Movatterモバイル変換

[0]ホーム
URL:

CN109889327B - Shared key generation method and device - Google Patents

Shared key generation method and deviceDownload PDF

Info

Publication number
CN109889327B
CN109889327BCN201711274178.5ACN201711274178ACN109889327BCN 109889327 BCN109889327 BCN 109889327BCN 201711274178 ACN201711274178 ACN 201711274178ACN 109889327 BCN109889327 BCN 109889327B
Authority
CN
China
Prior art keywords
ciphertext
initial information
information string
string
shared key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711274178.5A
Other languages
Chinese (zh)
Other versions
CN109889327A (en
Inventor
刘伟
刘卓华
何云华
闫哲昊
崔佳丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and TelecommunicationsfiledCriticalBeijing University of Posts and Telecommunications
Priority to CN201711274178.5ApriorityCriticalpatent/CN109889327B/en
Publication of CN109889327ApublicationCriticalpatent/CN109889327A/en
Application grantedgrantedCritical
Publication of CN109889327BpublicationCriticalpatent/CN109889327B/en
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Landscapes

Abstract

The invention provides a method and a device for generating a shared key, wherein the method comprises the following steps: receiving a first ciphertext sent by first equipment, wherein the first ciphertext is obtained by encrypting a first random bit string by the first equipment by adopting a first initial information string and an error correcting code encoding algorithm, and the first initial information string is determined by the first equipment according to the channel characteristics between the first equipment and second equipment; decrypting the first ciphertext by adopting a second initial information string and an error correcting code decoding algorithm to obtain a candidate shared key, wherein the second initial information string is determined by the second equipment according to the channel characteristics between the second equipment and the first equipment; and determining a target shared key according to the first random bit string and the candidate shared key. Compared with the prior art, the shared key generation method and the device provided by the invention avoid a large amount of time and resources consumed in the information reconciliation process, eliminate the cost of information reconciliation and improve the generation efficiency of the shared key.

Description

Shared key generation method and device
Technical Field
The present invention relates to the field of physical layer security technologies, and in particular, to a method and an apparatus for generating a shared secret key.
Background
With the rapid rise of technologies and applications such as mobile sensor networks, car networking, delay tolerant networks, personal area networks, wearable computing and the like, a large number of devices need to perform point-to-point data communication in the moving process. The point-to-point data communication needs to consider the communication security, and an insecure communication channel is easily utilized and attacked by an adversary, so that the serious influence is caused. A common means for implementing secure communication is to encrypt and decrypt information interacted between two communicating parties by using a shared secret key. The shared secret key can be realized by presetting the same secret key, a secret key exchange protocol or a public key certificate and the like, but the methods are difficult to meet the requirement of quickly establishing the secret key in a dynamic and resource-limited mobile network. The method for generating the shared key based on the wireless signal characteristics does not need to negotiate or share the key in advance, but is generated by the transmitter and the receiver according to the monitored signal characteristic change in the wireless communication process, so that the method is an effective mode for generating the shared key between the wireless devices.
At present, a shared key generation method based on wireless signal characteristics generally establishes a shared key for instant communication between mobile devices based on spatial reciprocity and symmetry of signals. Specifically, the two communication parties measure the preset characteristics of the channel respectively, quantize and code-convert the measured values into a string of initial keys, and then correct the difference between the initial keys of the two communication parties through the information reconciliation process, so that the two communication parties obtain a shared key with consistent negotiation, and communicate by using the shared key.
However, in a mobile scenario, in the above-mentioned shared key generation method, in order to enable both communication parties to obtain a shared key in agreement, a lot of time and resources are required to be consumed in the information reconciliation process, and the generation efficiency of the shared key is not high.
Disclosure of Invention
The invention provides a method and a device for generating a shared key, which are used for generating the shared key by two communication parties in a wireless mobile network and solve the problem of low generation efficiency of the shared key in the prior art.
In a first aspect, the method for generating a shared key provided by the present invention includes:
receiving a first ciphertext sent by first equipment, wherein the first ciphertext is obtained by encrypting a first random bit string by the first equipment by adopting a first initial information string and an error correcting code encoding algorithm, and the first initial information string is determined by the first equipment according to channel characteristics between the first equipment and second equipment;
decrypting the first ciphertext by adopting a second initial information string and an error correcting code decoding algorithm to obtain a candidate shared key, wherein the second initial information string is determined by the second device according to the channel characteristics between the second device and the first device;
obtaining a first random bit string determined by the first device;
and determining a target shared key according to the first random bit string and the candidate shared key.
Optionally, the first ciphertext is obtained by the first device encoding the first random bit string by using the error correction code encoding algorithm to obtain an encoding result, and performing xor on the encoding result and the first initial information string;
correspondingly, the decrypting the first ciphertext by using the second initial information string and the error correction code decoding algorithm to obtain the candidate shared key includes:
performing XOR calculation by adopting a second initial information string and the first ciphertext to obtain a first XOR result; and decoding the first exclusive-or result by adopting an error correcting code decoding algorithm to obtain the candidate shared secret key.
Optionally, the determining a target shared key according to the first random bit string and the candidate shared key includes:
if the first random bit string is different from the candidate shared key, correcting the second initial information string and obtaining a second ciphertext to minimize the difference between the second ciphertext and the first ciphertext, wherein the second ciphertext is obtained by encrypting the candidate shared key by using the corrected second initial information string and the error correction code encoding algorithm;
sending the second ciphertext to the first device, so that the first device corrects the first initial information string by using a self-adaptive correction method according to the second ciphertext and obtains a third ciphertext obtained by encrypting the first random bit string by using the corrected first initial information string and the error correction code encoding algorithm;
and receiving the third ciphertext sent by the first device, and decrypting the third ciphertext by adopting the second initial information string and an error correction code decoding algorithm to obtain the target shared key.
Optionally, the determining a target shared key according to the first random bit string and the candidate shared key further includes: and if the first random bit string is the same as the candidate shared secret key, determining the candidate shared secret key as the target shared secret key.
Optionally, the modifying the second initial information string and obtaining a second ciphertext includes:
encrypting the candidate shared secret key by adopting the second initial information string and the error correcting code encoding algorithm to obtain a fourth ciphertext;
obtaining the difference between the first ciphertext and the fourth ciphertext to obtain a first difference value;
sequentially turning over each bit of the second initial information string to obtain the second ciphertext;
the sequentially turning over each bit of the second initial information string to obtain the second ciphertext comprises:
step 1, turning over each bit of the second initial information string to obtain a turning-over result of the time;
step 2, the candidate shared secret key is encrypted by adopting the turning result and the error correcting code encoding algorithm to obtain an encryption result;
step 3, obtaining the difference between the first ciphertext and the encryption result to obtain a second difference value;
step 4, if the second difference value is greater than or equal to the first difference value, reducing the bit of the current overturn in the current overturn result, otherwise, updating the first difference value according to the second difference value;
and 5, continuing to execute the steps 1 to 4 on the next bit of the second initial information string until all bits of the second initial information string are inverted, and taking the encryption result as the second ciphertext.
Optionally, after obtaining the difference between the first ciphertext and the encryption result to obtain a second difference value, the method further includes: and if the second difference value is zero, updating the second initial information string according to the overturning result, and taking the encryption result as the second ciphertext.
Optionally, the obtaining a difference between the first ciphertext and the fourth ciphertext to obtain a first difference value includes: performing XOR operation on the first ciphertext and the fourth ciphertext to obtain a second XOR result; and adding each bit of the second exclusive-or result to obtain the first difference value.
Optionally, the first initial information string is determined by the first device through filtering quantization and packet interleaving according to a channel characteristic between the first device and the second device, and the second initial information string is determined by the second device through filtering quantization and packet interleaving according to a channel characteristic between the first device and the second device.
In a second aspect, the shared key generating apparatus provided by the present invention includes a receiving module, a decrypting module, an obtaining module and a determining module;
the receiving module is configured to receive a first ciphertext sent by a first device, where the first ciphertext is obtained by encrypting a first random bit string by the first device using a first initial information string and an error correction code encoding algorithm, and the first initial information string is determined by the first device according to a channel characteristic between the first device and a second device;
the decryption module is configured to decrypt the first ciphertext by using a second initial information string and an error correction code decoding algorithm to obtain a candidate shared key, where the second initial information string is determined by the second device according to a channel characteristic between the second device and the first device;
the obtaining module is configured to obtain a first random bit string determined by the first device;
the determining module is configured to determine a target shared key according to the first random bit string and the candidate shared key.
Optionally, the first ciphertext is obtained by the first device encoding the first random bit string by using the error correction code encoding algorithm to obtain an encoding result, and performing xor on the encoding result and the first initial information string;
correspondingly, the decryption module is specifically configured to perform xor calculation by using a second initial information string and the first ciphertext to obtain a first xor result; and decoding the first exclusive-or result by adopting an error correcting code decoding algorithm to obtain the candidate shared secret key.
Optionally, the determining module includes a correcting unit, a sending unit and a receiving unit;
the correcting unit is configured to correct the second initial information string and obtain a second ciphertext if the first random bit string and the candidate shared key are different, so that a difference between the second ciphertext and the first ciphertext is minimum, where the second ciphertext is obtained by encrypting the candidate shared key by using the corrected second initial information string and the error correction code encoding algorithm;
the sending unit is configured to send the second ciphertext to the first device, so that the first device corrects the first initial information string according to the second ciphertext by using an adaptive correction method and obtains a third ciphertext obtained by encrypting the first random bit string by using the corrected first initial information string and the error correction code encoding algorithm;
and the receiving unit is configured to receive the third ciphertext sent by the first device, and decrypt the third ciphertext by using the second initial information string and an error correction code decoding algorithm to obtain the target shared key.
Optionally, the determining module is specifically configured to determine that the candidate shared key is the target shared key if the first random bit string is the same as the candidate shared key.
Optionally, the correction unit is specifically configured to:
encrypting the candidate shared secret key by adopting the second initial information string and the error correcting code encoding algorithm to obtain a fourth ciphertext;
obtaining the difference between the first ciphertext and the fourth ciphertext to obtain a first difference value;
sequentially turning over each bit of the second initial information string to obtain the second ciphertext;
the sequentially turning over each bit of the second initial information string to obtain the second ciphertext comprises:
step 1, turning over each bit of the second initial information string to obtain a turning-over result of the time;
step 2, the candidate shared secret key is encrypted by adopting the turning result and the error correcting code encoding algorithm to obtain an encryption result;
step 3, obtaining the difference between the first ciphertext and the encryption result to obtain a second difference value;
step 4, if the second difference value is greater than or equal to the first difference value, reducing the bit of the current overturn in the current overturn result, otherwise, updating the first difference value according to the second difference value;
and 5, continuing to execute the steps 1 to 4 on the next bit of the second initial information string until all bits of the second initial information string are inverted, and taking the encryption result as the second ciphertext.
Optionally, the modifying unit is further configured to, if the second difference value is zero, update the second initial information string according to the flipping result, and use the encryption result as the second ciphertext.
Optionally, the correcting unit is specifically configured to perform an exclusive-or operation on the first ciphertext and the fourth ciphertext to obtain a second exclusive-or result; and adding each bit of the second exclusive-or result to obtain the first difference value.
Optionally, the first initial information string is obtained by the first device through filtering, quantizing, and packet interleaving according to a channel characteristic between the first device and the second device, and the second initial information string is obtained by the second device through filtering, quantizing, and packet interleaving according to a channel characteristic between the first device and the second device.
The first equipment encrypts a first random bit string by adopting a first initial information string and an error correction code encoding algorithm to obtain a first ciphertext, the second equipment decrypts the first ciphertext by adopting a second initial information string and an error correction code decoding algorithm after receiving the first ciphertext to obtain a candidate shared key, and a target shared key is determined according to the first random bit string and the candidate shared key. According to the invention, an error correcting code mechanism is introduced, a first random bit string is used as a shared secret key, a first initial information string and a second initial information string determined according to channel characteristics are used as carriers for transmitting the shared secret key, unmatched bits in the first initial information string and the second initial information string are regarded as channel noise introduced by the shared secret key in channel transmission, and the unmatched bits are automatically corrected by using the error correcting code, so that the shared secret key can be successfully transmitted.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of a shared key generation method and apparatus provided in the present invention;
fig. 2 is a schematic diagram of an interaction process of a first embodiment of a shared secret key generation method provided by the present invention;
FIG. 3 is a flowchart of a first embodiment of a method for generating a shared secret key according to the present invention;
fig. 4 is a schematic view of an interaction process of a second embodiment of a shared key generation method provided by the present invention;
fig. 5 is a flowchart of a second embodiment of a shared secret key generation method provided in the present invention;
FIG. 6 is a flow chart of an alternative way of modifying the second initial information string;
fig. 7 is a schematic structural diagram of a first embodiment of a shared key generation apparatus according to the present invention;
fig. 8 is a schematic structural diagram of a second embodiment of a shared key generating device according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In the prior art, a shared key generation method based on wireless signal characteristics generally utilizes spatial reciprocity and symmetry of signals to establish a shared key for instant messaging between mobile devices. Specifically, the two communication parties measure the preset characteristics of the channel respectively, quantize and code-convert the measured values into a string of initial keys, and then correct the difference between the initial keys of the two communication parties through the information reconciliation process, so that the two communication parties obtain a shared key with consistent negotiation, and adopt the shared key for communication. However, in a mobile scenario, in the above-mentioned shared key generation method, in order to enable both communication parties to obtain a shared key in agreement, a lot of time and resources are required to be consumed in the information reconciliation process, and the generation efficiency of the shared key is not high.
The method for generating the shared key provided by the invention has the advantages that by introducing an error correction code mechanism, the first random bit string is used as the shared key, the first initial information string and the second initial information string determined according to the channel characteristics are used as carriers for transmitting the shared key, unmatched bits in the first initial information string and the second initial information string are regarded as channel noise introduced by the shared key in channel transmission, and the unmatched bits are automatically corrected by using the error correction code, so that the shared key can be successfully transmitted.
The technical solution of the present invention will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 1 is a schematic view of an application scenario of the shared key generation method and apparatus provided by the present invention, as shown in fig. 1, a communication network includes a first device and a second device. In order to ensure the security of communication, after the first device and the second device meet, a shared key negotiation process is required, which can be implemented by executing the shared key generation method of the present invention. After the shared key negotiation is successful, the communication between the first device and the second device is encrypted through the shared key, so that the security of the communication is ensured.
First, it should be noted that an execution subject of the shared key generation method provided by the present invention may be a first device or a second device, and for convenience of description, in the following embodiments, the second device is taken as the execution subject to be described.
Fig. 2 is a schematic diagram of an interaction process of a first embodiment of a shared key generation method provided by the present invention, and fig. 3 is a flowchart of the first embodiment of the shared key generation method provided by the present invention, as shown in fig. 1 and fig. 2, the shared key generation method of the present embodiment includes:
s101: receiving a first ciphertext sent by a first device, wherein the first ciphertext is obtained by encrypting a first random bit string by the first device by using a first initial information string and an error correction code encoding algorithm, and the first initial information string is determined by the first device according to a channel characteristic between the first device and a second device.
Specifically, the first device encrypts the first random bit string by using the first initial information string and an error correction code encoding algorithm to obtain a first ciphertext, and sends the first ciphertext to the second device. The encryption process may adopt a plurality of encryption algorithms, and one possible encryption method is to adopt the error correction code encoding algorithm to encode the first random bit string to obtain an encoding result, and adopt the encoding result and the first initial information string to perform exclusive or to obtain a first ciphertext.
It should be noted that, the first random bit string is a bit string randomly generated by the first device, and the first random bit string is used as a shared key for communication between the first device and the second device, so that the security of communication can be higher. The error correction code encoding algorithm is not particularly limited in the present invention, and any encoding algorithm having an error correction function may be used, for example, a Viterbi encoding algorithm.
In addition, when the encryption process is involved in the subsequent embodiments of the present invention, the above encryption method is adopted, and will not be described in detail later.
S102: and decrypting the first ciphertext by adopting a second initial information string and an error correcting code decoding algorithm to obtain a candidate shared key, wherein the second initial information string is determined by the second device according to the channel characteristics between the second device and the first device.
Specifically, after receiving the first ciphertext, the second device needs to decrypt the first ciphertext by using a decryption method corresponding to the encryption method of the first device. It can be understood that, before the second device receives the first ciphertext, the second device has already acquired the encryption method adopted by the first device, and the length information of the first initial information string, the error correction code encoding algorithm, the first random bit string, and other information used in the encryption process of the first device, and a specific acquisition mode is not specifically limited in the present invention.
And the decryption process corresponding to the encryption process of the first equipment comprises the steps of carrying out XOR calculation on a second initial information string and the first ciphertext to obtain a first XOR result, and decoding the first XOR result by adopting an error correction code decoding algorithm to obtain the candidate shared key. In addition, when the decryption process is involved in the subsequent embodiments provided by the present invention, the above decryption method is adopted, and will not be described in detail later.
It should be noted that the error correction code decoding algorithm has an error correction capability in a decryption process, and the candidate shared secret key is a candidate shared secret key obtained after error correction.
It will be appreciated that the error correction code decoding algorithm is a decoding algorithm corresponding to the error correction code encoding algorithm used in the encryption process of the first device.
Optionally, the first initial information string is obtained by the first device through filtering, quantizing, and packet interleaving according to a channel characteristic between the first device and the second device, and the second initial information string is obtained by the second device through filtering, quantizing, and packet interleaving according to a channel characteristic between the second device and the first device.
S103: and determining a target shared key according to the first random bit string and the candidate shared key.
Specifically, the second device has acquired the first random bit string determined by the first device, and obtains the candidate shared key by decrypting the first ciphertext. Determining a target shared key according to the first random bit string and the candidate shared key, including:
and if the first random bit string is the same as the candidate shared secret key, determining the candidate shared secret key as the target shared secret key. It can be understood that, under an ideal communication environment, the first initial information string and the second initial information string determined by the two communicating parties according to the channel characteristics are the same or similar, that is, the candidate shared key decrypted by the second device according to the first ciphertext should be the same as the first random bit string, even if different, the candidate shared key may be the same as the first random bit string through the error correction process of the error correction code. Therefore, in an ideal communication environment, the shared key can be successfully transferred from the first device to the second device only through one round of negotiation, thereby completing the negotiation process of the shared key.
If the first random bit string is different from the candidate shared key, that is, the error-corrected candidate shared key is different from the first random bit string, it is determined that the difference between the second initial information string and the first initial information string is too large, and the difference between the second initial information string and the first initial information string needs to be reduced by using a self-adaptive correction method, so that the difference between the corrected initial information strings is small enough to be used for negotiating a shared key. The process of adaptive modification refers to the second embodiment of the shared key generation method provided by the present invention.
The method for generating the shared key comprises the steps that first equipment encrypts a first random bit string by adopting a first initial information string and an error correction code encoding algorithm to obtain a first ciphertext, second equipment receives the first ciphertext and decrypts the first ciphertext by adopting a second initial information string and an error correction code decoding algorithm to obtain a candidate shared key, and a target shared key is determined according to the first random bit string and the candidate shared key. According to the invention, an error correcting code mechanism is introduced, a first random bit string is used as a shared secret key, a first initial information string and a second initial information string determined according to channel characteristics are used as carriers for transmitting the shared secret key, unmatched bits in the first initial information string and the second initial information string are regarded as channel noise introduced by the shared secret key in channel transmission, and the unmatched bits are automatically corrected by using the error correcting code, so that the shared secret key can be successfully transmitted.
Fig. 4 is a schematic diagram of an interaction process of a second embodiment of a shared key generation method provided by the present invention, and fig. 5 is a flowchart of the second embodiment of the shared key generation method provided by the present invention, as shown in fig. 4 and fig. 5, the shared key generation method provided by the present embodiment performs adaptive correction on a second initial information string to reduce a difference between the second initial information string and a first initial information string, based on the first embodiment shown in fig. 2 and fig. 3, if the first random bit string and the candidate shared key are different. As shown in fig. 4 and 5, the shared key generation method provided in this embodiment includes:
s201: receiving a first ciphertext sent by a first device, wherein the first ciphertext is obtained by encrypting a first random bit string by the first device by using a first initial information string and an error correction code encoding algorithm, and the first initial information string is determined by the first device according to a channel characteristic between the first device and a second device.
Specifically, the implementation process is the same as that of S101, and is not described herein again.
S202: and decrypting the first ciphertext by adopting a second initial information string and an error correcting code decoding algorithm to obtain a candidate shared key, wherein the second initial information string is determined by the second device according to the channel characteristics between the second device and the first device.
Specifically, the implementation process is the same as that of S102, and is not described here again. If the first random bit string and the candidate shared key are different, S203 is continuously executed.
S203: and correcting the second initial information string and acquiring a second ciphertext to minimize the difference between the second ciphertext and the first ciphertext, wherein the second ciphertext is obtained by encrypting the candidate shared secret key by using the corrected second initial information string and the error correction code encoding algorithm.
Specifically, if the second device determines that the first random bit string and the candidate shared key are different, it is determined that unmatched bits in the second initial information string and the first initial information string cannot be automatically corrected by using an error correction code algorithm. Therefore, the second initial information string is modified in an adaptive modification manner, so that the difference between the first ciphertext and the second ciphertext obtained by encrypting the candidate shared key according to the modified second initial information string and the error correction code encoding algorithm is minimized, that is, the difference between the modified second initial information string and the first initial information string is minimized.
It should be noted that there are various ways to modify the second initial information string, and two alternative embodiments are illustrated below.
Fig. 6 is a flowchart of an alternative way of modifying the second initial information string, as shown in fig. 6, including:
s2031: and encrypting the candidate shared secret key by adopting the second initial information string and the error correcting code encoding algorithm to obtain a fourth ciphertext.
S2032: and obtaining the difference between the first ciphertext and the fourth ciphertext to obtain a first difference value.
Specifically, obtaining the difference between the first ciphertext and the fourth ciphertext includes, but is not limited to, the following: and performing XOR operation on the first ciphertext and the fourth ciphertext to obtain a second XOR result, and adding each bit of the second XOR result to obtain the first difference value. For example, assuming that the first ciphertext C is 1010101010 and the fourth ciphertext C is 0101001110, the second exclusive-or result obtained by exclusive-oring the first ciphertext and the fourth ciphertext is D1111100100, and each bit in the second exclusive-or result is added to obtain a first difference value of 6. It can be understood that if the first difference value is zero, it indicates that the first ciphertext and the fourth ciphertext are the same, and the larger the first difference value is, the larger the difference between the first ciphertext and the fourth ciphertext is.
It should be noted that, when the difference between two ciphertexts is obtained, the difference is obtained in the above manner, and will not be described in detail later.
S2033: and sequentially overturning each bit of the second initial information string to obtain an overturning result.
Specifically, according to a certain sequence, one bit in the second initial information string is turned over each time to obtain a turning result, S2034-S2037 is executed to determine whether the turning result is valid, if so, the second initial information string is updated according to the turning result, and the next bit is turned over continuously, if not, the turned bit is restored, and then the next bit is turned over continuously until all bits are turned over.
S2034: and encrypting the candidate shared secret key by adopting the turning result and the error correcting code encoding algorithm to obtain an encryption result.
S2035: and obtaining the difference between the first ciphertext and the encryption result to obtain a second difference value.
S2036: and if the second difference value is zero, updating the second initial information string according to the overturning result, and taking the encryption result as the second ciphertext.
It should be noted that, if the second difference value is zero, it indicates that the encryption result corresponding to the first ciphertext and the current flip result is the same, and the correction does not need to be continued, so that the second initial information string is updated according to the flip result, and the encryption result is used as the second ciphertext to end the correction process.
S2037: if the second difference value is larger than or equal to the first difference value, reducing the bit of the current overturn in the overturn result, otherwise, updating the second initial information string according to the overturn result and updating the first difference value according to the second difference value.
Specifically, if the second difference value is greater than or equal to the first difference value, it indicates that the current flipping is invalid, that is, after the current flipping, the difference between the flipped result and the first initial information string is not reduced, so that the bit of the current flipping is restored; otherwise, the current overturn is valid, that is, after the current overturn, the difference between the overturn result and the first initial information string becomes smaller, so that the first difference value is updated according to the second difference value to determine whether the next overturn is valid.
S2038: and returning to execute the sequential turning of each bit of the second initial information string until all bits of the second initial information string are turned, updating the second initial information string according to the turning result, and taking the encryption result as the second ciphertext.
Another alternative way of correcting the second initial information string is as follows:
as mentioned above, the difference between the two ciphertexts can be obtained by XOR, as shown in formula (1), where D isciphersIs the difference between the first ciphertext C and the fourth ciphertext C', M is a first random bit string corresponding to the first ciphertext C, f (M) is an encoding result obtained by encoding the first random bit string M by using an error correction code encoding algorithm, Intrlv (P)A) A first initial information string corresponding to the first ciphertext C, M ' is a candidate shared key corresponding to the fourth ciphertext, f (M ') is an encoding result obtained by encoding the candidate shared key M ' by adopting an error correction code encoding algorithm, and Intrlv (P)B) A second initial information string corresponding to a fourth ciphertext C', DcodesFor the difference after encoding of the first random bit string M and the candidate shared key M', Intrlv (N)AB) Is the first initial information string Intrlv (P)A) And a second initial information string Intrlv (P)B) The difference between them.
Figure GDA0002806903810000131
As can be seen from equation (1), the difference between the two ciphertexts is caused by the difference between the first initial information string and the second initial information string and the difference between the first random bit string and the candidate shared key after being encoded by the error correction code encoding algorithm. Therefore, a series of highly suspicious unmatched bit sets can be obtained according to the difference between the two ciphertexts, and the second initial information string is corrected according to the unmatched bit sets, so that the difference between the first ciphertexts and the second ciphertexts obtained by encrypting the candidate shared key according to the corrected second initial information string and the error correction code encoding algorithm is the minimum.
Of course, it is possible that some difference bits do not appear in the suspect set because the error is cancelled when the difference between the first initial string and the second initial string and the encoding difference of the first random string and the candidate shared key appear exactly at the same location. However, the probability of the occurrence of the exception is small, and the shared key negotiation process of the invention cannot be influenced, so that the error correction code has certain error correction capability.
By adopting any one of the two ways of correcting the second initial information string, the difference between the second ciphertext obtained by encrypting the candidate shared key and the first ciphertext can be minimized according to the corrected second initial information string and the error correction code encoding algorithm. It should be noted that, after the round of modification, it is possible to make the second ciphertext identical to the first ciphertext, that is, the shared key is successfully agreed; of course, it is also possible that the second ciphertext is still different from the first ciphertext, that is, the second initial information string after being modified is different from the first initial information string, and then step S204 is executed.
S204: and sending the second ciphertext to the first device, so that the first device corrects the first initial information string according to the second ciphertext and obtains a third ciphertext.
Specifically, after receiving the second ciphertext, the first device corrects the first initial information string by using the same adaptive correction method, so as to reduce a difference between the first initial information string and the second initial information string, so that the first initial information string and the second initial information string can be used for negotiating a shared key.
It should be noted that the above adaptive correction process may be performed through multiple rounds, and the interactive process shown in fig. 4 is described by taking two rounds as an example.
S205: and receiving the third ciphertext sent by the first device, and decrypting the third ciphertext by adopting the second initial information string and an error correction code decoding algorithm to obtain the target shared key.
Specifically, after the first device and the second device perform several rounds of correction, the difference between the first initial information string and the second initial information string is small enough, and at this time, after the second device receives the third ciphertext, the second initial information string and the error correction code encoding algorithm are used to decrypt the third ciphertext to obtain the target shared key, that is, the shared key is successfully transmitted to the second device.
In this embodiment, an error correction code mechanism is introduced, the first random bit string is used as a shared key, the first initial information string and the second initial information string determined according to the channel characteristics are used as carriers for transmitting the shared key, unmatched bits in the first initial information string and the second initial information string are regarded as channel noise introduced by the shared key in channel transmission, and the unmatched bits are automatically corrected by using the error correction code, so that the shared key can be successfully transmitted. And aiming at the condition that unmatched bits exceed the error correction capability of the error correction code, reducing the difference between the first initial information string and the second initial information string by adopting a self-adaptive correction mode, so that the difference between the corrected initial information strings is small enough, the corrected initial information strings can be used for negotiating a shared key, and the generation efficiency of the shared key is further improved.
Fig. 7 is a schematic structural diagram of a first embodiment of a shared key generation apparatus according to the present invention, and as shown in fig. 7, a sharedkey generation apparatus 300 according to this embodiment includes a receivingmodule 301, adecryption module 302, and a determiningmodule 303.
The receivingmodule 301 is configured to receive a first ciphertext sent by a first device, where the first ciphertext is obtained by encrypting a first random bit string by the first device using a first initial information string and an error correction code encoding algorithm, and the first initial information string is determined by the first device according to a channel characteristic between the first device and a second device.
Thedecryption module 302 is configured to decrypt the first ciphertext by using a second initial information string and an error correction code decoding algorithm to obtain a candidate shared key, where the second initial information string is determined by the second device according to a channel characteristic between the second device and the first device.
The determiningmodule 303 is configured to determine a target shared key according to the first random bit string and the candidate shared key.
The sharedkey generating apparatus 300 provided in this embodiment may be used to execute the technical solutions of the method embodiments shown in fig. 2 and fig. 3, and the implementation principles and technical effects are similar, and are not described herein again.
Fig. 8 is a schematic structural diagram of a second embodiment of the shared key generating apparatus according to the present invention, and as shown in fig. 8, the determiningmodule 303 of the sharedkey generating apparatus 400 according to this embodiment includes a modifyingunit 3031, atransmitting unit 3032, and areceiving unit 3033 based on the embodiment shown in fig. 7.
The correctingunit 3031 is configured to correct the second initial information string and obtain a second ciphertext to minimize a difference between the second ciphertext and the first ciphertext, where the second ciphertext is obtained by encrypting the candidate shared key by using the corrected second initial information string and the error correction code encoding algorithm.
The correctingunit 3031 is specifically configured to encrypt the candidate shared key by using the second initial information string and the error correction code encoding algorithm to obtain a fourth ciphertext; obtaining the difference between the first ciphertext and the fourth ciphertext to obtain a first difference value; sequentially turning over each bit of the second initial information string to obtain a turning-over result; encrypting the candidate shared secret key by adopting the turning result and the error correcting code encoding algorithm to obtain an encryption result; obtaining the difference between the first ciphertext and the encryption result to obtain a second difference value; if the second difference value is zero, updating the second initial information string according to the turning result, and taking the encryption result as the second ciphertext; if the second difference value is larger than or equal to the first difference value, reducing the bit turned over this time in the turning result, otherwise, updating the second initial information string according to the turning result and updating the first difference value according to the second difference value; and returning to execute the sequential turning of each bit of the second initial information string until all bits of the second initial information string are turned, updating the second initial information string according to the turning result, and taking the encryption result as the second ciphertext.
Thetransmitting unit 3032 is configured to transmit the second ciphertext to the first device, so that the first device corrects the first initial information string according to the second ciphertext and obtains a third ciphertext.
The receivingunit 3033 is configured to receive the third ciphertext sent by the first device, and decrypt the third ciphertext by using the second initial information string and an error correction code decoding algorithm to obtain the target shared key.
The shared key generating apparatus provided in this embodiment may be used to execute the technical solution of any one of the method embodiments in fig. 4 to fig. 6, and the implementation principle and the technical effect are similar, which are not described herein again.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (8)

1. A method for generating a shared key, comprising:
receiving a first ciphertext sent by first equipment, wherein the first ciphertext is obtained by encrypting a first random bit string by the first equipment by adopting a first initial information string and an error correcting code encoding algorithm, and the first initial information string is determined by the first equipment according to channel characteristics between the first equipment and second equipment;
decrypting the first ciphertext by adopting a second initial information string and an error correcting code decoding algorithm to obtain a candidate shared key, wherein the second initial information string is determined by the second device according to the channel characteristics between the second device and the first device;
obtaining a first random bit string determined by the first device;
determining a target shared key according to the first random bit string and the candidate shared key;
the determining a target shared key according to the first random bit string and the candidate shared key includes:
if the first random bit string is different from the candidate shared key, correcting the second initial information string and obtaining a second ciphertext to minimize the difference between the second ciphertext and the first ciphertext, wherein the second ciphertext is obtained by encrypting the candidate shared key by using the corrected second initial information string and the error correction code encoding algorithm;
sending the second ciphertext to the first device, so that the first device corrects the first initial information string by using a self-adaptive correction method according to the second ciphertext and obtains a third ciphertext obtained by encrypting the first random bit string by using the corrected first initial information string and the error correction code encoding algorithm; the self-adaptive correction method is the same as the method for correcting the second initial information string;
receiving the third ciphertext sent by the first device, and decrypting the third ciphertext by using the second initial information string and an error correction code decoding algorithm to obtain the target shared key;
and if the first random bit string is the same as the candidate shared secret key, determining the candidate shared secret key as the target shared secret key.
2. The method of claim 1,
the first ciphertext is obtained by the first device by encoding the first random bit string by using the error correction code encoding algorithm to obtain an encoding result and performing exclusive or on the encoding result and the first initial information string;
correspondingly, the decrypting the first ciphertext by using the second initial information string and the error correction code decoding algorithm to obtain the candidate shared key includes:
performing XOR calculation by adopting a second initial information string and the first ciphertext to obtain a first XOR result; and decoding the first exclusive-or result by adopting an error correcting code decoding algorithm to obtain the candidate shared secret key.
3. The method of claim 1, wherein modifying the second initial information string and obtaining a second ciphertext comprises:
encrypting the candidate shared secret key by adopting the second initial information string and the error correcting code encoding algorithm to obtain a fourth ciphertext;
obtaining the difference between the first ciphertext and the fourth ciphertext to obtain a first difference value;
sequentially turning over each bit of the second initial information string to obtain the second ciphertext;
the sequentially turning over each bit of the second initial information string to obtain the second ciphertext comprises:
step 1, turning over one bit of the second initial information string to obtain a turning-over result of the time;
step 2, the candidate shared secret key is encrypted by adopting the turning result and the error correcting code encoding algorithm to obtain an encryption result;
step 3, obtaining the difference between the first ciphertext and the encryption result to obtain a second difference value;
step 4, if the second difference value is greater than or equal to the first difference value, reducing the bit of the current overturn in the current overturn result, otherwise, updating the second initial information string according to the current overturn result and updating the first difference value according to the second difference value;
and 5, continuing to execute the steps 1 to 4 on the next bit of the second initial information string until all bits of the second initial information string are inverted, and taking the encryption result as the second ciphertext.
4. The method of claim 3, wherein obtaining the difference between the first ciphertext and the encryption result to obtain a second difference value further comprises: and if the second difference value is zero, updating the second initial information string according to the overturning result, and taking the encryption result as the second ciphertext.
5. The method of claim 3, wherein obtaining the difference between the first ciphertext and the fourth ciphertext to obtain a first difference value comprises:
performing XOR operation on the first ciphertext and the fourth ciphertext to obtain a second XOR result;
and adding each bit of the second exclusive-or result to obtain the first difference value.
6. The method according to claim 1, wherein the first initial information string is obtained by the first device through filtering quantization and packet interleaving according to the channel characteristics between the first device and the second device, and the second initial information string is obtained by the second device through filtering quantization and packet interleaving according to the channel characteristics between the second device and the first device.
7. The shared key generation device is characterized by comprising a receiving module, a decryption module, an acquisition module and a determination module;
the receiving module is configured to receive a first ciphertext sent by a first device, where the first ciphertext is obtained by encrypting a first random bit string by the first device using a first initial information string and an error correction code encoding algorithm, and the first initial information string is determined by the first device according to a channel characteristic between the first device and a second device;
the decryption module is configured to decrypt the first ciphertext by using a second initial information string and an error correction code decoding algorithm to obtain a candidate shared key, where the second initial information string is determined by the second device according to a channel characteristic between the second device and the first device;
the obtaining module is configured to obtain a first random bit string determined by the first device;
the determining module is configured to determine a target shared key according to the first random bit string and the candidate shared key;
the determining module is specifically configured to, if the first random bit string and the candidate shared key are different, correct the second initial information string and obtain a second ciphertext to minimize a difference between the second ciphertext and the first ciphertext, where the second ciphertext is obtained by encrypting the candidate shared key using the corrected second initial information string and the error correction code encoding algorithm; sending the second ciphertext to the first device, so that the first device corrects the first initial information string by using a self-adaptive correction method according to the second ciphertext and obtains a third ciphertext obtained by encrypting the first random bit string by using the corrected first initial information string and the error correction code encoding algorithm; the self-adaptive correction method is the same as the method for correcting the second initial information string; receiving the third ciphertext sent by the first device, and decrypting the third ciphertext by using the second initial information string and an error correction code decoding algorithm to obtain the target shared key;
and if the first random bit string is the same as the candidate shared secret key, determining the candidate shared secret key as a target shared secret key.
8. The apparatus according to claim 7, wherein the first ciphertext is obtained by encoding the first random bit string by using the ecc encoding algorithm for the first device, and performing xor on the encoding result and the first initial information string;
correspondingly, the decryption module is specifically configured to perform xor calculation by using a second initial information string and the first ciphertext to obtain a first xor result; and decoding the first exclusive-or result by adopting an error correcting code decoding algorithm to obtain the candidate shared secret key.
CN201711274178.5A2017-12-062017-12-06 Shared key generation method and deviceActiveCN109889327B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN201711274178.5ACN109889327B (en)2017-12-062017-12-06 Shared key generation method and device

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN201711274178.5ACN109889327B (en)2017-12-062017-12-06 Shared key generation method and device

Publications (2)

Publication NumberPublication Date
CN109889327A CN109889327A (en)2019-06-14
CN109889327Btrue CN109889327B (en)2021-04-23

Family

ID=66923470

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN201711274178.5AActiveCN109889327B (en)2017-12-062017-12-06 Shared key generation method and device

Country Status (1)

CountryLink
CN (1)CN109889327B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN110365474B (en)*2019-06-192020-09-25北京捷安通科技有限公司Key agreement method and communication equipment
CN111740954B (en)*2020-05-182021-05-11北京索德电气工业有限公司Elevator main controller and elevator board card communication encryption method

Citations (3)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN104640110A (en)*2015-01-152015-05-20南京邮电大学Symmetric key generating method based on channel characteristics in terminal direct communication
CN105376056A (en)*2014-08-292016-03-02中国运载火箭技术研究院 Key agreement method for symmetric key generation and distribution based on wireless channel characteristics
CN106878012A (en)*2016-12-072017-06-20中国电子科技集团公司第三十研究所 A Wireless Channel Physical Layer Key Negotiation and Inconsistent Bit Removal Method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN105376056A (en)*2014-08-292016-03-02中国运载火箭技术研究院 Key agreement method for symmetric key generation and distribution based on wireless channel characteristics
CN104640110A (en)*2015-01-152015-05-20南京邮电大学Symmetric key generating method based on channel characteristics in terminal direct communication
CN106878012A (en)*2016-12-072017-06-20中国电子科技集团公司第三十研究所 A Wireless Channel Physical Layer Key Negotiation and Inconsistent Bit Removal Method

Also Published As

Publication numberPublication date
CN109889327A (en)2019-06-14

Similar Documents

PublicationPublication DateTitle
CN109672518B (en)Node data processing of quantum attack resistant blockchains
CN111566990B (en) Secure Key Agreement with Untrusted Devices
AU2022215311A1 (en)Data conversion systems and methods
JP5871142B2 (en) Communication device and encryption key generation method in encryption key sharing system
JP2016513825A (en) Safety communication method and apparatus
US20040190719A1 (en)Decoupling error correction from privacy amplification in quantum key distribution
US11750580B2 (en)Systems and methods for encryption in network communication
CN112997448A (en)Public/private key system with reduced public key size
EP2962420B1 (en)Network device configured to derive a shared key
JP5395051B2 (en) A low complexity encryption method for content encoded by rateless codes
US20100128877A1 (en)Systems and Methods for Providing Opportunistic Security for Physical Communication Channels
CN113904770B (en) A quantum noise stream encryption key update method, device and storage medium
CN106027231B (en)A method of cascade error correction being carried out to error code in the processing after quantum key distribution
CN109889327B (en) Shared key generation method and device
CN106535178B (en)Access layer and Non-Access Stratum key safety insulating device and its method
CN115378614A (en) A data transmission method, device and electronic equipment
de la Torre et al.Post-Quantum Wireless-based Key Encapsulation Mechanism via CRYSTALS-Kyber for Resource-Constrained Devices
MolotkovHow many sessions of quantum key distribution are allowed from the first launch to the next restart of the system?
CN113726507B (en)Data transmission method, system, device and storage medium
CN113923029A (en)Internet of things information encryption method based on ECC (error correction code) hybrid algorithm
JP2008177815A (en) Broadcast encryption method and broadcast encryption device
CN119675998B (en)Black box data transmission method based on quantum key encryption
Amerimehr et al.Impersonation attack on a quantum secure direct communication and authentication protocol with improvement
CN104702404B (en)A kind of encryption method and system based on error correcting code Yu low wheel AES
Zou et al.Attacks and improvements of QSDC schemes based on CSS codes

Legal Events

DateCodeTitleDescription
PB01Publication
PB01Publication
SE01Entry into force of request for substantive examination
SE01Entry into force of request for substantive examination
GR01Patent grant
GR01Patent grant
[8]ページ先頭
©2009-2025 Movatter.jp