CN106850229A - SM2 digital signature generation method and system based on the secret segmentation of product - Google Patents
SM2 digital signature generation method and system based on the secret segmentation of product Download PDFInfo
- Publication number
- CN106850229A CN106850229A CN201710046710.1A CN201710046710A CN106850229A CN 106850229 A CN106850229 A CN 106850229A CN 201710046710 A CN201710046710 A CN 201710046710A CN 106850229 A CN106850229 A CN 106850229A
- Authority
- CN
- China
- Prior art keywords
- mod
- digital signature
- interval
- calculated
- integer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
Invention is related to SM2 digital signature generation methods:Device 1,2 has secret d1、d2And dA(1+dA)‑1Mod n=d1d2Mod n, dAIt is user's SM2 private keys;H=a (d are setA)‑1Mod n, Ga=[a] G, a are optional secret numbers, and G is the basic point of SM2, and h does not maintain secrecy;When digital signature is generated, two device interactive computings go out Q=[(k1+k2)]Gb, r=(e+x1) mod n, wherein k1、k2It is the optional integer of device 1,2, Gb=[b] Ga, b is the integer that device 1 is only known, (x1,y1)=Q, e are the Hash Values of message;Device 1 is by w1=d1B mod n, s1=(hk1‑(b)‑1R) mod n are to device 2;Device 2 calculates s=d2w1(hk2+s1)mod n;(r, s) is the digital signature of message.
Description
Technical field
The invention belongs to field of information security technology, particularly a kind of SM2 digital signature life based on the secret segmentation of product
Into method and system.
Background technology
In public-key encryptosystem, in order to ensure the security of private key for user, the private key of user is typically stored in
Used in special cryptographic hardware, such as storage is used in USB Key, SmartCard, and private key can not lead from cryptographic hardware
Go out.But, in some cases, such as, due to cost, or (such as movement is logical due to no suitable cryptographic hardware
Letter terminal) so that user cannot rely on cryptographic hardware to store private key and carry out crypto-operation using private key.For this
Situation, current most common method is the crypto module for using pure software, and private key for user is stored in into user's computing device sheet
In the permanent storage media on ground (electric board such as in the disk of PC, mobile communication terminal), and by PIN
(Personal Identification Number) code is protected to private key.When private key for user is needed to use, software key
Code module reads private key for user (requiring user input PIN code if necessary) from the permanent storage media of user's computing device, then
Carry out crypto-operation.It is this be stored in using pure software password mould, by private key for user computing device it is local by the way of there is user
The risk of private key leakage, such as, attacker steals the private key for user being stored in user's computing device by wooden horse, cracks user
The PIN code of private key is protected, so as to obtain private key for user;And it is this by the way of pure software crypto module, private key for user is most
Need to be imported into internal memory with plaintext version eventually and used, such attacker steals and be stored in possibly through certain attack pattern
Private key for user in internal memory.How in the case where cryptographic hardware is not used, safety is stored and has reality using private key for user
Demand, there is good practical application meaning to the solution of this problem.
The solution common to this problem is that private key for user is divided into many parts by certain mode, and every part is referred to as
, then by every part of secret shadow storage to different computing devices, especially be stored in for partial secret share by secret shadow
Safety precautions in place, in the online cryptographic service system of the good professional cryptographic service mechanism of safety condition;When password should
When private key for user is needed to use with program, system carrying out crypto-operation, such as it is digitally signed or during data deciphering, multiple is calculated
Device carries out crypto-operation using the secret shadow of oneself respectively, finally by each device calculate result merge, formed it is last,
The result (result of digital signature or data deciphering) of crypto-operation is carried out using private key for user.
SM2 be by national Password Management office promulgate a kind of ellipse curve public key cipher algorithm (referring to《SM2 elliptic curves
Public key algorithm》Specification, national Password Management office, in December, 2010), can realize that digital signature, key are handed over based on this algorithm
Change and data encryption.But, due to the unique digital signature computing mode of SM2 algorithms, common privacy sharing (segmentation) mode
And the corresponding crypto-operation mode based on privacy sharing, it is impossible to it is adapted for use with the situation that SM2 private keys are digitally signed.
The content of the invention
The purpose of the present invention is to propose to SM2 digital signature generation method of the one kind based on secret segmentation (or shared), with full
In the case of the no cryptographic hardware of foot, the demand that safe handling user's SM2 private keys are digitally signed.
For the purpose of the present invention, technical scheme proposed by the present invention is a kind of SM2 numerals based on the secret segmentation of product
Signature generating method.
In the following description to technical solution of the present invention, if P, Q are the element (point) in elliptic curve point group, P+Q
Represent that the point of P, Q adds, [k] P represents that the point of k elliptic curve point P adds, i.e. P+P+...+P (has k P);Ellipsis " ... ",
Represent the data item of multiple same (types) or multiple same computings;c-1Represent inverse (the i.e. cc of mould n multiplication of integer c-1mod n
=1);Multiple integers are multiplied (including integer symbol is multiplied, constant is multiplied with integer symbol), are not producing ambiguous situation
Under, multiplication sign " " is dispensed, such as k1·k2It is reduced to k1k2, 3c, simplified position 3c;Mod n represent mould n computings (modulo
Operation), correspond to《SM2 ellipse curve public key cipher algorithms》In specification (national Password Management office, in December, 2010)
modn;Further, the priority of the operators m od n of mould n computings is minimum, and such as a+b mod n are equal to (a+b) mod n, a-b
Mod n are equal to (a-b) mod n, ab mod n and are equal to (ab) mod n.
The method of the present invention is specific as follows.
Methods described is related to two to be referred to as device 1, the device of device 2;
Before digital signature is generated, following initialization operation is carried out for two devices for participating in digital signature generation:
Give the distribution secret shadow of device 1 d1, give the distribution secret shadow of device 2 d2, wherein d1、d2It is in interval [1, n-1]
Integer, and the elliptic curve point order of a group that n is SM2 crypto-operations to be used, namely the elliptic curve that SM2 crypto-operations are used
The rank (the elliptic curve point group that SM2 crypto-operations are used refers to the cyclic group generated by basic point G) of the basic point G of point group;
Two secret shadows of device and the SM2 private keys d of userAMeet relation:
(1+dA)-1dAMod n=d1d2Mod n, wherein, (1+dA)-1It is (1+dA) the inverse (i.e. (1+d of mould n multiplicationA)-1(1
+dA) mod n=1);
One integer a of random selection in interval [1, n-1], calculates Ga=[a] G, h=a (dA)-1Mod n, wherein G are
The basic point of SM2 elliptic curve point groups;By h to device 1, device 2;GaWill be to needing G in digital signature generating processaDevice 1
And/or device 2 (present invention in a be not elliptic curve equation parameter a;GaWithout secrecy, unwanted problem is simply needed);
(two devices do not possess a, dA;Carry out secret segmentation, provide initialization operation can be one special close
A crypto module in key management system, or user's computing device, key management instrument);
As the SM2 private keys d for needing to use userAWhen being digitally signed for message M, two devices enter as follows
The generation of row digital signature (needs to use the SM2 private keys d of userA, for the main body that message M is digitally signed can be adjust
With the cryptographic application of the two devices, system or crypto module, or cryptographic application in one of two devices, it is
System):
First, two devices obtain Q=[(k by interactive computing1+k2)]Gb, r=(e+x1) mod n, and r, the Q for obtaining
Meet:R ≠ 0 and [r] G+Q are not the null element (infinite point) of SM2 elliptic curve point groups, wherein k1、k2It is during calculating Q
Device 1, device 2 randomly selected integer, G in interval [1, n-1] respectivelyb=[b] Ga, b be in interval [1, n-1] only
The integer constant (secret) that device 1 is just known, or b is to calculate the random selection in interval [1, n-1] of device 1 during Q
An integer, G is the basic point of SM2 elliptic curve point groups, x1Take from (x1,y1)=Q, e are derived from ID and message M
Hash Value (i.e. hashed value) (present invention in b be not elliptic curve equation parameter b;By SM2 algorithms, e is from ID
IDAEtc. Hash Value Z derived from parameterAThe Hash Value of the data after merging with message M, referring to SM2 specifications);
Afterwards, device 1 calculates w1=d1B mod n, s1=(hk1-(b)-1R) mod n, then by w1、s1It is sent to device
2;
Finally, device 2 receives the w of device 11、s1Afterwards, s=d is calculated2w1(hk2+s1) mod n (now s=d2d1(bh
(k2+k1)-r) mod n=(1+dA)-1(ba(k2+k1)-dAr)mod n);(r, s) is exactly that the numeral for message M of generation is signed
Name.
Here r is non-private data, can be transmitted between two as needed.
If b is the integer constant (secret) that only device 1 is just known in interval [1, n-1], then generated in digital signature
In preceding initialization procedure, (by initialization instrument or system or device 1) calculates Gb=[b] Ga, device 1, device 2 are preserved respectively
Gb;When being digitally signed for message M, device 1 and device 2 all obtain G from the local data for preservingb;
If b is to calculate the randomly selected integer in interval [1, n-1] of device 1 during Q, then for message
When M is digitally signed, the one integer b of random selection in interval [1, n-1] of device 1 is calculated Gb=[b] Ga, then will
GbDevice 2 is sent to, thus device 1 and device 2 all obtain Gb。
When being digitally signed for message M, two devices as follows, or by the side being equal to following manner
Formula, Q=[(k are obtained by interactive computing1+k2)]Gb, r=(e+x1) mod n, and r, Q satisfaction for obtaining:R ≠ 0 and [r] G+Q
It is not the null element (infinite point) of SM2 elliptic curve point groups:
First, device 1 and device 2 obtain G from the data for preserving or by calculating and exchange in real time respectivelyb;
Afterwards, one integer k of random selection in interval [1, n-1] of device 11, it is calculated Q1=[k1]Gb;
One integer k of random selection in interval [1, n-1] of device 22, it is calculated Q2=[k2]Gb, then by Q2Send
To device 1;
Device 1 receives Q2Afterwards, Q=Q is calculated1+Q2, now Q=[(k1+k2)]Gb(=[b (k1+k2)]Ga);
Device 1 check Q whether be SM2 elliptic curve point groups null element (infinite point), if so, then device 1 is reselected
k1, recalculate Q1=[k1]Gb, recalculate Q=Q1+Q2, rejudge whether Q is null element, this process is repeated, until Q is not
Untill null element;If Q is not null element, device 1 takes (x1,y1)=Q, calculates r=(e+x1)mod n;
If r, Q for being calculated meet:R ≠ 0 and [r] G+Q are not the null elements (infinite point) of SM2 elliptic curve point groups,
The then calculating of Q, r is completed;Otherwise, device 1 randomly chooses an integer k in interval [1, n-1] again1, then recalculate
Q1, Q=Q1+Q2, rejudge whether Q is null element, and r is calculated when Q is not null element, repeat this process, until r ≠ 0 and
[r] G+Q is not the null element (infinite point) of SM2 elliptic curve point groups;
Or, if r=0 or [r] G+Q are the null elements (infinite point) of SM2 elliptic curve point groups, two devices together from
Head re-starts the calculating of Q, r, and (i.e. device 1 and device 2 retrieves Gb, device 1 reselects k1, device 2 reselects k2,
Then Q=Q is calculated1+Q2, judge whether Q is null element, and r=(e+x are calculated when Q is not null element1) mod n), repeat this mistake
Journey, until r ≠ 0 and [r] G+Q are not the null elements (infinite point) of SM2 elliptic curve point groups;
The equivalent mode, i.e., can equally obtain Q=[(k1+k2)]GbAnd r is calculated according to Q, and cause that r, Q are full
Sufficient r ≠ 0 and [r] G+Q are not the modes of the null element of SM2 elliptic curve point groups.
If device 1 is when Q, r is calculated, only check whether r is zero, does not check whether [r] G+Q is SM2 elliptic curves
The null element (infinite point) of point group, and the calculating of Q, r is only re-started in r=0 (as long as r ≠ 0 does not just re-start Q, r meter
Calculate), then:
After device 2 is calculated s, (s+r) mod n=0 are found if checking, abandon the s being calculated, device 1 is again
One integer k of random selection in interval [1, n-1]1, recalculate Q1, Q=Q1+Q2, rejudge whether Q is null element, and
R=(e+x are calculated when Q is not null element1) modn, device 2 recalculates s, this process repeated, until (s+r) mod n ≠ 0;
Or after device 2 is calculated s, (s+r) mod n=0 being found if checking, from the beginning two devices enter again together
(i.e. device 1 and device 2 obtains G for the calculating of row Q, rb, device 1 reselects k1, calculate Q1, device 2 reselects k2, calculate Q2,
Then device 1 recalculates Q=Q1+Q2, judge whether Q is null element, and r=(e+x are calculated when Q is not null element1)mod
N), device 2 recalculates s, until (s+r) mod n ≠ 0.
In above scheme, if b be calculate during Q device 1 in interval [1, n-1] randomly selected one it is whole
Count, then k1Both can be to calculate Q1When device 1 in interval [1, n-1] a randomly selected integer, or interval [1,
N-1] in the only integer constant just known of device 1 (calculate Q every time1When all use same k1)。
The public key of user is still dAG, calculates and publishes before secret segmentation.
The system includes two devices, wherein, a device is user's computing device, and another is cipher key service system
Cipher server, or two devices are all the cipher servers of cipher key service system;Two devices are signed by SM2 numerals
Name generation method, generates the digital signature to message M using user SM2 private keys dA。
Be can see from the above content of the invention, generated using the SM2 digital signature based on the secret segmentation of product of the invention
Method, when user does not have hardware cryptographic device to deposit SM2 private keys, can be by the private key d with userARelated secret data (1
+dA)-1Two parts of secret shadows are divided into by product, the cryptographic service system of different cryptographic service mechanisms is stored in respectively, needed
When being signed to message using the SM2 private keys of user, the cryptographic service system of Liang Ge mechanisms is secret using what is each had respectively
Close share, the digital signature for message is ultimately produced by interaction;Or, the portion in two parts of secret shadows is stored in one
In the cryptographic service system of cryptographic service mechanism, another is stored in the computing device of user, when needing to use user's
When SM2 private keys are signed to message, the computing device of user and the cryptographic service system of cryptographic service mechanism are respectively using each
From the secret shadow having, the digital signature for message is ultimately produced by interaction;Because attacker is obtained at two simultaneously
Secret shadow in the cryptographic service system of different cryptographic service mechanisms, or obtain simultaneously in user's computing device and password clothes
The possibility of the secret shadow in the cryptographic service system of business mechanism is extremely low, and this has been considerably improved in the feelings without cryptographic hardware
Under condition, the security that user's SM2 private keys are used.
Specific embodiment
With reference to embodiment, the invention will be further described.Following examples are not as a limitation of the invention.
By secret (1+dA)-1It is divided into d1、d2, and (1+dA)-1=d1d2Mod n are easily:In [1, n-1] with
Machine selects an integer as d1, afterwards, calculate d2=(d1)-1(1+dA)-1Mod n.
Embodiment 1,
In this embodiment, the computing device (such as PC, mobile communication terminal) of user is SM2 numerals of the invention
One (device 1 or device 2) in two devices in signature segmentation generation method, another device is a cryptographic service system
Cipher server in system (as device 2 or device 1);The computing device and cipher server of user do not preserve user's
SM2 private keys dA、(1+dA)-1;(1+dA)-1Secret shadow d1、d2, portion is stored in user's computing device, and another is stored in
In cipher server;When the cryptographic application or system in user's computing device will use the SM2 private keys d of userATo message
When being signed, user's computing device (in fact, the crypto module typically in user's computing device) is handed over cipher server
Mutually, secret shadow d is used using the method for the present invention1、d2Generate the digital signature of message.
Embodiment 2,
In this embodiment, a device in SM2 digital signature segmentation generation method of the invention is a mechanism
Cipher server in cryptographic service system, another device is the cryptographic service in the cryptographic service system of another mechanism
Device;The cipher server of user's computing device and Liang Ge cryptographic services mechanism does not preserve the SM2 private keys d of userA、(1+dA
)-1;(1+dA)-1Two parts of secret shadow d1、d2, it is stored in respectively in two cipher servers of cryptographic service system;Work as user
Cryptographic application or system in computing device will use the SM2 private keys d of userAWhen being signed to message, user calculates
Device (crypto module typically in user's computing device) transmits the request to a cryptographic service system, latter two password
The cipher server of service system using the method for the present invention, uses secret shadow d by interaction1、d2Generate the numeral of message
Signature, is then returned to user's computing device by the signature of generation;In digital signature generating process, two password clothes are adhered to separately
In two cipher servers of business system any one can all as the device 1 in digital signature generation method of the invention,
Another is used as device 2.
Based on the method for the present invention, it is easy to build the system for implementing the inventive method.
Two devices are included based on the SM2 digital signature segmentation generation system that the method for the present invention builds, wherein, a dress
It is user's computing device to put, and another is the cipher server of cipher key service system, or two devices are all cipher key service systems
The cipher server of system;Two devices are generated using the method for the present invention and use user's SM2 private keys dANumeral to message M is signed
Name.
Other unaccounted particular techniques are implemented, and are it is well known that not saying certainly for those skilled in the relevant art
Bright.
Claims (6)
1. a kind of based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
Methods described is related to two devices for being referred to as first device, second device;
Before digital signature is generated, following initialization operation is carried out for two devices for participating in digital signature generation:
Give first device distribution secret shadow d1, give second device distribution secret shadow d2, wherein d1、d2It is in interval [1, n-1]
Integer, and the n elliptic curve point orders of a group that to be SM2 crypto-operations used, namely the ellipse that SM2 crypto-operations are used is bent
The rank of the basic point G of line point group;Two secret shadows of device and the SM2 private keys d of userAMeet relation:
(1+dA)-1dAMod n=d1d2Mod n, wherein, (1+dA)-1It is (1+dA) mould n multiplication it is inverse;
One integer a of random selection in interval [1, n-1], calculates Ga=[a] G, h=a (dA)-1Mod n, wherein G are SM2 ellipse
The basic point of circular curve point group;By h to first device, second device;GaWill be to needing G in digital signature generating processaFirst dress
Put and/or second device;
As the SM2 private keys d for needing to use userAWhen being digitally signed for message M, two devices enter line number as follows
The generation of word signature:
First, two devices obtain Q=[(k by interactive computing1+k2)]Gb, r=(e+x1) mod n, and r, Q satisfaction for obtaining:
R ≠ 0 and [r] G+Q are not the null element of SM2 elliptic curve point groups, wherein k1、k2It is to calculate first device, the second dress during Q
Put randomly selected integer, G in interval [1, n-1] respectivelyb=[b] Ga, b be only first device in interval [1, n-1]
The integer constant known, or b is to calculate first device randomly selected integer in interval [1, n-1] during Q,
G is the basic point of SM2 elliptic curve point groups, x1Take from (x1,y1)=Q, e are the Hash Values derived from ID and message M;
Afterwards, first device calculates w1=d1B mod n, s1=(hk1-(b)-1R) mod n, then by w1、s1It is sent to the second dress
Put;
Finally, second device receives the w of first device1、s1Afterwards, s=d is calculated2w1(hk2+s1)mod n;(r, s) is exactly to generate
The digital signature for message M.
2. according to claim 1 based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
It is if b is the integer constant that only first device is just known in interval [1, n-1], then initial before digital signature generation
During change, G is calculatedb=[b] Ga, first device, second device preserve G respectivelyb;When being digitally signed for message M,
First device and second device obtain G from the local data for preserving respectivelyb;
If b is to calculate first device randomly selected integer in interval [1, n-1] during Q, then for message M
When being digitally signed, first device one integer b of random selection in interval [1, n-1] is calculated Gb=[b] Ga, then
By GbSecond device is sent to, thus first device and second device all obtain Gb。
3. according to claim 2 based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
When being digitally signed for message M, two devices as follows, or in the way of being equal to following manner,
Q=[(k are obtained by interactive computing1+k2)]Gb, r=(e+x1) mod n, and r, Q satisfaction for obtaining:R ≠ 0 and [r] G+Q is not
The null element of SM2 elliptic curve point groups:
First, first device and second device obtain G from the data for preserving or by calculating and exchange in real time respectivelyb;
Afterwards, first device one integer k of random selection in interval [1, n-1]1, it is calculated Q1=[k1]Gb;
Second device one integer k of random selection in interval [1, n-1]2, it is calculated Q2=[k2]Gb, then by Q2It is sent to
First device;
First device receives Q2Afterwards, Q=Q is calculated1+Q2, now Q=[(k1+k2)]Gb;
First device check Q whether be SM2 elliptic curve point groups null element, if so, then first device reselects k1, count again
Calculate Q1=[k1]Gb, recalculate Q=Q1+Q2, rejudge whether Q is null element, this process is repeated, untill Q is not null element;
If Q is not null element, first device takes (x1,y1)=Q, calculates r=(e+x1)mod n;
If r, Q for being calculated meet:R ≠ 0 and [r] G+Q are not the null elements of SM2 elliptic curve point groups, then the calculating of Q, r is complete
Into;Otherwise, first device randomly chooses an integer k in interval [1, n-1] again1, then recalculate Q1, Q=Q1+Q2,
Rejudge whether Q is null element, and r is calculated when Q is not null element, this process is repeated, until r ≠ 0 and [r] G+Q is not SM2
The null element of elliptic curve point group;
Or, if r=0 or [r] G+Q are the null elements of SM2 elliptic curve point groups, from the beginning two devices re-start Q, r together
Calculating, this process is repeated, until r ≠ 0 and [r] G+Q are not the null elements of SM2 elliptic curve point groups;
The equivalent mode, i.e., can equally obtain Q=[(k1+k2)]GbAnd r is calculated according to Q, and cause that r, Q meet r
≠ 0 and [r] G+Q is not the mode of the null element of SM2 elliptic curve point groups.
4. according to claim 3 based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
If first device is when Q, r is calculated, only check whether r is zero, does not check whether [r] G+Q is SM2 elliptic curve points
The null element of group, and the calculating of Q, r is only re-started in r=0, then:
After second device is calculated s, (s+r) mod n=0 are found if checking, abandon the s being calculated, first device weight
New one integer k of random selection in interval [1, n-1]1, recalculate Q1, Q=Q1+Q2, rejudge whether Q is null element, with
And r=(e+x are calculated when Q is not null element1) mod n, second device recalculates s, this process repeated, until (s+r) mod n
≠0;
Or after second device is calculated s, (s+r) mod n=0 being found if checking, from the beginning two devices enter again together
The calculating of row Q, r, second device recalculates s, until (s+r) mod n ≠ 0.
5. according to claim 4 based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
If b is to calculate first device randomly selected integer in interval [1, n-1] during Q, then k1It is to calculate Q1When
First device randomly selected integer in interval [1, n-1], or there was only first device just in interval [1, n-1]
The integer constant known.
6. a kind of SM2 digital signature of SM2 digital signature generation methods based on any one of claim 1-4 generates system
System, it is characterized in that:
The system includes two devices, wherein, a device is user's computing device, and another is the close of cipher key service system
Code server, or two devices are all the cipher servers of cipher key service system;A device in two devices is used as institute
The first device in SM2 digital signature generation methods is stated, another device is used as in the SM2 digital signature generation method
Two devices;Two devices press the SM2 digital signature generation method, and generation uses user's SM2 private keys dANumeral to message M is signed
Name.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710046710.1A CN106850229B (en) | 2017-01-22 | 2017-01-22 | SM2 digital signature generation method and system based on product secret division |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710046710.1A CN106850229B (en) | 2017-01-22 | 2017-01-22 | SM2 digital signature generation method and system based on product secret division |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106850229A true CN106850229A (en) | 2017-06-13 |
CN106850229B CN106850229B (en) | 2019-10-25 |
Family
ID=59119717
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710046710.1A Active CN106850229B (en) | 2017-01-22 | 2017-01-22 | SM2 digital signature generation method and system based on product secret division |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106850229B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483191A (en) * | 2017-08-16 | 2017-12-15 | 济南浪潮高新科技投资发展有限公司 | A kind of SM2 algorithm secret keys segmentation signature system and method |
CN107528696A (en) * | 2017-09-27 | 2017-12-29 | 武汉理工大学 | The digital signature generation method and system of a kind of hiding private key secret |
CN107623570A (en) * | 2017-11-03 | 2018-01-23 | 北京无字天书科技有限公司 | A kind of SM2 endorsement methods based on addition Secret splitting |
CN107819581A (en) * | 2017-10-20 | 2018-03-20 | 武汉理工大学 | The generation method and system of number and elliptic curve point comprising secret |
CN109257176A (en) * | 2018-10-18 | 2019-01-22 | 天津海泰方圆科技有限公司 | Decruption key segmentation and decryption method, device and medium based on SM2 algorithm |
CN110166235A (en) * | 2019-05-21 | 2019-08-23 | 武汉理工大学 | The SM9 digital signature collaboration generation method and system of enhancing safety |
CN110380855A (en) * | 2019-06-14 | 2019-10-25 | 武汉理工大学 | Support the SM9 digital signature generation method and system of multi-party collaboration enhancing safety |
CN112367170A (en) * | 2021-01-12 | 2021-02-12 | 四川新网银行股份有限公司 | Data hiding query security sharing system and method based on multi-party security calculation |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101321053A (en) * | 2007-06-08 | 2008-12-10 | 华为技术有限公司 | Group cipher key generating method, system and apparatus |
CN102075931A (en) * | 2011-01-14 | 2011-05-25 | 中国科学技术大学 | Information theoretical security-based key agreement method in satellite network |
US20140211938A1 (en) * | 2013-01-29 | 2014-07-31 | Certicom Corp. | Modified elliptic curve signature algorithm for message recovery |
CN104202163A (en) * | 2014-08-19 | 2014-12-10 | 武汉理工大学 | Password system based on mobile terminal |
CN104243456A (en) * | 2014-08-29 | 2014-12-24 | 中国科学院信息工程研究所 | Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm |
-
2017
- 2017-01-22 CN CN201710046710.1A patent/CN106850229B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101321053A (en) * | 2007-06-08 | 2008-12-10 | 华为技术有限公司 | Group cipher key generating method, system and apparatus |
CN102075931A (en) * | 2011-01-14 | 2011-05-25 | 中国科学技术大学 | Information theoretical security-based key agreement method in satellite network |
US20140211938A1 (en) * | 2013-01-29 | 2014-07-31 | Certicom Corp. | Modified elliptic curve signature algorithm for message recovery |
CN104202163A (en) * | 2014-08-19 | 2014-12-10 | 武汉理工大学 | Password system based on mobile terminal |
CN104243456A (en) * | 2014-08-29 | 2014-12-24 | 中国科学院信息工程研究所 | Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm |
Non-Patent Citations (2)
Title |
---|
SHILPI SINGH等: "Secured user"s authentication and private data storage- access scheme in cloud computing using Elliptic curve cryptography", 《IEEE XPLORE》 * |
庞辽军: "秘密共享技术及其应用研究", 《中国优秀博硕士学位论文全文数据库信息科技辑》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483191A (en) * | 2017-08-16 | 2017-12-15 | 济南浪潮高新科技投资发展有限公司 | A kind of SM2 algorithm secret keys segmentation signature system and method |
CN107483191B (en) * | 2017-08-16 | 2020-04-14 | 浪潮集团有限公司 | SM2 algorithm key segmentation signature system and method |
CN107528696A (en) * | 2017-09-27 | 2017-12-29 | 武汉理工大学 | The digital signature generation method and system of a kind of hiding private key secret |
CN107819581A (en) * | 2017-10-20 | 2018-03-20 | 武汉理工大学 | The generation method and system of number and elliptic curve point comprising secret |
CN107819581B (en) * | 2017-10-20 | 2019-10-25 | 武汉理工大学 | Generation method and system comprising secret number and elliptic curve point |
CN107623570A (en) * | 2017-11-03 | 2018-01-23 | 北京无字天书科技有限公司 | A kind of SM2 endorsement methods based on addition Secret splitting |
CN107623570B (en) * | 2017-11-03 | 2020-12-04 | 北京无字天书科技有限公司 | SM2 signature method based on addition key segmentation |
CN109257176A (en) * | 2018-10-18 | 2019-01-22 | 天津海泰方圆科技有限公司 | Decruption key segmentation and decryption method, device and medium based on SM2 algorithm |
CN110166235A (en) * | 2019-05-21 | 2019-08-23 | 武汉理工大学 | The SM9 digital signature collaboration generation method and system of enhancing safety |
CN110166235B (en) * | 2019-05-21 | 2020-08-11 | 武汉理工大学 | SM9 digital signature collaborative generation method and system for enhancing security |
CN110380855A (en) * | 2019-06-14 | 2019-10-25 | 武汉理工大学 | Support the SM9 digital signature generation method and system of multi-party collaboration enhancing safety |
CN112367170A (en) * | 2021-01-12 | 2021-02-12 | 四川新网银行股份有限公司 | Data hiding query security sharing system and method based on multi-party security calculation |
Also Published As
Publication number | Publication date |
---|---|
CN106850229B (en) | 2019-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106549770B (en) | SM2 digital signature generation method and system | |
CN106603246B (en) | A kind of SM2 digital signature segmentation generation method and system | |
CN106850229B (en) | SM2 digital signature generation method and system based on product secret division | |
CN106850198B (en) | SM2 digital signature generation method and system based on the collaboration of more devices | |
CN106603231B (en) | Based on the distributed SM2 digital signature generation method and system for going secretization | |
CN106656512B (en) | Support the SM2 digital signature generation method and system of threshold cryptography | |
CN107819585B (en) | SM9 digital signature collaborative generation method and system | |
US8688973B2 (en) | Securing communications sent by a first user to a second user | |
CN106712942B (en) | SM2 digital signature generation method and system based on privacy sharing | |
CN107104793B (en) | A kind of digital signature generation method and system | |
CN109728906B (en) | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool | |
CN107872322A (en) | Digital signature collaboration generation method and system based on homomorphic cryptography | |
CN107968710A (en) | SM9 digital signature separation interaction generation method and system | |
CN107483205B (en) | A kind of the digital signature generation method and system of the private key secret based on encryption | |
CN109905229B (en) | Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool | |
CN110213057B (en) | SM9 digital signature collaborative generation method and system with product r parameter | |
CN109951292A (en) | The SM9 digital signature simplified separates interaction generation method and system | |
CN109495244A (en) | Anti- quantum calculation cryptographic key negotiation method based on pool of symmetric keys | |
CN110166235B (en) | SM9 digital signature collaborative generation method and system for enhancing security | |
Chattopadhyay et al. | An efficient verifiable (t, n)-threshold secret image sharing scheme with ultralight shares | |
CN104734847A (en) | Shared symmetric key data encrypting and decrypting method for public key cryptography application | |
CN109962783A (en) | SM9 digital signature collaboration generation method and system based on progressive calculating | |
CN107528696A (en) | The digital signature generation method and system of a kind of hiding private key secret | |
CN104868994B (en) | Method, device and system for managing cooperative key | |
CN110380855A (en) | Support the SM9 digital signature generation method and system of multi-party collaboration enhancing safety |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |