Key cooperative exchange method and device, electronic equipment and medium
By splitting the private key and using elliptic curve cryptography in multi-party collaborative exchange, the problem of large communication and computational load in traditional methods is solved, achieving efficient key calculation and improved security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING WATCH DATA SYSTEM CO LTD
- Filing Date
- 2023-03-09
- Publication Date
- 2026-07-03
AI Technical Summary
Traditional multi-party key exchange methods suffer from high communication and computational costs, leading to excessive consumption of key device resources.
The private key is split into multiple parts using elliptic curve cryptography and stored in different communicating parties. The key is calculated by using the results of the interactive part, including receiving the random public key from the other party, calculating the random public key of the local party and intermediate parameters, and finally generating a shared key.
The shared key calculation can be completed in just two data interactions, which reduces the consumption of transmission resources and the computational burden on communication equipment, and improves the security of the private key.
Smart Images

Figure CN116405197B_ABST
Abstract
Description
Technical Field
[0001] This application relates to data communication technology, and in particular to a method, apparatus, electronic device and medium for collaborative key exchange. Background Technology
[0002] In public-key cryptography, ensuring the security of user private keys is a crucial issue. Typically, user private keys need to be securely generated, stored, and used in dedicated hardware. However, with the widespread adoption of public-key cryptography algorithms, and the promotion of my country's independently developed SM2 elliptic curve public-key cryptography algorithm, the SM2 algorithm is playing an increasingly important role in IoT applications such as connected vehicles, smart medical systems, and smart home systems, as well as in cloud computing systems. Many mobile smart terminals, however, do not have hardware cryptographic modules such as cryptographic chips or security elements.
[0003] To address this issue, a feasible solution is to employ a multi-party collaborative approach, where the private key is split into multiple parts and stored separately on different terminals. When performing private key calculations, each terminal uses its own sub-private key to perform the calculations and exchanges partial results, so that the final result of the private key calculation is obtained by one of the final parties.
[0004] However, traditional multi-party key exchange methods suffer from high communication and computational costs, which also leads to additional consumption of key device resources. Summary of the Invention
[0005] This application provides a method, apparatus, electronic device, and medium for collaborative key exchange. It addresses the problems of high communication and computational loads in traditional multi-party key exchange methods in related technologies.
[0006] According to one aspect of the embodiments of this application, a collaborative key exchange method is provided, applied to a local key device composed of a first communicating party and a second communicating party, wherein the first communicating party stores a first sub-private key and the second communicating party stores a second sub-private key, comprising:
[0007] Upon receiving the peer random number public key sent by the peer key device, the peer random number public key and the first random number public key are sent to the second communication party. The first random number public key is calculated by the first communication party based on the elliptic curve cryptography algorithm.
[0008] After the second communication party calculates its own random number public key based on the peer's random number public key, the first random number public key, and the second sub-private key, it sends the local random number public key and intermediate parameters to the first communication party.
[0009] The first communicating party calculates a shared key based on its local random number public key, intermediate parameters, and the first sub-private key, and sends the local random number public key to the peer key device.
[0010] Optionally, in another embodiment based on the method described above in this application, after receiving the peer random number public key sent by the peer key device, the method further includes:
[0011] The first communicating party generates a first random number r1 using a random number generator;
[0012] Using the elliptic curve cryptography algorithm, the first coordinate point of r1 on the elliptic curve is calculated, and the first coordinate point is used as the first random number public key.
[0013] Optionally, in another embodiment based on the method described above in this application, the step of the second communicating party calculating the local random number public key based on the peer's random number public key, the first random number public key, and the second sub-private key includes:
[0014] The second communicating party generates a second random number using a random number generator;
[0015] The second communicating party extracts the first field element from the peer's random number public key based on the SM2 algorithm. And based on the The local random number public key is calculated from the second sub-private key.
[0016] Optionally, in another embodiment based on the method described above in this application, the local random number public key is calculated based on the following formula:
[0017]
[0018] Wherein, the R B The local random number public key is r2, the second random number is d2, and the second sub-private key is P. B Let G be the public key of the local key device, G be the base point of the elliptic curve, and R1 be the first random number public key.
[0019] Optionally, in another embodiment based on the method described above in this application, after calculating the local random number public key, the method further includes:
[0020] The second communicating party extracts the second field element from the local random number public key based on the SM2 algorithm. And based on the The intermediate parameter s is calculated;
[0021] Send the local random number public key and intermediate parameters to the first communicating party.
[0022] The value of s is calculated based on the following formula:
[0023]
[0024] Optionally, in another embodiment based on the method described above in this application, after sending the local random number public key and intermediate parameters to the first communicating party, the method further includes:
[0025] The first communicating party extracts the first field element from the peer's random number public key based on the SM2 algorithm. And extracting the second field element from the local random number public key.
[0026] Using the first sub-private key, the intermediate parameters, and the and the The shared secret point is calculated;
[0027] After detecting that the shared secret point is not at infinity, the shared key is calculated based on the shared secret point.
[0028] Alternatively, in another embodiment based on the method described above in this application, the shared secret point is calculated based on the following formula:
[0029] V = [ht]Y;
[0030] Wherein, V is the shared secret point, t is the first parameter, and Y is the second parameter;
[0031] The Y is calculated based on the following formula:
[0032]
[0033] Wherein, P A R is the public key of the peer key device. A The public key for the random number generated by the peer;
[0034] And, t is calculated based on the following formula:
[0035]
[0036] Wherein, d1 is the first sub-private key, and r1 is the first random number generated by the first communicating party using a random number generator.
[0037] According to another aspect of the embodiments of this application, a collaborative key exchange device is provided, applied to a local key device composed of a first communicating party and a second communicating party, wherein the first communicating party stores a first sub-private key and the second communicating party stores a second sub-private key, comprising:
[0038] The receiving module is configured to, upon receiving a peer random number public key sent by a peer key device, send the peer random number public key and a first random number public key to the second communication party, wherein the first random number public key is calculated by the first communication party based on an elliptic curve cryptography algorithm;
[0039] The calculation module is configured to have the second communication party calculate the local random number public key based on the peer's random number public key, the first random number public key, and the second sub-private key, and then send the local random number public key and intermediate parameters to the first communication party.
[0040] The sending module is configured to have the first communicating party calculate a shared key based on the local random number public key, intermediate parameters, and the first sub-private key, and then send the local random number public key to the peer key device.
[0041] According to another aspect of the embodiments of this application, an electronic device is provided, comprising:
[0042] Memory, used to store executable instructions; and
[0043] A display is used to operate the memory to execute the executable instructions to perform any of the above-described collaborative key exchange methods.
[0044] According to another aspect of the embodiments of this application, a computer-readable storage medium is provided for storing computer-readable instructions, which, when executed, perform the operation of any of the above-described collaborative key exchange methods.
[0045] In this application, upon receiving the peer random number public key sent by the peer key device, the peer random number public key and the first random number public key are sent to the second communication party. The first random number public key is calculated by the first communication party based on the elliptic curve cryptography algorithm. The second communication party calculates its own random number public key based on the peer random number public key, the first random number public key, and the second sub-private key, and then sends its own random number public key and intermediate parameters to the first communication party. The first communication party calculates the shared key based on its own random number public key, intermediate parameters, and the first sub-private key, and then sends its own random number public key to the peer key device.
[0046] By applying the technical solution of this application, on the one hand, the shared key calculation process can be completed by the first and second communicating parties of the key device through only two data interactions. Furthermore, by transmitting intermediate parameters, the drawback of consuming transmission resources caused by transmitting multiple random public keys each time can be reduced. On the other hand, by splitting the key calculation operation across the two communicating parties, the computational resources of the communication devices can also be reduced. Attached Figure Description
[0047] The accompanying drawings, which form part of this specification, illustrate embodiments of this application and, together with the description, serve to explain the principles of this application.
[0048] This application can be more clearly understood with reference to the accompanying drawings and the following detailed description, wherein:
[0049] Figure 1 A schematic diagram of a collaborative key exchange method provided in an embodiment of this application is shown;
[0050] Figure 2 A flowchart illustrating the overall process of a collaborative key exchange method provided in an embodiment of this application is shown.
[0051] Figure 3 This illustration shows a flowchart of a first communicating party and a second communicating party generating a public key, provided in an embodiment of this application.
[0052] Figure 4 A schematic diagram of an electronic device provided in one embodiment of this application is shown;
[0053] Figure 5 This illustration shows a schematic diagram of the structure of an electronic device according to an embodiment of this application;
[0054] Figure 6 A schematic diagram of a storage medium provided in one embodiment of this application is shown. Detailed Implementation
[0055] Various exemplary embodiments of the present application will now be described in detail with reference to the accompanying drawings. It should be noted that, unless otherwise specifically stated, the relative arrangement, numerical expressions, and values of the components and steps set forth in these embodiments do not limit the scope of the present application.
[0056] At the same time, it should be understood that, for ease of description, the dimensions of the various parts shown in the accompanying drawings are not drawn according to actual scale.
[0057] The following description of at least one exemplary embodiment is merely illustrative and is not intended to limit the scope of this application or its application or use.
[0058] Techniques, methods, and equipment known to those skilled in the art may not be discussed in detail, but where appropriate, such techniques, methods, and equipment should be considered part of the specification.
[0059] It should be noted that similar labels and letters in the following figures indicate similar items; therefore, once an item is defined in one figure, it does not need to be discussed further in subsequent figures.
[0060] Furthermore, the technical solutions of the various embodiments of this application can be combined with each other, but only if they are based on the ability of those skilled in the art to implement them. When the combination of technical solutions is contradictory or cannot be implemented, it should be considered that such combination of technical solutions does not exist and is not within the scope of protection claimed by this application.
[0061] It should be noted that all directional indications (such as up, down, left, right, front, back, etc.) in the embodiments of this application are only used to explain the relative positional relationship and movement of each component in a certain specific posture (as shown in the figure). If the specific posture changes, the directional indication will also change accordingly.
[0062] The following is combined Figures 1-3 This application describes an exemplary method for collaborative key exchange. It should be noted that the following application scenarios are shown only to facilitate understanding of the spirit and principles of this application, and the implementation of this application is not limited in any way. Rather, the implementation of this application can be applied to any applicable scenario.
[0063] This application also proposes a method, apparatus, electronic device, and medium for collaborative key exchange.
[0064] Figure 1 The schematic diagram illustrates a flowchart of a collaborative key exchange method according to an embodiment of this application. The method is applied to a local key device composed of a first communicating party and a second communicating party, wherein the first communicating party stores a first sub-private key and the second communicating party stores a second sub-private key, including:
[0065] S101, after receiving the peer random number public key sent by the peer key device, the peer random number public key and the first random number public key are sent to the second communication party. The first random number public key is calculated by the first communication party based on the elliptic curve cryptography algorithm.
[0066] S102, the second communicating party calculates its own random number public key based on the peer's random number public key, the first random number public key, and the second sub-private key, and then sends its own random number public key and intermediate parameters to the first communicating party.
[0067] S103, the first communicating party calculates the shared key based on its own random number public key, intermediate parameters and the first sub-private key, and sends the local random number public key to the peer key device.
[0068] In related technologies, ensuring the security of users' private keys is a very important issue in public-key cryptography.
[0069] Typically, a user's private key needs to be securely generated, stored, and used in dedicated hardware. However, with the popularization of public-key cryptography algorithms and the promotion of my country's independently developed SM2 elliptic curve public-key cryptography algorithm, the SM2 algorithm is playing an increasingly important role in Internet of Things (IoT) applications such as connected vehicles, smart medical systems, and smart home systems, as well as in cloud computing systems.
[0070] Many mobile smart devices do not have hardware cryptographic modules such as cryptographic chips or secure elements. In this case, how to protect the security of private keys becomes a critical issue.
[0071] To address this issue, one embodiment of this application proposes splitting the private key of a key device into multiple parts and storing them separately in different communicating parties (e.g., terminals or servers). Understandably, when performing private key calculations, each communicating party can use its own stored sub-private key to perform the calculations, and by exchanging the results of their respective parts of the calculations, the final private key calculation result is obtained by one of the parties.
[0072] Understandably, the method described in this application can ensure that the complete private key does not appear during the private key generation and private key calculation process, which can effectively improve the security of the private key.
[0073] Furthermore, the collaborative key exchange method proposed in this application is illustrated with an example, where the two parties exchanging keys are a local key device and a peer key device. This application also splits the local key device into a first communicating party and a second communicating party. As an example, the first communicating party and the second communicating party are a client and a server.
[0074] In one embodiment, the elliptic curve cryptography algorithm proposed in this application can be the SM2 elliptic curve public-key cryptography algorithm. It consists of three parts: a digital signature algorithm, a key exchange protocol, and a public-key encryption algorithm.
[0075] As an example, in this application embodiment, the first communicating party and the second communicating party share the elliptic curve parameter E(F) of the SM2 algorithm. q The elliptic curve E is defined in the finite field F. q Let G be an elliptic curve on the x-axis, where G is the base point of the elliptic curve with order n, O is the point at infinity of the elliptic curve, and h is the cofactor of the elliptic curve.
[0076] In one embodiment, this application uses [] to represent a dot product operation on E, [k]G to represent a k-fold multiple of G, and mod n to represent a modulo n operation. For elliptic curve point addition and numerical addition, the plus sign + is used: if it is the addition of elliptic curve points, + represents point addition; if it is the addition of numerical values, + represents numerical addition.
[0077] In the process of key exchange, the first communicating party can first receive the random number public key R sent by the peer's key device. A After generating random numbers, and having the first communicating party calculate a portion of the random number public key R1, R1 and R... A Send to the second communication party.
[0078] For the second communicating party, it also needs to generate random numbers and calculate the common random number public key R based on these numbers. B And an intermediate parameter s, and the R B ,s is sent to the first communicating party.
[0079] Furthermore, the first communicating party, based on this R B Finally, the secret point V shared with the peer key device is calculated, and a shared key K is generated based on this. B , will R B Send to the peer key device, and optionally perform the corresponding key confirmation step in the SM2 algorithm with the peer key device.
[0080] Combination Figure 2 This application provides a detailed description of a collaborative key exchange method proposed in this application. This includes:
[0081] Step 1: The first communicating party receives the random number public key R sent by the peer's key device. A .
[0082] In one embodiment of this application, upon receiving the random number public key R... A Next, it can be verified to determine whether the proof satisfies the elliptic curve equation. Understandably, if it does not, the negotiation fails. If it does, proceed to step 2.
[0083] Step 2: The first communicating party generates a first random number r1∈[1, n-1]. Using an elliptic curve cryptography algorithm, it calculates the first coordinate point of r1 on the elliptic curve and uses this coordinate point as the first random number public key R1.
[0084] Where R1 = [r1]G.
[0085] Furthermore, after the first communicating party calculates the first random number public key R1, it sets R1 and R... ASend to the second communication party.
[0086] Step 3: The second communicating party also uses a random number generator to generate random numbers r2∈[1, n-1], and follows the method given in the SM2 algorithm to select from R A Recover the first domain element
[0087] Furthermore, the second communicating party needs to be based on And the public key R for calculating the local random number from the second private key. B .
[0088] As an example, the local random number public key R B The calculation formula is as follows:
[0089]
[0090] Among them, R B d2 is the local random number public key, r2 is the second random number, d2 is the second sub-private key, and P is the local random number public key. B is the public key of the local key device, G is the base point of the elliptic curve, and R1 is the first random number public key.
[0091] Furthermore, embodiments of this application also require obtaining a random number public key R from the local end. B The second field element was recovered. The intermediate parameter s is then calculated based on this.
[0092] The formula for calculating the intermediate parameter s is as follows:
[0093]
[0094] Finally, the second communicating party will send its local random number public key R. B The intermediate parameter s is sent to the first communicating party.
[0095] Step 4: The first communicating party uses the SM2 algorithm to obtain a random number public key R from the other end. A Recover the first domain element Random number public key R from this end B Recovery And based on the first sub-private key d1, intermediate parameter s, as well as The shared secret point V is calculated.
[0096] The formula for calculating V is:
[0097]
[0098] V = [ht]Y.
[0099] Understandably, if V is at infinity, the negotiation will fail.
[0100] Step 5: The first communicating party calculates the secret key K from the shared secret point V according to the SM2 algorithm. B and R B It is sent to the peer key device, and optionally, the corresponding key verification step in the SM2 algorithm is performed.
[0101] By applying the technical solution of this application, on the one hand, the shared key calculation process can be completed by the first and second communicating parties of the key device through only two data interactions. Furthermore, by transmitting intermediate parameters, the drawback of consuming transmission resources caused by transmitting multiple random public keys each time can be reduced. On the other hand, by splitting the key calculation operation across the two communicating parties, the computational resources of the communication devices can also be reduced.
[0102] Optionally, in another embodiment based on the method described above in this application, after receiving the peer random number public key sent by the peer key device, the method further includes:
[0103] The first communicating party generates a first random number r1 using a random number generator;
[0104] Using the elliptic curve cryptography algorithm, the first coordinate point of r1 on the elliptic curve is calculated, and the first coordinate point is used as the first random number public key.
[0105] Optionally, in another embodiment based on the method described above in this application, the step of the second communicating party calculating the local random number public key based on the peer's random number public key, the first random number public key, and the second sub-private key includes:
[0106] The second communicating party generates a second random number using a random number generator;
[0107] The second communicating party extracts the first field element from the peer's random number public key based on the SM2 algorithm. And based on the The local random number public key is calculated from the second sub-private key.
[0108] Optionally, in another embodiment based on the method described above in this application, the local random number public key is calculated based on the following formula:
[0109]
[0110] Wherein, the R B The local random number public key is r2, the second random number is d2, and the second sub-private key is P. BLet G be the public key of the local key device, G be the base point of the elliptic curve, and R1 be the first random number public key.
[0111] Optionally, in another embodiment based on the method described above in this application, after calculating the local random number public key, the method further includes:
[0112] The second communicating party extracts the second field element from the local random number public key based on the SM2 algorithm. And based on the The intermediate parameter s is calculated;
[0113] Send the local random number public key and intermediate parameters to the first communicating party.
[0114] The value of s is calculated based on the following formula:
[0115]
[0116] Optionally, in another embodiment based on the method described above in this application, after sending the local random number public key and intermediate parameters to the first communicating party, the method further includes:
[0117] The first communicating party extracts the first field element from the peer's random number public key based on the SM2 algorithm. And extracting the second field element from the local random number public key.
[0118] Using the first sub-private key, the intermediate parameters, and the and the The shared secret point is calculated;
[0119] After detecting that the shared secret point is not at infinity, the shared key is calculated based on the shared secret point.
[0120] Alternatively, in another embodiment based on the method described above in this application, the shared secret point is calculated based on the following formula:
[0121] V = [ht]Y;
[0122] Wherein, V is the shared secret point, t is the first parameter, and Y is the second parameter;
[0123] The Y is calculated based on the following formula:
[0124]
[0125] Wherein, P A R is the public key of the peer key device.A The public key for the random number generated by the peer;
[0126] And, t is calculated based on the following formula:
[0127]
[0128] Wherein, d1 is the first sub-private key, and r1 is the first random number generated by the first communicating party using a random number generator.
[0129] Furthermore, in combination Figure 3 As shown below, the process by which the local key device generates the public key in the collaborative key exchange method proposed in this application is explained:
[0130] Step a: The first communicating party generates a random number d1∈[1, n-2] and stores d1 as its own sub-private key.
[0131] Step b: The first communicating party uses the elliptic curve cryptography algorithm to calculate the coordinates of d1 on the elliptic curve, P1 = [d1]. -1 ]G, and send it to the second communication party.
[0132] Step c: The second communicating party generates a random number d2∈[1, n-2] and stores d2 as its own sub-private key.
[0133] Step d: The second communicating party receives P1 transmitted by the first communicating party and calculates the random number public key P. B =[d2 -1 ]P1-G.
[0134] Understandable, if P B =O or P B If +G = 0, then the second communicating party needs to regenerate a random number; otherwise, P will be... B Published as a public key.
[0135] In one implementation, the steps of the first and second communicating parties can be interchanged during the public key generation phase.
[0136] In one approach, the collaborative key exchange method proposed in this application enables the two communicating parties corresponding to the key devices to each generate and store their own partial private keys (i.e., sub-private keys), while both parties publish their common public key, and then collaboratively conduct a key exchange process with a third party.
[0137] This application effectively separates the private key and random number components in the standard SM2 key exchange protocol mathematically. This allows both participating parties to collaboratively conduct key exchange protocols with third parties without obtaining any information about the other party's sub-private key, thus ensuring the security of the SM2 algorithm's private key. This achieves optimal results with minimal transmission and computational load. The beneficial effects are:
[0138] 1. The complete private key of the SM2 algorithm never appears in the entire signing process, which improves the security of the SM2 algorithm private key;
[0139] 2. The private key is split into two parts, which can be stored on different terminals, making it more suitable for application scenarios involving many mobile smart terminals.
[0140] 3. The basic operation modules of the SM2 algorithm can be reused, without the need to add new operation modules, making implementation simple and deployment cost low.
[0141] 4. During the key exchange process, two points (the peer's random number public key and the first random number public key) are transmitted in the first round of interaction between the two communicating parties. Furthermore, in the second round of information transmission between the two communicating parties, one point (the local random number public key) and one value (i.e., the intermediate parameter s; understandably, the value occupies half the space of the point) are transmitted, thus reducing the amount of communication transmitted.
[0142] By applying the technical solution of this application, on the one hand, the shared key calculation process can be completed by the first and second communicating parties of the key device through only two data interactions. Furthermore, by transmitting intermediate parameters, the drawback of consuming transmission resources caused by transmitting multiple random public keys each time can be reduced. On the other hand, by splitting the key calculation operation across the two communicating parties, the computational resources of the communication devices can also be reduced.
[0143] Optionally, in another embodiment of this application, such as Figure 4 As shown, this application also provides a key collaborative exchange device. Applied to a local key device consisting of a first communicating party and a second communicating party, wherein the first communicating party stores a first sub-private key and the second communicating party stores a second sub-private key, comprising:
[0144] The receiving module 201 is configured to, upon receiving a peer random number public key sent by a peer key device, send the peer random number public key and a first random number public key to the second communication party, wherein the first random number public key is calculated by the first communication party based on an elliptic curve cryptography algorithm.
[0145] The calculation module 202 is configured to have the second communication party calculate the local random number public key based on the peer random number public key, the first random number public key and the second sub-private key, and then send the local random number public key and intermediate parameters to the first communication party.
[0146] The sending module 203 is configured to have the first communicating party calculate a shared key based on the local random number public key, intermediate parameters and the first sub-private key, and send the local random number public key to the peer key device.
[0147] By applying the technical solution of this application, on the one hand, the shared key calculation process can be completed by the first and second communicating parties of the key device through only two data interactions. Furthermore, by transmitting intermediate parameters, the drawback of consuming transmission resources caused by transmitting multiple random public keys each time can be reduced. On the other hand, by splitting the key calculation operation across the two communicating parties, the computational resources of the communication devices can also be reduced.
[0148] In another embodiment of this application, the computing module 202 is configured to perform the following steps:
[0149] The first communicating party generates a first random number r1 using a random number generator;
[0150] Using the elliptic curve cryptography algorithm, the first coordinate point of r1 on the elliptic curve is calculated, and the first coordinate point is used as the first random number public key.
[0151] In another embodiment of this application, the computing module 202 is configured to perform the following steps:
[0152] The second communicating party generates a second random number using a random number generator;
[0153] The second communicating party extracts the first field element from the peer's random number public key based on the SM2 algorithm. And based on the The local random number public key is calculated from the second sub-private key.
[0154] In another embodiment of this application, the computing module 202 is configured to perform the following steps:
[0155]
[0156] Wherein, the R B The local random number public key is r2, the second random number is d2, and the second sub-private key is P. BLet G be the public key of the local key device, G be the base point of the elliptic curve, and R1 be the first random number public key.
[0157] In another embodiment of this application, the computing module 202 is configured to perform the following steps:
[0158] The second communicating party extracts the second field element from the local random number public key based on the SM2 algorithm. And based on the The intermediate parameter s is calculated;
[0159] Send the local random number public key and intermediate parameters to the first communicating party.
[0160] The value of s is calculated based on the following formula:
[0161]
[0162] In another embodiment of this application, the computing module 202 is configured to perform the following steps:
[0163] The first communicating party extracts the first field element from the peer's random number public key based on the SM2 algorithm. And extracting the second field element from the local random number public key.
[0164] Using the first sub-private key, the intermediate parameters, and the and the The shared secret point is calculated;
[0165] After detecting that the shared secret point is not at infinity, the shared key is calculated based on the shared secret point.
[0166] In another embodiment of this application, the computing module 202 is configured to perform the following steps:
[0167] The shared secret point is calculated based on the following formula:
[0168] V = [ht]Y;
[0169] Wherein, V is the shared secret point, t is the first parameter, and Y is the second parameter;
[0170] The Y is calculated based on the following formula:
[0171]
[0172] Wherein, P A R is the public key of the peer key device.A The public key for the random number generated by the peer;
[0173] And, t is calculated based on the following formula:
[0174]
[0175] Wherein, d1 is the first sub-private key, and r1 is the first random number generated by the first communicating party using a random number generator.
[0176] This application also provides an electronic device for performing the above-described collaborative key exchange method. Please refer to... Figure 5 This illustrates a schematic diagram of an electronic device provided by some embodiments of this application. For example... Figure 5 As shown, the electronic device 3 includes: a processor 300, a memory 301, a bus 302, and a communication interface 303. The processor 300, the communication interface 303, and the memory 301 are connected via the bus 302. The memory 301 stores a computer program that can run on the processor 300. When the processor 300 runs the computer program, it executes the key cooperative exchange method provided in any of the foregoing embodiments of this application.
[0177] The memory 301 may include high-speed random access memory (RAM) or non-volatile memory, such as at least one disk storage device. Communication between this system network element and at least one other network element is achieved through at least one communication interface 303 (which can be wired or wireless), such as the Internet, wide area network, local area network, or metropolitan area network.
[0178] Bus 302 can be an ISA bus, PCI bus, or EISA bus, etc. The bus can be divided into an address bus, a data bus, a control bus, etc. The memory 301 is used to store programs. After receiving an execution instruction, the processor 300 executes the program. The data recognition method disclosed in any of the foregoing embodiments of this application can be applied to the processor 300, or implemented by the processor 300.
[0179] The processor 300 may be an integrated circuit chip with signal processing capabilities. In implementation, each step of the above method can be completed by the integrated logic circuitry in the hardware of the processor 300 or by instructions in software form. The processor 300 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP), etc.; it may also be a digital signal processor (DSP), an application-specific integrated circuit (ASIC), an off-the-shelf programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components. It can implement or execute the methods, steps, and logic block diagrams disclosed in the embodiments of this application. The general-purpose processor may be a microprocessor or any conventional processor. The steps of the methods disclosed in the embodiments of this application can be directly embodied in the execution of a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software modules may reside in random access memory, flash memory, read-only memory, programmable read-only memory, electrically erasable programmable memory, registers, or other mature storage media in the art. The storage medium is located in memory 301. The processor 300 reads the information in memory 301 and, in conjunction with its hardware, completes the steps of the above method.
[0180] The electronic device provided in this application embodiment and the key collaborative exchange method provided in this application embodiment are based on the same inventive concept and have the same beneficial effects as the methods they adopt, operate or implement.
[0181] This application also provides a computer-readable storage medium corresponding to the key collaborative exchange method provided in the foregoing embodiments. Please refer to [link / reference]. Figure 6 The computer-readable storage medium shown is an optical disc 40, on which a computer program (i.e., a program product) is stored. When the computer program is run by a processor, it executes the key exchange method provided in any of the foregoing embodiments.
[0182] It should be noted that examples of the computer-readable storage medium may also include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other optical and magnetic storage media, which will not be elaborated here.
[0183] The computer-readable storage medium provided in the above embodiments of this application and the data identification method provided in the embodiments of this application are based on the same inventive concept and have the same beneficial effects as the methods adopted, run or implemented by the upper-layer application stored therein.
[0184] It should be noted that:
[0185] Numerous specific details are set forth in the specification provided herein. However, it will be understood that embodiments of this application may be practiced without these specific details. In some instances, well-known structures and techniques have not been shown in detail so as not to obscure the understanding of this specification.
[0186] Similarly, it should be understood that, for the sake of brevity and to aid in understanding one or more of the various inventive aspects, in the foregoing description of exemplary embodiments of this application, various features of this application are sometimes grouped together in a single embodiment, figure, or description thereof. However, this disclosure should not be construed as reflecting a schematic diagram in which the claimed application requires more features than expressly recited in each claim. Rather, as reflected in the following claims, inventive aspects lie in fewer than all features of a single foregoing disclosed embodiment. Therefore, the claims following the detailed description are hereby expressly incorporated into that detailed description, wherein each claim itself is a separate embodiment of this application.
[0187] Furthermore, those skilled in the art will understand that although some embodiments described herein include certain features but not others included in other embodiments, combinations of features from different embodiments are intended to be within the scope of this application and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
[0188] The above description is merely a preferred embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. A collaborative key exchange method, characterized in that, An on-premises key device applied to a first communicating party and a second communicating party, wherein the first communicating party stores a first sub-private key and the second communicating party stores a second sub-private key, including: Upon receiving the peer random number public key sent by the peer key device, the peer random number public key and the first random number public key are sent to the second communication party. The first random number public key is calculated by the first communication party based on the elliptic curve cryptography algorithm. After the second communication party calculates its own random number public key based on the peer's random number public key, the first random number public key, and the second sub-private key, it sends the local random number public key and intermediate parameters to the first communication party. The first communicating party calculates a shared key based on the peer's random number public key, intermediate parameters, and the first sub-private key, and sends the local random number public key to the peer's key device; The second communicating party calculates its own random number public key based on the peer's random number public key, the first random number public key, and the second sub-private key, including: The second communicating party uses a random number generator to generate a random number r2. [1, n-1], and from R according to the method given in the SM2 algorithm. A Recover the first domain element ; The second communication party is based on And the public key R for calculating the local random number from the second private key. B ; Local random number public key R B The calculation formula is R B =[ ](P B +G)+R1, where R B d2 is the local random number public key, r2 is the second random number, d2 is the second sub-private key, and P is the local random number public key. B G is the public key of the local key device, G is the base point of the elliptic curve, and R1 is the first random number public key. Random number public key R from this end B The second field element was recovered. The intermediate parameter s is calculated using this formula, where s = d². -1 + ; The first communicating party uses the SM2 algorithm to obtain a random number public key R from the other end. A Recover the first domain element From the local random number public key R B Recovery ; and based on the first sub-private key d1, intermediate parameter s, as well as The shared secret point V is calculated. The formula for calculating V is: Y = P A +[ ]R A , wherein, the P A R is the public key of the peer key device. A The public key for the random number generated by the peer, t=d1 -1 s+ -1, where d1 is the first sub-private key, r1 is the first random number generated by the first communicating party using a random number generator, V=[ht]Y, h is the cofactor of the elliptic curve, V is the shared secret point, t is the first parameter, and Y is the second parameter; The first communicating party calculates the shared key K from the shared secret point V using the SM2 algorithm. B .
2. The method as described in claim 1, characterized in that, After receiving the peer random number public key sent by the peer key device, the method further includes: The first communicating party generates a first random number r1 using a random number generator; Using the elliptic curve cryptography algorithm, the first coordinate point of r1 on the elliptic curve is calculated, and the first coordinate point is used as the first random number public key.
3. A collaborative key exchange device, characterized in that, An on-premises key device applied to a first communicating party and a second communicating party, wherein the first communicating party stores a first sub-private key and the second communicating party stores a second sub-private key, including: The receiving module is configured to, upon receiving a peer random number public key sent by a peer key device, send the peer random number public key and a first random number public key to the second communication party, wherein the first random number public key is calculated by the first communication party based on an elliptic curve cryptography algorithm; The calculation module is configured to have the second communication party calculate the local random number public key based on the peer's random number public key, the first random number public key, and the second sub-private key, and then send the local random number public key and intermediate parameters to the first communication party. The sending module is configured to have the first communicating party calculate a shared key based on the peer's random number public key, intermediate parameters, and the first sub-private key, and send the local random number public key to the peer key device; The second communicating party calculates its own random number public key based on the peer's random number public key, the first random number public key, and the second sub-private key, including: The second communicating party uses a random number generator to generate a random number r2. [1, n-1], and from R according to the method given in the SM2 algorithm. A Recover the first domain element ; The second communication party is based on And the public key R for calculating the local random number from the second private key. B ; Local random number public key R B The calculation formula is R B =[ ](P B +G)+R1, where R B d2 is the local random number public key, r2 is the second random number, d2 is the second sub-private key, and P is the local random number public key. B G is the public key of the local key device, G is the base point of the elliptic curve, and R1 is the first random number public key. Random number public key R from this end B The second field element was recovered. The intermediate parameter s is calculated using this formula, where s = d². -1 + ; The first communicating party uses the SM2 algorithm to obtain a random number public key R from the other end. A Recover the first domain element From the local random number public key R B Recovery ; and based on the first sub-private key d1, intermediate parameter s, as well as The shared secret point V is calculated. The formula for calculating V is: Y = P A +[ ]R A , wherein, the P A R is the public key of the peer key device. A The public key for the random number generated by the peer, t=d1 -1 s+ -1, where d1 is the first sub-private key, r1 is the first random number generated by the first communicating party using a random number generator, V=[ht]Y, h is the cofactor of the elliptic curve, V is the shared secret point, t is the first parameter, and Y is the second parameter; The first communicating party calculates the shared key K from the shared secret point V using the SM2 algorithm. B .
4. An electronic device, characterized in that, include: Memory, used to store executable instructions; as well as, A processor, configured to execute the executable instructions with the memory to perform the operation of the collaborative key exchange method of any one of claims 1-2.
5. A computer-readable storage medium for storing computer-readable instructions, characterized in that, When the instruction is executed, it performs the operation of the collaborative key exchange method of any one of claims 1-2.