IPSec VPN security gateway communication method fusing post-quantum cryptography

By employing a hybrid algorithm of SM2 and PQC, along with a hybrid PQC digital certificate, in the IPSec VPN security gateway, the threat of quantum computing faced by existing technologies is addressed, achieving resistance to quantum computing and enhancing communication security.

CN120498900BActive Publication Date: 2026-06-12HEBEI PRIME NUMBER INFORMATION SECURITY CO LTD +1
View PDF 2 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
HEBEI PRIME NUMBER INFORMATION SECURITY CO LTD
Filing Date
2025-07-14
Publication Date
2026-06-12

AI Technical Summary

Technical Problem

Existing IPSec VPN security gateways mainly rely on classical cryptographic algorithms, which are vulnerable to quantum computing attacks and urgently need to be upgraded to improve security.

Method used

The system employs a hybrid algorithm of SM2 and PQC, along with a hybrid PQC digital certificate, to perform identity authentication and key exchange in the first phase of the IKE key negotiation main mode. It combines PQC and SM2 algorithms for key exchange and data signing, and uses PQC and SM2 encryption key pairs for data encryption protection.

🎯Benefits of technology

It improves the security of IPSec VPN security gateways, enabling them to resist quantum computing attacks and enhance the security and reliability of communications.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN120498900B_ABST
    Figure CN120498900B_ABST
Patent Text Reader

Abstract

The application discloses an IPSec VPN security gateway communication method fusing post-quantum cryptography technology, and comprises the following steps: S1. In the first stage of the IKE key negotiation, a hybrid SM2 and PQC algorithm and a hybrid PQC digital certificate are used to replace a traditional single SM2 algorithm and a digital certificate based on the SM2 cryptographic algorithm; S2. The initiator and the responder respectively use a PQC encryption key pair and a PQC signature key pair to perform key exchange and data signature, and meanwhile, use an SM2 encryption key pair and an SM2 signature key pair to perform key exchange and data signature; S3. In the message 1, the initiator sends a security alliance load containing a hybrid SM2 and PQC algorithm attribute to the responder; S4. In the message 2, the responder feeds back a PQC series connection hybrid certificate and an SA proposal; S5. In the message 3 and the message 4, the initiator and the responder complete key exchange and verification. The application can improve the security of the IPSec VPN security gateway and resist quantum computing attacks.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of network security technology, and specifically to an IPSec VPN security gateway communication method that integrates quantum cryptography technology. Background Technology

[0002] Most classic IPSec VPN security gateway products are developed in accordance with GM / T 0022 "IPSec VPN Technical Specification" and GM / T0023 "IPSec VPN Gateway Product Specification". The digital certificates used comply with GM / T 0015 "Digital Certificate Format Specification Based on SM2 Cryptographic Algorithm" and support SM1, SM2, SM3 and SM4 algorithms. Among them, the SM2 cryptographic algorithm is used for identity authentication and key negotiation between the two network entities, the SM3 algorithm is used for data digest operation, and the SM1 and SM4 algorithms are used for data encryption and decryption.

[0003] GM / T 0022, the "IPSec VPN Technical Specification," defines IKE (Internet Security Association) as having two phases: a main mode in the first phase and a fast mode in the second phase. The main mode authenticates the communicating parties and exchanges keys to obtain a working key, which is used to protect the negotiation process in the second phase. The fast mode negotiates the IPSec security association between the communicating parties, determining their IPSec security policies and session keys. The exchange process in the first phase consists of six messages. Authentication of both parties uses digital certificates. The main mode exchange process is as follows: Figure 1 As shown.

[0004] With the development of quantum computing technology, traditional public-key cryptography algorithms (such as RSA and SM2) face the risk of being cracked by quantum computers. Post-quantum cryptography (PQC) has emerged to address this need, aiming to provide encryption algorithms that can resist quantum computing attacks. Existing IPSec VPN security gateways mainly rely on classical cryptographic algorithms such as SM2 for authentication and key negotiation, and urgently need to be upgraded to cope with the threat of quantum computing. Summary of the Invention

[0005] The technical problem to be solved by the present invention is to provide a communication method for IPSec VPN security gateway that integrates quantum cryptography technology, which can improve the security of IPSec VPN security gateway and resist quantum computing attacks.

[0006] To solve the above-mentioned technical problems, the technical solution adopted by the present invention is as follows.

[0007] A communication method for an IPSec VPN security gateway incorporating post-quantum cryptography technology includes the following steps:

[0008] S1. In the first phase of the IKE key negotiation main mode, a hybrid SM2 and PQC algorithm and a hybrid PQC digital certificate are used to replace the traditional single SM2 algorithm and digital certificate based on the SM2 cryptographic algorithm.

[0009] S2. The initiator and the responder use PQC encryption key pairs and PQC signature key pairs respectively for key exchange and data signing, and at the same time use SM2 encryption key pairs and SM2 signature key pairs for key exchange and data signing.

[0010] S3. In message 1, the initiator sends a security association payload encapsulated with the proposal payload to the responder. The proposal payload encapsulates a transformation payload, and the SA attribute payload in the transformation payload adds a public key algorithm attribute value that integrates the SM2 and PQC algorithms.

[0011] S4. In message 2, the responder sends an SA payload containing a PQC concatenated hybrid signature certificate and an encryption certificate, and the SA payload indicates the SA proposal received from the initiator.

[0012] S5. In messages 3 and 4, the initiator and the responder complete the key exchange and verification; the initiator and the responder exchange data, including a one-time random number nonce and an identity ID payload, and the exchanged data uses the PQC key in the other party's encryption certificate to encrypt and protect the negotiated temporary key, and uses a classic encryption algorithm to encrypt and protect the encrypted data again, while both parties digitally sign the exchanged data.

[0013] Preferably, the PQC algorithm in step S1 includes, but is not limited to, the key encapsulation algorithm based on lattice cryptography: ML-KEM, and the digital signature algorithm based on lattice cryptography: ML-DSA; the hybrid PQC digital certificate is a standard X.509 format certificate, and uses a new OID to identify the hybrid algorithm; the public key value is a concatenation of the PQC public key value and the SM2 public key value, with the PQC public key value first and the SM2 public key value second; the signature value is a concatenation of the PQC signature value and the SM2 signature value, with the PQC signature value first and the SM2 signature value second.

[0014] Preferably, in step S3, the public key algorithm attribute value of the SM2 and PQC algorithms is a predefined object identifier (OID) value ASYMMETRIC_SM2_MLKEM_MLDSA. ASYMMETRIC_SM2_MLKEM_MLDSA is used to explicitly declare in the SA attribute payload of IKE key negotiation that the current key negotiation adopts a hybrid algorithm combination based on SM2 and PQC algorithms to replace the traditional single SM2 algorithm. In the scenario of merging PQC and SM2 key negotiation, both the sender and the responder use ASYMMETRIC_SM2_MLKEM_MLDSA.

[0015] Preferably, in step S5, the initiator and responder complete the key exchange and verification in message 3, including the following steps:

[0016] A1. First, the initiator uses the responder's PQC encryption key to pair with the public key EncPubKey. R The shared key Ski generated by the initiator is encapsulated and encrypted using the PQC algorithm to obtain encrypted ciphertext. Then, the initiator uses the responder's classic asymmetric public key pub_r to perform classic asymmetric encryption on the encrypted ciphertext to obtain double-encrypted ciphertext. Finally, the shared key Ski is used to encrypt the random number Ni generated by the initiator and the initiator's identity identifier IDi using the classic symmetric encryption algorithm, along with its own PQC signature certificate CERT_sig_i and encryption certificate CERT_enc_i, to construct the message XCHi.

[0017] A2. The initiator uses its own PQC signing key to pair with the private key SignPriKey. I The signature data “Ski_b|Ni_b|IDi_b|CERT_enc_i_b” is signed using the PQC algorithm. The initiator uses its own classic asymmetric signature private key priv_i to sign the same signature data “Ski_b|Ni_b|IDi_b|CERT_enc_i_b” using the SM2 algorithm, finally generating the signature value SIGi_b; where Ski_b is a derived value of Ski, Ni_b is a derived value of Ni, IDi_b is a derived value of IDi, and CERT_enc_i_b is a derived value of CERT_enc_i.

[0018] A3. The responder first uses its own private key of classical public-key cryptography to perform classical asymmetric decryption on XCHi, then uses its own private key of post-quantum cryptography to perform PQC decryption to obtain Ski, and then uses Ski to decrypt to obtain Ni and IDi.

[0019] A4. The responder uses the initiator's classical public-key cryptography algorithm and post-quantum signature algorithm to verify SIGi_b. If the verification passes, it proves the correctness of message 3.

[0020] Preferably, in step S5, the initiator and responder complete the key exchange and verification in message 4, including the following steps:

[0021] B1. First, the responder uses the initiator's PQC encryption key to pair with the public key EncPubKey. IThe shared key Skr generated by the responder is encapsulated and encrypted using the PQC algorithm to obtain encrypted ciphertext. Then, the responder uses the classic asymmetric public key pub_i of the initiator to perform classic asymmetric encryption on the encrypted ciphertext to obtain double-encrypted ciphertext. Finally, the shared key Skr is used to encrypt the random number Nr generated by the responder and the responder's identity IDr using a classic symmetric encryption algorithm to construct the message XCHr.

[0022] B2. The responder uses its own PQC signing key to pair with the private key SignPriKey. R The signature data “Skr_b|Nr_b|IDr_b|CERT_enc_r_b” is signed using the PQC algorithm. The responder uses its own classic asymmetric signature private key priv_r to sign the same signature data “Skr_b|Nr_b|IDr_b|CERT_enc_r_b” using the SM2 algorithm, ultimately generating the signature value SIGr_b. Here, Skr_b is a derived value of Skr, Nr_b is a derived value of Nr, IDr_b is a derived value of IDr, and CERT_enc_r_b is a derived value of the PQC encryption certificate CERT_enc_r.

[0023] B3. The initiator uses its own private key of classical public-key cryptography algorithm to perform classical asymmetric decryption on XCHr, then uses its own private key of post-quantum cryptography algorithm to perform PQC decryption to obtain Skr, and then uses Skr to decrypt to obtain Nr and IDr.

[0024] B4. The initiator uses the responder's classical public-key cryptography algorithm and post-quantum signature algorithm to verify SIGr_b. If the verification passes, it proves the correctness of message 4.

[0025] Due to the adoption of the above technical solutions, the technical progress achieved by this invention is as follows.

[0026] This invention improves the security of IPSec VPN security gateway communication by using a hybrid algorithm of SM2 and PQC and a hybrid PQC digital certificate during the IKE key negotiation phase, and can effectively cope with the threats posed by quantum computing. Attached Figure Description

[0027] Figure 1 This is a schematic diagram of the main mode exchange process in the first phase of existing IKE key negotiation;

[0028] Figure 2 This is an architecture diagram of an IPSec VPN security gateway system that applies the fused quantum cryptography technology of this invention. Detailed Implementation

[0029] The present invention will now be described in further detail with reference to the accompanying drawings and specific embodiments.

[0030] A communication method for an IPSec VPN security gateway integrating post-quantum cryptography technology is upgraded primarily in the first four messages of the main phase. In message two, the responder sends a PQC concatenated hybrid signature certificate and an encryption certificate. Messages three and four involve first protecting the key with a post-quantum cryptography algorithm, and then protecting the result of the post-quantum cryptography algorithm with a classical key. In message three, the initiator sends a PQC concatenated hybrid signature certificate and an encryption certificate. Other message formats and processing methods are consistent with GM / T 0022 "IPSec VPN Technical Specification". Specifically, this method includes the following steps:

[0031] S1. In the first phase of the IKE key negotiation main mode, a hybrid SM2 and PQC algorithm and a hybrid PQC digital certificate are used instead of the traditional single SM2 algorithm and digital certificate based on the SM2 cryptographic algorithm.

[0032] The main approach involves embedding the PQC algorithm into existing technical specifications and using hybrid PQC algorithm digital certificates. The PQC algorithms include, but are not limited to, ML-KEM and ML-DSA algorithms. ML-KEM is a lattice-based key encapsulation algorithm used for key encapsulation; ML-DSA is a lattice-based digital signature algorithm used for digital signatures. The hybrid PQC digital certificate is a standard X.509 format certificate and uses a new OID to identify the hybrid algorithm. The public key value is a concatenation of the PQC public key value and the SM2 public key value, with the PQC public key value preceding the SM2 public key value. The signature value is a concatenation of the PQC signature value and the SM2 signature value, with the PQC signature value preceding the SM2 signature value.

[0033] The client (Initiator) and server (Responder) each need a concatenated hybrid signature digital certificate, a concatenated hybrid encryption digital certificate, and corresponding private keys for the PQC encryption key pair, PQC signature key pair, SM2 encryption key pair, and SM2 signature key pair. The client's PQC encryption key pair public key is included in the concatenated hybrid encryption digital certificate and is denoted as EncPubKey. I The private key of the PQC encryption key pair is denoted as EncPriKey. I The client's PQC signing key pair public key is contained in the concatenated hybrid signature digital certificate, denoted as SignPubKey. I The PQC signature key pair private key is denoted as SignPriKey. I The server-side PQC encryption key pair public key is contained in the concatenated hybrid encryption digital certificate, denoted as EncPubKey.R The private key of the PQC encryption key pair is denoted as EncPriKey. R The server-side PQC signature key pair public key is included in the concatenated hybrid signature digital certificate, denoted as SignPubKey. R The PQC signature key pair private key is denoted as SignPriKey. R .

[0034] S2. The initiator and the responder use PQC encryption key pairs and PQC signature key pairs respectively for key exchange and data signing, and at the same time use SM2 encryption key pairs and SM2 signature key pairs for key exchange and data signing.

[0035] S3. In message 1, the initiator sends a security association payload encapsulated with the proposal payload to the responder. The proposal payload encapsulates a transformation payload, and the SA attribute payload in the transformation payload adds a public key algorithm attribute value that integrates the SM2 and PQC algorithms.

[0036] Specifically, the initiator sends a Secure Association payload encapsulated with a proposal payload to the responder. This proposal payload, in turn, encapsulates a transformation payload. The SA attribute payload within the transformation payload requires the addition of public key algorithm attribute values, as shown in the table below.

[0037] name describe value ASYMMETRIC_RSA RSA public-key cryptography algorithm 1 ASYMMETRIC_SM2 SM2 Elliptic Curve Cryptography Algorithm 2 ASYMMETRIC_SM2_MLKEM_MLDSA Integrating SM2 and PQC algorithms 3

[0038] The public key algorithm attribute value of the SM2 and PQC algorithms is a predefined object identifier (OID) value ASYMMETRIC_SM2_MLKEM_MLDSA. ASYMMETRIC_SM2_MLKEM_MLDSA is used to explicitly declare in the SA attribute payload of IKE key negotiation that the current key negotiation adopts a hybrid algorithm combination based on SM2 and PQC algorithms to replace the traditional single SM2 algorithm. In the scenario of merging PQC and SM2 key negotiation, both the sender and the responder use ASYMMETRIC_SM2_MLKEM_MLDSA.

[0039] S4. In message 2, the responder sends an SA payload containing a PQC concatenated hybrid signature certificate and an encryption certificate, and the SA payload indicates the SA proposal received from the initiator.

[0040] Specifically, the responder sends an SA payload along with its PQC concatenated hybrid signature certificate and encryption certificate, which identifies the SA proposal it received from the initiator.

[0041] S5. In messages 3 and 4, the initiator and the responder complete the key exchange and verification; the initiator and the responder exchange data, including a one-time random number nonce and an identity ID payload, and the exchanged data is encrypted and protected with the negotiated temporary key Sk using the PQC key in the other party's encryption certificate, and the encrypted data is encrypted and protected again using a classic encryption algorithm, while both parties digitally sign the exchanged data.

[0042] The one-time random number nonce is a necessary parameter for generating the encryption key and authentication key; the identity ID is the identifier of the initiator or responder; the temporary key Sk includes the shared key Skr generated by the initiator and the shared key Skr generated by the responder.

[0043] Specifically, the data exchanged by the initiator is as follows:

[0044] XCHi=Asymmetric_Encrypt(PQC_PubKey_Enc(Ski, EncPubKey R ),pub_r)|

[0045] Symmetric_Encrypt(Ni,Ski)|Symmetric_Encrypt(IDi,Ski)|CERT_sig_i|CERT_enc_i;

[0046] SIGi_b=Asymmetric_Sign(Ski_b|Ni_b|IDi_b|CERT_enc_i_b,priv_i)|PQC_SecKey_Sign(Ski_b|Ni_b|IDi_b|CERT_enc_i_b, SignPriKey I );

[0047] Where Asymmetric_Encrypt represents classic asymmetric encryption algorithm, and the first parameter of this method is PQC_PubKey_Enc(Ski, EncPubKey). RThe first parameter represents the object to be encrypted, and the second parameter, pub_r, represents the responder's classic public key data. Asymmetric_Sign represents the classic asymmetric signature algorithm. The first parameter of this method, Ski_b|Ni_b|IDi_b|CERT_enc_i_b,priv_i)|PQC_SecKey_Sign(Ski_b|Ni_b|IDi_b|CERT_enc_i_b,priv_i), represents the data to be signed, where Ski_b is a derived value of Ski, Ni_b is a derived value of Ni, IDi_b is a derived value of IDi, and CERT_enc_i_b is a derived value of CERT_enc_i. Ski_b, Ni_b, IDi_b, and CERT_enc_i_b are all in binary form. The second parameter represents SignPriKey. I The initiator's private key data; PQC_PubKey_Enc represents the key encryption method based on PQC public key encryption. The first parameter Ski represents the shared key generated by this method, and the second parameter represents the responder's post-quantum algorithm encryption public key. The return value of this method is the encrypted ciphertext sent to the responder; PQC_SecKey_Sign represents the PQC private key signing method. The first parameter Ski_b|Ni_b|IDi_b|CERT_enc_i_b represents the data to be signed, and the second parameter SignPriKey I The private key for signing the post-quantum algorithm represents the initiator's key; | represents the binary data connection; Symmetric_Encrypt represents the classical symmetric encryption method, where the first parameter Ni is a random number generated by the initiator, IDi is the initiator's identifier representing the plaintext data, and the second parameter Ski is the shared key generated by the initiator representing the encryption key; CERT_sig_i is the PQC signing certificate, and CERT_enc_i is the PQC encryption certificate.

[0048] Specifically, in the signature operation process, a digest operation needs to be performed on the data to be signed. Therefore, the input data of the post-quantum cryptographic signature algorithm can use the digest operation result of the classical cryptographic signature algorithm, which can reduce the number of digest operations and improve the operation efficiency.

[0049] Upon receiving the above message, the responder first decrypts XCHi using the private key of the classical public-key cryptography algorithm, then decrypts it using the private key of the post-quantum cryptography algorithm to obtain Ski, and then decrypts it using Ski to obtain Ni and IDi. Next, the data signature is verified using the classical public-key cryptography algorithm and the post-quantum signature algorithm. If the verification passes, it proves the correctness of the third message. At this point, the initiator and the responder have obtained the first shared key Ski.

[0050] Specifically, the initiator and responder complete the key exchange and verification in message 3, including the following steps:

[0051] A1. First, the initiator uses the responder's PQC encryption key to pair with the public key EncPubKey. R The shared key Ski generated by the initiator is encapsulated and encrypted using the PQC algorithm to obtain encrypted ciphertext. Then, the initiator uses the responder's classic asymmetric public key pub_r to perform classic asymmetric encryption on the encrypted ciphertext to obtain double-encrypted ciphertext. Finally, the shared key Ski is used to encrypt the random number Ni generated by the initiator and the initiator's identity identifier IDi using the classic symmetric encryption algorithm, along with its own PQC signature certificate CERT_sig_i and encryption certificate CERT_enc_i, to construct the message XCHi.

[0052] A2. The initiator uses its own PQC signing key to pair with the private key SignPriKey. I The same signature data “Ski_b|Ni_b|IDi_b|CERT_enc_i_b” is signed using the PQC algorithm. The initiator uses its own classic asymmetric signature private key priv_i to sign the signature data “Ski_b|Ni_b|IDi_b|CERT_enc_i_b” using the SM2 algorithm, and finally generates the signature value SIGi_b.

[0053] A3. The responder first uses its own private key of classical public-key cryptography to perform classical asymmetric decryption on XCHi, then uses its own private key of post-quantum cryptography to perform PQC decryption to obtain Ski, and then uses Ski to decrypt to obtain Ni and IDi.

[0054] A4. The responder uses the initiator's classical public-key cryptography algorithm and post-quantum signature algorithm to verify SIGi_b. If the verification passes, it proves the correctness of message 3.

[0055] Specifically, the data exchanged by the responders is as follows:

[0056] XCHr=Asymmetric_Encrypt(PQC_PubKey_Enc(Skr, EncPubKey I ),pub_i)|

[0057] Symmetric_Encrypt(Nr,Skr)|Symmetric_Encrypt(IDr,Skr)|;

[0058] SIGi_b=Asymmetric_Sign(Skr_b|Nr_b|IDr_b|CERT_enc_r_b,priv_r)|PQC_SecKey_Sign(Skr_b|Nr_b|IDr_b|CERT_enc_r_b, SignPriKey R ).

[0059] Where Asymmetric_Encrypt represents classic asymmetric encryption algorithm, and the first parameter of this method is PQC_PubKey_Enc(Skr, EncPubKey). I The first parameter, pub_i, represents the object to be encrypted. The second parameter, pub_i, represents the classic public key data of the initiator. Asymmetric_Sign represents the classic asymmetric signature algorithm. The first parameter of this method, (Skr_b|Nr_b|IDr_b|CERT_enc_r_b,priv_r)|PQC_SecKey_Sign(Skr_b|Nr_b|IDr_b|CERT_enc_r_b), represents the data to be signed. Here, Skr_b is a derived value of Skr, Nr_b is a derived value of Nr, IDr_b is a derived value of IDr, and CERT_enc_r_b is a derived value of CERT_enc_r. Skr_b, Nr_b, IDr_b, CERT_enc_r_b, and CERT_enc_r are all in binary form. The second parameter, SignPriKey... R Represents the initiator's private key data; PQC_PubKey_Enc represents the key encryption method based on PQC public key encryption. The first parameter Skr of this method represents the shared key generated by this method, and the second parameter EncPubKey... I The public key for the quantum algorithm represents the initiator's encryption, and the return value of this method is the encrypted ciphertext sent to the initiator; PQC_SecKey_Sign represents the PQC private key signing method, where the first parameter Skr_b|Nr_b|IDr_b|CERT_enc_r_b represents the data to be signed, and the second parameter SignPriKey... R The first parameter represents the responder's post-quantum signature private key; the second parameter represents the binary data connection; `Symmetric_Encrypt` represents the classical symmetric encryption method, where the first parameter `Nr` is a random number generated by the responder, `IDr` is the responder's identifier representing the plaintext data, and the second parameter `Skr` represents the encryption key. Specifically, in the signature operation process, a digest operation is required on the data to be signed. The post-quantum cryptographic signature algorithm can use the digest operation result from the classical cryptographic signature algorithm as input data, which can reduce the number of digest operations and improve computational efficiency.

[0060] Upon receiving the above message, the initiator first decrypts XCHr using the private key of a classical public-key cryptography algorithm, then decrypts it using the private key of a post-quantum cryptography algorithm to obtain Skr, and then decrypts it using Skr to obtain Nr and IDr. Next, the initiator verifies the data signature using both classical public-key cryptography and post-quantum signature algorithms. If the verification passes, it proves the correctness of the fourth message. At this point, the initiator and the responder have obtained the first shared key Ski and the second shared key Skr.

[0061] Specifically, the initiator and responder complete the key exchange and verification in message 4, including the following steps:

[0062] B1. First, the responder uses the initiator's PQC encryption key to pair with the public key EncPubKey. I The shared key Skr generated by the responder is encapsulated and encrypted using the PQC algorithm to obtain encrypted ciphertext. Then, the responder uses the classic asymmetric public key pub_i of the initiator to perform classic asymmetric encryption on the encrypted ciphertext to obtain double-encrypted ciphertext. Finally, the shared key Skr is used to encrypt the random number Nr generated by the responder and the responder's identity IDr using a classic symmetric encryption algorithm to construct the message XCHr.

[0063] B2. The responder uses its own PQC signing key to pair with the private key SignPriKey. R The signature data “Skr_b|Nr_b|IDr_b|CERT_enc_r_b” is signed using the PQC algorithm. The responder uses its own classic asymmetric signature private key priv_r to sign the same signature data “Skr_b|Nr_b|IDr_b|CERT_enc_r_b” using the SM2 algorithm, generating the signature value SIGr_b.

[0064] B3. The initiator uses its own private key of classical public-key cryptography algorithm to perform classical asymmetric decryption on XCHr, then uses its own private key of post-quantum cryptography algorithm to perform PQC decryption to obtain Skr, and then uses Skr to decrypt to obtain Nr and IDr.

[0065] B4. The initiator uses the responder's classical public-key cryptography algorithm and post-quantum signature algorithm to verify SIGr_b. If the verification passes, it proves the correctness of message 4.

[0066] It is important to note that if the other party's certificate is already on the revocation list, the system should send an INVALID_CERTIFICATE notification message. After the exchange of messages 3 and 4 is completed, both parties involved in the communication have generated basic key parameters.

[0067] S6. Messages 5 and 6 shall be executed in accordance with the requirements of the standard specification.

[0068] A post-quantum cryptography-integrated IPSec VPN security gateway system is implemented based on a post-quantum cryptography-integrated IPSec VPN security gateway communication method. It is an upgrade of the existing standard IPSec VPN security gateway, primarily using the PQC algorithm and PQC digital certificates in the first phase of the IKE key negotiation master mode. Figure 2 As shown, the system includes components such as a post-quantum cryptography module, a classical cryptography module, an IKE key negotiation module, an IPSec ESP processing module, and a device management service. The output of the post-quantum cryptography module is connected to the input of the IKE key negotiation module and the device management service, respectively. The output of the IKE key negotiation module is connected to the input of the IPSec ESP processing module. The output of the classical cryptography module is connected to the inputs of the IKE key negotiation module, the IPSec ESP processing module, and the device management service, respectively.

[0069] The post-quantum cryptography module is mainly used to implement post-quantum cryptography algorithms, post-quantum key storage, and usage.

[0070] The classic cryptography module is mainly used for functions such as classic static key management and implementation of classic cryptographic algorithm logic.

[0071] The device management service is a human-computer interaction module used to manage the IPSec VPN security gateway's own parameters, function enablement, and permission roles.

[0072] The IKE key negotiation module is primarily responsible for securely negotiating and establishing a secure association between the communicating parties, including key exchange, authentication, algorithm negotiation, and message protection, ensuring the initial security of the communication.

[0073] The IPSec ESP processing module is responsible for encrypting and authenticating the data actually transmitted, ensuring the confidentiality, integrity, and authenticity of the data during transmission, and guaranteeing the continuous security of communication.

Claims

1. A communication method for an IPSec VPN security gateway integrating post-quantum cryptography technology, characterized in that: Includes the following steps: S1. In the first phase of the IKE key negotiation main mode, a hybrid SM2 and PQC algorithm and a hybrid PQC digital certificate are used to replace the traditional single SM2 algorithm and digital certificate based on the SM2 cryptographic algorithm. In step S1, the PQC algorithm includes a key encapsulation algorithm based on lattice cryptography: ML-KEM, and a digital signature algorithm based on lattice cryptography: ML-DSA; the hybrid PQC digital certificate is a standard X.509 format certificate, and uses a new OID to identify the hybrid algorithm; the public key value is a concatenation of the PQC public key value and the SM2 public key value, with the PQC public key value first and the SM2 public key value second; the signature value is a concatenation of the PQC signature value and the SM2 signature value, with the PQC signature value first and the SM2 signature value second. S2. The initiator and the responder use PQC encryption key pairs and PQC signature key pairs respectively for key exchange and data signing, and at the same time use SM2 encryption key pairs and SM2 signature key pairs for key exchange and data signing. S3. In message 1, the initiator sends a security association payload encapsulated with the proposal payload to the responder. The proposal payload encapsulates a transformation payload, and the SA attribute payload in the transformation payload adds a public key algorithm attribute value that integrates the SM2 and PQC algorithms. In step S3, the public key algorithm attribute value of the SM2 and PQC algorithms is a predefined object identifier (OID) value ASYMMETRIC_SM2_MLKEM_MLDSA. ASYMMETRIC_SM2_MLKEM_MLDSA is used to explicitly declare in the SA attribute payload of IKE key negotiation that the current key negotiation adopts a hybrid algorithm combination based on SM2 and PQC algorithms to replace the traditional single SM2 algorithm. In the scenario of merging PQC and SM2 key negotiation, both the sender and the responder use ASYMMETRIC_SM2_MLKEM_MLDSA. S4. In message 2, the responder sends an SA payload containing a PQC concatenated hybrid signature certificate and an encryption certificate, and the SA payload indicates the SA proposal received from the initiator. S5. In messages 3 and 4, the initiator and the responder complete the key exchange and verification; the initiator and the responder exchange data, including a one-time random number nonce and an identity ID payload, and the exchanged data uses the PQC key in the other party's encryption certificate to encrypt and protect the negotiated temporary key, and uses a classic encryption algorithm to encrypt and protect the encrypted data again, while both parties digitally sign the exchanged data.

2. The IPSec VPN security gateway communication method integrating quantum cryptography technology according to claim 1, characterized in that: In S5, the initiator and responder complete key exchange and verification in message 3, including the following steps: A1. First, the initiator uses the PQC encryption key of the responder to encrypt the public key EncPubKey R The PQC algorithm key encapsulation encryption is performed on the shared key Ski generated by the initiator to obtain the encrypted ciphertext; then, the initiator uses the classical asymmetric public key pub_r of the responder to perform classical asymmetric encryption on the encrypted ciphertext to obtain double-encrypted ciphertext; finally, the random number Ni generated by the initiator and the identity IDi of the initiator are encrypted by using the shared key Ski through the classical symmetric encryption algorithm, and the PQC signature certificate CERT_sig_i and the encryption certificate CERT_enc_i of the initiator are attached, to construct the message XCHi; A2. The initiator uses its own PQC signing key to pair with the private key SignPriKey. I The signature data "Ski_b|Ni_b|IDi_b|CERT_enc_i_b" is signed using the PQC algorithm. The initiator uses its own classic asymmetric signature private key priv_i to sign the same signature data "Ski_b|Ni_b|IDi_b|CERT_enc_i_b" using the SM2 algorithm, finally generating the signature value SIGi_b; where Ski_b is a derived value of Ski, Ni_b is a derived value of Ni, IDi_b is a derived value of IDi, and CERT_enc_i_b is a derived value of CERT_enc_i. A3. The responder first uses its own private key of classical public-key cryptography to perform classical asymmetric decryption on XCHi, then uses its own private key of post-quantum cryptography to perform PQC decryption to obtain Ski, and then uses Ski to decrypt to obtain Ni and IDi. A4. The responder uses the initiator's classical public-key cryptography algorithm and post-quantum signature algorithm to verify SIGi_b. If the verification passes, it proves the correctness of message 3.

3. The IPSec VPN security gateway communication method integrating quantum cryptography technology according to claim 2, characterized in that: In S5, the initiator and responder complete key exchange and verification in message 4, including the following steps: B1. First, the responder uses the initiator's PQC encryption key to pair with the public key EncPubKey. I The shared key Skr generated by the responder is encapsulated and encrypted using the PQC algorithm to obtain encrypted ciphertext. Then, the responder uses the classic asymmetric public key pub_i of the initiator to perform classic asymmetric encryption on the encrypted ciphertext to obtain double-encrypted ciphertext. Finally, the shared key Skr is used to encrypt the random number Nr generated by the responder and the responder's identity IDr using a classic symmetric encryption algorithm to construct the message XCHr. B2. The responder uses its own PQC signing key to pair with the private key SignPriKey. R The signature data "Skr_b|Nr_b|IDr_b|CERT_enc_r_b" is signed using the PQC algorithm. The responder uses its own classic asymmetric signature private key priv_r to sign the same signature data "Skr_b|Nr_b|IDr_b|CERT_enc_r_b" using the SM2 algorithm, ultimately generating the signature value SIGr_b. Here, Skr_b is a derived value of Skr, Nr_b is a derived value of Nr, IDr_b is a derived value of IDr, and CERT_enc_r_b is a derived value of the PQC encryption certificate CERT_enc_r. B3. The initiator uses its own private key of classical public-key cryptography algorithm to perform classical asymmetric decryption on XCHr, then uses its own private key of post-quantum cryptography algorithm to perform PQC decryption to obtain Skr, and then uses Skr to decrypt to obtain Nr and IDr. B4. The initiator uses the responder's classical public-key cryptography algorithm and post-quantum signature algorithm to verify SIGr_b. If the verification passes, it proves the correctness of message 4.