A method for multi-key agreement between encryption and decryption services

Abstract

The invention discloses a multi-key negotiation method used for encryption and decryption services, and relates to the technical field of communication security. In this method, node A independently selects N keys for the encryption operation of the data sent to B, and the keys are addressed from 0 to N-1, and A is responsible for initiating the key agreement of these N keys to B Process; set the key renegotiation period of N keys to be T, T is less than the minimum key validity period of the N keys, and initiate the i-th key at time (i‑1)*T / N Key negotiation; for any key with address i, re-initiate the key negotiation after T, 2T, 3T... when the key negotiation is initiated; similarly, B independently selects M keys for sending to A Data encryption operation, and B is responsible for initiating the key agreement process of M keys selected by itself to A. The method is suitable for multi-key negotiation between centralized encryption and decryption services, and is an important improvement over the prior art.

Description

technical field [0001] The invention relates to the technical field of communication security, in particular to a multi-key negotiation method used for encryption and decryption services. Background technique [0002] Encryption and decryption are computationally intensive. In addition, encryption and decryption algorithms and keys also need to be regularly upgraded and updated to prevent possible cracking. In the existing technology, the method of providing encryption and decryption services in a centralized manner is usually adopted, such as using proprietary encryption and decryption equipment, equipped with key cards, etc., which can reduce the difficulty of deploying encryption and decryption algorithms and improve the confidentiality of encryption and decryption algorithms and keys . However, when centralized encryption and decryption services are used, the following problems exist: [0003] 1. The key negotiation between encryption and decryption services cannot dep...

AI Technical Summary

Problems solved by technology

[0003] 1. The key negotiation between encryption and decryption services cannot depend on the application, because the timing of sending data by the application calling the encryption and decryption service is uncontrollable;

[0004] 2. If a single key pair is used between two nodes, encryption and decryption services cannot be provided externally during key negotiation, which will cause interruption of communication among multiple applications using the service;

[0005] 3. There is a validity period for the key. Overdue use will increase the risk of the key being cracked or leaked. Therefore, the key must be renegotiated before the validity period ends.

And key renegotiation will also make it impossible to decrypt data that has been encrypted with the original key.

Images