Elliptic curve cryptosystem based on identity

Abstract

The invention relates to an elliptic curve cryptosystem based on an identity. The system comprises a pseudo public key, a pseudo digital certificate, an ECC key generation system, a pseudo digital certificate issuing system, a pseudo digital certificate issuing client-side, a crypto module and a crypto application program. According to the cryptosystem, the pseudo public key corresponding to one identity corresponds to an ECC public key set and an ECC private key set corresponding to the same identity in the crypto module, and therefore the crypto operation of the pseudo public key is automatically transformed into the operation of using a corresponding public key in the corresponding ECC public key set. The crypto operation of using a private key corresponding to the pseudo public key is automatically transformed into the operation of using a corresponding private key in the corresponding ECC private key set. When no corresponding ECC public key or private key exists, the corresponding ECC public key or private key is automatically acquired through the crypto module. The cryptosystem has part of advantages of an IBC, the crypto operation is easier than that of the IBC, the support of client-side crypto hardware is easily obtained, and the intervention of a user in the key updating process can be reduced.

Description

technical field [0001] The invention belongs to the technical field of information security, and is an identity-based elliptic curve cryptosystem with some characteristics of IBC (Identity Based Cryptography). Background technique [0002] In asymmetric key cryptography (Asymmetric Key Cryptography), two different but interrelated keys (key pairs) are used, one of which can be made public, known as the public key (Public Key), for data encryption or signature Verification, the other is not public, called the private key (Private Key), used for data decryption or digital signature, the private key must be kept safely by the owner of the key pair. Since a key can be made public, the asymmetric key cryptosystem is also called Public Key Cryptography (Public Key Cryptography), and the key pair is also called a public key pair. Correspondingly, the cryptographic algorithm in the asymmetric key cryptosystem is called asymmetric key cryptographic algorithm or public key cryptograp...

AI Technical Summary

Problems solved by technology

[0008] 2) Since the user's IBC private key is dynamically calculated by PKG, it can easily restore the private key for the user (online) when the user's private key is lost, unlike PKI / CA that requires a complex KMC (Key Management Center) system Generate, save and restore the private keys (key pairs) of encrypted digital certificates for all users, where storing a large number of user private keys increases the complexity of the system and increases the requirements for system security and reliability

[0023] 1) At present, there is a lack of a unified international standard for cryptographic algorithms, resulting in the lack of a unified IBC cryptographic product certification standard, which hinders the development, production, sales and use of cryptographic equipment;

[0024] 2) There is no unified standard (international or industrial standard) at the application layer, resulting in a lack of application support. At present, almost all mainstream standard applications do not support IBC;

[0025] 3) Compared with common public-key cryptographic algorithms, IBC’s cryptographic operations have more complex pairing operations, and the amount of cryptographic operations is relatively large. If cryptographic operations are performed in cryptographic hardware, the requirements for cryptographic hardware are relatively high. Therefore, at present There is no suitable client-side cryptographic hardware (such as USB Key) for client-side cryptographic operations like RSA and ECC. The current IBC USB Key is basically a key storage key that does not perform cryptographic operations.

Images