| 摘要 |
The present invention relates to information security and discloses a method of establishing public key cryptographic protocols against the quantum computational attack. The method includes the following steps: definition of an infinite non-abelian group G; choosing two private keys in G by two entities; a second entity computing y, and sending y to a first entity; the first entity computing x and z, and sending (x, z) to the second entity; the second entity computing w and v, and sending (w, v) to the first entity; the first entity computing u, and sending u to the second entity; and the first entity computing KA, and the second entity computing KB, thereby reaching a shared key K=KA=KB. The security guarantee of a public key cryptographic algorithm created by the present invention relies on unsolvability of a problem, and has an advantage of free of the quantum computational attack. |
| 主权项 |
1. A method of establishing public key cryptographic protocols against the quantum computational attack, comprising a method for generating a shared key, wherein the method for generating a shared key comprises the following steps:
(11) establishing an infinite non-abelian group G and two subgroups A and B of G, so that for any a ∈A and any b∈B, the equation ab=ba is true; (12) choosing, by a first entity of a protocol, an element g in G, wherein the first entity of the protocol chooses two elements b1, b2∈A as private keys, and a second entity of the protocol chooses two elements d1, d2∈B as private keys; (13) choosing, by the second entity of the protocol, two elements c1, c2∈B, computing y=d1c1gc2d2, and sending y to the first entity of the protocol; (14) choosing, by the first entity of the protocol, four elements a1, a2, b3, b4∈A, computing
x=b1a1ga2b2 and z=b3a1ya2b4=b3a1d1c1gc2d2a2b4, and sending (x, z) to the second entity of the protocol; (15) choosing, by the second entity of the protocol, two elements d3, d4∈B, computing
w=d3c1xc2d4=d3c1b1a 1ga2b2c2d4 andv=d1−zd2−1=d1−1b3a1d1c1gc2d2a2b4d2−1=b3a1c1gc2a2b4 and sending (w, v) to the first entity of the protocol; (16) computing, by the first entity of the protocol,
u=b1−1wb2−1=b1−1d3c1b1a1ga2b2c2d4b2−1=d3c1a1ga2c2d4, and sending u to the second entity of the protocol; and (17) computing, by the second entity of the protocol, KB=b3−1vb4−1=a1c1gc2a2, and computing, by the second entity of the protocol, KB=d3−1=c1a1ga2c2; because a1, a2∈A, and c1, c2∈B, a1 and c1 are separately commute with a2 and c2 in multiplication, so that the first entity of the protocol and the second entity of the protocol reach a shared key K=KA=KB. |
