Based on the private key protection method of unsymmetrical key systemTechnical field
The present invention relates to a kind of private key protection method based on unsymmetrical key system, for the secret key encryption of the electronic signature such as Mobile banking, mobile phone A PP digital certificate, authentication field.
Background technology
Similar comparable technologies is there is no at present in pure soft solution.
Conventional method is single CPU computing, and namely private key does in client and independently submits to authentication after cryptographic calculation and use public-key and do deciphering sign test.
U shield with the immediate prior art of the technical program, analyze from safety perspective with reference to hardware U shield, hardware U shield adopts independently CPU and memory headroom to be encrypted computing, and object is that preventing hacker's wooden horse from following the tracks of internal memory process steals private key or forge a signature.
Summary of the invention
In order to steal private key in preventing hacker's wooden horse from following the tracks of internal memory process or forge a signature, the invention provides a kind of private key protection method based on unsymmetrical key system.
Technical scheme of the present invention is:
Based on the private key protection method of unsymmetrical key system, adopt distributed arithmetic when creating double secret key and/or encrypted signature.
PKI is split into different PKI fragments, when carrying out described distributed arithmetic, complete the computations of different levels respectively at proxy server end CPU and user terminal CPU.
When distributed arithmetic, only carry out distributed arithmetic to PKI, and do not carry out distributed arithmetic to private key, private key is constant, makes the private key of user side and the PKI of proxy server end end form asymmetric relation.
The method of distributed arithmetic is adopted specifically to comprise the following steps when creating double secret key:
S1, in proxy server end end stochastic generation two prime Pa1and Pa2, Pa1and Pa2be multiplied and obtain PKI Pa;
S2, at user terminal assignment E=Pa, and at user terminal stochastic generation two prime P and Q, calculate mould N=PQ;
S3, user terminal calculate R=(P-1) (Q-1);
S4, destruction P and Q;
S5, compare E and R at user terminal, as E>R, carry out, except remaining computing, until during E<R, judging whether E is less than RSA_F4 (65537) to E, if so, then repetition step s1, otherwise carry out next step;
S6, calculate E about the mould antielement d of R at user terminala;
S7, destruction R and E;
S8, user terminal generate random number R, R ∈ [1, N-1];
S9, calculate C=M^d at user terminala(mod N);
S10, on proxy server end, calculate C'=C^Pa1(mod N);
S11, on proxy server end, compare C'==C, if so, then repeat step s1, otherwise carry out next step;
S12, on proxy server end, calculate R'=C^Pb(mod N);
S13, on proxy server end, compare R'==R, if so, then repeat step s1, otherwise complete calculating.
Private key produces at user terminal, and after being encrypted calculating to private key, destroying the parameters of formula that encrypted private key calculates, make private key not leave user terminal.
The method of described encrypted signature, comprise PKI partition and sign test, PKI is divided and splits out a PKI fragment, and be pushed to credible sign test end in this, as shadow PKI through encryption, by the CPU of proxy server end CPU and credible sign test end, distributed arithmetic is carried out to PKI.
The method of distributed arithmetic is adopted specifically to comprise the following steps during encrypted signature:
K1, on proxy server end, calculate C'=C^Pa1(mod N);
K2, calculate H'=C'^P at credible sign test enda2(mod N);
K3, to fill at credible sign test end and obtain H=unPad (H');
K4, compare H==hash (M') at credible sign test end, if so, then sign test is passed through, otherwise sign test is not passed through.
Invention increases concept and the logic of shadow PKI, must participate in distributed arithmetic via shadow PKI, encrypted private key or signature ciphertext are just by PKI sign test.Avoid the invader such as cryptographic calculation and hacker's wooden horse to work in same CPU and memory environment, avoid because private key is revealed and the problem of stolen signature.
User side private key stores the method still adopting discrete storage redundancy computing; But not simply preserve private key with document form.This greatly enhances the difficulty that private key is stolen.In addition this new method of declaring, even if guarantee just in case private key has been stolen and also cannot have forged/falsely use signature.And in process of the invention process, without the need to change original non-pile key code system and become original PKI certificate framework.
Accompanying drawing explanation
Fig. 1 is PKI partition relation schematic diagram;
Fig. 2 is that PKI fractionation-double secret key generates schematic diagram;
Fig. 3 is PKI fractionation-sign test schematic diagram.
In figure:
A: the user using key cryptosystem altogether, i.e. user terminal;
B: the service provider that associating sign test is provided, i.e. agency service end;
C: credible sign test end, such as bank---" C " implication is herein different from the implication of " C ", " C' " in formula calculation process; Wherein the C of formula calculation process is ciphertext.
Embodiment
Below in conjunction with accompanying drawing, technical scheme of the present invention is specifically addressed; it is to be noted; technical scheme of the present invention is not limited to the execution mode described in embodiment; the content of those skilled in the art's reference and reference technical solution of the present invention; the improvement that basis of the present invention is carried out and design, should belong to protection scope of the present invention.
As shown in Figure 1, the private key protection method based on unsymmetrical key system of the present invention:
Theory deduction, wherein, M is that expressly N is public modulus, Pafor the PKI of user A, dafor the private key of user A, Pa1and Pa2for the PKI fragment of user A, C is by private key dathe ciphertext generated, C' refers to the superencipher literary composition of proxy server end end B to ciphertext C.
Asymmetric relation can be expressed as: M^ (da× Pa) ≡ M (mod N)
Because: Pa=Pa1× Pa2
So: M^ (da× Pa1× Pa2) ≡ M (mod N)
M^((dA×PA1)×PA2)≡M(mod N)
That is: Pa2with (da× Pa1) form about the asymmetric relation of N
Formula calculates
To plaintext M, use dado encrypted private key:
C=M^dA(mod N)
To ciphertext C, use Pa1do public key encryption:
C’=C^PA1(mod N)
That is: C '=(M^da(mod N)) ^Pa1(mod N)
=(M^(dA×PA1))(mod N)
To ciphertext C ', use Pa2do public key decryptions:
C’^PA2(mod N)
=(C^PA1(mod N))^PA2(mod N)
=C^(PA1×PA2)(mod N)
=C^PA(mod N)
=M
M ': message to be verified.
As shown in Figure 2, the method for distributed arithmetic is adopted specifically to comprise the following steps when creating double secret key:
S1, on proxy server end stochastic generation two prime Pa1and Pa2be multiplied and obtain PKI Pa;
S2, at user side assignment E=Pa, and at user terminal stochastic generation two prime P and Q, calculate mould N=PQ;
S3, user side calculate R=(P-1) (Q-1);
S4, destruction P and Q;
S5, compare E and R at user side, as E>R, carry out, except remaining computing, until during E<R, judging whether E is less than RSA_F4 (65537) to E, if so, then repetition step s1, otherwise carry out next step;
S6, calculate E about the mould antielement d of R at user terminala;
S7, destruction R and E;
S8, user side generate random number R, R ∈ [1, N-1];
S9, calculate C=M^d at user sidea(mod N);
S10, on proxy server end, calculate C'=C^Pa1(mod N);
S11, on proxy server end, compare C'==C, if so, then repeat step s1, otherwise carry out next step;
S12, on proxy server end, calculate R'=C^Pa2(mod N);
S13, on proxy server end, compare R'==R, if so, then repeat step s1, otherwise complete calculating.
As shown in Figure 3, the method for distributed arithmetic is adopted specifically to comprise the following steps during encrypted signature:
K1, on proxy server end, calculate C'=C^Pa1(mod N);
K2, calculate H'=C'^P at credible sign test enda2(mod N);
K3, to fill at credible sign test end and obtain H=unPad (H');
K4, compare H==hash (M') at credible sign test end, if so, then sign test is passed through, otherwise sign test is not passed through.