One-to-many dynamic group encryption communication system and method

By using modular multiplication inverse operation and data hash value in one-to-many dynamic group encrypted communication to generate and accumulate group key factors, the problems of low encryption efficiency and high risk of key leakage in existing technologies are solved, and efficient and secure data transmission is achieved.

CN117335962BActive Publication Date: 2026-06-19SOUTHEAST UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
SOUTHEAST UNIV
Filing Date
2023-09-25
Publication Date
2026-06-19

Smart Images

  • Figure CN117335962B_ABST
    Figure CN117335962B_ABST
Patent Text Reader

Abstract

This invention discloses a one-to-many dynamic group encrypted communication system and method. In the system initialization phase, a key generation center initializes system parameters, generates a private key for each data receiver, and generates a corresponding group key factor for each data receiver after all private keys are generated. In the data encryption phase, the data sending module selects the corresponding group key factor based on the data receiver member list, accumulates the group key factors to obtain the encryption key, encrypts the data using the encryption key, and sends the plaintext hash value combined with the ciphertext. Finally, the data receiving module receives the ciphertext, decrypts it using the receiver's private key, calculates the hash value of the decrypted data, and compares it with the received plaintext hash value to ensure data integrity. This method achieves efficient one-to-many dynamic group encrypted communication with one-time encryption and multi-party decryption, solving security problems such as complex key management, data leakage, and malicious tampering.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of information security technology, and particularly relates to encrypted communication technology for information security, mainly involving a one-to-many dynamic group encrypted communication system and method. Background Technology

[0002] Group encrypted communication scenarios, where a single data sender transmits the same secret data to a group of receivers, are common in internet systems. Examples include session key distribution after a group of devices completes access authentication and model transmission in edge computing. When the set of data receivers changes dynamically, the problem of securely and efficiently transmitting secret information becomes even more challenging. Current group encrypted communication typically employs traditional cryptographic encryption and decryption methods, such as asymmetric key systems where the sender encrypts data individually using each receiver's public key, or symmetric key systems where the sender and all receivers share a single key, to protect the privacy of the data. The two methods have the following main problems: (1) Asymmetric key systems require the data sender to use different public keys to encrypt data according to different recipients so that different recipients can decrypt the data. When the same secret data is sent to multiple recipients, it needs to be encrypted multiple times and sent separately on the channel, resulting in low data encryption efficiency and increased communication overhead; (2) Symmetric key systems have the risk of key leakage in group communication. All recipients and senders share a symmetric key, which means that once the key is leaked, all private data will be at security risk. Moreover, when the list of recipients changes, the key needs to be reassigned, which is not suitable for scenarios where the recipients change dynamically.

[0003] Therefore, for the problem of one-to-many dynamic group encrypted communication, namely the problem of a fixed data sender sending secret data to a dynamic subset of a group of receivers, there is an urgent need for a one-to-many dynamic group encrypted communication system and method to achieve one-time encryption and multi-party decryption in group communication, support dynamic changes in the list of receiver members without updating the receiver's private key, and solve the security problems of complex key management, data leakage and malicious tampering. Summary of the Invention

[0004] This invention addresses the problems in existing technologies by providing a one-to-many dynamic group encrypted communication system and method. First, during system initialization, a key generation center initializes system parameters, generates a private key for each data receiver, and after all private keys are generated, generates a corresponding group key factor for each data receiver. Then, during data encryption, the data sending module selects the corresponding group key factor based on the data receiver member list, accumulates the group key factors to obtain the encryption key, encrypts the data using the encryption key, and sends the plaintext hash value combined with the ciphertext. Finally, the data receiving module receives the ciphertext, decrypts it using the receiver's private key, calculates the hash value of the decrypted data, and compares it with the received plaintext hash value to ensure data integrity. This invention achieves efficient one-to-many dynamic group encrypted communication with one-time encryption and multi-party decryption. It achieves secure encryption and decryption when the receiver member list changes by dynamically selecting the receiver's group key factor, mitigates the risk of key leakage by having each receiver member store a different private key, and prevents malicious data tampering by using data hash values.

[0005] To achieve the above objectives, the technical solution adopted by the present invention is: a one-to-many dynamic group encrypted communication system, comprising a fixed data sender and several data receivers, wherein the data sender includes at least a key generation center and a data sending module, and the data receivers include at least a data receiving module; wherein,

[0006] Key generation center: Generates a private key for each recipient, calculates the key factor for each recipient group using modular multiplication inverse operation, and sends the private key to the corresponding recipient through a secure channel;

[0007] Data sending module: Based on the list of data receivers, the corresponding group key factors are summed to obtain the encryption key. After encrypting the data with the encryption key, the hash values ​​of the ciphertext and plaintext data are sent out together and received by the data receiving module of the corresponding data receiver.

[0008] Data receiving module: When receiving data, the receiver uses its private key to decrypt the received encrypted data. The receiver can successfully decrypt the data if and only if the encryption key that generated the ciphertext contains the group key factor of the data receiver. The module verifies the integrity of the data by calculating the hash value of the decrypted data and comparing it with the hash value of the received plaintext, thus preventing the sent data from being maliciously tampered with during transmission.

[0009] To achieve the above objectives, the present invention also adopts the following technical solution: a one-to-many dynamic group encrypted communication method, comprising the following steps:

[0010] S1, System Initialization Phase: The key generation center initializes system parameters, generates a private key for each data receiver, and generates a corresponding group key factor for each data receiver after all private keys are generated.

[0011] S2, Data Encryption Stage: The data sending module selects the corresponding group key factor according to the data receiver member list, accumulates the group key factors to obtain the encryption key, uses the encryption key to encrypt the data, and sends the plaintext hash value combined with the ciphertext.

[0012] S3, Data Decryption Stage: The data receiving module receives the ciphertext, decrypts it using the recipient's private key, calculates the hash value of the decrypted data, and compares it with the received plaintext hash value to ensure data integrity.

[0013] As an improvement of the present invention, the system initialization stage of step S1 specifically includes the following steps:

[0014] S11: The key generation center determines the key length based on the size of the data receiver group and the password strength;

[0015] S12: The key generation center provides a key to each data receiver P. i Randomly select a large prime number as the private key SK i ;

[0016] S13: The key generation center uses modular multiplication inverse operation to generate a key for each data receiver P. i Generate the corresponding group key factor k i The generation method is as follows:

[0017]

[0018]

[0019] z i ≡K i -1 mod SK i

[0020] k i =z i K i

[0021] Where n is the total number of recipient members in the system, and K is the product of the private keys of all recipient members in the system. i For the system except P i The product of the private keys of all recipient members, z i For K i Regarding the private key SK i Modular multiplication inverse, k i For receiver P i Group key factor.

[0022] As an improvement of the present invention, the data encryption stage of step S2 specifically includes the following steps:

[0023] S21: The data sending module determines the data receiver list {P′1,P′2,…,P′} based on the data receiver list. l Select the corresponding group key factor subset {k′1,k′2,…,k′} l};

[0024] S22: The data transmission module uses a subset of group key factors {k′1,k′2,…,k′} l Accumulate to construct the encryption key And encrypt the data:

[0025] S23: The data sending module uses a hash function to calculate the plaintext hash value Hash(Data), and sends the ciphertext and the plaintext hash value {C,Hash(Data)} together as the payload.

[0026] As an improvement of the present invention, the data decryption stage in step S3 specifically includes the following steps:

[0027] S31: The data receiving module uses the receiver's private key SK i Decrypt the received ciphertext data C: Data′ = C mod SK i ;

[0028] S32: Calculate the hash value Hash(Data′) of the decrypted data and compare it with the received Hash(Data). If Hash(Data′) = Hash(Data), submit the data to the application; otherwise, discard the data.

[0029] Compared with the prior art, the present invention has the following advantages:

[0030] (1) Data encryption is performed by accumulating the key factors of the data receivers to construct the encryption key. When different messages are sent to different receivers, different group key factors are dynamically selected according to the list of data receivers, which can easily realize the dynamic change of the receiver list. Each data receiver keeps a different private key and does not need to update the private key with the dynamic change of the receiver member list, reducing the harm of key leakage. The same receiver only needs to use the same private key to decrypt, avoiding the problem of data receivers maintaining multiple keys when receiving different group messages and the complexity of key management.

[0031] (2) The key generation center uses modular multiplication inverse operation to calculate the key factors of each receiver group; the sender accumulates the key factors of the receiver groups to construct the encryption key and encrypt the data. Based on the congruence relation of number theory, the data is encrypted once and decrypted by multiple parties, which greatly reduces the encryption overhead; the ciphertext sent to multiple receivers is the same, so it can be sent by multicast, which also greatly reduces the communication overhead.

[0032] (3) Combining encryption and decryption with hash functions not only solves data privacy and security issues, but also addresses security threats such as data tampering during transmission, ensuring the availability, confidentiality and integrity of data transmission. Attached Figure Description

[0033] Figure 1 This is a schematic diagram of a one-to-many dynamic group encrypted communication system according to the present invention;

[0034] Figure 2 This is a flowchart illustrating the steps of the one-to-many dynamic group encrypted communication method proposed in this invention.

[0035] Figure 3 This is a data flow diagram in Embodiment 2 of the present invention. Detailed Implementation

[0036] The present invention will be further illustrated below with reference to the accompanying drawings and specific embodiments. It should be understood that the following specific embodiments are for illustrative purposes only and are not intended to limit the scope of the present invention.

[0037] Example 1

[0038] A one-to-many dynamic group encrypted communication system, such as Figure 1 As shown, the system includes a fixed data sender and several data receivers. The data sender comprises a key generation center and a data sending module, while the data receivers each include a data receiving module. The key generation center generates a private key for each receiver, calculates the group key factor for each receiver using modular multiplication inverse operation, and sends the private key to the corresponding data receiver via a secure channel. The data sending module, based on the list of data receivers, accumulates the corresponding group key factors to obtain an encryption key, encrypts the data using the encryption key, and sends the hash values ​​of the ciphertext and plaintext data together for reception by the corresponding data receiver's data receiving module. When receiving data, the data receiving module uses the receiver's private key to decrypt the received ciphertext. The receiver can successfully decrypt the data only if the encryption key used to generate the ciphertext contains the receiver's group key factor. The system verifies data integrity by calculating the hash value of the decrypted data and comparing it with the received plaintext hash value, preventing malicious tampering of the transmitted data during transmission.

[0039] A one-to-many dynamic group encrypted communication method, such as Figure 2 As shown, it consists of three steps: system initialization, data encryption, and data decryption.

[0040] S1, System Initialization Phase: The key generation center initializes system parameters, generates a private key for each receiver, and generates a corresponding group key factor for each receiver after all private keys have been generated. This includes the following steps:

[0041] S11: The key generation center determines the key length based on the size of the data receiver group and the password strength;

[0042] S12: The key generation center provides a key to each data receiver P. i Randomly select a large prime number as the private key SK i ;

[0043] S13: The key generation center uses modular multiplication inverse operation to generate a key for each data receiver P. i Generate the corresponding group key factor k i The generation method is as follows:

[0044]

[0045]

[0046]

[0047] k i =z i K i

[0048] S2, Data Encryption Stage: The data sending module selects the corresponding group key factor based on the data receiver member list, accumulates the group key factors to obtain the encryption key, uses the encryption key to encrypt the data, and combines the plaintext hash value with the ciphertext for transmission. This includes the following steps:

[0049] S21: The data sending module determines the data receiver list {P′1,P′2,…,P′} based on the data receiver list. l Select the corresponding group key factor subset {k′1,k′2,…,k′} l};

[0050] S22: The data transmission module uses a subset of group key factors {k′1,k′2,…,k′} l Accumulate to construct the encryption key And encrypt the data:

[0051] S23: The data sending module uses a hash function to calculate the plaintext hash value Hash(Data), and sends the ciphertext and the plaintext hash value {C,Hash(Data)} together as the payload.

[0052] S3, Data Decryption Stage: The data receiving module receives the ciphertext, decrypts it using the recipient's private key, calculates the hash value of the decrypted data, and compares it with the received plaintext hash value to ensure data integrity. This includes the following steps:

[0053] S31: The data receiving module uses the receiver's private key SK i Decrypt the received ciphertext data C: Data′ = C mod Sk i ;

[0054] S32: Calculate the hash value Hash(Data′) of the decrypted data and compare it with the received Hash(Data). If Hash(Data′) = Hash(Data), submit the data to the application; otherwise, discard the data.

[0055] Example 2

[0056] In this embodiment, there are four data receivers. Assume the sender wants to send three data items: Data1, Data2, and Data3. There are four data receivers: User1, User2, User3, and User4. Data1 needs to be sent to User1, User2, and User3; Data2 needs to be sent to User1; and Data3 needs to be sent to User1, User2, User3, and User4. Figure 3 As shown.

[0057] A one-to-many dynamic group encrypted communication method includes the following steps:

[0058] Step S1: First, during the system initialization phase, the key generation center generates private keys SK1, SK2, SK3, and SK4 for the data receivers and sends them to User1, User2, User3, and User4 respectively via secure channels; simultaneously, the group key factor is calculated.

[0059] K = SK1·SK2·SK3·SK4

[0060]

[0061]

[0062]

[0063] k1=z1K1,k2=z2K2,k3=z3K3,k4=z4K4

[0064] Step S2: During the data encryption phase:

[0065] For Data1, the recipients are User1, User2, and User3: The sender uses the group key factors k1, k2, and k3 to construct an encryption key to encrypt Data1, generating ciphertext: C1 = Data1·(k1+k2+k3), generating the hash value Hash(Data1) of Data1, and sending {C1,Hash(Data1)} to User1, User2, and User3;

[0066] For Data2, the recipient is User1: The sender uses the group key factor k1 as the encryption key to encrypt Data2, generating ciphertext: C2 = Data2·k1, generating the hash value Hash(Data2), and sending {C2,Hash(Data2)} to User1;

[0067] For Data3, the recipients are User1, User2, User3, and User4: The sender uses the group key factors k1, k2, k3, and k4 to construct an encryption key to encrypt Data3, generating the ciphertext: C3 = Data3·(k1+k2+k3+k4), generating the hash value Hash(Data3), and sending {C3,Hash(Data3)} to User1, User2, User3, and User4.

[0068] Step S3: During the data decryption phase, when the data receiver receives the ciphertext sent by the data sender, it uses its respective receiver private key SK. i For the received ciphertext data C j Decryption:

[0069] User1: Decrypt C1, C2, and C3 respectively.

[0070] Data′1=C1 mod SK1, Data′2=C2 mod SK1, Data′3=C3 mod SK1;

[0071] User2: Decrypt C1 and C3 respectively.

[0072] Data′1=C1 mod SK2, Data′3=C3 mod SK2;

[0073] User3: Decrypt C1 and C3 respectively.

[0074] Data′1=C1 mod SK3, Data′3=C3 mod SK3;

[0075] User4: Decrypting C3,

[0076] Data′3=C3 mod SK4.

[0077] User1's private key SK1 can decrypt C1, C2, and C3; User2's private key SK2 can decrypt C1 and C3; User3's private key SK3 can decrypt C1 and C3; and User4's private key SK4 can only decrypt C3.

[0078] Successful decryption indicates that the recipient is a legitimate recipient of the message. For example, if data recipient User1 attempts to decrypt Data1:

[0079] According to the distributive property of modular multiplication:

[0080] C1 mod SK1=Data1·(z1K1+z2K2+z3K3)mod SK1

[0081] =Data1·(z1K1mod SK1+z2K2 mod SK1+z3K3 mod SK1)

[0082] again

[0083]

[0084] Both K2 and K3 contain the factor SK1, that is:

[0085] K2≡K3≡0mod SK1

[0086] Therefore there is

[0087] C1 mod SK1=Data1·(1+0+0)=Data1;

[0088] Decryption failure indicates that the recipient does not have permission to view the message. For example, if the data recipient User4 attempts to decrypt Data1:

[0089] C1 mod SK4=Data1·(z1K1+z2K2+z3K3)mod SK4

[0090] =Data1·(z1K1 mod SK4+z2K2 mod SK4+z3K3 mod SK4)

[0091] Furthermore, K1, K2, and K3 all contain the factor SK4, that is:

[0092] K1≡K2≡K3≡0mod SK4

[0093] Therefore there is

[0094] C1 mod SK4=Data1·(0+0+0)=0

[0095] After successful decryption, calculate the hash value of the decrypted data: Hash(Data′) i ) and the received Hash(Data) i If the two data points match, it indicates that the data has not been maliciously tampered with during transmission, and the data receiving module will then process the Data′ data. i The data is handed over to the receiving program; otherwise, it indicates that the data has been maliciously tampered with during transmission, and the data receiving module discards the data, thus realizing the data integrity protection process. This completes the communication process of the one-to-many dynamic group encrypted communication system.

[0096] This invention utilizes modular multiplication inverse operation to calculate the group key factor. By accumulating the group key factors of the data receivers in the receiving list, an encryption key is obtained. The encryption key is then used to encrypt the data. The sender only needs to encrypt the data once to ensure that different legitimate receivers can recover the ciphertext from the plaintext, thus realizing one-to-many dynamic group encrypted communication and ensuring the confidentiality and integrity of the data.

[0097] It should be noted that the above content merely illustrates the technical concept of the present invention and should not be construed as limiting the scope of protection of the present invention. For those skilled in the art, various improvements and modifications can be made without departing from the principle of the present invention, and all such improvements and modifications fall within the scope of protection of the claims of the present invention.

Claims

1. A one-to-many dynamic group encryption communication system, comprising one fixed data sender and several data receivers, characterized in that: The data sender includes at least a key generation center and a data sending module, and the data receiver includes at least a data receiving module; wherein... Key Generation Center: Generates a private key for each recipient, calculates the group key factor for each recipient using modular multiplication inverse operation, and sends the private key to the corresponding recipient through a secure channel; the group key factor k i The key generation center uses modular multiplication inverse operation to generate the key for each data receiver. The generation method is as follows: ; ; ; ; Where n is the total number of receiver members in the system. It is the product of the private keys of all recipient members within the system. For the system to remove The product of the private keys of all recipient members. for Regarding private keys Modular multiplication inverse, For the recipient Group key factor; Data sending module: Based on the list of data receivers, the corresponding group key factors are summed to obtain the encryption key. After encrypting the data with the encryption key, the hash values ​​of the ciphertext and plaintext data are sent out together and received by the data receiving module of the corresponding data receiver. Data receiving module: When receiving data, the receiver uses its private key to decrypt the received encrypted data. The receiver can successfully decrypt the data if and only if the encryption key that generated the ciphertext contains the group key factor of the data receiver. The module verifies the integrity of the data by calculating the hash value of the decrypted data and comparing it with the hash value of the received plaintext, thus preventing the sent data from being maliciously tampered with during transmission.

2. A one-to-many dynamic group encryption communication method using the system of claim 1, characterized in that, Includes the following steps: S1, System Initialization Phase: The key generation center initializes system parameters, generates a private key for each data receiver, and generates a corresponding group key factor for each data receiver after all private keys are generated. S2, Data Encryption Stage: The data sending module selects the corresponding group key factor according to the data receiver member list, accumulates the group key factors to obtain the encryption key, uses the encryption key to encrypt the data, and sends the plaintext hash value combined with the ciphertext. S3, Data Decryption Stage: The data receiving module receives the ciphertext, decrypts it using the recipient's private key, calculates the hash value of the decrypted data, and compares it with the received plaintext hash value to ensure data integrity.

3. The one-to-many dynamic group encryption communication method of claim 2, wherein: The system initialization phase, step S1, specifically includes the following steps: S11: The key generation center determines the key length based on the size of the data receiver group and the password strength; S12: The key generation center provides key generation services to each data receiver. Randomly select a large prime number as the private key SK i ; S13: The key generation center uses modular multiplication inverse operation to generate a key for each data receiver. Generate the corresponding group key factor k i .

4. The one-to-many dynamic group encrypted communication system and method as described in claim 2, characterized in that: The data encryption stage in step S2 specifically includes the following steps: S21: The data sending module determines the data receiving party list according to the data sending module selecting a corresponding group key factor subset ; S22: The data transmission module uses a subset of the group key factor. Accumulate to construct the encryption key and the data Encrypt: ; S23: The data transmission module uses a hash function to calculate the plaintext hash value. The hash values ​​of the ciphertext and plaintext Send it along with the payload.

5. A one-to-many dynamic group encryption communication system and method as claimed in claim 2, wherein, The data decryption stage in step S3 specifically includes the following steps: S31: The data receiving module uses the receiver's private key. Decrypt the received ciphertext data C: ; S32: Calculate the hash value of the decrypted data. and received In comparison, if If the condition is met, the data is submitted to the application; otherwise, the data is discarded.