69 results about "Elliptic curve cryptographic" patented technology

A method and an apparatus capable of realizing at a high speed an elliptic curve cryptography in a finite field of characteristic 2, in which the elliptic curve is given by y²+xy=x³+ax²+b (b≠0) and an elliptic curve cryptography method which can protect private key information against leaking from deviation information of processing time to thereby defend a cipher text against a timing attack and a differential power analysis attack are provided. To this end, an arithmetic process for executing scalar multiplication arithmetic d(x, y) a constant number of times per bit of the private key d is adopted. Further, for the scalar multiplication d(x, y), a random number k is generated upon transformation of the affine coordinates (x, y) to the projective coordinates for thereby effectuating the transformation (x, y)→[kx, ky, k] or alternatively (x, y)→[k²x, k³y, k]. Thus, object for the arithmetic is varied by the random number (k).

A reduction operation is utilized in an arithmetic operation on two binary polynomials X(t) and Y(t) over GF(2), where an irreducible polynomial Mm(t)=t<m>+am-1t<m-1>+am-2t<m-2>+ . . . +a1t+a0, where the coefficients as are equal to either 1 or 0, and m is a field degree. The reduction operation includes partially reducing a result of the arithmetic operation on the two binary polynomials to produce a congruent polynomial of degree less than a chosen integer n, with m<=n. The partial reduction includes using a polynomial M'=(Mm(t)-t<m>)*t<n-m>, or a polynomial M''=Mm(t)*t<n-m >as part of reducing the result to the degree less than n and greater than or equal to m. The integer n can be the data path width of an arithmetic unit performing the arithmetic operation, a multiple of a digit size of a multiplier performing the arithmetic operation, a word size of a storage location, such as a register, or a maximum operand size of a functional unit in which the arithmetic operation is performed.

A prime number generation unit 110 generates an integer r having a form suitable for fast elliptic curve pairing computation, by using a processing device (S302 to S303). The prime number generation unit 110 judges whether the integer r is a prime number or not, by using the processing device (S304). When the integer r is a prime number, the prime number generation unit 110 judges whether the prime number r is a group order capable of easily changing the level of security or not, by using the processing device (S305). Thereby, it is possible to generate an elliptic curve parameter which is settable to an elliptic curve cryptographic processor that performs elliptic curve pairing computation using an algorithm capable of performing fast computation even by using a processing device with low computational capacity and which is capable of easily changing the level of security.

A method of generating a cryptographic key in an authenticated manner using coefficient splitting. Select a prime number p and an elliptic curve of either a first class or a second class. Select a point P. The first user generates r_a, w_a, and R_a=r_aP and W_a=w_aP via coefficient splitting. The second user generates r_b, w_b, and R_b=r_bP and W_b=w_bP via coefficient splitting. After the users have exchanged the points R_a, W_a, R_b, W_b, the first user generates c_a, g_a, and c_aW_b, and g_aR_b via coefficient splitting, and the second user generates c_b, g_b, and c_bW_a and g_bR_a via coefficient splitting. Each user then sums the corresponding results to form K and derives the cryptographic key from K in the same user-definable manner. An unauthenticated key exchange method is also presented.

Elliptic Curve Cryptography (ECC) can provide security against quantum computers that could feasibly determine private keys from public keys. A server communicating with a device can store and use PKI keys comprising server private key ss, device public key Sd, and device ephemeral public key Ed. The device can store and use the corresponding PKI keys, such as server public key Ss. The key use can support all of (i) mutual authentication, (ii) forward secrecy, and (iii) shared secret key exchange. The server and the device can conduct an ECDHE key exchange with the PKI keys to mutually derive a symmetric ciphering key K1. The device can encrypt a device public key PK.Device with K1 and send to the server as a first ciphertext. The server can encrypt a server public key PK.Network with at least K1 and send to the device as a second ciphertext.

The invention discloses an implementation method of a certificateless public key cryptosystem based on an elliptic curve, which is used for solving the problems of system establishment, user key generation and use under the certificateless cryptosystem. In the present invention, the key generation center determines system parameters and publishes them. Then, the user submits an application to thekey generation center based on the randomly selected secret value, and the key generation center randomly generates a user partial private key based on the system master private key and the application information and returns the user partial private key, and finally the user calculates the actual private key and the partial public key based on the partial private key. In use, other users first get the actual public key based on the user identity and partial public key restoration, and then calculate according to the standard cryptographic algorithm. The invention effectively avoids the use problem of the certificate, can realize the binding of the user identification and the public key, and ensures that only the user can know the private key. The invention has the characteristics of highcomputational efficiency, strong security and the like, and can be applied to various standard elliptic curve cryptographic algorithms without changing the algorithm logic.

The invention discloses a 5G vehicle networking fast message authentication method based on a reputation system, which comprises the steps of TA initialization, vehicle registration, user login, vehicle publishing traffic information, message authentication, reputation management, updating of pseudonym and trustworthiness certification and the like. The invention uses a reputation system to improve the reliability of messages, because vehicles with reputations below the threshold cannot obtain from the TA the trustworthy proof required to participate in the communication, the 5G vehicle networking communication model in the invention is no longer limited to the mandatory assumption that the roadside base station is completely trusted or has been fully deployed, only the 5G base station isneeded to assist in transmitting the message in the vehicle networking, in addition, the signature part in the invention adopts the operation based on the elliptic curve cryptography and supports thebatch authentication of the message, so the calculation is low in transmission cost and the overall message authentication efficiency is higher.

The invention relates to a remote protocol authentication method based on passwords. The method is characterized in that the method is achieved on the basis of the elliptic curve cryptographic algorithm, and the method includes the following steps that 1, in a system initialization sub-protocol, a user and a server negotiate elliptic curve cryptosystem parameters which need to be used in subsequent authentication; 2, a new user UA performs registration through a user registration sub-protocol and selects an identity label and a user password PWA; 3, when the user UA wants to login a system to perform session key negotiation, firstly the user UA inputs the identity label IDA and the user password PWA, then double-way authentication is conducted between the user UA and the server and secret keys used in subsequent communication are negotiated through identity authentication and a key negotiation sub-protocol.

The invention discloses a side channel attack resistant SM2 dot product architecture based on an algorithm layer and an operation method thereof, and the scalar value of each dot product operation israndomized by randomizing an NAF window value, so that base point coordinates participated in each calculation are different to resist differential power consumption analysis attacks; through introducing a random shift register, redundant operation is added in a point addition and multiple point iteration process; therefore, the relation between the point doubling point operation times and the secret key is eliminated, simple power consumption analysis SPA, differential power consumption analysis DPA, high-order differential power consumption attack HO _ DPA and template attack are resisted, and pseudo operation operation is introduced into point doubling and point doubling, so that the purpose of balancing power consumption is achieved. According to the method, the problem that an existing SM2 point multiplication algorithm cannot effectively defend against various side channel attacks is solved, higher safety is achieved, other cryptographic operations under an elliptic curve cryptographic system are considered, and the resource utilization rate is increased.

The invention designs a high-performance superscalar elliptic curve cryptographic processor chip shown as in the figure and relates to the technical fields of information security, encryption and decryption and chips. The chip designed by the invnetion adopts the modern processor superscalar technology,fully utilizes an instruction set to double the operational performance; a high-speed finite field multiplier greatly improves the computational efficiency, and properly solves the performance bottleneck of an elliptic curve cryptographic processor; the instruction set including the finite field arithmetic operation supported by the processor not only ensures that an elliptical curve cryptographic algorithm is more convenient to realize, but also makes necessary preparation for the future standardization; and the chip has a wide application prospect in the fields requiring information security, such as finance, communication and national defense.

The invention provides a data security authentication method between a cloud and an edge node, and the method provides a bidirectional identity authentication protocol between the edge node and the cloud, can guarantee the authenticity and effectiveness of the identities of the cloud and the edge node, prevents malicious attacks from permeating into a core network, and greatly guarantees the industrial Internet security. According to the method, an elliptic curve cryptographic algorithm is introduced to encrypt key data in an authentication process; the algorithm key size, the system parameters and the storage space are relatively small; operation speed is high, the highest safety intensity per bit is realized; the method is suitable for an authentication environment of edge computing nodes with limited computing resources and storage resources. According to the method, the data plaintext transmission leakage risk is avoided, the replay attack is avoided through the timestamp, the hashiterative operation of the one-time password authentication protocol is simplified, compared with the original authentication protocol, the security is higher, the operation efficiency is also improved, and the authentication security requirement can be met under the environment that the edge node resources are limited.

The invention discloses a transmission method, a system and a WAPI terminal for instant messages; wherein the method comprises: after a first WAPI terminal and a second WAPI terminal are accessed to an IMS core network, the first WAPI terminal carries out Hash operation to the sent instant message to get a first operation result; the first WAPI terminal uses a private key and elliptic curve cryptographic algorithm to encrypt the first operation result to obtain a second operation result; the first WAPI terminal sends the unencrypted instant messages and the second operation result to the second WAPI terminal. The adoption of the invention can provide an anti-tamper, non-repudiation and safe instant message communication mechanism.

The invention relates to a cryptographic system and a digital signature method. The cryptographic system comprises a key service system and a cryptographic component. The key service system has a master key sm adopting bilinear mapping cryptography. The cryptographic component has the master keys sU, PU1, PU2 and PUpub= [sU] PU2 adopting bilinear mapping cryptographic operation, where PU1 and PU2are the generators of bilinear mapping groups GU1 and GU2 of the cryptographic component, respectively. The key service system digitally signs the data including the user's identity information U, PUpub and key restriction information of the cryptographic component by using the master key sm to generate the authentication data CU of the PUpub. The cryptographic component uses the key sU to digitally sign the data by using the identification cryptographic algorithm or the elliptic curve cryptographic algorithm, and the signed data contains the CU. After verifying the validity of the CU, the signature verifier verifies the digital signature of the data by using PU1, PU2 and PUpub.

The invention provides an elliptic curve cryptographic coprocessor, comprising an arithmetic controller, an arithmetic device, a parameter register and a RAM (Random-Access Memory), wherein the arithmetic controller is respectively in electrical connection with the arithmetic device, the parameter register and the RAM, and is used for elliptic curve point multiplication and generating a control signal for the arithmetic device to finish modular addition and modular multiplication on a base field; the arithmetic device is respectively in electrical connection with the parameter register and the RAM, and is used for modular addition and modular multiplication on the base field; the parameter register is used for storing parameters of an elliptic curve equation and pre-computing the parameters; and the RAM is used for receiving the data transmitted from the outside and storing the computation result, and exchanging data with the outside. The elliptic curve cryptographic coprocessor has simple interface manners; the computation speed is increased greatly by means of a state machine; the elliptic curve point multiplication process is optimized, intermediate variables are reduced, and consequently, the number of registers is reduced; and a modular addition and modular multiplication circuit on the base field is reused to the greatest extent, so that the circuit area is reduced.

The invention discloses a privacy protection method and device based on a blockchain smart contract. The method comprises the steps that a privacy module converts asset exchange content according to apublic and private key pair based on elliptic curve cryptography and pre-generated by a sender and a public and private key pair based on elliptic curve cryptography and pre-generated by a receiver;the sender signs the asset exchange content by using the input voucher key, and triggers an intelligent contract by using the encrypted asset exchange content; the smart contract verifies the legalityof the asset exchange content through the privacy module, and updates the account information of the sender and the receiver; and the receiver decrypts and confirms that the received assets are correct through the privacy module. By adopting the scheme, the identity information and the asset exchange content information can be completely hidden, the asset transfer process does not need interaction between two parties, and the certification and verification processes are quick and can be completed within milliseconds.

A method in a digital signature system includes providing a public key of a first party to a second party for later verification of a digital signature. The method includes: identifying domain parameters of an elliptic curve, including a generating point; transforming the generating point into a second generating point as a deterministic function of shared knowledge; and generating the public key as a deterministic function of a private key and the domain parameters, in which the second generating point is substituted for the identified generating point. The public key and private key constitute a public-private key pair of elliptic curve cryptography. A digital signature is generated as a function of the private key and the domain parameters, in which the second generating point again is substituted for the initial generating point identified. The shared knowledge is known to and shared between the first party and the second party.

The invention aims to design an elliptic curve encryption-based unmanned aerial vehicle and base station communication identity authentication method, which comprises the following steps that: in an initialization stage of a system, a trusted center generates system parameters and broadcasts the system parameters to an unmanned aerial vehicle network; each unmanned aerial vehicle in the unmanned aerial vehicle group is authenticated and registered by the trusted center; the pavement base station and the unmanned aerial vehicle initiate an authentication request; and after successful authentication, the pavement base station sends an instruction packet to the unmanned aerial vehicle, and the unmanned aerial vehicle receives the instruction and executes an instruction task. The authentication method is mainly based on the elliptic curve cryptography theory, and based on the elliptic curve discrete logarithm problem (ECDLP), it is guaranteed that communication data are difficult to crack;the flow of identity authentication between the unmanned aerial vehicle and the pavement base station effectively protects the communication security of the pavement base station and the unmanned aerial vehicle, ensures the identity privacy of the pavement base station and the unmanned aerial vehicle, can effectively prevent replay attacks and man-in-the-middle attacks, prevents the unmanned aerial vehicle from executing malicious tasks due to malicious attacks, and ensures the communication security of the unmanned aerial vehicle.

The invention relates to an equivalent query method for lightweight privacy protection, which comprises four roles, namely a key center, IoT equipment, an edge server and an authorized user. The secret key center executes initialization operation, public parameters are disclosed, and a main secret key is stored by the secret key center; the secret key center executes a secret key generation operation, generates a secret key and distributes the secret key to other roles; the IoT equipment encrypts own data and then outsources the encrypted data to the edge server; the edge server re-encrypts the data and then stores the data; the authorized user sends a query request to the edge server; the edge server returns a query result in response to the query request; and finally, the authorized userdecrypts the query result returned by the server to obtain plaintext data. According to the method, proxy re-encryption is realized based on elliptic curve cryptography, and an efficient and safe query scheme in edge computing is effectively constructed. Compared with the prior art, the privacy of outsourcing data can be guaranteed, meanwhile, the calculation expenditure in the encryption and decryption process is reduced, and the method is more suitable for edge equipment with weak calculation and storage capacity.

The invention provides a lightweight searchable encryption method and device based on an elliptic curve. The method comprises the following steps: a system initialization step; a user public and private key pair generation step; an encryption step based on keyword search; encrypting the original data file by using a universal public key encryption technology; a search trap door generating step; and a cloud server search testing step. According to the keyword guessing attack resistant lightweight searchable encryption method, an elliptic curve cryptographic algorithm is utilized, and the requirements on calculation and storage expenditure are relatively low, so that the keyword guessing attack resistant lightweight searchable encryption method has a lightweight characteristic, can be widelyapplied to various mobile intelligent terminal platforms with limited hardware resources, and has a keyword guessing resistance characteristic; therefore, the server cannot guess the keywords queriedby the user, and the information security of the cloud data is effectively guaranteed.

The invention discloses a cooperative spectrum sensing location privacy protection method based on a blockchain, which utilizes the anonymity of the blockchain to enable a secondary user to anonymously upload a sensing report to the blockchain, avoids the relevance between the sensing report and the secondary user, prevents a fusion center from associating the sensing report with the secondary user during decryption, and protects the security of the sensing report in the fusion process. The secondary user encrypts and signs the sensing report by using the elliptic curve cryptography technology, so that the sensing report is prevented from being stolen and tampered in the transmission process, and the confidentiality and integrity of the sensing report in the transmission process are ensured. According to the method, the sensing report is prevented from being replayed in the transmission process by using the timestamp, and the timeliness of the sensing report in the transmission process is ensured. According to the method, the automatic verification characteristic of a smart contract is utilized, and the smart contract, instead of the fusion center, automatically verifies the digital signature of the sensing report, so that the calculation overhead of the fusion center is reduced.