| In this paper, we propose an innovative public-key cryptosystem from anew perspective, and integrate it into the digital certificate application in thefield of information security as a core technology in order to prove itsfeasibility,independence,innovation.TheoreticalStudyInnovationdifficultproblemandone-wayfunctionThe innovative key of cryptogram theory is how to select specificallydifficult problem. We find a lot of unique characteristics of mathematics andcryptography on ergodic matrix over finite field during research, and one ofthem is any matrix will be divergent enough and non-reversible if it ismultiplied by the powers of two different stochastic ergodic matrices on theright and left, and that is helpful for finding the new difficult problem.Followingtheperfectexperimentresults,westudydeeperandfindout:1. Ergodic matrices over Fq are plenty, and the number increasesrapidlywiththeincreaseof ( q n?1);2. If Mis strongmatrix,the BMQ-problem will be introduced. So thedivergence and non-reversibility of the result of Q1 x MQ2ywill bestrengthenedgreatly.3. As a typical and non-commutative ring with element, it integratesthe multiplication commutative property of ( M nF?qn,?,?)over Fqwiththematrixmultiplicationnon-commutativepropertyofFBased on the above study found and the experimental results, we canconstruct the innovation difficult problemP which is needed by cryptogramtheorythroughtheseuniquecharacteristicsofergodicmatrix.Q1 , Q2?Mn?nare ergodic matrices, M ? MS(Q 1 ,Q2)is strong matrix,x , y?{ 1,2,...,qn?1};byknown (Q 1 ,Q2,M,Q1xMQ2y),togetxandy.Getting x as (Q , Qx)are known is the discrete logarithm problem ofmatrix multiplication (semi-) group over Fq .Research shows that its strengthis not less than the discrete logarithm problem of multiplication problems(semi-) group's, which means the cryptosystem that higher than RSA andElGmalcouldbeconstructed.Getting Q1x and Q2y as (Q 1 ,Q2,M,Q1xMQ2y)are known becomes to solvethe BMQ-problem which has been proved NP-complete for the introductionofthestrongmatrix,sothisproblemhashighdifficultyintensity.P is the integration of the discrete logarithm problem of matrixmultiplica- tion (semi-) group over Fq and the BMQ-problem over Fq . When( q n?1)is large enough, P is difficult and the difficulty is higher than eachone.Weconstructthenewone-wayfunction fm (x)basedonP :ChoosingFqQ1 , Q2?Mn?nand M ? MS(Q 1 ,Q2),making A ? {1 ,2,?,qn?1}B ? Q1 MQ2, for each m ? Q1a MQ2b?B, the one-way function can beconstructedbyP :f m : A? B(fm(x)?Power(x,m)?Q1x aMQ2xb).PracticalApplicationBased on the innovative difficult problem and one-way function, wepropose a new public-key cryptosystem, and do a lot of in-depth study in itsimplement and application, then merge it into many kinds of application inthefieldofdigitalcertificate.(1)ThenewstandardofdigitalcertificateWe propose the new standard X.509 v3i of digital certificate based onX.509 v3 at first. The innovation of this standard has four parts: First, theconcept introduction of issuing the multi-signed digital certificate jointly by the CA union. Second, the concept introduction of supporting the custom-made field in the digital certificate expansion domain. Third, re-adjusting thebasis domain of digital certificate, adding the optional field of union issuers,andremovingissuerandsubjectuniqueidentifierswhosearelowsupportandunpopular. Fourth, readjusting the expansion domain of digital certificate byremoving some fields which are lack of unified management standards andaddingcustom-madefield.(2)ThenewdigestextractionsolutionofdigitalcertificateAccording to the core thinking of the above-mentioned innovativedifficult problem, a new one-way hash algorithm EMHA is used forextracting the digital certificate's digest. Its design idea is that dividing theplaintext of digital certificate into a number of the same size n? nmatrix:M 1, M 2, M 3…; If the length of the last matrix is not enough, It will be filledwith 0 in the blank; Setting a digest-base whose initial value is M 1, gettingmatrix from matrices sets to multiply the digest-base one by one, assigningthe results to the digest-base, computing two stochastic values which areidentified by the regular element lines of digest-base as the exponentials oftwo different n_dgree ergodic matrices Q1 Q2 , multiplying the digest-base bythe powers of Q1 Q2 on the right and left , assigning the result to thedigest-base,repeatingtheflowuntiltheend, thenthedigest-baseis thedigestofdigitalcertificate.Through research and study, we conclude that EMHA is a new typeone-way hash algorithm which has correctness, security, complexity andfeasibility.(3)ThenewsignaturesolutionofdigitalcertificateAccording to different users, the signature solution is divided into CAsignature solution (ZSA-A) and subject signature solution (ZSA-S) in the innovative public-key cryptosystem.We will introduce the signature andvalidationdesignideasofthemorecomplexone(ZSA-A)asfollows.CAnamedAliceunderwritesthedigitalcertificatem:1. Alice chooses the ergodic matricesFqQ1 , Q2,Q3?Mn?n, and constructsthestrongmatrices M1 ? MS (Q 1,Q2),M2?MS(Q2,Q3);2. Alice chooses the stochastic element k1 , k2? {1,2,?, qn?1}as theprivate-keyofdigitalcertificaterandom;3. Alice computes P1 and P2 as the public-key ofsignature121112P ?Qk MQk122223P ? Qk MQk;4. Alice uses the function of EMHA to compute e = H(m); (Thefunction of H(x) is to extract the digest of m and to translate it to avaluebyaspecialmethod)5. Alicechoosesthestochasticelement t1 , t2? {1,2,?, qn?1};6. Alicecomputes1 21t223t22t12tT1 ? Q1MQ, T?QMQ;7. Alicecomputes1 12t223tt12tT ? T1 * T2?Q1MQ?MQ;8. Alicecomputesr=H(T);9. AlicecomputesS1=1222121rekkrtetk?? ;10. AlicecomputesS3=ketrS11 ? 1;11. AlicecomputesS2=rttekSekS21 ? 2?11?23;12. Alicegeneratesthesignatureofcertificatesign(m)=(r,S1,S2,S3).SubjectnamedBobvalidatestheAlice'ssignature(r,S1,S2,S3):1. Bobcomputese=H(m);2. Bobcomputes QrS11 , QrS22 , QrS33 ;3. BobcomputesPower(eS3,P1)=13ek2S312ekSQ1 MQ;4. BobcomputesPower(eS1,P2)=11ek2S123ekSQ 2 MQ;5. Bob multiplies the step-3 result by QrS11 , QrS22 on the right and left: 6. Bob multiplies the step-4 result by Qr3 on the right and left:SrSke 23SrSke2 11MQ3?12;7. Bob multiplies the step-5 result by the step-6 result and gets thevalue:T'= Q1 S 1 r? S3k1eM1Q2S1k1e?2S2r?S3k2eM2Q3S3r?S1k2e;8. Bobcomputesr'=H(T');9. Ifr=r',Alice'ssignatureisvalid,elseisinvalid.(4)ThenewencryptionsolutionofdigitalcertificateThe encryption solution of digital certificate is also divided into CAencryption solution (ZEA-A) and subject encryption solution (ZEA-S) in theinnovative public-key cryptosystem.We will introduce the encryption designideasofZEA-Aasfollows:1. SendernamedAlicewillencrypttheplaintextFq2. Alicechoosesthestochasticelement s , t? {1,2,?, qn?1};3. Alicecomputes A ? Q1 s M1Q2t, B?Q2sM2Q3t;4. Alicecomputes C ? W?fP1 ( s)fP2(t);5. AlicegeneratestheciphertextA,B,C,andsentsthemtoBob;6. Bobcomputes W ? C?fA( x)fB(y);7. BobreceivestheplaintextW.(5)ThesecuritymanagementofdigitalcertificateDigital certificate have a comprehensive and huge securitymanagementsystem, and this system includes every aspect and detail of digital certificatemanagement. This paper has selected the digital certificate generation,issuance, revocation, update and store which are essential for the system, andintroduced their respective management of content and mode under theinnovativepublic-keycryptosystem. Research shows that regardless of safety or feasibility, the innovativepublic-key cryptosystem has demonstrated innovative ideas and tremendouspotentialasareplacesolutiontotheexistingsystems. |
PDF Full Text Request