Z密码算法设计方案

doi:10.13868/j.cnki.jcr.000267

摘要
图/表
参考文献(8)
相关文章 (15)

全文: PDF (5712 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要

本文面向移动互联的安全需求、为移动环境下手持终端设备的身份认证和会话密钥协商, 设计提出了Z密码算法体制. 它采用用户密钥与算法深度融合的设计思路, 与传统的分组密码设计强调算法标准化、密钥保密的保密思想不同, Z密码算法通过密钥与算法融合的可变密码逻辑, 保证不同用户之间的密码算法的逻辑结构都不相同. 逻辑不同不仅指所使用密码参数的不同, 而是采用不同层次结构、不同运算、不同部件、不同数据流向, 从而保证所有用户采用了互不相同的密码算法. 在攻击者看来, 好像是每个用户都采用了一个专门为自己设计使用的密码算法, 可称为``一人一算法'', 极大提高了系统的安全性. 针对Z算法体制的这个特点, 设计时提出并充分考虑了实例安全、系统安全、距离安全等安全需求, 这些概念是对传统分组密码算法安全要求的推广和延伸. 使用时, 可依据密码协议定期或不定期更新用户的算法实例. 另外, Z 算法体制中对用户提供的加密算法, 是各不相同的执行代码, 适宜于软件实现, 便于管理更新.

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	郑建华
	任盛
	靖青
	宋若虎

关键词 ： Z算法, 移动支付, 身份认证, 密钥协商, 分组密码, 加密算法, 密码安全性

Abstract：

This paper designs Z cipher scheme to satisfy the security requirements for mobile ends, including the identity authentication and key exchange. The design of Z cipher is dynamic in the way that the algorithm structure depends on the user's key, which is different from known ciphers with static structure and different keys for different users. This means that different users have different encryption logic which appears not only in different cipher parameters, but also in different logic layers, different operations, different components, and different data processing. This dynamic feature makes the Z cipher algorithm secure against static attacks. We call this Z's characteristics as `different user, different algorithm'. Some new security concepts are proposed, such as instance security, system security and distance security, which expands the security measures of traditional block ciphers. The users can update their keys and hence the cipher structures periodically or occasionally. Furthermore, the encryption algorithms in Z cipher scheme can be provided in the form of executable code, so it is easy to use and manage in software.

Key words： Z cipher mobile pay identity authentication key exchange block cipher encryption algorithm cipher security

收稿日期: 2018-08-02 出版日期: 2018-09-05

通讯作者: 靖青, E-mail: jqarmy@163.com

引用本文:

郑建华, 任盛, 靖青, 宋若虎. Z密码算法设计方案[J]. 密码学报, 2018, 5(6): 579-590.
ZHENG J H, REN S, JING Q, SONG R H. Z Cipher Scheme. Journal of Cryptologic Research, 2018, 5(6): 579-590.

链接本文:

http://www.jcr.cacrnet.org.cn/CN/10.13868/j.cnki.jcr.000267 或 http://www.jcr.cacrnet.org.cn/CN/Y2018/V5/I6/579

[1] Internet Society of China. Investigation report on the rights and interests of Chinese netizens (2015)[OL]. http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057732/c355530/part/3555531.pdf.
中国互联网协会. 中国网民权益调查报告(2015)[OL]. http://www.miit.gov.cn/n1146285/n1146352 /n3054355/n3057724/n3057732/c355530/part/3555531.pdf.

[2] The Central Bank with Ministries and Commissions. Guiding opinions on promoting the healthy developmant of Internet finance[OL]. 2015. http://www.gov.cn/xinwen/2015-07/18/content-2899360.htm.
人民银行等十部委. 关于促进互联网金融健康发展的指导意见[OL]. 2015. http://www.gov.cn/xinwen/2015-07/18/content-2899360.htm.

[3] Ministy of Industry and Information Technology. Guidance on strenthening network security work in elecommunication and Internet industries[OL]. 2015. http://www.miit.gov.cn/n1146295/n165285n/n1652930/n3757020/c3764760/content.html.
工业和信息化部. 工业和信息化部关于加强电信和互联网行业网络安全工作的指导意见[OL]. 2015.
http://www.miit.gov.cn/n1146295/n165285n/n1652930/n3757020/c3764760/content.html.

[4] CRYPTREC: Specifications of E-Government Recommended Ciphers (2013)[OL].http://www.cryptrec.go.jp/english/method.html.

[5] International Organization for Standardization (ISO). International Standard-ISO/IEC 18033-3: Information technology-Security techniques-Encryption algorithms-Part 3: Block Ciphers[S]. 2010.

[6] NESSIE: New European Schemes for Signatures, Integrity, and Encryption[R]. Final Report of European Project IST-1999-12324.

[7] BIHAM E, SHAMIR A. Differential cryptanalysis of DES-like cryptosystems[J]. Journal of Cryptology, 1991, 4(1): 3–72. [DOI: 10.1007/BF00630563]

[8] SELUK A A, BICAK A. On probability of success in linear and differential cryptanalysis[C]. In: Security in Communication Networks—SCN 2002. Springer Berlin Heidelberg, 2002: 174–185. [DOI: 10.1007/3-540-36413-7_13]