TWI852860B - Hybird security credential management system and method thereof - Google Patents

Hybird security credential management system and method thereof Download PDF

Info

Publication number
TWI852860B
TWI852860B TW112148435A TW112148435A TWI852860B TW I852860 B TWI852860 B TW I852860B TW 112148435 A TW112148435 A TW 112148435A TW 112148435 A TW112148435 A TW 112148435A TW I852860 B TWI852860 B TW I852860B
Authority
TW
Taiwan
Prior art keywords
certificate
key
post
public key
hybrid
Prior art date
Application number
TW112148435A
Other languages
Chinese (zh)
Other versions
TW202524341A (en
Inventor
陳志華
林峻鋒
林邦曄
繆嘉新
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW112148435A priority Critical patent/TWI852860B/en
Application granted granted Critical
Publication of TWI852860B publication Critical patent/TWI852860B/en
Publication of TW202524341A publication Critical patent/TW202524341A/en

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

A hybrid security credential management system and method thereof are provided, the system includes a first terminal device, a login center and a certificate center. The first terminal device produces a symmetric cryptography key, a first elliptic curve cryptography key pair, and a plurality of post-quantum cryptography key pairs for encryption and decryption, and transmits them to the login center. The login center generates a cocoon public key, and transmits the cocoon public key, the post-quantum cryptography public key for encryption and decryption, and a certificate application information to the certificate center. The certificate center generates a second elliptic curve cryptography key pair and generates a reconstructed value public key according to the cocoon public key. The certificate center generates post-quantum cryptographic signatures and production of hybrid pseudonymous certificates according to the post-quantum cryptography private key used for signature verification and the certificate application signature.

Description

混合式安全憑證管理系統及其方法Hybrid security certificate management system and method

本發明是有關於憑證產生之技術,且特別是有關於一種基於後量子密碼學(Post-quantum cryptography,PQC)和橢圓曲線密碼學(Elliptic Curve Cryptography,ECC)的混合式安全憑證管理系統及其方法。The present invention relates to a technology for generating certificates, and in particular to a hybrid security certificate management system and method based on post-quantum cryptography (PQC) and elliptic curve cryptography (ECC).

圖1係IEEE 1609.2.1之蝴蝶金鑰擴展方法的方法流程圖。圖2係IEEE 1609.2.1之蝴蝶金鑰擴展方法的具體計算流程圖。FIG1 is a flowchart of the butterfly key expansion method of IEEE 1609.2.1. FIG2 is a specific calculation flowchart of the butterfly key expansion method of IEEE 1609.2.1.

請參考圖1及圖2,安全憑證管理系統至少包含憑證中心端(Certificate Authority,CA)103、登錄中心端(Registration Authority)102、以及複數個終端設備端(End Entity,EE)(例如終端設備端1及終端設備端2)。憑證中心端103可簽發複數個假名憑證(Pseudonym Certificate,PC)授予終端設備端,終端設備端可以使用該些假名憑證進行通訊,避免終端設備端經常暴露其該授權憑證。登錄中心端102負責終端設備端的註冊審核管理。Please refer to Figures 1 and 2. The security certificate management system at least includes a certificate authority (CA) 103, a registration authority (Registration Authority) 102, and a plurality of end entities (EE) (e.g., end entity 1 and end entity 2). The certificate authority 103 can issue a plurality of pseudonym certificates (Pseudonym Certificate, PC) to the end devices, and the end devices can use these pseudonym certificates for communication to avoid the end devices from frequently exposing their authorization certificates. The registration authority 102 is responsible for the registration and audit management of the end devices.

終端設備端1可以產製毛蟲金鑰對,再由登錄中心端102產製複數個繭公鑰,以及由憑證中心端103產製複數個蝴蝶公鑰,最後由終端設備端1產製複數個繭私鑰和複數個蝴蝶私鑰。The terminal device 1 can generate a caterpillar key pair, and then the login center 102 generates a plurality of cocoon public keys, and the certification center 103 generates a plurality of butterfly public keys, and finally the terminal device 1 generates a plurality of cocoon private keys and a plurality of butterfly private keys.

蝴蝶金鑰擴展方法的步驟S101係由終端設備端1產製複數個高級加密標準演算法(Advanced Encryption Standard, AES)金鑰及橢圓曲線密碼學(Elliptic Curve Cryptography, ECC)金鑰對。其中步驟S101主要包括步驟1a、1b、1c以及1d。In step S101 of the butterfly key expansion method, a terminal device 1 generates a plurality of Advanced Encryption Standard (AES) key pairs and Elliptic Curve Cryptography (ECC) key pairs. Step S101 mainly includes steps 1a, 1b, 1c and 1d.

步驟1a中,終端設備端1產製AES金鑰ck,作為簽章使用,參數ck係對稱式金鑰;In step 1a, the terminal device 1 generates an AES key ck for use as a signature, and the parameter ck is a symmetric key;

步驟1b中,終端設備端1產製AES金鑰ek,作為加密使用,參數ek係對稱式金鑰;In step 1b, the terminal device 1 generates an AES key ek for encryption, and the parameter ek is a symmetric key;

步驟1c中,終端設備端1產製ECC金鑰對 ,作為毛蟲金鑰對,簽章使用,參數a係私鑰、參數A係公鑰、參數G係橢圓曲線的基準點; In step 1c, the terminal device 1 generates an ECC key pair , as the caterpillar key pair, used for signature, parameter a is the private key, parameter A is the public key, parameter G is the reference point of the ellipse curve;

步驟1d中,終端設備端1產製ECC金鑰對 ,作為毛蟲金鑰對,簽章使用,參數p係私鑰、參數P係公鑰、參數G係橢圓曲線的基準點。 In step 1d, the terminal device 1 generates an ECC key pair , as the caterpillar key pair, used for signature, parameter p is the private key, parameter P is the public key, and parameter G is the reference point of the elliptical curve.

蝴蝶金鑰擴展方法的步驟S102係由終端設備端1將產製的對稱式金鑰ck與ek、毛蟲公鑰A與P、以及憑證申請資訊E,即(ck, ek, A, P, E)傳送給登錄中心端102。In step S102 of the butterfly key expansion method, the terminal device 1 transmits the generated symmetrical keys ck and ek, the caterpillar public keys A and P, and the certificate application information E, i.e. (ck, ek, A, P, E) to the registration center 102.

蝴蝶金鑰擴展方法的步驟S103係由登錄中心端102根據毛蟲公鑰和整數ι產製複數個繭公鑰,其中步驟S103主要包括步驟3a以及步驟3b。In step S103 of the butterfly key expansion method, the login center 102 generates a plurality of cocoon public keys according to the caterpillar public key and the integer ι, wherein step S103 mainly includes step 3a and step 3b.

步驟3a中,登錄中心端102產製複數個繭公鑰 ,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數、函數f1係一基於AES加密演算法的擴展函數,可運用AES金鑰ck加密參數ι值,得到一整數密文。 In step 3a, the login center 102 generates multiple public keys. , parameter ι is an incremental integer known to both the terminal device 1 and the login center 102, and function f1 is an extended function based on the AES encryption algorithm, which can use the AES key ck to encrypt the parameter ι value to obtain an integer ciphertext.

步驟3b中,登錄中心端102產製複數個繭公鑰 ,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數、函數f2係一基於AES加密演算法的擴展函數,可運用AES金鑰ek加密參數ι值,得到一整數密文。 In step 3b, the login center 102 generates multiple public keys. , parameter ι is an incremental integer known to both the terminal device 1 and the login center 102, and function f2 is an extended function based on the AES encryption algorithm, which can use the AES key ek to encrypt the parameter ι value to obtain an integer ciphertext.

蝴蝶金鑰擴展方法的步驟S104係由登錄中心端102將產製的複數個繭公鑰(B ι, Qι, E)傳送給憑證中心端103。 In step S104 of the butterfly key expansion method, the registration center 102 transmits the generated multiple public keys (B ι , Q ι , E) to the certification center 103 .

蝴蝶金鑰擴展方法的步驟S105係由憑證中心端103根據該些繭公鑰產製複數個蝴蝶公鑰,該些蝴蝶公鑰可以作為假名憑證的公鑰驗章使用,其中步驟S105主要包括步驟5a、步驟5b、步驟5c、步驟5d以及步驟5e。In step S105 of the butterfly key expansion method, the certificate center 103 generates a plurality of butterfly public keys according to the cocoon public keys. The butterfly public keys can be used as public key verification seals of pseudonymous certificates. Step S105 mainly includes step 5a, step 5b, step 5c, step 5d and step 5e.

步驟5a中,憑證中心端103產製ECC金鑰對 ,參數r係私鑰、參數R係公鑰、參數G係橢圓曲線的基準點; In step 5a, the certification center 103 generates an ECC key pair , parameter r is the private key, parameter R is the public key, and parameter G is the base point of the ellipse curve;

步驟5b中,憑證中心端103產製重構值公鑰 In step 5b, the certification center 103 generates a reconstructed public key ;

步驟5c中,憑證中心端103根據重構值公鑰J與憑證申請資訊E產製隱式憑證 ,計算隱式憑證 的雜湊值 ,其中, 是雜湊函數,隱式憑證 至少包含重構值公鑰 及憑證申請資訊E; In step 5c, the certificate center 103 generates a hidden certificate based on the reconstructed public key J and the certificate application information E. , calculate implicit certificate Hash value of ,in, is a hash function, implicit certificate Contains at least the reconstructed value public key and certificate application information E;

步驟5d中,憑證中心端103產製重構值私鑰 ,其中,參數c係憑證中心端103的橢圓曲線密碼學私鑰、參數n係橢圓曲線的階; In step 5d, the certificate center 103 generates a reconstructed value private key , wherein parameter c is the elliptical curve cryptography private key of the certification center 103, and parameter n is the order of the elliptical curve;

步驟5e中,憑證中心端103使用繭公鑰 作為公鑰以橢圓曲線整合加密機制(Elliptic Curve Integrated Encryption Scheme, ECIES)演算法對d加密和簽章,該d的密文係d’ 。 In step 5e, the certification center 103 uses the public key As the public key, d is encrypted and signed using the Elliptic Curve Integrated Encryption Scheme (ECIES) algorithm. The ciphertext of d is d'.

蝴蝶金鑰擴展方法的步驟S106係由憑證中心端103傳送密文d’及隱式憑證 給登錄中心端102。 In step S106 of the butterfly key expansion method, the certificate center 103 transmits the ciphertext d' and the hidden certificate To the login center terminal 102.

蝴蝶金鑰擴展方法的步驟S107係由登錄中心端102傳送密文d’和隱式憑證 給終端設備端1。 Step S107 of the butterfly key expansion method is to transmit the ciphertext d' and the hidden certificate from the login center 102 To the terminal device 1.

蝴蝶金鑰擴展方法的步驟S108係由終端設備端1根據ι值產製複數個繭私鑰,其中步驟S108主要包括步驟8a以及步驟8b。In step S108 of the butterfly key expansion method, the terminal device 1 generates a plurality of private keys according to the value ι, wherein step S108 mainly includes step 8a and step 8b.

步驟8a中,終端設備端1產製複數個繭私鑰 ,函數f1係一基於AES加密演算法的擴展函數與上述0011段所提之函數f1相同,可運用AES金鑰ck加密參數ι值,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數,得到一整數密文、參數n係橢圓曲線的階; In step 8a, the terminal device 1 generates a plurality of private keys. , function f1 is an extended function based on the AES encryption algorithm and is the same as the function f1 mentioned in the above paragraph 0011, and can use the AES key ck to encrypt the parameter ι value, the parameter ι is an incremental integer known by the terminal device 1 and the login center 102, and obtain an integer ciphertext, and the parameter n is the order of the elliptical curve;

步驟8b中,終端設備端1產製複數個繭私鑰 ,函數f2係一基於AES加密演算法的擴展函數與0012段所提之函數f2相同,可運用AES金鑰ek加密參數ι值,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數,得到一整數密文、參數n係橢圓曲線的階。 In step 8b, the terminal device 1 generates a plurality of private keys. Function f2 is an extended function based on the AES encryption algorithm and is the same as the function f2 mentioned in paragraph 0012. The AES key ek can be used to encrypt the parameter ι value. The parameter ι is an incremental integer known to both the terminal device 1 and the login center 102 to obtain an integer ciphertext. The parameter n is the order of the elliptical curve.

蝴蝶金鑰擴展方法的步驟S109係由終端設備端1根據繭私鑰q ι解密取得明文d,並且運用繭私鑰q ι和d值產製蝴蝶私鑰,該些蝴蝶私鑰可作為假名憑證的私鑰簽章或解密使用,其中步驟S109主要包括步驟9a、步驟9b、步驟9c。 Step S109 of the butterfly key expansion method is that the terminal device 1 decrypts the plaintext d according to the coiled private key q ι , and uses the coiled private key q ι and the d value to generate a butterfly private key. These butterfly private keys can be used as private keys for signing or decrypting pseudonymous certificates. Step S109 mainly includes step 9a, step 9b, and step 9c.

步驟9a中,終端設備端1根據繭私鑰q ι解密取得明文d; In step 9a, the terminal device 1 decrypts the plain text d according to the private key q ι ;

步驟9b中,終端設備端1計算隱式憑證 的雜湊值 ,其中, 是雜湊函數; In step 9b, the terminal device 1 calculates the implicit certificate Hash value of ,in, is the hash function;

步驟9c中,終端設備端1產製複數個蝴蝶私鑰 ,參數n係橢圓曲線的階。 In step 9c, the terminal device 1 generates multiple butterfly private keys , the parameter n is the order of the elliptical curve.

再請參考圖2,蝴蝶金鑰擴展方法的步驟S110中,終端設備端2可以從憑證中心端103取得終端設備端1的隱式憑證 Referring to FIG. 2 , in step S110 of the butterfly key expansion method, the terminal device 2 can obtain the hidden certificate of the terminal device 1 from the certificate center 103. .

步驟S111中,終端設備端2計算隱式憑證 的雜湊值 ,其中, 是雜湊函數,產製蝴蝶公鑰 ,其中,參數J係從隱式憑證 中取得、參數C係憑證中心端103的橢圓曲線密碼學公鑰。 In step S111, the terminal device 2 calculates the implicit certificate Hash value of ,in, Is a hash function that generates a butterfly public key , where parameter J is derived from the implicit certificate Parameter C is the elliptical curve cryptography public key of the certificate center 103.

目前的車聯網資安憑證管理系統雖然可以運用橢圓曲線密碼學方法在既有的公鑰基礎下提供擴展後公鑰對作為假名憑證。然而,麻省理工學院應用數學系Shor教授在1994年提出量子質因數分解演算法,運用量子特性,可以將具有現行主流的密碼學演算法(如:RSA密碼學方法或橢圓曲線密碼學(Elliptic Curve Cryptography, ECC)方法)破解時間從指數級時間複雜度 降低為多項式級時間複雜度O(n)。 Although the current car network information security certificate management system can use elliptic curve cryptography to provide an expanded public key pair as a pseudonymous certificate based on the existing public key, Professor Shor of the Department of Applied Mathematics at the Massachusetts Institute of Technology proposed a quantum prime factorization algorithm in 1994. By using quantum properties, the cracking time of the current mainstream cryptographic algorithms (such as RSA cryptography or Elliptic Curve Cryptography (ECC)) can be reduced from exponential time complexity to 10000. Reduced to polynomial level time complexity O(n).

前案「事件記錄系統以及車載事件記錄裝置」(專利號:I814478)的主要技術特徵在於該專利所提車載事件記錄系統採用後量子密碼學簽章演算法Falcon演算法、後量子密碼學加密演算法NTRU Encrypt演算法。然而,該車載事件記錄系統是假設車載終端設備在一般的4G或5G的行動通訊網路上傳輸,由車載終端設備傳輸給雲端伺服器,所以較不受封包大小限制。如果在V2X (如:專用短距離通訊(Dedicated Short-Range Communications, DSRC))或C-V2X環境傳輸,由車載終端設備傳送給其他終端設備時,則存在封包大小限制。如果全部採用後量子密碼學簽章演算法Falcon演算法和後量子密碼學加密演算法NTRU Encrypt演算法,其安全協定資料單元(Secure Protocol Data Unit, SPDU)長度將會超過封包大小限制,導致無法正常發送。除此之外,由於該車載事件記錄系統其該車載終端設備採用其原始私鑰進行簽章,不具有匿名性,將存在曝露隱私問題。The main technical feature of the previous case "Event Recording System and Vehicle Event Recording Device" (Patent No.: I814478) is that the vehicle event recording system mentioned in the patent adopts the post-quantum cryptographic signature algorithm Falcon algorithm and the post-quantum cryptographic encryption algorithm NTRU Encrypt algorithm. However, the vehicle event recording system assumes that the vehicle terminal equipment is transmitted on a general 4G or 5G mobile communication network, and is transmitted from the vehicle terminal equipment to the cloud server, so it is less subject to packet size restrictions. If it is transmitted in a V2X (such as Dedicated Short-Range Communications (DSRC)) or C-V2X environment, when the vehicle terminal equipment transmits to other terminal equipment, there is a packet size restriction. If the post-quantum cryptography signature algorithm Falcon algorithm and the post-quantum cryptography encryption algorithm NTRU Encrypt algorithm are all adopted, the length of the Secure Protocol Data Unit (SPDU) will exceed the packet size limit, resulting in failure to send normally. In addition, since the vehicle-mounted event recording system uses its original private key for signature, it is not anonymous and there will be privacy exposure issues.

本發明提供一種混合式安全憑證管理系統及其方法,不僅可避免被量子計算破解,並且可使用混合式假名憑證保護其隱私。The present invention provides a hybrid security certificate management system and method thereof, which can not only avoid being cracked by quantum computing, but also use a hybrid pseudonymous certificate to protect its privacy.

本發明的一種混合式安全憑證管理系統,包括第一終端設備、登錄中心端以及憑證中心端,其中,第一終端設備與登錄中心端通訊連接,用以產製對稱式密碼學金鑰、第一橢圓曲線密碼學金鑰對、複數個加解密用後量子密碼學金鑰對,其中第一橢圓曲線密碼學金鑰對包括橢圓曲線密碼學公鑰及橢圓曲線密碼學私鑰,每一加解密用後量子密碼學金鑰對包括加解密用後量子密碼學公鑰及加解密用後量子密碼學私鑰,並將對稱式密碼學金鑰、橢圓曲線密碼學公鑰、該些加解密用後量子密碼學公鑰以及憑證申請資訊傳送至登錄中心端。登錄中心端用以產製繭公鑰,並將繭公鑰、加解密用後量子密碼學公鑰、以及憑證申請資訊傳送至憑證中心端。憑證中心端與登錄中心端通訊連接,用以依據隨機數產製第二橢圓曲線密碼學金鑰對,並依據繭公鑰產製重構值公鑰,憑證中心端依據簽驗章用後量子密碼學私鑰及憑證申請資訊產製後量子密碼學簽章,並且產製混合式假名憑證,混合式假名憑證至少包含重構值公鑰、憑證申請資訊、以及後量子密碼學簽章。The present invention discloses a hybrid security certificate management system, comprising a first terminal device, a login center and a certificate center, wherein the first terminal device is connected to the login center for communication, and is used to generate a symmetric cryptographic key, a first elliptical cryptographic key pair, and a plurality of post-quantum cryptographic key pairs for encryption and decryption, wherein the first elliptical cryptographic key pair The symmetric cryptographic key, the elliptical cryptographic public key, the elliptical cryptographic private key, each post-quantum cryptographic key pair for encryption and decryption includes a post-quantum cryptographic public key for encryption and decryption and a post-quantum cryptographic private key for encryption and decryption, and the symmetric cryptographic key, the elliptical cryptographic public key, the post-quantum cryptographic public keys for encryption and decryption, and the certificate application information are transmitted to the registration center. The registration center is used to generate a cocoon public key, and transmit the cocoon public key, the post-quantum cryptographic public key for encryption and decryption, and the certificate application information to the certificate center. The certificate center is connected to the login center to generate a second elliptical curve cryptographic key pair based on a random number, and to generate a reconstructed value public key based on the cocoon public key. The certificate center generates a post-quantum cryptographic signature based on the signature stamp using a post-quantum cryptographic private key and the certificate application information, and generates a hybrid pseudonymous certificate. The hybrid pseudonymous certificate at least includes a reconstructed value public key, certificate application information, and a post-quantum cryptographic signature.

本發明的一種混合式安全憑證管理方法,適用於包括第一終端設備、登錄中心端以及憑證中心端的混合式安全憑證管理系統中,其中第一終端設備及憑證中心端分別與登錄中心端通訊連接,該方法包括第一終端設備產製對稱式密碼學金鑰、第一橢圓曲線密碼學金鑰對、複數個加解密用後量子密碼學金鑰對,其中第一橢圓曲線密碼學金鑰對包括橢圓曲線密碼學公鑰及橢圓曲線密碼學私鑰,每一加解密用後量子密碼學金鑰對包括加解密用後量子密碼學公鑰及加解密用後量子密碼學私鑰,並將對稱式密碼學金鑰、橢圓曲線密碼學公鑰、該些加解密用後量子密碼學公鑰以及憑證申請資訊傳送至登錄中心端;登錄中心端產製繭公鑰,並將繭公鑰、加解密用後量子密碼學公鑰、以及憑證申請資訊傳送至憑證中心端;以及憑證中心端依據隨機數產製第二橢圓曲線密碼學金鑰對,並依據繭公鑰產製重構值公鑰,憑證中心端依據簽驗章用後量子密碼學私鑰及憑證申請資訊產製後量子密碼學簽章,並且產製混合式假名憑證,混合式假名憑證至少包含重構值公鑰、憑證申請資訊、以及後量子密碼學簽章。A hybrid security certificate management method of the present invention is applicable to a hybrid security certificate management system including a first terminal device, a login center and a certificate center, wherein the first terminal device and the certificate center are respectively connected to the login center for communication. The method includes the first terminal device generating a symmetric cryptographic key, a first elliptical cryptographic key pair, and a plurality of post-quantum cryptographic key pairs for encryption and decryption, wherein the first elliptical cryptographic key pair includes an elliptical cryptographic public key and an elliptical cryptographic private key, and each post-quantum cryptographic key pair for encryption and decryption includes a post-quantum cryptographic public key for encryption and decryption and a post-quantum cryptographic private key for encryption and decryption, and the symmetric cryptographic key is generated by the first terminal device. The cryptographic key, the elliptical cryptographic public key, the post-quantum cryptographic public keys for encryption and decryption, and the certificate application information are transmitted to the registration center; the registration center generates the cocoon public key and transmits the cocoon public key, the post-quantum cryptographic public key for encryption and decryption, and the certificate application information to the certificate center; and the certificate center generates the first The certificate center generates a post-quantum cryptographic signature based on the post-quantum cryptographic private key and the certificate application information according to the signature stamp, and generates a hybrid pseudonymous certificate. The hybrid pseudonymous certificate at least includes the reconstructed public key, the certificate application information, and the post-quantum cryptographic signature.

基於上述,本發明提供一種混合式安全憑證管理系統及其方法,憑證中心端可改用後量子密碼學憑證避免被量子計算破解,終端設備端可以用橢圓曲線密碼學對安全協定資料單元簽章,取得封包長度較小的安全協定資料單元;並且,終端設備端可以取得基於後量子密碼學和橢圓曲線密碼學的混合式假名憑證保護其隱私。Based on the above, the present invention provides a hybrid security certificate management system and method thereof, wherein the certificate center can use post-quantum cryptography certificates to avoid being cracked by quantum computing, and the terminal device can use elliptical curve cryptography to sign the security protocol data unit to obtain a security protocol data unit with a smaller packet length; and the terminal device can obtain a hybrid pseudonymous certificate based on post-quantum cryptography and elliptical curve cryptography to protect its privacy.

為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above features and advantages of the present invention more clearly understood, embodiments are specifically cited below and described in detail with reference to the accompanying drawings.

本發明的部份實施例接下來將會配合附圖來詳細描述,以下的描述所引用的元件符號,當不同附圖出現相同的元件符號將視為相同或相似的元件。這些實施例只是本發明的一部份,並未揭示所有本發明的可實施方式。Some embodiments of the present invention will be described in detail below with reference to the accompanying drawings. When the same element symbols appear in different drawings, they will be regarded as the same or similar elements. These embodiments are only part of the present invention and do not disclose all possible implementations of the present invention.

圖3是依照本發明的一實施例的混合式蝴蝶金鑰擴展方法的方法流程圖。圖4是依照本發明的一實施例的混合式蝴蝶金鑰擴展方法的具體計算流程圖。Fig. 3 is a method flow chart of a hybrid butterfly key expansion method according to an embodiment of the present invention. Fig. 4 is a specific calculation flow chart of a hybrid butterfly key expansion method according to an embodiment of the present invention.

請參照圖3及圖4,本揭露的一種混合式安全憑證管理系統,包括複數個終端設備、登錄中心端102以及憑證中心端103。下文中,複數個終端設備以第一終端設備(即終端設備端1)及第二終端設備(即終端設備端2)為例進行說明。其中,終端設備端1、憑證中心端103分別與登錄中心端102通訊連接,終端設備端2與憑證中心端103通訊連接。Please refer to FIG. 3 and FIG. 4 , a hybrid security certificate management system disclosed herein includes a plurality of terminal devices, a login center 102, and a certificate center 103. Hereinafter, the plurality of terminal devices are described by taking a first terminal device (i.e., terminal device 1) and a second terminal device (i.e., terminal device 2) as examples. Among them, terminal device 1 and certificate center 103 are respectively connected to the login center 102 for communication, and terminal device 2 is connected to the certificate center 103 for communication.

於步驟S301中,終端設備端1產製對稱式密碼學金鑰、第一橢圓曲線密碼學金鑰對、以及複數個加解密用後量子密碼學金鑰對,其中第一橢圓曲線密碼學金鑰對包括一橢圓曲線密碼學公鑰及一橢圓曲線密碼學私鑰,每一加解密用後量子密碼學金鑰對包括加解密用後量子密碼學公鑰及加解密用後量子密碼學私鑰。具體而言,於步驟S301a中,終端設備端1產製AES金鑰 ,作為簽章使用,參數ck係對稱式金鑰。於步驟S301b中,終端設備端1產製ECC金鑰對 ,作為毛蟲金鑰對,簽章使用,參數a係毛蟲私鑰、參數A係毛蟲公鑰、參數G係橢圓曲線的基準點。於步驟S301c中,終端設備端1產製加解密用後量子密碼學私鑰集p ()和加解密用後量子密碼學公鑰集P ()、並且產製憑證申請資訊E。 In step S301, the terminal device 1 generates a symmetric cryptographic key, a first elliptical cryptographic key pair, and a plurality of post-quantum cryptographic key pairs for encryption and decryption, wherein the first elliptical cryptographic key pair includes an elliptical cryptographic public key and an elliptical cryptographic private key, and each post-quantum cryptographic key pair for encryption and decryption includes a post-quantum cryptographic public key for encryption and decryption and a post-quantum cryptographic private key for encryption and decryption. Specifically, in step S301a, the terminal device 1 generates an AES key , used as a signature, parameter ck is a symmetrical key. In step S301b, the terminal device 1 generates an ECC key pair , as the caterpillar key pair, used for signature, parameter a is the caterpillar private key, parameter A is the caterpillar public key, and parameter G is the reference point of the ellipse curve. In step S301c, the terminal device 1 generates a post-quantum cryptography private key set p () for encryption and decryption and a post-quantum cryptography public key set P () for encryption and decryption, and generates certificate application information E.

於步驟S302中,終端設備端1將對稱式密碼學金鑰 、毛蟲公鑰A、加密用後量子密碼學公鑰集P、以及憑證申請資訊E,即( , A, P, E)傳送至登錄中心端102。 In step S302, the terminal device 1 uses the symmetric cryptography key , caterpillar public key A, post-quantum cryptography public key set P for encryption, and certificate application information E, namely ( , A, P, E) is transmitted to the registration center terminal 102.

於步驟S303中,登錄中心端102產製繭公鑰,並將繭公鑰、加解密用後量子密碼學公鑰、以及憑證申請資訊E傳送至憑證中心端。In step S303, the login center 102 generates a cocoon public key, and transmits the cocoon public key, the post-quantum cryptography public key for encryption and decryption, and the certificate application information E to the certificate center.

具體來說,登錄中心端102根據毛蟲公鑰A和整數ι及 產製繭公鑰 ,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數、函數f1係基於AES加密演算法的擴展函數,可運用AES金鑰 加密參數ι值,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數,得到一整數密文,根據參數ι從加密用後量子密碼學公鑰集P取得加密用後量子密碼學公鑰 Specifically, the login center 102 uses the caterpillar public key A and the integer ι and Generate public key , the parameter ι is an incremental integer known to both the terminal device 1 and the login center 102, and the function f1 is an extended function based on the AES encryption algorithm, which can use the AES key The encryption parameter ι value, the parameter ι is an incremental integer known to both the terminal device 1 and the login center 102, and an integer ciphertext is obtained. The encryption post-quantum cryptography public key is obtained from the encryption post-quantum cryptography public key set P according to the parameter ι. .

於步驟S304中,登錄中心端102將產製的繭公鑰( , , E)傳送給憑證中心端103。 In step S304, the login center 102 generates the public key ( , , E) is transmitted to the certificate center terminal 103.

於步驟S305中,憑證中心端103根據繭公鑰產製蝴蝶公鑰,蝴蝶公鑰可以作為假名憑證的公鑰驗章使用,其中步驟S305主要包括步驟S305a、步驟S305b、步驟S305c及步驟S305d。In step S305, the certificate center 103 generates a butterfly public key based on the cocoon public key. The butterfly public key can be used as a public key verification seal for a pseudonymous certificate. Step S305 mainly includes step S305a, step S305b, step S305c and step S305d.

於步驟S305a中,憑證中心端103產製ECC金鑰對(即第二橢圓曲線密碼學金鑰對) ,參數r係私鑰、參數R係公鑰、參數G係橢圓曲線的基準點。 In step S305a, the certification center 103 generates an ECC key pair (i.e., a second elliptical curve cryptography key pair). , parameter r is the private key, parameter R is the public key, and parameter G is the base point of the ellipse curve.

於步驟S305b中,憑證中心端103產製重構值公鑰 In step S305b, the certification center 103 generates a reconstructed public key .

於步驟S305c中,憑證中心端103產製顯式憑證(即混合式安全憑證) 及PQC簽章S,顯式憑證 至少包含重構值公鑰 、憑證申請資訊E、以及後量子密學簽章S,PQC簽章S係由憑證中心端103運用後量子密碼學私鑰對顯式憑證 的簽章。 In step S305c, the certificate center 103 generates an explicit certificate (i.e., a hybrid security certificate). and PQC signature S, explicit certificate Contains at least the reconstructed value public key , certificate application information E, and post-quantum cryptographic signature S. The PQC signature S is generated by the certificate center 103 using the post-quantum cryptographic private key to generate an explicit certificate. Signature.

於步驟S305d中,憑證中心端103計算顯式憑證 的雜湊值 ,其中, 是雜湊函數,且產製重構值私鑰 ,其中,參數n係橢圓曲線的階,並且將加密用後量子密碼學公鑰 作為公鑰以後量子密碼學加密演算法對重構值私鑰d加密,該d的密文係 In step S305d, the certificate center 103 calculates the explicit certificate Hash value of ,in, Is a hash function that generates a reconstructed value private key , where the parameter n is the order of the elliptical curve, and the encryption is done using a post-quantum cryptography public key As the public key, the quantum cryptography encryption algorithm is used to encrypt the reconstructed private key d. The ciphertext of d is .

於步驟S306中,憑證中心端103傳送密文d’和顯式憑證 至登錄中心端102。 In step S306, the certificate center 103 transmits the ciphertext d' and the explicit certificate Go to the login center terminal 102.

於步驟S307中,登錄中心端102傳送密文d’和顯式憑證 至終端設備端1。 In step S307, the login center 102 sends the ciphertext d' and the explicit certificate To the terminal device 1.

於步驟S308中,終端設備端1根據ι值產製繭私鑰 ,函數f1係基於AES加密演算法的擴展函數與上述第0046段所提之函數f1相同,可運用AES金鑰ck加密參數ι值,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數,得到一整數密文、參數n係橢圓曲線的階,並且根據參數ι取得後量子密碼學私鑰 In step S308, the terminal device 1 generates a private key according to the value , function f1 is an extended function based on the AES encryption algorithm and is the same as the function f1 mentioned in paragraph 0046 above. The AES key ck can be used to encrypt the parameter ι value. The parameter ι is an incremental integer known to the terminal device 1 and the login center 102. An integer ciphertext is obtained. The parameter n is the order of the elliptical curve. The post-quantum cryptography private key is obtained according to the parameter ι. .

步驟S309主要包括步驟S309a、步驟S309b及步驟S309c。於步驟S309a中,終端設備端1根據後量子密碼學私鑰 解密取得明文d。 Step S309 mainly includes step S309a, step S309b and step S309c. In step S309a, the terminal device 1 uses the post-quantum cryptography private key Decrypt and obtain the plaintext d.

於步驟S309b中,終端設備端1計算顯式憑證 的雜湊值 ,其中, 是雜湊函數。 In step S309b, the terminal device 1 calculates the explicit certificate Hash value of ,in, is the hash function.

於步驟S309c中,終端設備端1運用雜湊值h、繭私鑰 、d值產製蝴蝶私鑰 ,蝴蝶私鑰k可作為假名憑證的私鑰簽章使用,參數n係橢圓曲線的階。 In step S309c, the terminal device 1 uses the hash value h and the private key , d value to generate butterfly private key , the butterfly private key k can be used as the private key signature of the pseudonymous certificate, and the parameter n is the order of the ellipse curve.

於步驟S310中,終端設備端2可以從憑證中心端103取得終端設備端1的顯式憑證 In step S310, terminal device 2 can obtain the explicit certificate of terminal device 1 from the certificate center 103. .

於步驟S311中,終端設備端2可以利用憑證中心端103的後量子密碼學公鑰對顯式憑證 裡的後量子密碼學簽章S進行驗章,計算顯式憑證 的雜湊值 ,其中, 是雜湊函數,並且產製蝴蝶公鑰 ,其中,參數J係從顯式憑證 中取得。 In step S311, the terminal device 2 can use the post-quantum cryptography public key of the certificate center 103 to authenticate the explicit certificate. The post-quantum cryptographic signature S in the calculation is verified and the explicit certificate is calculated. Hash value of ,in, is a hashing function and generates a butterfly public key , where parameter J is derived from the explicit certificate Obtained in.

在一實施例中,終端設備端1可依據蝴蝶私鑰k對安全協定資料單元(Secure Protocol Data Unit, SPDU)進行簽章,並在SPDU放置橢圓曲線密碼學簽章及混合式假名憑證 。終端設備端2可運用憑證中心端13取得後量子密碼學公鑰,驗證混合式假名憑證 中的PQC簽章S,並且,終端設備端2可運用混合式假名憑證 裡的參數J和混合式假名憑證 的雜湊值 產製蝴蝶公鑰 ,驗證SPDU中的橢圓曲線密碼學簽章。 In one embodiment, the terminal device 1 can sign the Secure Protocol Data Unit (SPDU) according to the butterfly private key k, and place the elliptical curve cryptographic signature and the hybrid pseudonym certificate in the SPDU. The terminal device 2 can use the certificate center 13 to obtain the post-quantum cryptography public key and verify the hybrid pseudonymous certificate. The PQC signature S in the terminal device 2 can use the hybrid pseudonym certificate The parameter J and the mixed pseudonym certificate Hash value of Generate Butterfly Public Key , verify the elliptical curve cryptographic signature in the SPDU.

如此,終端設備端可以用橢圓曲線密碼學對安全協定資料單元簽章,以取得封包長度較小的安全協定資料單元;並且,終端設備端可以取得基於後量子密碼學和橢圓曲線密碼學的混合式假名憑證保護其隱私。In this way, the terminal device can use elliptical curve cryptography to sign the security protocol data unit to obtain a security protocol data unit with a smaller packet length; and the terminal device can obtain a hybrid pseudonymous certificate based on post-quantum cryptography and elliptical curve cryptography to protect its privacy.

圖5為依照本發明的一第一實施例的混合式蝴蝶金鑰擴展方法的具體計算流程圖。FIG5 is a specific calculation flow chart of a hybrid butterfly key expansion method according to a first embodiment of the present invention.

請參照圖5,於第一實施例中,以簽驗章用後量子密碼學公鑰係Falcon公鑰、簽驗章用後量子密碼學私鑰係Falcon私鑰為例進行說明。Please refer to FIG. 5 . In the first embodiment, the post-quantum cryptography public key for the signature stamp is the Falcon public key, and the post-quantum cryptography private key for the signature stamp is the Falcon private key.

於步驟S501中,終端設備端1產製對稱式密碼學金鑰、第一橢圓曲線密碼學金鑰對(私鑰a和公鑰A)、以及複數個加解密用後量子密碼學金鑰對,其中每一加解密用後量子密碼學金鑰對包括加解密用後量子密碼學公鑰及加解密用後量子密碼學私鑰。In step S501, the terminal device 1 generates a symmetric cryptographic key, a first elliptical cryptographic key pair (private key a and public key A), and a plurality of post-quantum cryptographic key pairs for encryption and decryption, wherein each post-quantum cryptographic key pair for encryption and decryption includes a post-quantum cryptographic public key for encryption and decryption and a post-quantum cryptographic private key for encryption and decryption.

具體而言,終端設備端1產製AES金鑰 ,作為簽章使用,該參數ck係對稱式金鑰。終端設備端1產製ECC金鑰對 ,作為毛蟲金鑰對,簽章使用,參數a係毛蟲私鑰、參數A係毛蟲公鑰、參數G係橢圓曲線的基準點。終端設備端1產製加解密用後量子密碼學私鑰集p ()和加解密用後量子密碼學公鑰集P (),其中加解密用後量子密碼學私鑰集p係Kyber演算法私鑰集,加解密用後量子密碼學公鑰集P係Kyber演算法公鑰集,並且終端設備端1產製憑證申請資訊E。 Specifically, the terminal device 1 generates an AES key , used as a signature, the parameter ck is a symmetrical key. The terminal device 1 generates an ECC key pair , as the caterpillar key pair, used for signature, parameter a is the caterpillar private key, parameter A is the caterpillar public key, and parameter G is the reference point of the ellipse curve. The terminal device 1 generates a post-quantum cryptography private key set p () for encryption and decryption and a post-quantum cryptography public key set P () for encryption and decryption, where the post-quantum cryptography private key set p for encryption and decryption is the Kyber algorithm private key set, and the post-quantum cryptography public key set P for encryption and decryption is the Kyber algorithm public key set, and the terminal device 1 generates the certificate application information E.

於步驟S502中,終端設備端1將對稱式密碼學金鑰 、毛蟲公鑰A、加密用後量子密碼學公鑰集P、以及憑證申請資訊E,即( , A, P, E)傳送至登錄中心端102。 In step S502, the terminal device 1 uses the symmetric cryptography key , caterpillar public key A, post-quantum cryptography public key set P for encryption, and certificate application information E, namely ( , A, P, E) is transmitted to the registration center terminal 102.

於步驟S503中,登錄中心端102產製繭公鑰,並將繭公鑰、加解密用後量子密碼學公鑰、以及憑證申請資訊E傳送至憑證中心端。In step S503, the login center 102 generates a cocoon public key, and transmits the cocoon public key, the post-quantum cryptography public key for encryption and decryption, and the certificate application information E to the certificate center.

具體來說,登錄中心端102根據毛蟲公鑰A和整數ι及 產製繭公鑰 ,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數、函數f1係基於AES加密演算法的擴展函數,可運用AES金鑰 加密參數ι值,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數,得到一整數密文,根據參數ι從加密用後量子密碼學公鑰集P取得加密用後量子密碼學公鑰 Specifically, the login center 102 uses the caterpillar public key A and the integer ι and Generate public key , the parameter ι is an incremental integer known to both the terminal device 1 and the login center 102, and the function f1 is an extended function based on the AES encryption algorithm, which can use the AES key The encryption parameter ι value, the parameter ι is an incremental integer known to both the terminal device 1 and the login center 102, and an integer ciphertext is obtained. The encryption post-quantum cryptography public key is obtained from the encryption post-quantum cryptography public key set P according to the parameter ι. .

於步驟S504中,登錄中心端102將產製的繭公鑰( , , E)傳送給憑證中心端103。 In step S504, the login center 102 generates the public key ( , , E) is transmitted to the certificate center terminal 103.

於步驟S505中,憑證中心端103根據繭公鑰產製蝴蝶公鑰,蝴蝶公鑰可以作為假名憑證的公鑰驗章使用,其中憑證中心端103產製ECC金鑰對 ,參數r係私鑰、參數R係公鑰、參數G係橢圓曲線的基準點,憑證中心端103產製重構值公鑰 ,並且產製顯式憑證(即混合式安全憑證) 及PQC簽章S,顯式憑證 至少包含重構值公鑰 、憑證申請資訊E、以及後量子密學簽章S,PQC簽章S係Falcon演算法簽章S,係由憑證中心端103運用Falcon演算法私鑰對顯式憑證 的簽章。 In step S505, the certificate center 103 generates a butterfly public key based on the cocoon public key. The butterfly public key can be used as a public key verification seal for a pseudonymous certificate. , parameter r is the private key, parameter R is the public key, parameter G is the reference point of the ellipse curve, the certificate center 103 generates the reconstructed value public key , and generate an explicit certificate (i.e. a hybrid security certificate) and PQC signature S, explicit certificate Contains at least the reconstructed value public key , certificate application information E, and post-quantum cryptography signature S. The PQC signature S is a Falcon algorithm signature S, which is generated by the certificate center 103 using the Falcon algorithm private key to generate an explicit certificate. Signature.

憑證中心端103計算顯式憑證 的雜湊值 ,其中, 是雜湊函數,且產製重構值私鑰 ,其中,該參數n係橢圓曲線的階,並且將加密用後量子密碼學公鑰 作為公鑰以Kyber加密演算法對重構值私鑰d加密,該d的密文係 Certificate center 103 calculates explicit certificate Hash value of ,in, Is a hash function that generates a reconstructed value private key , where the parameter n is the order of the ellipse, and the encryption is done using a post-quantum cryptography public key The reconstructed private key d is encrypted using the Kyber encryption algorithm as the public key. The ciphertext of d is .

於步驟S506中,憑證中心端103傳送密文d’和顯式憑證 至登錄中心端102。 In step S506, the certificate center 103 transmits the ciphertext d' and the explicit certificate Go to the login center terminal 102.

於步驟S507中,登錄中心端102傳送密文d’和顯式憑證 至終端設備端1。 In step S507, the login center 102 sends the ciphertext d' and the explicit certificate To the terminal device 1.

於步驟S508中,終端設備端1根據ι值產製繭私鑰 ,函數f1係基於AES加密演算法的擴展函數與上述第0046段所提之函數f1相同,可運用AES金鑰ck加密參數ι值,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數,得到一整數密文、參數n係橢圓曲線的階,並且根據參數ι取得後量子密碼學私鑰 ,後量子密碼學私鑰 係Kyber演算法私鑰 In step S508, the terminal device 1 generates a private key according to the value , function f1 is an extended function based on the AES encryption algorithm and is the same as the function f1 mentioned in paragraph 0046 above. The AES key ck can be used to encrypt the parameter ι value. The parameter ι is an incremental integer known to the terminal device 1 and the login center 102 to obtain an integer ciphertext. The parameter n is the order of the elliptical curve, and the post-quantum cryptography private key is obtained according to the parameter ι. , private key for post-quantum cryptography Kyber algorithm private key .

於步驟S509中,終端設備端1根據後量子密碼學私鑰 解密取得明文d,計算顯式憑證 的雜湊值 ,其中, 是雜湊函數,終端設備端1運用雜湊值h、繭私鑰 、d值產製蝴蝶私鑰 ,蝴蝶私鑰可作為假名憑證的私鑰簽章使用,參數n係橢圓曲線的階。 In step S509, the terminal device 1 uses the post-quantum cryptography private key Decrypt to obtain plaintext d and calculate the explicit certificate Hash value of ,in, is a hash function. The terminal device 1 uses the hash value h and the private key , d value to generate butterfly private key , the butterfly private key can be used as the private key signature of the pseudonymous certificate, and the parameter n is the order of the ellipse curve.

於步驟S510中,終端設備端2可以從憑證中心端103取得終端設備端1的顯式憑證 In step S510, terminal device 2 can obtain the explicit certificate of terminal device 1 from the certificate center 103. .

於步驟S511中,終端設備端2可以利用憑證中心端103的後量子密碼學公鑰對顯式憑證 裡的後量子密碼學簽章S進行驗章,後量子密碼學公鑰 係Falcon演算法公鑰,計算顯式憑證 的雜湊值 ,其中, 是雜湊函數,並且產製蝴蝶公鑰 ,其中,參數J係從顯式憑證 中取得。 In step S511, the terminal device 2 can use the post-quantum cryptography public key of the certificate center 103 to authenticate the explicit certificate. The post-quantum cryptographic signature S in the post-quantum cryptographic public key is used to verify the signature. It is the public key of the Falcon algorithm, used to calculate the explicit certificate. Hash value of ,in, is a hashing function and generates a butterfly public key , where parameter J is derived from the explicit certificate Obtained in.

在第一實施例中,終端設備端1可依據蝴蝶私鑰k對安全協定資料單元(Secure Protocol Data Unit, SPDU)進行簽章,並在SPDU放置橢圓曲線密碼學簽章及混合式假名憑證 。終端設備端2可運用憑證中心端13取得後量子密碼學公鑰,驗證混合式假名憑證 中的Falcon簽章S,並且,終端設備端2可運用混合式假名憑證 裡的參數J和混合式假名憑證 的雜湊值 產製蝴蝶公鑰 ,驗證SPDU中的橢圓曲線密碼學簽章。 In the first embodiment, the terminal device 1 can sign the Secure Protocol Data Unit (SPDU) according to the butterfly private key k, and place the elliptical curve cryptographic signature and the hybrid pseudonym certificate in the SPDU. The terminal device 2 can use the certificate center 13 to obtain the post-quantum cryptography public key and verify the hybrid pseudonymous certificate. The Falcon signature S in the terminal device 2 can use the hybrid pseudonymous certificate The parameter J and the mixed pseudonym certificate Hash value of Generate Butterfly Public Key , verify the elliptical curve cryptographic signature in the SPDU.

如此,終端設備端可以用橢圓曲線密碼學對安全協定資料單元簽章,以取得封包長度較小的安全協定資料單元;並且,終端設備端可以取得基於後量子密碼學和橢圓曲線密碼學的混合式假名憑證保護其隱私。In this way, the terminal device can use elliptical curve cryptography to sign the security protocol data unit to obtain a security protocol data unit with a smaller packet length; and the terminal device can obtain a hybrid pseudonymous certificate based on post-quantum cryptography and elliptical curve cryptography to protect its privacy.

圖6為依照本發明的一第二實施例的混合式蝴蝶金鑰擴展方法的具體計算流程圖。FIG6 is a specific calculation flow chart of a hybrid butterfly key expansion method according to a second embodiment of the present invention.

請參照圖6,於第二實施例中,以簽驗章用後量子密碼學公鑰係Dilithium公鑰、簽驗章用後量子密碼學私鑰係Dilithium私鑰為例進行說明。Please refer to FIG. 6 . In the second embodiment, the post-quantum cryptography public key for the signature stamp is a Dilithium public key, and the post-quantum cryptography private key for the signature stamp is a Dilithium private key.

於步驟S601中,終端設備端1產製對稱式密碼學金鑰、第一橢圓曲線密碼學金鑰對(私鑰a和公鑰A)、以及複數個加解密用後量子密碼學金鑰對,其中每一加解密用後量子密碼學金鑰對包括加解密用後量子密碼學公鑰及加解密用後量子密碼學私鑰。In step S601, the terminal device 1 generates a symmetric cryptographic key, a first elliptical cryptographic key pair (private key a and public key A), and a plurality of post-quantum cryptographic key pairs for encryption and decryption, wherein each post-quantum cryptographic key pair for encryption and decryption includes a post-quantum cryptographic public key for encryption and decryption and a post-quantum cryptographic private key for encryption and decryption.

具體而言,終端設備端1產製AES金鑰 ,作為簽章使用,參數ck係對稱式金鑰。終端設備端1產製ECC金鑰對 ,作為毛蟲金鑰對,簽章使用,參數a係毛蟲私鑰、參數A係毛蟲公鑰、參數G係橢圓曲線的基準點。終端設備端1產製加解密用後量子密碼學私鑰集p ()和加解密用後量子密碼學公鑰集P (),其中加解密用後量子密碼學私鑰集p係Kyber演算法私鑰集,加解密用後量子密碼學公鑰集P係Kyber演算法公鑰集,並且終端設備端1產製憑證申請資訊E。 Specifically, the terminal device 1 generates an AES key , used as a signature, parameter ck is a symmetrical key. The terminal device 1 generates an ECC key pair , as the caterpillar key pair, used for signature, parameter a is the caterpillar private key, parameter A is the caterpillar public key, and parameter G is the reference point of the ellipse curve. The terminal device 1 generates a post-quantum cryptography private key set p () for encryption and decryption and a post-quantum cryptography public key set P () for encryption and decryption, where the post-quantum cryptography private key set p for encryption and decryption is the Kyber algorithm private key set, and the post-quantum cryptography public key set P for encryption and decryption is the Kyber algorithm public key set, and the terminal device 1 generates the certificate application information E.

於步驟S602中,終端設備端1將對稱式密碼學金鑰 、毛蟲公鑰A、加密用後量子密碼學公鑰集P、以及憑證申請資訊E,即( , A, P, E)傳送至登錄中心端102。 In step S602, the terminal device 1 uses the symmetric cryptography key , caterpillar public key A, post-quantum cryptography public key set P for encryption, and certificate application information E, namely ( , A, P, E) is transmitted to the registration center terminal 102.

於步驟S603中,登錄中心端102產製繭公鑰,並將繭公鑰、加解密用後量子密碼學公鑰、以及憑證申請資訊E傳送至憑證中心端。In step S603, the login center 102 generates a cocoon public key, and transmits the cocoon public key, the post-quantum cryptography public key for encryption and decryption, and the certificate application information E to the certificate center.

具體來說,登錄中心端102根據毛蟲公鑰A和整數ι及 產製繭公鑰 ,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數、函數f1係基於AES加密演算法的擴展函數,可運用AES金鑰 加密參數ι值,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數,得到一整數密文,根據參數ι從加密用後量子密碼學公鑰集P取得加密用後量子密碼學公鑰 Specifically, the login center 102 uses the caterpillar public key A and the integer ι and Generate public key , the parameter ι is an incremental integer known to both the terminal device 1 and the login center 102, and the function f1 is an extended function based on the AES encryption algorithm, which can use the AES key The encryption parameter ι value, the parameter ι is an incremental integer known to both the terminal device 1 and the login center 102, and an integer ciphertext is obtained. The encryption post-quantum cryptography public key is obtained from the encryption post-quantum cryptography public key set P according to the parameter ι. .

於步驟S604中,登錄中心端102將產製的繭公鑰( , , E)傳送給憑證中心端103。 In step S604, the login center 102 generates the public key ( , , E) is transmitted to the certificate center terminal 103.

於步驟S605中,憑證中心端103根據繭公鑰產製蝴蝶公鑰,蝴蝶公鑰可以作為假名憑證的公鑰驗章使用,其中憑證中心端103產製ECC金鑰對 ,參數r係私鑰、參數R係公鑰、參數G係橢圓曲線的基準點,憑證中心端103產製重構值公鑰 ,並且產製顯式憑證(即混合式安全憑證) 及PQC簽章S,顯式憑證 至少包含重構值公鑰 、憑證申請資訊E、以及PQC簽章S,PQC簽章S係Dilithium演算法簽章S,係由憑證中心端103運用Dilithium演算法私鑰對顯式憑證 的簽章。 In step S605, the certificate center 103 generates a butterfly public key based on the cocoon public key. The butterfly public key can be used as a public key verification seal for a pseudonymous certificate. , parameter r is the private key, parameter R is the public key, parameter G is the reference point of the ellipse curve, the certificate center 103 generates the reconstructed value public key , and generate an explicit certificate (i.e. a hybrid security certificate) and PQC signature S, explicit certificate Contains at least the reconstructed value public key , certificate application information E, and PQC signature S. PQC signature S is a Dilithium algorithm signature S, which is generated by the certificate center 103 using the Dilithium algorithm private key to validate the explicit certificate. Signature.

憑證中心端103計算顯式憑證 的雜湊值 ,其中, 是雜湊函數,且產製重構值私鑰 ,其中,該參數n係橢圓曲線的階,並且將加密用後量子密碼學公鑰 作為公鑰以Kyber加密演算法對重構值私鑰d加密,該d的密文係 Certificate center 103 calculates explicit certificate Hash value of ,in, Is a hash function that generates a reconstructed value private key , where the parameter n is the order of the ellipse, and the encryption is done using a post-quantum cryptography public key The reconstructed private key d is encrypted using the Kyber encryption algorithm as the public key. The ciphertext of d is .

於步驟S606中,憑證中心端103傳送密文d’和顯式憑證 至登錄中心端102。 In step S606, the certificate center 103 transmits the ciphertext d' and the explicit certificate Go to the login center terminal 102.

於步驟S607中,登錄中心端102傳送密文d’和顯式憑證 至終端設備端1。 In step S607, the login center 102 sends the ciphertext d' and the explicit certificate To the terminal device 1.

於步驟S608中,終端設備端1根據ι值產製繭私鑰 ,函數f1係基於AES加密演算法的擴展函數與上述第0046段所提之函數f1相同,可運用AES金鑰ck加密參數ι值,參數ι係終端設備端1與登錄中心端102共同知悉的增量整數,得到一整數密文、參數n係橢圓曲線的階,並且根據參數ι取得後量子密碼學私鑰 ,後量子密碼學私鑰 係Kyber演算法私鑰 In step S608, the terminal device 1 generates a private key according to the value , function f1 is an extended function based on the AES encryption algorithm and is the same as the function f1 mentioned in paragraph 0046 above. The AES key ck can be used to encrypt the parameter ι value. The parameter ι is an incremental integer known to the terminal device 1 and the login center 102. An integer ciphertext is obtained. The parameter n is the order of the elliptical curve. The post-quantum cryptography private key is obtained according to the parameter ι. , private key for post-quantum cryptography Kyber algorithm private key .

於步驟S609中,終端設備端1根據後量子密碼學私鑰 解密取得明文d,計算顯式憑證 的雜湊值 ,其中, 是雜湊函數,終端設備端1運用雜湊值h、繭私鑰 、d值產製蝴蝶私鑰 ,蝴蝶私鑰可作為假名憑證的私鑰簽章使用,參數n係橢圓曲線的階。 In step S609, the terminal device 1 uses the post-quantum cryptography private key Decrypt to obtain plaintext d and calculate the explicit certificate Hash value of ,in, is a hash function. The terminal device 1 uses the hash value h and the private key , d value to generate butterfly private key , the butterfly private key can be used as the private key signature of the pseudonymous certificate, and the parameter n is the order of the ellipse curve.

於步驟S610中,終端設備端2可以從憑證中心端103取得終端設備端1的顯式憑證 In step S610, terminal device 2 can obtain the explicit certificate of terminal device 1 from the certificate center 103. .

於步驟S611中,終端設備端2可以利用憑證中心端103的後量子密碼學公鑰對顯式憑證 裡的後量子密碼學簽章S進行驗章,後量子密碼學公鑰 係Dilithium演算法公鑰,計算顯式憑證 的雜湊值 ,其中, 是雜湊函數,並且產製蝴蝶公鑰 ,其中,參數J係從顯式憑證 中取得。 In step S611, the terminal device 2 can use the post-quantum cryptography public key of the certificate center 103 to authenticate the explicit certificate. The post-quantum cryptographic signature S is verified, and the post-quantum cryptographic public key Dilithium algorithm public key, calculate explicit certificate Hash value of ,in, is a hashing function and generates a butterfly public key , where parameter J is derived from the explicit certificate Obtained in.

在一第二實施例中,終端設備端1可依據蝴蝶私鑰k對安全協定資料單元(Secure Protocol Data Unit, SPDU)進行簽章,並在SPDU放置橢圓曲線密碼學簽章及混合式假名憑證 。終端設備端2可運用憑證中心端13取得後量子密碼學公鑰,驗證混合式假名憑證 中的Dilithium簽章S,並且,終端設備端2可運用混合式假名憑證 裡的參數J和混合式假名憑證 的雜湊值 產製蝴蝶公鑰 ,驗證SPDU中的橢圓曲線密碼學簽章。 In a second embodiment, the terminal device 1 can sign the Secure Protocol Data Unit (SPDU) according to the butterfly private key k, and place the elliptical curve cryptographic signature and the hybrid pseudonym certificate in the SPDU. The terminal device 2 can use the certificate center 13 to obtain the post-quantum cryptography public key and verify the hybrid pseudonymous certificate. The Dilithium signature S in the terminal device 2 can use the hybrid pseudonymous certificate The parameter J and the mixed pseudonym certificate Hash value of Generate Butterfly Public Key , verify the elliptical curve cryptographic signature in the SPDU.

如此,終端設備端可以用橢圓曲線密碼學對安全協定資料單元簽章,以取得封包長度較小的安全協定資料單元;並且,終端設備端可以取得基於後量子密碼學和橢圓曲線密碼學的混合式假名憑證保護其隱私。In this way, the terminal device can use elliptical curve cryptography to sign the security protocol data unit to obtain a security protocol data unit with a smaller packet length; and the terminal device can obtain a hybrid pseudonymous certificate based on post-quantum cryptography and elliptical curve cryptography to protect its privacy.

基於上述,本發明提供一種混合式安全憑證管理系統及其方法,憑證中心端可改用後量子密碼學憑證避免被量子計算破解,終端設備端可以用橢圓曲線密碼學對安全協定資料單元簽章,取得封包長度較小的安全協定資料單元;並且,終端設備端可以取得基於後量子密碼學和橢圓曲線密碼學的混合式假名憑證保護其隱私。Based on the above, the present invention provides a hybrid security certificate management system and method thereof, wherein the certificate center can use post-quantum cryptography certificates to avoid being cracked by quantum computing, and the terminal device can use elliptical curve cryptography to sign the security protocol data unit to obtain a security protocol data unit with a smaller packet length; and the terminal device can obtain a hybrid pseudonymous certificate based on post-quantum cryptography and elliptical curve cryptography to protect its privacy.

雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed as above by the embodiments, they are not intended to limit the present invention. Any person with ordinary knowledge in the relevant technical field can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention shall be defined by the scope of the attached patent application.

1、2:終端設備端 102:登錄中心端 103:憑證中心端 S101、1a、1b、1c、1d、S102、S103、3a、3b、S104、S105、5a、5b、5c、5d、5e、S106、S107、S108、8a、8b、S109、9a、9b、9c、S110、S111、S301、S301a、S301b、S301c、S302、S303、S304、S305、S305a、S305b、S305c、S305d、S306、S307、S308、S309、S309a、S309b、S309c、S310、S311、S501、S502、S503、S504、S505、S506、S507、S508、S509、S510、S511、S601、S602、S603、S604、S605、S606、S607、S608、S609、S610、S611:步驟1, 2: Terminal device 102: Login center 103: Certificate center S101, 1a, 1b, 1c, 1d, S102, S103, 3a, 3b, S104, S105, 5a, 5b, 5c, 5d, 5e, S106, S107, S108, 8a, 8b, S109, 9a, 9b, 9c, S110, S111, S301, S301a, S301b, S301c, S302, S303, S304, S305, S305a, S305b, S305c, S 305d, S306, S307, S308, S309, S309a, S309b, S309c, S310, S311, S501, S502, S503, S504, S505, S506, S507, S508, S509, S510, S511, S601, S602, S603, S604, S605, S606, S607, S608, S609, S610, S611: Step

圖1係習知的IEEE 1609.2.1之蝴蝶金鑰擴展方法的方法流程圖。 圖2係習知的IEEE 1609.2.1之蝴蝶金鑰擴展方法的具體計算流程圖。 圖3是依照本發明的一實施例的混合式蝴蝶金鑰擴展方法的方法流程圖。 圖4是依照本發明的一實施例的混合式蝴蝶金鑰擴展方法的具體計算流程圖。 圖5為依照本發明的一第一實施例的混合式蝴蝶金鑰擴展方法的具體計算流程圖。 圖6為依照本發明的一第二實施例的混合式蝴蝶金鑰擴展方法的具體計算流程圖。 FIG1 is a method flow chart of the known IEEE 1609.2.1 butterfly key expansion method. FIG2 is a specific calculation flow chart of the known IEEE 1609.2.1 butterfly key expansion method. FIG3 is a method flow chart of a hybrid butterfly key expansion method according to an embodiment of the present invention. FIG4 is a specific calculation flow chart of a hybrid butterfly key expansion method according to an embodiment of the present invention. FIG5 is a specific calculation flow chart of a hybrid butterfly key expansion method according to a first embodiment of the present invention. FIG6 is a specific calculation flow chart of a hybrid butterfly key expansion method according to a second embodiment of the present invention.

1:終端設備端 1: Terminal device

102:登錄中心端 102: Login center

103:憑證中心端 103: Certificate center

S301、S301a、S301b、S301c、S302、S303、S304、S305、S305a、S305b、S305c、S305d、S306、S307、S308、S309、S309a、S309b、S309c:步驟 S301, S301a, S301b, S301c, S302, S303, S304, S305, S305a, S305b, S305c, S305d, S306, S307, S308, S309, S309a, S309b, S309c: Steps

Claims (16)

一種混合式安全憑證管理系統,包括一第一終端設備、一登錄中心端以及一憑證中心端,其中, 該第一終端設備與該登錄中心端通訊連接,用以產製一對稱式密碼學金鑰、一第一橢圓曲線密碼學金鑰對、複數個加解密用後量子密碼學金鑰對,其中該第一橢圓曲線密碼學金鑰對包括一橢圓曲線密碼學公鑰及一橢圓曲線密碼學私鑰,每一該些加解密用後量子密碼學金鑰對包括一加解密用後量子密碼學公鑰及一加解密用後量子密碼學私鑰,並將該對稱式密碼學金鑰、該橢圓曲線密碼學公鑰、該些加解密用後量子密碼學公鑰以及一憑證申請資訊傳送至該登錄中心端, 該登錄中心端用以產製一繭公鑰,並將該繭公鑰、該加解密用後量子密碼學公鑰、以及該憑證申請資訊傳送至該憑證中心端,以及 該憑證中心端與該登錄中心端通訊連接,用以依據一隨機數產製一第二橢圓曲線密碼學金鑰對,並依據該繭公鑰產製一重構值公鑰,該憑證中心端依據一簽驗章用後量子密碼學私鑰及該憑證申請資訊產製一後量子密碼學簽章,並且產製一混合式假名憑證,該混合式假名憑證至少包含該重構值公鑰、該憑證申請資訊、以及該後量子密碼學簽章。 A hybrid security certificate management system includes a first terminal device, a login center and a certificate center, wherein, The first terminal device is connected to the login center for communication, and is used to generate a symmetric cryptographic key, a first elliptical cryptographic key pair, and a plurality of post-quantum cryptographic key pairs for encryption and decryption, wherein the first elliptical cryptographic key pair includes an elliptical cryptographic public key and an elliptical cryptographic private key, and each of the post-quantum cryptographic key pairs for encryption and decryption includes a post-quantum cryptographic public key for encryption and decryption and a post-quantum cryptographic private key for encryption and decryption, and transmit the symmetric cryptographic key, the elliptical cryptographic public key, the post-quantum cryptographic public keys for encryption and decryption, and a certificate application information to the login center, The registration center is used to generate a cobweb public key, and transmit the cobweb public key, the post-quantum cryptography public key for encryption and decryption, and the certificate application information to the certificate center, and the certificate center is connected to the registration center for communication, and is used to generate a second elliptical curve cryptography key pair according to a random number, and generate a reconstructed value public key according to the cobweb public key. The certificate center generates a post-quantum cryptography signature according to a signature stamp post-quantum cryptography private key and the certificate application information, and generates a hybrid pseudonym certificate, which at least includes the reconstructed value public key, the certificate application information, and the post-quantum cryptography signature. 如請求項1所述的混合式安全憑證管理系統,其中該憑證中心端更用以依據該混合式假名憑證及該隨機數產製一重構值私鑰,並且依據該加解密用後量子密碼學公鑰加密該重構值私鑰,並且傳送經加密後的該重構值私鑰及該混合式假名憑證至該登錄中心端,並且經由該登錄中心端將經加密後的該重構值私鑰及該混合式假名憑證傳送至該第一終端設備。A hybrid security certificate management system as described in claim 1, wherein the certificate center is further used to generate a reconstructed value private key based on the hybrid pseudonymous certificate and the random number, and encrypt the reconstructed value private key using a post-quantum cryptography public key based on the encryption and decryption, and transmit the encrypted reconstructed value private key and the hybrid pseudonymous certificate to the login center, and transmit the encrypted reconstructed value private key and the hybrid pseudonymous certificate to the first terminal device via the login center. 如請求項2所述的混合式安全憑證管理系統,其中該第一終端設備更用以產製一繭私鑰,依據該加解密用後量子密碼學私鑰解密經加密後的該重構值私鑰,以獲取該重構值私鑰的明文,並且該第一終端設備依據該混合式假名憑證、該繭私鑰、該重構值私鑰產製蝴蝶私鑰。A hybrid security certificate management system as described in claim 2, wherein the first terminal device is further used to generate a cocoon private key, and decrypts the encrypted reconstructed value private key using the post-quantum cryptography private key to obtain the plaintext of the reconstructed value private key, and the first terminal device generates a butterfly private key based on the hybrid pseudonymous certificate, the cocoon private key, and the reconstructed value private key. 如請求項3所述的混合式安全憑證管理系統,其中該第一終端設備更用以依據該蝴蝶私鑰及一安全協定資料單元(Secure Protocol Data Unit, SPDU)中的資料產製一橢圓曲線密碼學簽章,其中該安全協定資料單元包含該混合式假名憑證以及該橢圓曲線密碼學簽章。A hybrid security certificate management system as described in claim 3, wherein the first terminal device is further used to generate an elliptical curve cryptographic signature based on the butterfly private key and data in a secure protocol data unit (SPDU), wherein the secure protocol data unit includes the hybrid pseudonymous certificate and the elliptical curve cryptographic signature. 如請求項4所述的混合式安全憑證管理系統,其中該混合式安全憑證管理系統更包括第二終端設備,該第二終端設備藉由該憑證中心端取得該混合式假名憑證,用以依據該憑證中心端的一簽驗章用後量子密碼學公鑰驗證該混合式假名憑證中的該後量子密碼學簽章,並且依據該混合式假名憑證及該重構值公鑰產製一蝴蝶公鑰。A hybrid security certificate management system as described in claim 4, wherein the hybrid security certificate management system further includes a second terminal device, which obtains the hybrid pseudonymous certificate through the certificate center, verifies the post-quantum cryptography signature in the hybrid pseudonymous certificate with a post-quantum cryptography public key based on a signature stamp of the certificate center, and generates a butterfly public key based on the hybrid pseudonymous certificate and the reconstructed value public key. 如請求項5所述的混合式安全憑證管理系統,其中該第二終端設備更用以依據該蝴蝶公鑰,驗證該SPDU中的該橢圓曲線密碼學簽章。A hybrid security certificate management system as described in claim 5, wherein the second terminal device is further used to verify the elliptical curve cryptographic signature in the SPDU based on the butterfly public key. 如請求項6所述的混合式安全憑證管理系統,其中該簽驗章用後量子密碼學公鑰係Dilithium公鑰或Falcon公鑰,該簽驗章用後量子密碼學私鑰係Dilithium私鑰或Falcon私鑰。A hybrid secure certificate management system as described in claim 6, wherein the post-quantum cryptography public key used for the signature stamp is a Dilithium public key or a Falcon public key, and the post-quantum cryptography private key used for the signature stamp is a Dilithium private key or a Falcon private key. 如請求項1所述的混合式安全憑證管理系統,其中該些加解密用後量子密碼學金鑰對係Kyber金鑰對。A hybrid secure certificate management system as described in claim 1, wherein the post-quantum cryptography key pairs for encryption and decryption are Kyber key pairs. 一種混合式安全憑證管理方法,適用於包括一第一終端設備、一登錄中心端以及一憑證中心端的一混合式安全憑證管理系統中,其中該第一終端設備及該憑證中心端分別與該登錄中心端通訊連接,該方法包括: 該第一終端設備產製一對稱式密碼學金鑰、一第一橢圓曲線密碼學金鑰對、複數個加解密用後量子密碼學金鑰對,其中該第一橢圓曲線密碼學金鑰對包括一橢圓曲線密碼學公鑰及一橢圓曲線密碼學私鑰,每一該些加解密用後量子密碼學金鑰對包括一加解密用後量子密碼學公鑰及一加解密用後量子密碼學私鑰,並將該對稱式密碼學金鑰、該橢圓曲線密碼學公鑰、該些加解密用後量子密碼學公鑰以及一憑證申請資訊傳送至該登錄中心端; 該登錄中心端產製一繭公鑰,並將該繭公鑰、該加解密用後量子密碼學公鑰、以及該憑證申請資訊傳送至該憑證中心端;以及 該憑證中心端依據一隨機數產製一第二橢圓曲線密碼學金鑰對,並依據該繭公鑰產製一重構值公鑰,該憑證中心端依據一簽驗章用後量子密碼學私鑰及該憑證申請資訊產製一後量子密碼學簽章,並且產製一混合式假名憑證,該混合式假名憑證至少包含該重構值公鑰、該憑證申請資訊、以及該後量子密碼學簽章。 A hybrid security certificate management method is applicable to a hybrid security certificate management system including a first terminal device, a login center and a certificate center, wherein the first terminal device and the certificate center are respectively connected to the login center for communication, and the method includes: The first terminal device generates a symmetric cryptographic key, a first elliptical cryptographic key pair, and a plurality of post-quantum cryptographic key pairs for encryption and decryption, wherein the first elliptical cryptographic key pair includes an elliptical cryptographic public key and an elliptical cryptographic private key, and each of the post-quantum cryptographic key pairs for encryption and decryption includes a post-quantum cryptographic public key for encryption and decryption and a post-quantum cryptographic private key for encryption and decryption, and transmits the symmetric cryptographic key, the elliptical cryptographic public key, the post-quantum cryptographic public keys for encryption and decryption, and a certificate application information to the registration center end; The registration center generates a cobweb public key, and transmits the cobweb public key, the post-quantum cryptography public key for encryption and decryption, and the certificate application information to the certificate center; and The certificate center generates a second elliptical curve cryptography key pair based on a random number, and generates a reconstructed value public key based on the cobweb public key. The certificate center generates a post-quantum cryptography signature based on a signature post-quantum cryptography private key and the certificate application information, and generates a hybrid pseudonym certificate, which at least includes the reconstructed value public key, the certificate application information, and the post-quantum cryptography signature. 如請求項9所述的混合式安全憑證管理方法,其中該方法更包括: 該憑證中心端依據該混合式假名憑證及該隨機數產製一重構值私鑰,並且依據該加解密用後量子密碼學公鑰加密該重構值私鑰,並且傳送經加密後的該重構值私鑰及該混合式假名憑證至該登錄中心端,並且經由該登錄中心端將經加密後的該重構值私鑰及該混合式假名憑證傳送至該第一終端設備。 A hybrid security certificate management method as described in claim 9, wherein the method further comprises: The certificate center generates a reconstructed value private key based on the hybrid pseudonymous certificate and the random number, and encrypts the reconstructed value private key with a post-quantum cryptography public key based on the encryption and decryption, and transmits the encrypted reconstructed value private key and the hybrid pseudonymous certificate to the login center, and transmits the encrypted reconstructed value private key and the hybrid pseudonymous certificate to the first terminal device via the login center. 如請求項10所述的混合式安全憑證管理方法,其中該方法更包括: 該第一終端設備產製一繭私鑰,依據該加解密用後量子密碼學私鑰解密經加密後的該重構值私鑰,以獲取該重構值私鑰的明文,並且該第一終端設備依據該混合式假名憑證、該繭私鑰、該重構值私鑰產製蝴蝶私鑰。 A hybrid security certificate management method as described in claim 10, wherein the method further comprises: The first terminal device generates a cocoon private key, decrypts the encrypted reconstructed value private key according to the encryption and decryption post-quantum cryptography private key to obtain the plaintext of the reconstructed value private key, and the first terminal device generates a butterfly private key according to the hybrid pseudonymous certificate, the cocoon private key, and the reconstructed value private key. 如請求項11所述的混合式安全憑證管理方法,其中該方法更包括: 該第一終端設備依據該蝴蝶私鑰及一安全協定資料單元(Secure Protocol Data Unit, SPDU)中的資料產製一橢圓曲線密碼學簽章,其中該安全協定資料單元包含該混合式假名憑證以及該橢圓曲線密碼學簽章。 A hybrid security certificate management method as described in claim 11, wherein the method further comprises: The first terminal device generates an elliptical curve cryptographic signature based on the butterfly private key and data in a secure protocol data unit (SPDU), wherein the secure protocol data unit includes the hybrid pseudonymous certificate and the elliptical curve cryptographic signature. 如請求項12所述的混合式安全憑證管理方法,其中該混合式安全憑證管理系統更包括第二終端設備,該方法更包括: 該第二終端設備藉由該憑證中心端取得該混合式假名憑證,依據該憑證中心端的一簽驗章用後量子密碼學公鑰驗證該混合式假名憑證中的該後量子密碼學簽章,並且依據該混合式假名憑證及該重構值公鑰產製一蝴蝶公鑰。 A hybrid security certificate management method as described in claim 12, wherein the hybrid security certificate management system further includes a second terminal device, and the method further includes: The second terminal device obtains the hybrid pseudonymous certificate through the certificate center, verifies the post-quantum cryptography signature in the hybrid pseudonymous certificate with a post-quantum cryptography public key based on a signature stamp of the certificate center, and generates a butterfly public key based on the hybrid pseudonymous certificate and the reconstructed value public key. 如請求項13所述的混合式安全憑證管理方法,其中該方法更包括: 該第二終端設備依據該蝴蝶公鑰,驗證該SPDU中的該橢圓曲線密碼學簽章。 A hybrid security certificate management method as described in claim 13, wherein the method further comprises: The second terminal device verifies the elliptical curve cryptographic signature in the SPDU based on the butterfly public key. 如請求項13所述的混合式安全憑證管理方法,其中該簽驗章用後量子密碼學公鑰係Dilithium公鑰或Falcon公鑰,該簽驗章用後量子密碼學私鑰係Dilithium私鑰或Falcon私鑰。A hybrid security certificate management method as described in claim 13, wherein the post-quantum cryptography public key used for the signature stamp is a Dilithium public key or a Falcon public key, and the post-quantum cryptography private key used for the signature stamp is a Dilithium private key or a Falcon private key. 如請求項9所述的混合式安全憑證管理方法,其中該些加解密用後量子密碼學金鑰對係Kyber金鑰對。A hybrid secure certificate management method as described in claim 9, wherein the post-quantum cryptography key pairs used for encryption and decryption are Kyber key pairs.
TW112148435A 2023-12-13 2023-12-13 Hybird security credential management system and method thereof TWI852860B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW112148435A TWI852860B (en) 2023-12-13 2023-12-13 Hybird security credential management system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW112148435A TWI852860B (en) 2023-12-13 2023-12-13 Hybird security credential management system and method thereof

Publications (2)

Publication Number Publication Date
TWI852860B true TWI852860B (en) 2024-08-11
TW202524341A TW202524341A (en) 2025-06-16

Family

ID=93284248

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112148435A TWI852860B (en) 2023-12-13 2023-12-13 Hybird security credential management system and method thereof

Country Status (1)

Country Link
TW (1) TWI852860B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7464858B2 (en) * 2002-02-25 2008-12-16 Crawford C S Lee Systems and methods for controlling access within a system of networked and non-networked processor-based systems
CN113508407A (en) * 2018-12-21 2021-10-15 西门子股份公司 Method, distributed database system, and industrial automation system for operating a distributed database system
TW202145753A (en) * 2020-04-09 2021-12-01 美商納茲控股有限責任公司 Nuts: flexible hierarchy object graphs
TW202147227A (en) * 2020-05-12 2021-12-16 新加坡商Hdr新加坡私人有限公司 Systems and methods for automated manipulation resistant indexing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7464858B2 (en) * 2002-02-25 2008-12-16 Crawford C S Lee Systems and methods for controlling access within a system of networked and non-networked processor-based systems
CN113508407A (en) * 2018-12-21 2021-10-15 西门子股份公司 Method, distributed database system, and industrial automation system for operating a distributed database system
TW202145753A (en) * 2020-04-09 2021-12-01 美商納茲控股有限責任公司 Nuts: flexible hierarchy object graphs
TW202147227A (en) * 2020-05-12 2021-12-16 新加坡商Hdr新加坡私人有限公司 Systems and methods for automated manipulation resistant indexing

Also Published As

Publication number Publication date
TW202524341A (en) 2025-06-16

Similar Documents

Publication Publication Date Title
US12375300B2 (en) Cryptographic methods and systems for managing digital certificates
CN113163366B (en) A privacy-preserving model aggregation system and method based on federated learning in the Internet of Vehicles
CN109257184B (en) Linkable Ring Signature Method Based on Anonymous Broadcast Encryption
Jo et al. Reliable cooperative authentication for vehicular networks
US9246683B2 (en) Re-encryption key generator, re-encryption apparatus, and program
CN103490901B (en) Key based on combination key system generates and distribution method
US20050086504A1 (en) Method of authenticating device using certificate, and digital content processing device for performing device authentication using the same
US7634085B1 (en) Identity-based-encryption system with partial attribute matching
CN109412816A (en) An anonymous communication system and method for in-vehicle network based on ring signature
CN120200750B (en) Secure communication system and method for vehicle-mounted ad hoc networks based on NTRU lattice cryptography
JP2015501110A (en) Group encryption method and device
TWI852860B (en) Hybird security credential management system and method thereof
CN112425117A (en) Configuration method and device of pseudonymous credentials
KR100970552B1 (en) How to generate a security key using a non-certificate public key
CN109981289A (en) Batch authentication method of elliptic curve digital signature algorithm under implicit certificate
CN116233843A (en) B5G/6G network slice authentication method for industrial Internet
TWI859857B (en) Security credential management system and method based on key expansion
CN113872758A (en) Quantum multi-proxy blind signature method
Chen RSA-Based Anonymous Certificate for Security Credential Management System
TWI892130B (en) Post-quantum cryptography key extension method, extend matrix production method, security credential management system and method thereof
Jadoon et al. Secure key distribution for vehicular network based on Kirchhoff law Johnson noise
TWI870333B (en) System and method for co-signature, internet of vehicles certificate management system, financial certificate management system
JP2015186101A (en) Key exchange device and key exchange method
CN119172166B (en) Distributed cross-domain data encryption method, decryption method and system
CN118631459B (en) A secure communication method based on train identity