CN109068322B - Decryption method, system, mobile terminal, server and storage medium - Google Patents

Abstract

The present disclosure relates to a decryption method, system, mobile terminal, server and storage medium, the method comprising: the mobile terminal acquires a first decryption parameter according to the message ciphertext, calculates a temporary private key ciphertext by using the generated random number and a preset user private key ciphertext and sends the temporary private key ciphertext and the first decryption parameter to the server; the server calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key and sends the second decryption parameter to the mobile terminal; and the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number. By the technical scheme, the mobile terminal and the server can decrypt the message ciphertext under the condition that the user private key ciphertext is not decrypted, the user private key cannot appear in any party in a plaintext form, and the safety of the user private key can be further ensured. Secondly, the single party can not decrypt the message ciphertext, and the privacy of a message encryption system is guaranteed.

Description

Decryption method, system, mobile terminal, server and storage medium

Technical Field

The present disclosure relates to the field of communications technologies, and in particular, to a decryption method, a decryption system, a mobile terminal, a server, and a storage medium.

Background

With the development of intelligent terminal technology, mobile internet technology and cloud computing technology, more and more internet applications are beginning to migrate to mobile terminals, such as payment treasures, WeChat, internet banking and the like for the mobile terminals, so that users can use the mobile terminals to pay, shop, send network messages and the like at any time and any place in the moving process. In these internet applications, user authentication is particularly important, and reliable user identification is usually implemented by using a digital certificate based on a user private key, which requires that the mobile terminal stores a user private key for user authentication. In order to ensure the security of the user private key, the server generally encrypts the user private key and sends the encrypted user private key ciphertext to the mobile terminal for storage.

In internet applications, for some sensitive messages related to user privacy and the like, encryption processing is required before transmission, and decryption processing is performed after a receiving party receives the messages. In the message decryption method in the prior art, the receiving party usually needs to decrypt the user private key ciphertext to restore the user private key, and then uses the user private key to decrypt the message ciphertext to be decrypted. However, in this decryption process, the user's private key, which appears in clear text, is easily copied and spoofed.

Disclosure of Invention

In order to overcome the problems in the prior art, the present disclosure provides a decryption method, a decryption system, a mobile terminal, a server, and a storage medium.

In order to achieve the above object, the present disclosure provides a decryption method comprising:

the mobile terminal acquires a first decryption parameter according to a message ciphertext to be decrypted, generates a random number and calculates a temporary private key ciphertext by using the random number and a preset user private key ciphertext;

the mobile terminal sends the temporary private key ciphertext and the first decryption parameter to a server;

the server calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key, and sends the second decryption parameter to the mobile terminal;

and the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext.

Optionally, the calculating, by the server, a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter, and a preset server private key includes:

the server decrypts the temporary private key ciphertext by using the server private key to obtain a temporary private key;

and the server calculates the second decryption parameter according to the temporary private key and the first decryption parameter.

Optionally, the decrypting, by the mobile terminal, the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext, including:

the mobile terminal acquires a first check code according to the message ciphertext;

the mobile terminal calculates the message plaintext and a second check code according to the second decryption parameter and the random number based on an SM2 cryptographic algorithm;

and the mobile terminal compares the consistency of the first check code and the second check code, and if the first check code is consistent with the second check code, the mobile terminal determines that the message ciphertext is successfully decrypted.

Optionally, the calculating, by the mobile terminal, a temporary private key ciphertext using the random number and a preset user private key ciphertext includes:

the mobile terminal calculates the temporary private key ciphertext according to the following formula:

h_l＝(h^v)modN²

wherein h is_lThe temporary private key ciphertext is obtained; h is the user private key ciphertext; v is the random number, v is the [1, n-1 ]]N is the order of the SM2 cryptographic algorithm; ModN²Is a die N²The operation, N ═ pq, p and q are two large prime numbers generated randomly.

Optionally, the calculating, by the server, a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter, and a preset server private key includes:

the server calculates the temporary private key according to the following formula:

the server calculates the second decryption parameter according to the following formula, including:

the server calculates the second decryption parameter according to the following formula:

C'₁＝[l]C₁

wherein, C'₁Is said secondDecrypting the parameters; l is the temporary private key; c₁Is the first decryption parameter; h is_lThe temporary private key ciphertext is obtained; ModN²Is a die N²Calculating, wherein N is pq, and p and q are two large prime numbers generated randomly; mod N is a modulo N operation; (λ, μ) is the server private key; mod n is a modulo n operation, and n is the order of the SM2 cryptographic algorithm.

Optionally, the user private key ciphertext is obtained by encrypting the generated user private key according to the following formula:

z＝d

h＝(g^z·r^N)modN²,r∈[1,N-1]

wherein z is a transformed private key obtained by transforming the user private key; d is the user private key; h is the user private key ciphertext; (N, g) is a server public key;

the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext, and the method includes:

the mobile terminal acquires a first check code according to the message ciphertext;

the mobile terminal calculates the message plaintext and the second check code according to the following formula:

(x₂,y₂)＝[v^-1modn]C'₁

t＝KDF(x₂||y₂,klen)

M'＝C₃⊕t

u＝Hash(x₂||M'||y₂)

wherein M' is the message plaintext; u is the second check code; c₃The message is a ciphertext in the message ciphertext; klen is C₃The bit length of (d); hash () is a Hash function in the SM2 cryptographic algorithm; KDF () is a key derivation function in the SM2 cryptographic algorithm; c'₁The second decryption parameter; v is the random number;

and the mobile terminal compares the consistency of the first check code and the second check code, and if the first check code is consistent with the second check code, the mobile terminal determines that the message ciphertext is successfully decrypted.

Optionally, the user private key ciphertext is obtained by encrypting the generated user private key according to the following formula:

z＝(1+d)modn

h＝(g^z·r^N)modN²,r∈[1,N-1]

wherein z is a transformed private key obtained by transforming the user private key; d is the user private key; h is the user private key ciphertext; (N, g) is a server public key;

the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext, and the method includes:

the mobile terminal acquires a first check code according to the message ciphertext;

the mobile terminal calculates the message plaintext and the second check code according to the following formula:

(x₂,y₂)＝[v^-1modn]C'₁-C₁

t＝KDF(x₂||y₂,klen)

M'＝C₃⊕t

u＝Hash(x₂||M'||y₂)

wherein M' is the message plaintext; u is the second check code; c₃The message is a ciphertext in the message ciphertext; klen is C₃The bit length of (d); hash () is a Hash function in the SM2 cryptographic algorithm; KDF () is a key derivation function in the SM2 cryptographic algorithm; v is the random number;

and the mobile terminal compares the consistency of the first check code and the second check code, and if the first check code is consistent with the second check code, the mobile terminal determines that the message ciphertext is successfully decrypted.

Optionally, the user private key ciphertext is obtained by encrypting the generated user private key according to the following formula:

z＝(1+d)^-1modn

h＝(g^z·r^N)modN²,r∈[1,N-1]

wherein z is a transformed private key obtained by transforming the user private key; d is the user private key; h is the user private key ciphertext; (N, g) is a server public key; ModN²Is a die N²Calculating, wherein N is pq, and p and q are two large prime numbers generated randomly; mod n is the modulo n operation, n is the order of the SM2 cryptographic algorithm;

the server calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key, and comprises the following steps:

the server calculates the temporary private key according to the following formula:

the server calculates the second decryption parameter according to the following formula:

C'₁＝[l^-1]C₁

wherein, C'₁The second decryption parameter; l is the temporary private key; c₁Is the first decryption parameter; h is_lThe temporary private key ciphertext is obtained; (λ, μ) is the server private key; mod N is a modulo N operation.

Optionally, the decrypting, by the mobile terminal, the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext, including:

the mobile terminal acquires a first check code according to the message ciphertext;

the mobile terminal calculates the message plaintext and the second check code according to the following formula:

(x₂,y₂)＝[v]C'₁-C₁

t＝KDF(x₂||y₂,klen)

u＝Hash(x₂||M'||y₂)

wherein M' is the message plaintext; u is the second check code; c₃The message is a ciphertext in the message ciphertext; klen is C₃The bit length of (d); hash () is a Hash function in the SM2 cryptographic algorithm; KDF () is a key derivation function in the SM2 cryptographic algorithm; v is the random number;

and the mobile terminal compares the consistency of the first check code and the second check code, and if the first check code is consistent with the second check code, the mobile terminal determines that the message ciphertext is successfully decrypted.

Optionally, the method further includes a user private key encryption method, where the user private key encryption method includes:

the server generates a server public key and a server private key based on a Paillier algorithm;

the server generates a user public key and a user private key based on an SM2 cryptographic algorithm;

the server transforms the user private key to obtain a transformed private key, and encrypts the transformed private key by using the server public key to obtain a user private key ciphertext;

and the server sends the user private key ciphertext and the user public key to the mobile terminal.

Optionally, the server generates a server public key and the server private key based on a Paillier algorithm, including:

the server generates the server public key (N, g) according to the following formula:

N＝pq

g＝N+1

the server generates the server private key (λ, μ) according to the following formula:

λ＝lcm(p-1,q-1)

μ＝(L(g^λmodN²))^-1modN, wherein,

wherein (N, g) is the server public key; (λ, μ) is the server private key; p and q are two large prime numbers generated randomly; lcm () is the least common multiple calculation function; mod N is a modulo N operation.

The present disclosure also provides a decryption system comprising a mobile terminal and a server, wherein,

the mobile terminal is used for acquiring a first decryption parameter according to a message ciphertext to be decrypted, generating a random number, calculating a temporary private key ciphertext by using the random number and a preset user private key ciphertext, and sending the temporary private key ciphertext and the first decryption parameter to a server;

the server is used for calculating a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key and sending the second decryption parameter to the mobile terminal;

and the mobile terminal is further used for decrypting the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext.

Optionally, the server is configured to:

and decrypting the temporary private key ciphertext by using the server private key to obtain a temporary private key, and calculating the second decryption parameter according to the temporary private key and the first decryption parameter.

Optionally, the mobile terminal is configured to:

acquiring a first check code according to the message ciphertext;

calculating a message plaintext and a second check code according to the second decryption parameter and the random number based on an SM2 cryptographic algorithm;

and comparing the consistency of the first check code and the second check code, and if the first check code is consistent with the second check code, determining that the message ciphertext is successfully decrypted.

Optionally, the server is further configured to:

generating a server public key and the server private key based on a Paillier algorithm;

generating a user public key and a user private key based on an SM2 cryptographic algorithm;

transforming the user private key to obtain a transformed private key, and encrypting the transformed private key by using the server public key to obtain a user private key ciphertext;

and sending the user private key ciphertext and the user public key to the mobile terminal.

The present disclosure also provides a decryption method applied to a mobile terminal, the method including the steps performed by the mobile terminal in the decryption method provided by the present disclosure.

The present disclosure also provides a decryption method applied to a server, the method including the steps performed by the server in the decryption method provided by the present disclosure.

The present disclosure also provides a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps performed by the mobile terminal in the decryption method provided by the present disclosure.

The present disclosure also provides a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps performed by the server in the decryption method provided by the present disclosure.

The present disclosure also provides a mobile terminal configured to decrypt to a mobile terminal in a system as provided by the present disclosure.

The present disclosure also provides a server configured to decrypt into a server in a system as provided by the present disclosure.

By adopting the technical scheme, the following technical effects can be at least achieved:

the mobile terminal acquires a first decryption parameter according to the message ciphertext to be decrypted, generates a random number, calculates a temporary private key ciphertext by using the random number and a preset user private key ciphertext and sends the temporary private key ciphertext and the first decryption parameter to the server; the server receives and calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key and sends the second decryption parameter to the mobile terminal; the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number, so that the mobile terminal and the server can decrypt the message ciphertext under the condition of not decrypting the user private key ciphertext, the user private key is ensured not to appear in any party in a plaintext form, the user private key is prevented from being copied and falsely used, and the safety of the user private key can be further ensured. Secondly, the decryption of the message ciphertext requires the cooperation of the mobile terminal and the server, the decryption of the message ciphertext cannot be completed by any single party, and the decryption result can only be obtained by the mobile terminal, so that the privacy of a message encryption system is guaranteed.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Additional features and advantages of the disclosure will be set forth in the detailed description which follows.

Drawings

The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:

fig. 1 is a flow chart illustrating a decryption method according to an exemplary embodiment of the present disclosure;

FIG. 2 is a flow chart illustrating a method of decryption according to another exemplary embodiment of the present disclosure;

FIG. 3 is a flow chart illustrating a method for encrypting a user's private key according to an exemplary embodiment of the present disclosure;

fig. 4 is a block diagram illustrating a decryption system according to an exemplary embodiment of the present disclosure.

Detailed Description

The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.

In the present disclosure, the terms "first," "second," and the like in the description and claims of the present disclosure and in the drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.

Fig. 1 is a flowchart illustrating a decryption method according to an exemplary embodiment of the present disclosure, as shown in fig. 1, the method including the steps of:

in step S11, the mobile terminal obtains the first decryption parameter according to the message ciphertext to be decrypted, generates a random number, and calculates a temporary private key ciphertext using the random number and a preset user private key ciphertext.

In the embodiment of the disclosure, the user private key ciphertext preset in the mobile terminal is obtained by encrypting the user private key by the server and is sent to the mobile terminal by the server for storage.

In one embodiment, the message ciphertext C to be decrypted may be sent to the mobile terminal after the message encryptor encrypts the message M by using the user public key P of the mobile terminal based on the SM2 cryptographic algorithm, that is, C ═ C₁||C₂||C₃. Wherein, C₁Being a point on the elliptic curve of the SM2 cryptographic algorithm, i.e. C₁＝[k]G＝(x₁,y₁) K is a random number selected by the message encryptor when encrypting the message M, and G ═ x_G,y_G) Is the base point G ═ x of the elliptic curve_G,y_G)；C₂Is a first check code, C₂＝Hash(x₂||M||y₂) Wherein (x)₂,y₂)＝[k]P，(x₂,y₂) The method comprises the steps that point coordinates on an elliptic curve of an SM2 cryptographic algorithm are represented, P is a user public key, Hash () is a Hash function in the SM2 cryptographic algorithm, and | represents splicing of bit strings or character strings; c₃Is a ciphertext, C₃＝M⊕t，t＝KDF(x₂||y₂Klen), where t is a bit string, KDF () is a key derivation function in the SM2 cryptographic algorithm, and klen is the bit length of message M.

Correspondingly, after receiving the message ciphertext C to be decrypted, the mobile terminal can extract the point C on the elliptic curve from the message ciphertext C₁As the first decryption parameter. Then, the mobile terminal can generate a random number v, and a temporary private key ciphertext h is calculated by using the random number v and a preset user private key ciphertext h_lAs shown in equation (1).

h_l＝(h^v)modN² (1)

Wherein h is_lThe temporary private key ciphertext is obtained; h is the user private key ciphertext; v is the random number, v is the [1, n-1 ]]N is the order of the SM2 cryptographic algorithm; ModN²Is a die N²The operation, N ═ pq, p and q are two large prime numbers generated randomly.

In step S12, the mobile terminal transmits the temporary private key ciphertext and the first decryption parameter to the server.

After obtaining the temporary private key ciphertext and the first decryption parameter, the mobile terminal may send the temporary private key ciphertext and the first decryption parameter to the server, and the server may decrypt the message ciphertext by using the temporary private key ciphertext and the first decryption parameter in cooperation with the mobile terminal.

In step S13, the server calculates a second decryption parameter using the temporary private key ciphertext, the first decryption parameter, and a preset server private key.

In the embodiment of the present disclosure, a server private key (λ, μ) is preset in the server. In one embodiment, as shown in FIG. 2, the server may use the server private key (λ, μ) to encrypt the ephemeral private key ciphertext h based on the Paillier algorithm_lDecrypting to obtain a temporary private key l, and decrypting according to the temporary private key l and the first decryption parameter C₁Calculating a second decryption parameter C'₁。

Specifically, the server may calculate the second decryption parameter by using different formulas according to different encryption manners of the user private key.

In the first embodiment, if the user private key ciphertext h is obtained by encrypting the generated user private key d according to formula (2) and formula (4) or encrypting the user private key d according to formula (3) and formula (4), the server may calculate the temporary private key l according to formula (5) and calculate the second decryption parameter C 'according to formula (6)'₁。

z＝d (2)

z＝(1+d)modn (3)

h＝(g^z·r^N)modN²,r∈[1,N-1] (4)

C'₁＝[l]C₁ (6)

In the second embodiment, if the user private key ciphertext h is obtained by encrypting the generated user private key d according to formula (7) and formula (4), the server may calculate the temporary private key l according to formula (5) and calculate the second decryption parameter C 'according to formula (8)'₁。

z＝(1+d)^-1modn (7)

C'₁＝[l^-1]C₁ (8)

Wherein z is a transformed private key obtained by transforming a private key of a user; d is a user private key; h is a user private key ciphertext; c'₁Is a second decryption parameter; l is a temporary private key; c₁Is a first decryption parameter; h is_lIs a temporary private key ciphertext; ModN²Is a die N²Calculating, wherein N is pq, and p and q are two large prime numbers generated randomly; (N, g) is a server public key; (λ, μ) is the server private key; mod n is a modulo n operation, and n is the order of the SM2 cryptographic algorithm.

In step S14, the server transmits the second decryption parameter to the mobile terminal.

In step S15, the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number, so as to obtain a message plaintext.

As shown in FIG. 2, the mobile terminal receives the second decryption parameter C'₁Then, the first check code C can be obtained according to the message ciphertext C₂And ciphertext C₃And according to a second decryption parameter C 'based on the SM2 cryptographic algorithm'₁And the random number v calculates the message plaintext M' and the second check code u. Then, the mobile terminal can use the first check code C₂Comparing with the second check code u for consistency, if the first check code C₂If the first check code u is consistent with the second check code u, it can be determined that the message ciphertext C is successfully decrypted, that is, the calculated message plaintext M' is the same as the message M before the encryption.

Specifically, the mobile terminal may calculate the message plaintext M' and the second verification code u by using different formulas according to different encryption manners of the user private key.

If the user private key ciphertext is obtained by encrypting the generated user private key according to the formula (2) and the formula (4), the mobile terminal may calculate the message plaintext M' and the second verification code u according to the formula (9) to the formula (12) based on the SM2 cryptographic algorithm.

(x₂,y₂)＝[v^-1modn]C'₁ (9)

t＝KDF(x₂||y₂,klen) (10)

u＝Hash(x₂||M'||y₂) (12)

If the user private key ciphertext is obtained by encrypting the generated user private key according to the formulas (3) to (4), the mobile terminal may calculate the message plaintext M' and the second verification code u according to the formula (13) and the formulas (10) to (12), respectively.

(x₂,y₂)＝[v^-1modn]C'₁-C₁ (13)

If the user private key ciphertext is obtained by encrypting the generated user private key according to the formula (7) to the formula (8), the mobile terminal may calculate the message plaintext M' and the second verification code u according to the formula (14) and the formulas (10) to (12), respectively.

(x₂,y₂)＝[v]C'₁-C₁ (14)

Wherein M' is the calculated message plaintext; u is a second check code; (x)₂,y₂) Point coordinates on an elliptic curve of the SM2 cryptographic algorithm; the Hash () is a Hash function in the SM2 cryptographic algorithm; t is a bit string; c₃Is the ciphertext in the message ciphertext; klen is C₃The bit length of (d); KDF () is a key derivation function in the SM2 cryptographic algorithm; v is a random number; c'₁Is a second decryption parameter; mod N is a modulo N operation, N is pq, and p and q areTwo large prime numbers are generated randomly.

According to the decryption method provided by the embodiment of the disclosure, the mobile terminal and the server can decrypt the message ciphertext under the condition of not decrypting the user private key ciphertext, so that the user private key cannot appear in any party in a plaintext form, the user private key is prevented from being copied and falsely used, and the security of the user private key can be further ensured. Secondly, the decryption of the message ciphertext requires the cooperation of the mobile terminal and the server, the decryption of the message ciphertext cannot be completed by any single party, and the decryption result can only be obtained by the mobile terminal, so that the privacy of a message encryption system is guaranteed. In addition, the decryption method does not need to change the original encryption system and algorithm.

In another exemplary embodiment of the present disclosure, the decryption method according to the above embodiment of the present disclosure further includes a user private key encryption method, as shown in fig. 3, the user private key encryption method includes the following steps:

in step S31, the server generates a server public key and a server private key based on the Paillier algorithm.

In one embodiment, the server may generate the server public key (N, g) according to equations (15) to (16) and the server private key (λ, μ) according to equations (17) to (18).

N＝pq (15)

g＝N+1 (16)

λ＝lcm(p-1,q-1) (17)

μ＝(L(g^λmodN²))^-1modN, wherein,

wherein (N, g) is the server public key; (λ, μ) is the server private key; p and q are two large prime numbers generated randomly; lcm () is the least common multiple calculation function; mod N is a modulo N operation.

In step S32, the server generates a user public key and a user private key based on the SM2 cryptographic algorithm.

In one embodiment, the server may generate the user private key d according to equation (19) and the user public key P according to equation (20).

d∈[1,n-1] (19)

P＝[d]G (20)

Wherein d is a user private key, P is a user public key, n is the order of the SM2 cryptographic algorithm, and G is the base point of the SM2 cryptographic algorithm.

In step S33, the server transforms the user private key to obtain a transformed private key.

In an embodiment, the server may transform the user private key d by using any one of the above formulas (2), (3), and (7) to obtain a transformed private key z, which is not described herein again to reduce redundancy.

In step S34, the server encrypts the transformed private key with the server public key to obtain a user private key ciphertext.

In an embodiment, after obtaining the transformed private key z, the server may encrypt the transformed private key z according to the above formula (4) to obtain a user private key ciphertext h, which is not described herein again in order to reduce redundancy.

In step S35, the server transmits the user private key ciphertext and the user public key to the mobile terminal.

After obtaining the user private key ciphertext h, the server may send the user private key ciphertext h and the user public key P to the mobile terminal, and the mobile terminal stores the user private key ciphertext d and the user public key P, so as to decrypt the message ciphertext h to be decrypted by using the user private key ciphertext d and the user public key P in the following process. Therefore, the mobile terminal can only store the user private key ciphertext and cannot acquire the user private key, and the security of the user private key is improved.

It is worth noting that the SM2 cryptographic algorithm employed in the embodiments of the present disclosure has an elliptic curve E (F)_q) The base point is G ═ x_G,y_G)，[k]P represents a point multiplication operation on the elliptic curve, where k is an integer and P is a point on the elliptic curve.

Another exemplary embodiment of the present disclosure also provides a decryption method, which is applied to a mobile terminal, and performs the steps performed by the mobile terminal in the decryption method as described in any one of the above embodiments of the present disclosure.

Specifically, in this embodiment, the decryption method includes the steps of: the mobile terminal obtains a first decryption parameter according to the message ciphertext to be decrypted, generates a random number and calculates a temporary private key ciphertext by using the random number and a preset user private key ciphertext. And then, the mobile terminal sends the temporary private key ciphertext and the first decryption parameter to the server, so that the server calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key and sends the second decryption parameter to the mobile terminal. And then, the mobile terminal receives the second decryption parameter, decrypts the message ciphertext by using the second decryption parameter and the random number, and obtains a message plaintext.

It should be noted that a specific implementation manner of the decryption method is similar to that of the mobile terminal in the decryption method according to the foregoing embodiment of the present disclosure, and please refer to the above description of the mobile terminal specifically, and details are not repeated here in order to reduce redundancy.

The decryption method provided by the embodiment of the disclosure can be applied to a mobile terminal, and can enable the mobile terminal and a server to decrypt a message ciphertext without decrypting a user private key ciphertext, so that the user private key is ensured not to appear in a plaintext form at any party, the user private key is prevented from being copied and falsely used, and the security of the user private key can be ensured. Secondly, the decryption of the message ciphertext requires the cooperation of the mobile terminal and the server, the decryption of the message ciphertext cannot be completed by any single party, and the decryption result can only be obtained by the mobile terminal, so that the privacy of a message encryption system is guaranteed. In addition, the decryption method does not need to change the original encryption system and algorithm.

Another exemplary embodiment of the present disclosure also provides a decryption method, which is applied to a server and performs the steps performed by the server in the decryption method as described in any one of the above embodiments of the present disclosure.

Specifically, in this embodiment, the decryption method includes the steps of: the server receives the temporary private key ciphertext and the first decryption parameter sent by the mobile terminal, calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key, and sends the second decryption parameter to the mobile terminal, so that the mobile terminal decrypts the message ciphertext by using the second decryption parameter to obtain a message plaintext.

It should be noted that a specific implementation manner of the decryption method is similar to a specific implementation manner of the server in the decryption method according to the foregoing embodiment of the present disclosure, and please refer to the above description of the server specifically, and details are not described here for reducing redundancy.

The decryption method provided by the embodiment of the disclosure can be applied to a server, and can enable the mobile terminal and the server to decrypt the message ciphertext without decrypting the user private key ciphertext, so that the user private key is ensured not to appear in a plaintext form at any party, the user private key is prevented from being copied and falsely used, and the security of the user private key can be ensured. Secondly, the decryption of the message ciphertext requires the cooperation of the mobile terminal and the server, the decryption of the message ciphertext cannot be completed by any single party, and the decryption result can only be obtained by the mobile terminal, so that the privacy of a message encryption system is guaranteed. In addition, the decryption method does not need to change the original encryption system and algorithm.

Another exemplary embodiment of the present disclosure also provides a decryption system, as shown in fig. 4, thedecryption system 400 including: amobile terminal 410 and aserver 420.

Themobile terminal 410 is configured to obtain a first decryption parameter according to a message ciphertext to be decrypted, generate a random number, calculate a temporary private key ciphertext by using the random number and a preset user private key ciphertext, and send the temporary private key ciphertext and the first decryption parameter to theserver 420.

Theserver 420 is configured to calculate a second decryption parameter using the temporary private key ciphertext, the first decryption parameter, and a preset server private key, and send the second decryption parameter to themobile terminal 410.

Themobile terminal 410 is further configured to decrypt the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext.

With regard to the decryption system in the above-described embodiment, the specific manner in which themobile terminal 410 and theserver 420 perform operations has been described in detail in the embodiment related to the decryption method, and will not be described in detail here.

According to the decryption system disclosed by the embodiment of the invention, the mobile terminal and the server can decrypt the message ciphertext under the condition of not decrypting the user private key ciphertext, the user private key is ensured not to appear in any party in a plaintext form, the user private key is prevented from being copied and falsely used, and the safety of the user private key can be further ensured. Secondly, the decryption of the message ciphertext requires the cooperation of the mobile terminal and the server, the decryption of the message ciphertext cannot be completed by any single party, and the decryption result can only be obtained by the mobile terminal, so that the privacy of a message encryption system is guaranteed. In addition, the decryption method does not need to change the original encryption algorithm.

Another exemplary embodiment of the present disclosure also provides a mobile terminal configured as the mobile terminal in the decryption system as described in any one of the above embodiments of the present disclosure. Specifically, the mobile terminal is configured to obtain a first decryption parameter according to a message ciphertext to be decrypted, generate a random number, calculate a temporary private key ciphertext by using the random number and a preset user private key ciphertext, and send the temporary private key ciphertext and the first decryption parameter to the server, so that the server calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key, and sends the second decryption parameter to the mobile terminal. The mobile terminal is further used for receiving the second decryption parameter, and decrypting the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext.

It should be noted that a specific implementation manner of the mobile terminal is similar to that of the mobile terminal in the decryption system according to the foregoing embodiment of the present disclosure, please refer to the above description of the mobile terminal specifically, and details will not be repeated here in order to reduce redundancy.

According to the mobile terminal disclosed by the embodiment of the disclosure, the message ciphertext to be decrypted is decrypted by cooperating with the server, so that the message ciphertext can be decrypted by the mobile terminal and the server under the condition that the user private key ciphertext is not decrypted, the user private key is ensured not to appear in any party in a plaintext form, the user private key is prevented from being copied and falsely used, and the safety of the user private key can be ensured. Secondly, the decryption of the message ciphertext requires the cooperation of the mobile terminal and the server, the decryption of the message ciphertext cannot be completed by any single party, and the decryption result can only be obtained by the mobile terminal, so that the privacy of a message encryption system is guaranteed. In addition, the decryption method does not need to change the original encryption algorithm.

Another exemplary embodiment of the present disclosure also provides a server configured as the server in the decryption system as described in any one of the above-mentioned embodiments of the present disclosure. Specifically, the server is configured to receive a temporary private key ciphertext and a first decryption parameter sent by the mobile terminal, calculate a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter, and a preset server private key, and send the second decryption parameter to the mobile terminal, so that the mobile terminal decrypts the message ciphertext by using the second decryption parameter to obtain a message plaintext.

It should be noted that a specific implementation manner of the server is similar to that of the server in the decryption system according to the foregoing embodiment of the present disclosure, and please refer to the above description of the server specifically, and details are not described here for the purpose of reducing redundancy.

According to the server disclosed by the embodiment of the disclosure, the message ciphertext to be decrypted is decrypted by cooperating with the mobile terminal, so that the mobile terminal and the server can decrypt the message ciphertext under the condition that the user private key ciphertext is not decrypted, the user private key is ensured not to appear in any party in a plaintext form, the user private key is prevented from being copied and falsely used, and the safety of the user private key can be ensured. Secondly, the decryption of the message ciphertext requires the cooperation of the mobile terminal and the server, the decryption of the message ciphertext cannot be completed by any single party, and the decryption result can only be obtained by the mobile terminal, so that the privacy of a message encryption system is guaranteed. In addition, the decryption method does not need to change the original encryption algorithm.

Another exemplary embodiment of the present disclosure also provides a computer-readable storage medium on which computer program instructions are stored, which when executed by a processor implement the steps performed by the mobile terminal in the decryption method described in the above-mentioned embodiment of the present disclosure.

Another exemplary embodiment of the present disclosure also provides a computer-readable storage medium on which computer program instructions are stored, which when executed by a processor implement the steps performed by the server in the decryption method according to the above-described embodiment of the present disclosure.

The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.

It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, various possible combinations will not be separately described in this disclosure.

In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.

Claims (12)

1. A decryption method, comprising:

the mobile terminal acquires a first decryption parameter according to a message ciphertext to be decrypted, generates a random number and calculates a temporary private key ciphertext by using the random number and a preset user private key ciphertext, wherein the server encrypts a transformed private key by using a server public key to obtain the user private key ciphertext, and the transformed private key is obtained by transforming the user private key;

the mobile terminal sends the temporary private key ciphertext and the first decryption parameter to the server;

the server calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key, and sends the second decryption parameter to the mobile terminal;

the server calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key, and sends the second decryption parameter to the mobile terminal, and the method comprises the following steps:

the server decrypts the temporary private key ciphertext by using a preset server private key to obtain a temporary private key;

the server calculates a second decryption parameter according to the temporary private key and the first decryption parameter;

the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext;

the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext, and the method includes:

the mobile terminal acquires a first check code according to the message ciphertext;

the mobile terminal calculates the message plaintext and a second check code according to the second decryption parameter and the random number based on an SM2 cryptographic algorithm;

the mobile terminal carries out consistency comparison on the first check code and the second check code, and if the first check code is consistent with the second check code, the message ciphertext is determined to be successfully decrypted;

the server calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key, and comprises the following steps:

the server calculates the temporary private key according to the following formula:

the server calculates the second decryption parameter according to the following formula:

C′₁＝[l]C₁

wherein, C'₁The second decryption parameter; l is the temporary private key; c₁Is the first decryption parameter; h is_lThe temporary private key ciphertext is obtained; mod N²Is a die N²Calculating, wherein N is pq, and p and q are two large prime numbers generated randomly; mod N is a modulo N operation; (λ, μ) is the server private key; mod n is the modulo n operation, n is the order of the SM2 cryptographic algorithm;

the server generates a server public key and the server private key based on a Paillier algorithm, wherein:

the server generates the server public key (N, g) according to the following formula:

N＝pq

g＝N+1

the server generates the server private key (λ, μ) according to the following formula:

λ＝lcm(p-1,q-1)

μ＝(L(g^λmod N²))^-1mod N, where,

wherein (N, g) is the server public key; (λ, μ) is the server private key; p and q are two large prime numbers generated randomly; lcm () is the least common multiple calculation function; mod N is a modulo N operation;

the user private key ciphertext is obtained by encrypting the generated user private key according to the following formula:

z＝(1+d)^-1mod n

h＝(g^z·r^N)mod N²,r∈[1,N-1]

wherein z is a transformed private key obtained by transforming the user private key; d is the user private key; h is the user private key ciphertext; (N, g) is a server public key; mod N²Is a die N²Calculating, wherein N is pq, and p and q are two large prime numbers generated randomly; mod n is the modulo n operation, n is the order of the SM2 cryptographic algorithm;

the server calculates a second decryption parameter by using the temporary private key ciphertext, the first decryption parameter and a preset server private key, and comprises the following steps:

the server calculates the temporary private key according to the following formula:

the server calculates the second decryption parameter according to the following formula:

C′₁＝[l^-1]C₁

wherein, C'₁The second decryption parameter; l is the temporary private key; c₁Is the first decryption parameter; h is_lThe temporary private key ciphertext is obtained; (λ, μ) is the server private key; mod N is a modulo N operation;

the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext, and the method includes:

the mobile terminal acquires a first check code according to the message ciphertext;

the mobile terminal calculates the message plaintext and the second check code according to the following formula:

(x₂,y₂)＝[v]C′₁-C₁

t＝KDF(x₂||y₂,klen)

u＝Hash(x₂||M'||y₂)

wherein M' is the message plaintext; u is the second check code; c₃The message is a ciphertext in the message ciphertext; klen is C₃The bit length of (d); hash () is a Hash function in the SM2 cryptographic algorithm; KDF () is a key derivation function in the SM2 cryptographic algorithm; v is the random number;

and the mobile terminal compares the consistency of the first check code and the second check code, and if the first check code is consistent with the second check code, the mobile terminal determines that the message ciphertext is successfully decrypted.

2. The method of claim 1, wherein the mobile terminal calculates a temporary private key ciphertext using the random number and a preset user private key ciphertext, comprising:

the mobile terminal calculates the temporary private key ciphertext according to the following formula:

h_l＝(h^v)mod N²

wherein h is_lThe temporary private key ciphertext is obtained; h is the user private key ciphertext; v is the random number, v is the [1, n-1 ]]N is the order of the SM2 cryptographic algorithm; mod N²Is a die N²The operation, N ═ pq, p and q are two large prime numbers generated randomly.

3. The method of claim 1, wherein the user private key ciphertext is obtained by encrypting the generated user private key according to the following formula:

z＝d

h＝(g^z·r^N)mod N²,r∈[1,N-1]

wherein z is a transformed private key obtained by transforming the user private key; d is the user private key; h is the user private key ciphertext; (N, g) is a server public key;

the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext, and the method includes:

the mobile terminal acquires a first check code according to the message ciphertext;

the mobile terminal calculates the message plaintext and the second check code according to the following formula:

(x₂,y₂)＝[v^-1mod n]C₁'

t＝KDF(x₂||y₂,klen)

u＝Hash(x₂||M'||y₂)

wherein M' is the message plaintext; u is the second check code; c₃The message is a ciphertext in the message ciphertext; klen is C₃The bit length of (d); hash () is a Hash function in the SM2 cryptographic algorithm; KDF () is a key derivation function in the SM2 cryptographic algorithm; v is the random number;

and the mobile terminal compares the consistency of the first check code and the second check code, and if the first check code is consistent with the second check code, the mobile terminal determines that the message ciphertext is successfully decrypted.

4. The method of claim 1, wherein the user private key ciphertext is obtained by encrypting the generated user private key according to the following formula:

z＝(1+d)mod n

h＝(g^z·r^N)mod N²,r∈[1,N-1]

wherein z is a transformed private key obtained by transforming the user private key; d is the user private key; h is the user private key ciphertext; (N, g) is a server public key;

the mobile terminal decrypts the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext, and the method includes:

the mobile terminal acquires a first check code according to the message ciphertext;

the mobile terminal calculates the message plaintext and the second check code according to the following formula:

(x₂,y₂)＝[v^-1mod n]C₁'-C₁

t＝KDF(x₂||y₂,klen)

u＝Hash(x₂||M'||y₂)

wherein M' is the message plaintext; u is the second check code; c₃The message is a ciphertext in the message ciphertext; klen is C₃The bit length of (d); hash () is a Hash function in the SM2 cryptographic algorithm; KDF () is a key derivation function in the SM2 cryptographic algorithm; v is the random number;

and the mobile terminal compares the consistency of the first check code and the second check code, and if the first check code is consistent with the second check code, the mobile terminal determines that the message ciphertext is successfully decrypted.

5. The method of claim 1, further comprising a user private key encryption method, the user private key encryption method comprising:

the server generates a server public key and a server private key based on a Paillier algorithm;

the server generates a user public key and a user private key based on an SM2 cryptographic algorithm;

the server transforms the user private key to obtain a transformed private key, and encrypts the transformed private key by using the server public key to obtain a user private key ciphertext;

and the server sends the user private key ciphertext and the user public key to the mobile terminal.

6. A decryption system, characterized in that the decryption system comprises a mobile terminal and a server, wherein,

the mobile terminal is used for acquiring a first decryption parameter according to a message ciphertext to be decrypted, generating a random number, calculating a temporary private key ciphertext by using the random number and a preset user private key ciphertext, and sending the temporary private key ciphertext and the first decryption parameter to a server, wherein the server encrypts a transformation private key by using a server public key to obtain the user private key ciphertext, and the transformation private key is obtained by transforming the user private key;

the server is used for decrypting the temporary private key ciphertext by using a preset server private key to obtain a temporary private key and calculating a second decryption parameter according to the temporary private key and the first decryption parameter; the server is specifically configured to:

decrypting the temporary private key ciphertext by using a preset server private key to obtain a temporary private key;

calculating a second decryption parameter according to the temporary private key and the first decryption parameter;

the mobile terminal is further configured to decrypt the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext; the mobile terminal is specifically configured to:

acquiring a first check code according to the message ciphertext;

calculating a message plaintext and a second check code according to the second decryption parameter and the random number based on an SM2 cryptographic algorithm;

the first check code and the second check code are compared in consistency, and if the first check code and the second check code are consistent, the message ciphertext is determined to be successfully decrypted;

the server is configured to calculate a second decryption parameter using the ephemeral private key ciphertext, the first decryption parameter, and a preset server private key by:

the server calculates the temporary private key according to the following formula:

the server calculates the second decryption parameter according to the following formula:

C′₁＝[l]C₁

wherein, C'₁The second decryption parameter; l is the temporary private key; c₁Is the first decryption parameter; h is_lIs the temporaryA private key ciphertext; mod N²Is a die N²Calculating, wherein N is pq, and p and q are two large prime numbers generated randomly; mod N is a modulo N operation; (λ, μ) is the server private key; mod n is the modulo n operation, n is the order of the SM2 cryptographic algorithm;

the server generates a server public key and the server private key based on a Paillier algorithm, wherein:

the server generates the server public key (N, g) according to the following formula:

N＝pq

g＝N+1

the server generates the server private key (λ, μ) according to the following formula:

λ＝lcm(p-1,q-1)

μ＝(L(g^λmod N²))^-1mod N, where,

wherein (N, g) is the server public key; (λ, μ) is the server private key; p and q are two large prime numbers generated randomly; lcm () is the least common multiple calculation function; mod N is a modulo N operation;

the user private key ciphertext is obtained by encrypting the generated user private key according to the following formula:

z＝(1+d)^-1mod n

h＝(g^z·r^N)mod N²,r∈[1,N-1]

wherein z is a transformed private key obtained by transforming the user private key; d is the user private key; h is the user private key ciphertext; (N, g) is a server public key; mod N²Is a die N²Calculating, wherein N is pq, and p and q are two large prime numbers generated randomly; mod n is the modulo n operation, n is the order of the SM2 cryptographic algorithm;

the server is configured to calculate a second decryption parameter using the ephemeral private key ciphertext, the first decryption parameter, and a preset server private key by:

the server calculates the temporary private key according to the following formula:

the server calculates the second decryption parameter according to the following formula:

C′₁＝[l^-1]C₁

wherein, C'₁The second decryption parameter; l is the temporary private key; c₁Is the first decryption parameter; h is_lThe temporary private key ciphertext is obtained; (λ, μ) is the server private key; mod N is a modulo N operation;

the mobile terminal is configured to decrypt the message ciphertext by using the second decryption parameter and the random number to obtain a message plaintext by:

the mobile terminal acquires a first check code according to the message ciphertext;

the mobile terminal calculates the message plaintext and the second check code according to the following formula:

(x₂,y₂)＝[v]C′₁-C₁

t＝KDF(x₂||y₂,klen)

u＝Hash(x₂||M'||y₂)

wherein M' is the message plaintext; u is the second check code; c₃The message is a ciphertext in the message ciphertext; klen is C₃The bit length of (d); hash () is a Hash function in the SM2 cryptographic algorithm; KDF () is a key derivation function in the SM2 cryptographic algorithm; v is the random number;

and the mobile terminal compares the consistency of the first check code and the second check code, and if the first check code is consistent with the second check code, the mobile terminal determines that the message ciphertext is successfully decrypted.

7. Decryption method, characterized in that it is applied to a mobile terminal, said method comprising the steps executed by the mobile terminal in the decryption method according to any of claims 1 to 5.

8. Decryption method, for application to a server, comprising the steps performed by the server in the decryption method according to any of claims 1 to 5.

9. A computer readable storage medium having stored thereon computer program instructions, characterized in that the program instructions, when executed by a processor, implement the steps performed by a mobile terminal in the decryption method according to any of claims 1 to 5.

10. A computer readable storage medium having stored thereon computer program instructions, which, when executed by a processor, implement the steps performed by a server in the decryption method according to any one of claims 1 to 5.

11. A mobile terminal, characterized in that it is configured to decrypt into a mobile terminal in a system according to claim 6.

12. A server, characterized in that the server is configured as a server in a decryption system according to claim 6.

Images