e (X, D _ B) by the decryption side; converting the data type of w into a bit string U;
the decryption second calculation module is used for calculating Z ═ x ] Y through the decryption end; converting the data type of Z into a bit string V;
a decryption derivation module, configured to prepare a key derivation input XI through the decryption end, where the XI includes concatenation of U and V;
a third decryption computation module for computing K through the decryption end_{1}K_{2}＝KDF(XI)；
A decryption fourth calculation module for calculating M ═ C by the decryption side_{3}⊕K_{1}；
A fifth decryption calculation module for calculating C ═ MAC (K) through the decryption side_{2}，M)；
A third verification module for verifying, by the decryption side, that C ═ C_{4}If yes, the verification is passed, and M is output; otherwise, the verification fails and an error is output.
9. A certificateless data encryption/decryption terminal comprising a memory and a processor;
the memory is used for storing a program for supporting a device for certificateless data encryption/decryption to execute the certificateless data encryption/decryption method of any one of claims 14;
the processor is configured to execute programs stored in the memory.
Priority Applications (1)
Application Number  Priority Date  Filing Date  Title 

CN201710277898.0A CN107425971B (en)  20170425  20170425  Certificateless data encryption/decryption method and device and terminal 
Applications Claiming Priority (1)
Application Number  Priority Date  Filing Date  Title 

CN201710277898.0A CN107425971B (en)  20170425  20170425  Certificateless data encryption/decryption method and device and terminal 
Publications (2)
Publication Number  Publication Date 

CN107425971A CN107425971A (en)  20171201 
CN107425971B true CN107425971B (en)  20200605 
Family
ID=60424324
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

CN201710277898.0A Active CN107425971B (en)  20170425  20170425  Certificateless data encryption/decryption method and device and terminal 
Country Status (1)
Country  Link 

CN (1)  CN107425971B (en) 
Families Citing this family (4)
Publication number  Priority date  Publication date  Assignee  Title 

CN109361506B (en) *  20180921  20210615  无锡润盟软件有限公司  Information processing method 
CN109560931B (en) *  20181130  20201124  江苏恒宝智能系统技术有限公司  Equipment remote upgrading method based on certificatefree system 
CN110224835A (en) *  20190529  20190910  电子科技大学  A kind of identity Hidden Authentication encipherment scheme of no certificate 
CN111010277B (en) *  20191227  20210625  北京海泰方圆科技股份有限公司  Key exchange method, device, storage medium and computing device 
Citations (2)
Publication number  Priority date  Publication date  Assignee  Title 

EP2341724A2 (en) *  20100104  20110706  Tata Consultancy Services Limited  System and method for secure transaction of data between wireless communication device and server 
EP2416524A2 (en) *  20100709  20120208  Tata Consultancy Services Limited  System and method for secure transaction of data between wireless communication device and server 
Family Cites Families (2)
Publication number  Priority date  Publication date  Assignee  Title 

CN102201920B (en) *  20110712  20130612  北京中兴通数码科技有限公司  Method for constructing certificateless public key cryptography 
CN104052608B (en) *  20140707  20170419  西安电子科技大学  Certificatefree remote anonymous authentication method based on third party in cloud application 

2017
 20170425 CN CN201710277898.0A patent/CN107425971B/en active Active
Patent Citations (2)
Publication number  Priority date  Publication date  Assignee  Title 

EP2341724A2 (en) *  20100104  20110706  Tata Consultancy Services Limited  System and method for secure transaction of data between wireless communication device and server 
EP2416524A2 (en) *  20100709  20120208  Tata Consultancy Services Limited  System and method for secure transaction of data between wireless communication device and server 
Also Published As
Publication number  Publication date 

CN107425971A (en)  20171201 
Similar Documents
Publication  Publication Date  Title 

EP3318043B1 (en)  Mutual authentication of confidential communication  
CN107425971B (en)  Certificateless data encryption/decryption method and device and terminal  
CN104539423B (en)  A kind of implementation method without CertPubKey cipher system of no Bilinear map computing  
CN107483212B (en)  Method for generating digital signature by cooperation of two parties  
CN104270249B (en)  It is a kind of from the label decryption method without certificate environment to identitybased environment  
CN107395368B (en)  Digital signature method, decapsulation method and decryption method in mediafree environment  
CN101789865B (en)  Dedicated server used for encryption and encryption method  
US9705683B2 (en)  Verifiable implicit certificates  
CN107196926B (en)  Cloud outsourcing privacy set comparison method and device  
US20060215837A1 (en)  Method and apparatus for generating an identifierbased public/private key pair  
CN109309569B (en)  SM2 algorithmbased collaborative signature method and device and storage medium  
CN109088726B (en)  SM2 algorithmbased collaborative signing and decrypting method and system for two communication parties  
CN104301108B (en)  It is a kind of from identitybased environment to the label decryption method without certificate environment  
CN105610773A (en)  Communication encryption method of electric energy meter remote meter reading  
US20130091362A1 (en)  Generating implicit certificates  
CN107483191B (en)  SM2 algorithm key segmentation signature system and method  
CN104767611B (en)  It is a kind of from PKIX environment to the label decryption method without certificate environment  
CN111740828B (en)  Key generation method, device and equipment and encryption and decryption method  
CN104767612A (en)  Signcryption method from certificateless environment to public key infrastructure environment  
EP2582085A1 (en)  Generating implicit certificates  
US20210152370A1 (en)  Digital signature method, device, and system  
CN103051459A (en)  Management method and device of traction secrete key of safety card  
CN108989053B (en)  Method for realizing certificateless public key cryptosystem based on elliptic curve  
CN108989054B (en)  Cipher system and digital signature method  
CN105530089A (en)  Attribute base encryption method and device 
Legal Events
Date  Code  Title  Description 

PB01  Publication  
PB01  Publication  
SE01  Entry into force of request for substantive examination  
GR01  Patent grant  
GR01  Patent grant 