阅读说明：本技术 一种基于动态门限多秘密共享的设备口令托管方法及系统 (Equipment password escrow method and system based on dynamic threshold multi-secret sharing ) 是由 刘伟 李睿 谢满 于 2021-09-14 设计创作，主要内容包括：本发明涉及网络安全技术领域,涉及一种基于动态门限多秘密共享的设备口令托管方法及系统,方法包括：一、托管分量及系统中心完成完成系统初始化；二、各托管分量计算子秘密并将其加密后返回,系统中心将返回结果解密后构造多项式,实现设备口令的分发及隐藏；三、在进行口令恢复时,系统中心选取部分分量发送重构信号,托管分量根据保存的秘密份额计算子秘密后将结果加密返回给系统中心,系统中心再重构该多项式恢复设备口令；四、在进行秘密更新时,系统中心更新参数,向所有的托管分量发送更新信号,待收到托管分量重新计算子秘密加密的结果后,构造新的多项式,实现秘密的更新。本发明能有效实现口令的自动生成、加密托管及自动更新。(The invention relates to the technical field of network security, in particular to a device password escrow method and a device password escrow system based on dynamic threshold multi-secret sharing, wherein the method comprises the following steps: firstly, a hosting component and a system center finish system initialization; secondly, calculating the sub-secrets of each managed component, encrypting the sub-secrets, returning the sub-secrets, and decrypting a returned result by the system center to construct a polynomial so as to realize the distribution and hiding of the equipment password; thirdly, when password recovery is carried out, the system center selects part of the components to send reconstruction signals, the escrow component calculates the operator secrets according to the stored secret share and then encrypts the results and returns the results to the system center, and the system center reconstructs the password of the polynomial recovery equipment; and fourthly, when secret updating is carried out, the system center updates parameters, sends updating signals to all managed components, and constructs a new polynomial after receiving the result of secret encryption by recalculating the managed components so as to realize secret updating. The invention can effectively realize automatic generation, encrypted escrow and automatic update of the password.)

1. A device password escrow method based on dynamic threshold multi-secret sharing is characterized in that: the method comprises the following steps:

firstly, a managed component and a system center complete system initialization;

secondly, downloading data from the system center by each managed component, calculating a secret according to the stored secret share, encrypting the secret and returning the secret, and decrypting the returned result by the system center and constructing a polynomial by using a Lagrange interpolation method to realize distribution and hiding of the equipment password;

thirdly, when password recovery is carried out, the system center selects part of the components to send reconstruction signals, the escrow component calculates the operator secrets according to the stored secret share and then encrypts the results and returns the results to the system center, and the system center reconstructs the password of the polynomial recovery equipment;

and fourthly, when secret updating is carried out, the system center updates parameters, sends updating signals to all managed components, and constructs a new polynomial after receiving the result of secret encryption by recalculating the managed components, so that secret updating can be realized.

2. The device password escrow method based on dynamic threshold multi-secret sharing of claim 1, wherein: the system initialization method comprises the following steps:

noting D as a secret distributor, P₁，P₁，…，P_nFor n participants, C₁，C₂，…，C_mInitial passwords for m devices entered by the user, te [3, n ∈]A threshold value input for a user, namely at least how many participants are needed to recover the equipment password;

first, distributor D randomly chooses two large prime numbers P, Q, and its primitive root α for P, from [ α, P-2 ]]An integer d is selected as a private key for encryption and storage, and the calculated beta is alpha^dmod P, with β as the public key of D, from [ m, Q]To randomly select an integer Id for each participant_iAs unique identification and publishes information { P, Q, alpha, beta, Id_i}；And finally, each participant randomly selects an integer S as a secret share to be encrypted and stored.

3. The method of claim 2 for device password escrow based on dynamic threshold multi-secret sharing, characterized in that: the method for distributing and hiding the equipment password comprises the following steps:

2.1) Each participant downloads the parameters P, α, β from D, i from 1 to n, for each P_iAnd carrying out encryption calculation on the secret share S: u shape_i1＝α^Smod P，U_i2＝α^SS mod P, i.e. obtaining P_iPseudo share (U) of_i1，U_i2)；

2.2) i from 1 to n, for each P_iThe pseudo share (U) of it_i1，U_i2) Sending the data to D through a common channel;

2.3) D receiving the pseudo-shares (U) sent by all participants_i1，U_i2) And then, carrying out decryption calculation on the pseudo share:E_iis namely P_iThe secret share of (2);

2.4) D uses n + m points: (1, C)₁)，(2，C₂)，…，(m，C_m) And (Id)₁，E₁mod P)，(Id₂，E₂mod P)，…，(Id_n，E_nmod P) construction of a polynomial g (x) of degree n + m-1 according to Lagrangian interpolation:

2.5) D from the set [ m, Q]-{Id_iN + m-t integers x are selected from 1,2,. n | i ═ 1,2,. n }₁，x₂，…，x_n+m-tCalculating g (x)_i) Publication (x)₁，g(x₁))，(x₂，g(x₂))，…，(x_n+m-t，g(x_n+m-t) Simultaneous destruction of (1, C)₁)，(2，C₂)，…，(m，C_m)，(Id₁，E₁mod P)，(Id₂，E₂mod P)，…，(Id_n，E_nmod P) and received data (U)₁₁，U₁₂)，(U₂₁，U₂₂)，…，(U_n1，U_n2) And completing the distribution and hiding of the device password.

4. The method of claim 3, wherein the password is managed by a device password based on dynamic threshold multi-secret sharing, and wherein: the reconstruction method comprises the following steps:

3.1) D randomly selecting t participants from n participants to send reconstruction information;

3.2) selected participants download parameters { P, alpha, beta } from the distributor D, and the secret share is encrypted and calculated U_i1＝α^Smod P，U_i2＝α^SS mod P yields a pseudo fraction (U)_i1，U_i2) False shares (U)_i1，U_i2) Sending the data to D through a common channel;

3.3) distributor utilizes published information (x)₁，g(x₁))，(x₂，g(x₂))，…，(x_n+m-t，g(x_n+m-t) And (Id)₁，E₁mod P)，(Id₂，E₂mod P)，…，(Id_t，E_tmod P) reconstruction of the n + m-1 th polynomial g (X), if used, (X) according to Lagrangian interpolation_i，Y_i) (i ═ 1, 2., n + m) denotes the above points, then g (x) is:

at this time, the device password i is obtained by calculating g (i).

5. The method of claim 4, wherein the password is managed by a device password based on dynamic threshold multi-secret sharing, and wherein: the secret updating method comprises the following steps:

4.1) D regeneration of m devices according to the number of devicesPassword, namely C'₁，C′₂，...，C′_mAnd reselecting a primitive root alpha' related to P, and sending an updating signal to all participants;

4.2) recalculating pseudo-shares U 'per participant from the saved secret shares'_i1＝α′^Smod P and U'_i2＝α′^SS mod P; and the pseudo share (U'_i1，U′_i2) Sending the data to D through a common channel;

4.3) pseudo quota after receipt of all participants update (U'_i1，U′_i2) And then, carrying out decryption calculation on the pseudo share:get secret share E'_i；

4.4) D uses n + m points: (1, C'₁)，(2，C′₂)，…，(m，C′_m) And (Id)₁，E′₁mod P)，(Id₂，E′₂mod P)，…，(Id_n，E′_nmod P) A new polynomial g' (X) of degree n + m-1 is constructed according to Lagrangian interpolation, if used (X)_i，Y_i) (i ═ 1, 2., n + m) denotes the above points, then g' (x) is:

4.5) calculate g' (x) for i from 1 to n + m-t_i) Publication (x)₁，g′(x₁))，(x₂，g′(x₂))，…，(x_n+m-t，g′(x_n+m-t) And simultaneously destroy (1, C'₁)，(2，C′₂)，…，(m，C′_m)，(Id₁，E′₁mod P)，(Id₂，E′₂mod P)，…，(Id_n，E′_nmod P) and received data (U'₁₁，U′₁₂)，(U′₂₁，U′₂₂)，…，(U′_n1，U′_n2) All equipment ports can be realizedAnd (5) updating the order.

6. A device password escrow system based on dynamic threshold secret sharing, characterized by: which employs a device password escrow method based on dynamic threshold secret sharing as claimed in any of claims 1-5.

Technical Field

The invention relates to the technical field of network security, in particular to a device password escrow method and a device password escrow system based on dynamic threshold multi-secret sharing.

Background

With the development of network applications, people pay more and more attention to the problem of how to safely and efficiently manage device passwords in batch in the face of numerous server devices, security monitoring devices or network communication devices. On one hand, users generally lack security password awareness or often directly adopt a null password or a weak password for equipment for the purpose of facilitating operation and maintenance management; on the other hand, for a large number of devices, it is very cumbersome to manually change the device password, and the administrator often directly follows the device default password or uses the same password for all devices. These approaches greatly increase the risk of system intrusion. In addition, in order to conveniently manage all the devices, the devices are generally managed by adopting the fortress machine, if a user needs to log in a certain device, the password information of the device is only recorded into the fortress machine in advance, and then the specified device can be logged in through the fortress machine. However, this approach still presents a number of safety hazards: firstly, all device passwords are stored in a bastion machine in a centralized manner, and if the bastion machine is illegally invaded, all password information is leaked, so that the whole situation is broken by one point; secondly, the password information of the equipment cannot be automatically modified and updated, and the flexibility is not high.

Aiming at the problems existing in the existing password escrow system, no effective solution is provided at present how to realize the automatic safe escrow of the password.

Disclosure of Invention

In order to overcome the defects of low efficiency, complexity, insecurity and the like of manually managing the device password, the invention provides a device password escrow method and a device password escrow system based on dynamic threshold multi-secret sharing, which can effectively realize automatic generation, encrypted escrow and automatic update of the password.

The invention discloses a device password escrow method based on dynamic threshold multi-secret sharing, which comprises the following steps:

firstly, a key division storage and multi-party combined calculation mode is adopted, and a managed component and system center completes system initialization;

secondly, downloading data from the system center by each managed component, calculating a secret according to the stored secret share, encrypting the secret and returning the secret, decrypting a returned result by the system center, and constructing a polynomial by using a Lagrange interpolation method to realize distribution and hiding of the equipment password;

thirdly, when password recovery is carried out, the system center randomly selects part of the components to send reconstruction signals, the escrow component calculates the secret of the operator according to the stored secret share and encrypts the result and returns the result to the system center, and the system center reconstructs the password of the polynomial recovery device;

and fourthly, when secret updating is carried out, the system center updates partial parameters, sends updating signals to all managed components, and constructs a new polynomial after receiving the result of secret encryption by recalculating the managed components, so that secret updating can be realized.

Preferably, the method for initializing the system comprises the following steps:

noting D as a secret distributor, P₁,P₁,…,P_nFor n participants, C₁,C₂,…,C_mInitial passwords for m devices entered by the user, te [3, n ∈]A threshold value input for a user, namely at least how many participants are needed to recover the equipment password;

distributor D randomly selects two large prime numbers P, Q, and a primitive root alpha related to P from alpha, P-2]An integer d is selected as a private key for encryption and storage, and the calculated beta is alpha^dmodP, with β as the public key of D, from [ m, Q]To randomly select an integer Id for each participant_iAs unique identification and publishes information { P, Q, alpha, beta, Id_i}; and finally, each participant randomly selects an integer S as a secret share to be encrypted and stored.

Preferably, the method for distributing and hiding the device password comprises the following steps:

2.1) Each participant downloads the parameters P, α, β from D, i from 1 to n, for each P_iAnd carrying out encryption calculation on the secret share S: u shape_i1＝α^SmodP,U_i2＝α^SSmodP, to obtain P_iPseudo share (U) of_i1,U_i2)；

2.2) i from 1 to nFor each P_iThe pseudo share (U) of it_i1,U_i2) Sending the data to D through a common channel;

2.3) D receiving the pseudo-shares (U) sent by all participants_i1,U_i2) And then, carrying out decryption calculation on the pseudo share:E_iis namely P_iThe secret share of (2);

2.4) D uses n + m points: (1, C)₁),(2,C₂),…,(m,C_m) And (Id)₁,E₁modP),(Id₂,E₂modP),…,(Id_n,E_nmodP) constructs a polynomial g (x) of degree n + m-1 according to Lagrange interpolation:

2.5) D from the set [ m, Q]–{Id_iN + m-t integers x selected from 1,2, … n | i ═ 1,2, … n₁,x₂,…,x_n+m-tCalculating g (x)_i) Publication (x)₁,g(x₁)),(x₂,g(x₂)),…,(x_n+m-t,g(x_n+m-t) Simultaneous destruction of (1, C)₁),(2,C₂),…,(m，C_m),(Id₁,E₁modP),(Id₂,E₂modP),…,(Id_n,E_nmodP) and received data (U)₁₁,U₁₂),(U₂₁,U₂₂),…,(U_n1,U_n2)。

At this time, the distribution and hiding of all equipment passwords can be completed.

Preferably, the reconstruction method comprises the following steps:

3.1) D randomly selecting t participants from n participants to send reconstruction information;

3.2) the selected participants download parameters { P, alpha, beta } from the distributor D respectively, and the secret share is encrypted and calculated U_i1＝α^SmodP,U_i2＝α^SSmodP gives a pseudo-share (U)_i1,U_i2) False shares (U)_i1,U_i2) Sending the data to D through a common channel;

3.3) distributor to utilize published information

(x₁,g(x₁)),(x₂,g(x₂)),…,(x_n+m-t,g(x_n+m-t) ) and

(Id₁,E₁modP),(Id₂,E₂modP),…,(Id_t,E_tmodP) reconstruction of a polynomial g (X) of degree n + m-1, if used (X), according to Lagrangian interpolation_i,Y_i) (i ═ 1,2, …, n + m) denotes the above points, then g (x) is:

at this time, the device password i is obtained by calculating g (i).

Preferably, the secret updating step comprises:

4.1) D regenerates m device passwords according to the number of devices, namely C'₁，C′₂，…，C′_mAnd reselecting a primitive root alpha' related to P, and sending an updating signal to all participants;

4.2) recalculating U 'per participant'_i1＝α′^SmodP and U'_i2＝α′^SSmodP; and will be (U'_i1,U′_i2) Sending the data to D through a common channel;

4.3) Per receipt of P_iUpdate Point (U ') of Transmission'_i1,U′_i2) Then D is calculated

4.4) D uses n + m points: (1, C'₁),(2,C′₂),…,(m,C′_m) And (Id)₁,E′₁modP)，(Id₂,E′₂modP)，…，(Id_n,E′_nmodP) A new polynomial g '(X) of degree n + m-1 is constructed according to Lagrange's interpolation, if used (X)_i,Y_i)(i＝1,2,…N + m) represents the above point, g' (x) is:

4.5) calculate g' (x) for i from 1 to n + m-t_i) Publication (x)₁,g′(x₁)),(x₂,g′(x₂)),…,(x_n+m-t,g′(x_n+m-t) And simultaneously destroy (1, C'₁),(2,C′₂),…,(m,C′_m),(Id₁,E′₁modP),(Id₂,E′₂modP),…,(Id_n,E′_nmodP), and received data (U'₁₁,U′₁₂),(U′₂₁,U′₂₂),…,(U′_n1,U′_n2) Updating of all device passwords can be achieved.

The invention also provides a device password escrow system based on the dynamic threshold secret sharing, which adopts the device password escrow method based on the dynamic threshold secret sharing.

The invention realizes the automatic batch trusteeship of the equipment password, and the system can automatically maintain all the equipment passwords only by inputting the initial password of the equipment and setting the updating period when the system is initialized. When the password of the equipment is recovered, the equipment password does not need to be communicated with all the managed components, the transmitted data is encrypted, a complex safety channel does not need to be maintained, and the risk of password leakage is greatly reduced. Meanwhile, the device password information is dispersedly stored in the N managed components, so that even if a system or part of the managed components are illegally invaded, the device password information cannot be leaked, and the device password information has high safety. Compared with the existing key escrow system, the system is simple to implement and convenient to operate, can realize automatic generation of the equipment password, encryption escrow and automatic updating only by encrypting and storing a small amount of information, and has very high practicability.

Drawings

Fig. 1 is a flowchart of a device password hosting method based on dynamic threshold secret sharing in embodiment 1.

Detailed Description

For a further understanding of the invention, reference should be made to the following detailed description taken in conjunction with the accompanying drawings and examples. It is to be understood that the examples are illustrative of the invention and not limiting.

Example 1

As shown in fig. 1, the present embodiment provides a device password hosting method based on dynamic threshold multi-secret sharing, which includes the following steps:

firstly, adopting a key division storage and multiparty joint calculation mode, and finishing system initialization by each trusteeship component and a system center;

secondly, downloading data from the system center by each managed component, calculating a secret according to the stored secret share, encrypting the secret and returning the secret, decrypting a returned result by the system center, and constructing a polynomial by using a Lagrange interpolation method to realize distribution and hiding of the equipment password;

thirdly, when password recovery is carried out, the system center randomly selects part of the components to send a reconstruction signal, the escrow component calculates a secret according to the stored secret share and then encrypts a result and returns the result to the system center, and the system center reconstructs the password of the polynomial recovery device;

and fourthly, when secret updating is carried out, the system center updates partial parameters, sends updating signals to all managed components, and constructs a new polynomial after receiving the result of secret encryption by recalculating the managed components, so that secret updating can be realized.

The present embodiment includes four parts: system initialization, secret distribution, secret reconstruction and secret update. Firstly, initializing a secret distributor (distributor) of a escrow center and participants (participants) of a key escrow component, wherein the distributor generates a pair of public and private keys and then generates a unique identity for each participant; secondly, each participant downloads published information from the distributor, calculates the sub-secret according to the stored secret share, encrypts the sub-secret by using a public key provided by the distributor and sends the encrypted sub-secret to the distributor, after the distributor receives the decrypted data, constructs a polynomial according to a Lagrange interpolation method, hides all equipment passwords in the encrypted sub-secret, and simultaneously destroys all the received data and publishes partial function values of the polynomial. Thus, the distribution and hiding of the device password are completed. When the equipment password is reconstructed, a distributor only needs to randomly select t participants to send reconstruction signals, the selected participants download information from the distributor, calculate the sub-secrets and then encrypt and send the sub-secrets to the distributor, and the distributor can recover all equipment password information by utilizing t sub-secrets to reconstruct a polynomial according to a Lagrange interpolation method based on a threshold secret sharing idea. When secret updating is carried out, the distributor regenerates password information according to the number of devices and updates partial parameters, and since the participants submit secret pseudo shares each time, the secret shares are not exposed, so all the parameters can be kept unchanged. And after receiving all the sub-passwords, the distributor reconstructs the polynomial and hides the new password information therein to realize secret updating.

The system initialization method comprises the following steps:

noting D as a secret distributor, P₁,P₂,P₃,P₄Is 4 participants, C₁,C₂,C₃The initial password of 3 devices input for the user, t is 3, the threshold value input for the user is that at least 3 participants are needed to recover the device password.

Distributor D randomly selects two large prime numbers P, Q, and a primitive root alpha related to P from alpha, P-2]An integer d is selected as a private key for encryption and storage, and the calculated beta is alpha^dmodP, with β as the public key of D, from [4, Q]To randomly select an integer Id for each participant_iAs unique identification and publishes information { P, Q, alpha, beta, Id_i}; and finally, each participant randomly selects an integer S as a secret share to be encrypted and stored.

The method for distributing and hiding the equipment password comprises the following steps:

2.1) participant P₁,P₂,P₃,P₄Downloading published information { P, alpha, beta } from D, respectively, for P₁,P₂,P₃,P₄Computing a pseudo share U from the stored secret share S_i1＝α^SmodP,U_i2＝α^S*SmodP；

2.2) pseudo-shares (U) per participant_i1,U_i2) Sending the data to D through a common channel;

2.3) upon receipt of P₁,P₂,P₃,P₄After the transmitted pseudo share, D carries out decryption calculation on the pseudo shareObtaining a secret share;

2.4) D utilization points: (1, C)₁),(2,C₂),(3,C₃) And (Id)₁,E₁modP),(Id₂,E₂modP),(Id₃,E₃modP),(Id₄,E₄modP) constructs the polynomial g (x) according to Lagrangian interpolation:

2.5) D from the set [4, Q]–{Id_iRandomly selecting 4 integers x from 1,2, …,4 |, and₁,x₂,x₃,x₄calculating g (x)_i) Publication (x)₁,g(x₁)),(x₂,g(x₂)),(x₃,g(x₃)),(x₄,g(x₄) Simultaneous destruction of (1, C)₁),(2,C₂),(3,C₃),(Id₁,E₁modP),(Id₂,E₂modP),(Id₃,E₃modP),(Id₄,E₄modP) and received data (U)₁₁,U₁₂),(U₂₁,U₂₂),(U₃₁,U₃₂),(U₄₁,U₄₂) The distribution and hiding of the equipment password can be completed;

the reconstruction method comprises the following steps:

3.1) D from P₁,P₂,P₃,P₄Randomly selecting 3 participants from 4 participants to send reconstruction information;

3.2) assuming the selected participant is P₁,P₂,P₃Then P is₁,P₂,P₃Respectively downloading parameters from DP, alpha, beta, and calculating a pseudo share U based on the stored secret shares_i1＝α^SmodP,U_i2＝α^SSmodP, and (U)₁₁,U₁₂),(U₂₁,E₂₂),(U₃₁,U₃₂) Sending the data to D through a common channel;

3.3) reception of P_iPseudo shares (U) of transmission_i1,U_i2) Then D will make pseudo share decryption calculation

3.4) D reusing published information (x)₁,g(x₁)),(x₂,g(x₂)),(x₃,g(x₃)),(x₄,g(x₄) And (Id)₁,E₁modP),(Id₂,E₂modP),(Id₃,E₃modP) reconstructs a polynomial g (x) of degree according to Lagrange interpolation;

at this time, g (1), g (2), g (3) are calculated in sequence, and the result is the device password C₁,C₂,C₃。

The secret updating method comprises the following steps:

4.1) D regenerates 3 device passwords which meet the requirement of password complexity according to the number of the devices, namely C'₁,C′₂,C′₃And reselecting a primitive root alpha' relative to P toward P₁,P₂,P₃,P₄An update request is sent.

4.2)P₁,P₂,P₃,P₄Recalculating pseudo-shares U 'from saved secret shares'_i1＝α′^SmodP and U'_i2＝α′^SSmodP, and (U'_i1,U′_i2) Sending the data to D through a common channel;

4.3) for i from 1 to 4, each time P is received_iUpdate Point (U ') of Transmission'_i1,U′_i2) Then, D is thenPerform decryption calculations

4.4) D utilization points:

(1,C′₁),(2,C′₂),(3,C′₃),(Id₁,E′₁modP),(Id₂,E′₂modP),(Id₃,E′₃modP),(Id₄,E′₄modP) constructs a new polynomial g' (x):

4.5) calculate g' (x) for i from 1 to 4_i) Publication (x)₁,g′(x₁)),(x₂,g′(x₂)),(x₃,g′(x₃)),(x₄,g′(x₄) And simultaneously destroy (1, C'₁),(2,C′₂),(3，C′₃),(Id₁,E′₁modP),(Id₂,E′₂modP),(Id₃,E′₃modP),(Id₄,E′₄modP) and received data (U'₁₁,U′₁₂),(U′₂₁,U′₂₂),(U′₃₁,U′₃₂),(U′₄₁,U′₄₂) Can realize P₁,P₂,P₃,P₄And updating the password of the equipment.

The embodiment also provides a device password escrow system based on the dynamic threshold secret sharing, which adopts the device password escrow method based on the dynamic threshold secret sharing.

The present invention and its embodiments have been described above schematically, without limitation, and what is shown in the drawings is only one of the embodiments of the present invention, and the actual structure is not limited thereto. Therefore, if the person skilled in the art receives the teaching, without departing from the spirit of the invention, the person skilled in the art shall not inventively design the similar structural modes and embodiments to the technical solution, but shall fall within the scope of the invention.