CN108667623A - A kind of SM2 ellipse curve signatures verification algorithm - Google Patents
A kind of SM2 ellipse curve signatures verification algorithm Download PDFInfo
- Publication number
- CN108667623A CN108667623A CN201810524715.5A CN201810524715A CN108667623A CN 108667623 A CN108667623 A CN 108667623A CN 201810524715 A CN201810524715 A CN 201810524715A CN 108667623 A CN108667623 A CN 108667623A
- Authority
- CN
- China
- Prior art keywords
- point
- algorithm
- bit string
- carried out
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Complex Calculations (AREA)
Abstract
The invention discloses a kind of SM2 ellipse curve signatures verification algorithms, include the following steps:Digital signature generating algorithm:The initial data for inputting signer A, includes systematic parameter (basic point G, rank n), the private key d of Hash Value ZA, signer A of elliptic curveA, message M to be signed;Obtain random bit string W;The present invention is during digital signature generates, one section of random bit string is obtained first, then NAND operation will be carried out with Hash Value again after message to be signed and random bit string xor operation, if signing messages is intercepted and captured by criminal during transmission, criminal in not knowing signature process xor operation and in the case of NOT-AND operation, it cannot crack and forge completely, to improve the safety of signing messages, crack and forge after preventing criminal from intercepting and capturing signing messages.
Description
Technical field
The present invention relates to field of information security technology, and in particular to a kind of SM2 ellipse curve signatures verification algorithm.
Background technology
Identity identifying technology is to ensure that the leading force of information security, the design and realization of Verification System become heavy to closing
It wants.Only by the identity authorization system of high reliability, the information security of ability effective guarantee communicating pair prevents information from passing
It is intercepted and captured by criminal during defeated.SM2 is the curve public key that national Password Management office issued on December 17th, 2010
Cryptographic algorithm, digital signature technology are an important applications of ellipse curve public key cipher algorithm, it in hyundai electronics commercial affairs and
Play key player in government affairs, it is ensured that integrality of the message in transmission process is authenticated the identity of sender,
Prevent the generation denied in transaction.
Existing SM2 signature sign test algorithms mostly directly disappear to be signed during signature generates (signature verification)
It ceases (message to be verified) and Hash Value carries out head and the tail concatenation, this head and the tail connecting method is too simple, is easy by not
The attack of method molecule, safety are relatively low.
For SM2 ellipse curve public key cipher algorithms in calculating process, most time-consuming is exactly Algorithm for Scalar Multiplication, and is transported in dot product
Most time-consuming for modular inversion in calculation, required time is more than ten times of modular multiplication, due to completing a point multiplication operation in difference
The number of the modular inversion of required progress under coordinate is different, in the Montgomery Algorithm for Scalar Multiplication under affine coordinate system,
Each point processing (point plus, point doubling) is required for carrying out a modular inversion, when multiple modular inversion can expend a large amount of
Between, in the Montgomery Algorithm for Scalar Multiplication under standard projection coordinate, point processing (point plus, point doubling) need not carry out the inverse fortune of mould
It calculates, but the number of modular multiplication can greatly increase, and equally can also take a substantial amount of time.Traditional Montgomery Algorithm for Scalar Multiplication
Point multiplication operation is only often carried out under a coordinate system, is only used a modular multiplication unit and the method using serial computing, is caused
Point multiplication operation speed is slower, and then the sign test process arithmetic speed that causes entirely to sign is slower, the problem of taking considerable time.
Invention content
The shortcomings that it is an object of the invention to overcome the prior art with it is insufficient, provide a kind of arithmetic speed faster, safety
Higher SM2 ellipse curve signatures verification algorithm.
The purpose of the invention is achieved by the following technical solution:
A kind of SM2 ellipse curve signatures verification algorithm, includes the following steps:
S1, digital signature generating algorithm:
S1.1, the initial data of input signer A, includes systematic parameter (basic point G, rank n), the Hash Value of elliptic curve
The private key d of ZA, signer AA, message M to be signed;
S1.2 obtains random bit string W;
Message M and random bit string W are carried out xor operation, obtain M by S1.3w;
S1.4, by Hash Value ZA and MwNOT-AND operation is carried out, M is obtainede;
S1.5, using SM3 algorithms to MeCryptographic Hash operation is carried out, Hash Value e is obtained;
S1.6 generates random number k ∈ [1, n-1];
S1.7 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1,y1)=[k] G;
S1.8 calculates r=(e+x1)mod n;
Whether S1.9 examines r=0 or r+k=n true, S1.6 is returned to if setting up, if invalid execute S1.10;
S1.10 calculates s=((1+dA)-1*(k-r*dA))mod n;
Whether S1.11 examines s=0 true, S1.6 is returned to if setting up, if invalid execute S1.12;
S1.12 exports random bit string W, message M and its digital signature (r, s);
S2, digital signature verification algorithm:
S2.1, the initial data of input authentication B, including elliptic curve systems parameter (basic point G, rank n), signer A's
Public key PA, random bit string W, Hash Value ZA, need the message M' and its digital signature (r', s') of sign test;
Whether S2.2 examines r' ∈ [1, n-1] true, S2.3 is executed if setting up, if invalid export authentication failed;
Whether S2.3 examines s' ∈ [1, n-1] true, S2.4 is executed if setting up, if invalid export authentication failed;
Message M' and random bit string W are carried out xor operation, obtain M by S2.4w';
S2.5, by Hash Value ZA and Mw' NOT-AND operation is carried out, obtain Me';
S2.6, using SM3 algorithms to Me' cryptographic Hash operation is carried out, obtain Hash Value e';
S2.7 calculates t=(r'+s') mod n;
Whether S2.8 examines t=0 true, authentication failed is exported if setting up, if invalid execute S2.9;
S2.9 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1',y1')=[s'] G+ [t] PA;
S2.10 calculates R=(e'+x1')mod n;
S2.11, whether checking R=r' is true, exports and is proved to be successful if setting up, if invalid export authentication failed.
Preferably, the Algorithm for Scalar Multiplication is the Montgomery Algorithm for Scalar Multiplication under standard projection coordinate, wherein C1、C2、C3It is three
A multiplication unit, C1(XM,ZN) it is exactly to use mould multiplication unit C1To XMAnd ZNCarry out modular multiplication;The Algorithm for Scalar Multiplication includes following
Step:
Step 1, input point G=(xG,yG)∈E(F2m), k=(km-1,…k1,k0)2, wherein ki∈ { 0,1 }, positive integer i
∈[0,m-1];
Affine coordinate is converted into standard projection coordinate, the fortune of step 2 and step 3 is carried out under standard projection coordinate
It calculates;
Step 2 enables XM=1, ZM=0, XN=xG, ZN=1;
Calculate xG -1=1/xG;
Step 3 repeats following point add operation and point doubling for i from m-1 to 0:
3.1, W1=C1(XM,ZN), W2=C2(XN,ZM);
In 3.1, modular multiplication unit C1And C2Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.2, if ki=0, then ZN=(W1+W2)2, XM=(XM+ZM)4,
W1=C1(XM,ZM), W2=C2(W1,W2), W3=C3(xG,ZN),
XN=W2+W3, ZM=W1 2;
In 3.2, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.3, if ki=1, then ZM=(W1+W2)2, XN=(XN+ZN)4,
W1=C1(XN,ZN), W2=C2(W1,W2), W3=C3(xG,ZM),
XM=W2+W3, ZN=W1 2;
In 3.3, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
Step 4, if ZN=0, then XM=xG, ZM=xG+yG;The step is converted to the point under canonical projection coordinate affine
Point under coordinate;
Step 5, if ZN≠ 0, then XM=XM/ZM, XN=XN/ZN,
W2=C2(XM+xG,XN+xG),
W3=C3(XM+xG,xG -1), W4=W2+xG 2+yG,
W2=C2(W3,W4), ZM=W2+yG;Point under canonical projection coordinate is converted to the point under affine coordinate by the step;
Step 6, x1=XM, y1=ZM;
Step 7, output [k] G=(x1,y1)。
The present invention has advantageous effect below compared with prior art:
(1) present invention obtains one section of random bit string first during digital signature generates, then will be to be signed
NAND operation is carried out with Hash Value again after message and random bit string xor operation, if signing messages is not during transmission by
Method molecule is intercepted and captured, criminal in not knowing signature process xor operation and in the case of NOT-AND operation, cannot break completely
Solution and forgery are cracked and are forged after preventing criminal from intercepting and capturing signing messages to improve the safety of signing messages;
(2) present invention is during digital signature authentication, after message to be verified and random bit string xor operation
NAND operation is carried out with Hash Value again, if signing messages to be verified is distorted by criminal during transmission,
Criminal during not knowing sign test xor operation and in the case of NOT-AND operation, the signing messages after distorting is cannot
It is proved to be successful, to improve the safety of verification system;
(3) present invention signature is generated uses a kind of improved Montgomery point with the Algorithm for Scalar Multiplication in signature-verification process
Multiplication algorithm carry out point multiplication operation, affine coordinate is converted into standard projection coordinate, eliminate point processing in point multiplication operation (point plus,
Point doubling) during modular inversion, carry out modular multiplication by way of three modular multiplication unit parallel computations, and
Required modular inversion is simultaneously while point processing (point plus, point doubling), when standard projection coordinate is converted to affine coordinate
It carries out, greatly accelerates the speed of point multiplication operation, reduce operation time.
Description of the drawings
Fig. 1 is the flow chart of digital signature generating algorithm of the present invention;
Fig. 2 is the flow chart of digital signature verification algorithm of the present invention;
Fig. 3 is the flow chart of Montgomery Algorithm for Scalar Multiplication of the present invention.
Specific implementation mode
Present invention will now be described in further detail with reference to the embodiments and the accompanying drawings, but embodiments of the present invention are unlimited
In this.
Technical problem to be solved by the invention is to provide a kind of SM2 ellipse curve signatures verification algorithms, sign and give birth to SM2
It is improved at algorithm (signature verification algorithm), obtains one section of random bit string first, it is then that message to be signed is (to be tested
The message of card) with random bit string xor operation after again with Hash Value carry out NAND operation, improve signature sign test system peace
Quan Xing, signature, which is generated, to be carried out a little with the Algorithm for Scalar Multiplication in signature-verification process using a kind of improved Montgomery Algorithm for Scalar Multiplication
Affine coordinate is converted to standard projection coordinate by multiplication, eliminates point processing in point multiplication operation (point plus, point doubling) process
In modular inversion, carry out modular multiplication by way of three modular multiplication unit parallel computations, and point processing (point plus,
Point doubling) while, required modular inversion is carried out at the same time when standard projection coordinate is converted to affine coordinate, is greatly speeded up
The speed of point multiplication operation, reduces operation time.
Involved SM2 elliptic curves and algorithm are defined in binary field F in the present invention2mOn, elliptic curve
Equation be non-super singular curve y2+ xy=x3+ax2+ b, wherein a, b ∈ F2m, and b ≠ 0.Elliptic curve E (F2m)={ (x, y) |
x,y∈F2m, and meet equation y2+ xy=x3+ax2+ b } ∪ { O }, wherein O is infinite point;By binary field F2mUnder it is non-super
Unusual elliptic curve equation y2+ xy=x3+ax2+ b is converted to the equation Y under standard projection coordinate2Z+XYZ=X3+aX2Z+bZ3,
Subpoint (X:Y:Z), Z ≠ 0 and affine point (X/Z, Y/Z) are corresponding, and infinite point ∞ corresponds to (0:1:0).
As shown in Figures 1 to 3, a kind of SM2 ellipse curve signatures verification algorithm, includes the following steps:
S1, as shown in Figure 1, digital signature generating algorithm:
S1.1, the initial data of input signer A, includes systematic parameter (basic point G, rank n), the Hash Value of elliptic curve
The private key d of ZA, signer AA, message M to be signed;
S1.2 obtains random bit string W;
Message M and random bit string W are carried out xor operation, obtain M by S1.3w;
S1.4, by Hash Value ZA and MwNOT-AND operation is carried out, M is obtainede;
S1.5, using SM3 algorithms to MeCryptographic Hash operation is carried out, Hash Value e is obtained;
S1.6 generates random number k ∈ [1, n-1];
S1.7 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1,y1)=[k] G;
S1.8 calculates r=(e+x1)mod n;
Whether S1.9 examines r=0 or r+k=n true, S1.6 is returned to if setting up, if invalid execute S1.10;
S1.10 calculates s=((1+dA)-1*(k-r*dA))mod n;
Whether S1.11 examines s=0 true, S1.6 is returned to if setting up, if invalid execute S1.12;
S1.12 exports random bit string W, message M and its digital signature (r, s);
S2, as shown in Fig. 2, digital signature verification algorithm:
S2.1, the initial data of input authentication B, including elliptic curve systems parameter (basic point G, rank n), signer A's
Public key PA, random bit string W, Hash Value ZA, need the message M' and its digital signature (r', s') of sign test;
Whether S2.2 examines r' ∈ [1, n-1] true, S2.3 is executed if setting up, if invalid export authentication failed;
Whether S2.3 examines s' ∈ [1, n-1] true, S2.4 is executed if setting up, if invalid export authentication failed;
Message M' and random bit string W are carried out xor operation, obtain M by S2.4w';
S2.5, by Hash Value ZA and Mw' NOT-AND operation is carried out, obtain Me';
S2.6, using SM3 algorithms to Me' cryptographic Hash operation is carried out, obtain Hash Value e';
S2.7 calculates t=(r'+s') mod n;
Whether S2.8 examines t=0 true, authentication failed is exported if setting up, if invalid execute S2.9;
S2.9 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1',y1')=[s'] G+ [t] PA;
S2.10 calculates R=(e'+x1')mod n;
S2.11, whether checking R=r' is true, exports and is proved to be successful if setting up, if invalid export authentication failed.
As shown in figure 3, the Algorithm for Scalar Multiplication is the Montgomery Algorithm for Scalar Multiplication under standard projection coordinate, wherein C1、C2、C3
For three multiplication units, C1(XM,ZN) it is exactly to use mould multiplication unit C1To XMAnd ZNCarry out modular multiplication;The Algorithm for Scalar Multiplication includes
Following step:
Step 1, input point G=(xG,yG)∈E(F2m), k=(km-1,…k1,k0)2, wherein ki ∈ { 0,1 }, positive integer i
∈[0,m-1];
Affine coordinate is converted into standard projection coordinate, the fortune of step 2 and step 3 is carried out under standard projection coordinate
It calculates;
Step 2 enables XM=1, ZM=0, XN=xG, ZN=1;
Calculate xG -1=1/xG;
Step 3 repeats following point add operation and point doubling for i from m-1 to 0:
3.1, W1=C1(XM,ZN), W2=C2(XN,ZM);
In 3.1, modular multiplication unit C1And C2Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.2, if ki=0, then ZN=(W1+W2)2, XM=(XM+ZM)4,
W1=C1(XM,ZM), W2=C2(W1,W2), W3=C3(xG,ZN),
XN=W2+W3, ZM=W1 2;
In 3.2, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.3, if ki=1, then ZM=(W1+W2)2, XN=(XN+ZN)4,
W1=C1(XN,ZN), W2=C2(W1,W2), W3=C3(xG,ZM),
XM=W2+W3, ZN=W1 2;
In 3.3, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
Step 4, if ZN=0, then XM=xG, ZM=xG+yG;The step is converted to the point under canonical projection coordinate affine
Point under coordinate;
Step 5, if ZN≠ 0, then XM=XM/ZM, XN=XN/ZN,
W2=C2(XM+xG,XN+xG),
W3=C3(XM+xG,xG -1), W4=W2+xG 2+yG,
W2=C2(W3,W4), ZM=W2+yG;Point under canonical projection coordinate is converted to the point under affine coordinate by the step;
Step 6, x1=XM, y1=ZM;
Step 7, output [k] G=(x1,y1)。
The present invention obtains one section of random bit string, then to be signed disappears first during digital signature generates
NAND operation is carried out with Hash Value again after breath and random bit string xor operation, if signing messages is illegal during transmission
Molecule is intercepted and captured, criminal in not knowing signature process xor operation and in the case of NOT-AND operation, cannot crack completely
And forgery is cracked and is forged after preventing criminal from intercepting and capturing signing messages to improve the safety of signing messages;
During digital signature authentication, it will be carried out and non-fortune with Hash Value again after message to be verified and random bit string xor operation
It calculates, if signing messages to be verified is distorted by criminal during transmission, criminal is not knowing sign test
In the case of xor operation in the process and NOT-AND operation, the signing messages after distorting cannot be proved to be successful, to improve
The safety of verification system;Signature is generated uses a kind of improved Montgomery with the Algorithm for Scalar Multiplication in signature-verification process
Algorithm for Scalar Multiplication carries out point multiplication operation, and affine coordinate is converted to standard projection coordinate, eliminates (the point of point processing in point multiplication operation
Add, point doubling) during modular inversion, modular multiplication is carried out by way of three modular multiplication unit parallel computations, and
And while point processing (point plus, point doubling), required modular inversion when standard projection coordinate is converted to affine coordinate
It is carried out at the same time, greatly accelerates the speed of point multiplication operation, reduce operation time;It can ensure that message is complete in transmission process
Whole property, is authenticated the identity of sender, prevents the generation denied in transaction.
Above-mentioned is the preferable embodiment of the present invention, but embodiments of the present invention are not limited by the foregoing content,
He it is any without departing from the spirit and principles of the present invention made by changes, modifications, substitutions, combinations, simplifications, should be
The substitute mode of effect, is included within the scope of the present invention.
Claims (2)
1. a kind of SM2 ellipse curve signatures verification algorithm, which is characterized in that include the following steps:
S1, digital signature generating algorithm:
Systematic parameter (basic point G, rank n), Hash Value ZA, the label of S1.1, the initial data of input signer A, including elliptic curve
The private key d of recipe AA, message M to be signed;
S1.2 obtains random bit string W;
Message M and random bit string W are carried out xor operation, obtain M by S1.3w;
S1.4, by Hash Value ZA and MwNOT-AND operation is carried out, M is obtainede;
S1.5, using SM3 algorithms to MeCryptographic Hash operation is carried out, Hash Value e is obtained;
S1.6 generates random number k ∈ [1, n-1];
S1.7 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1,y1)=[k] G;
S1.8 calculates r=(e+x1)mod n;
Whether S1.9 examines r=0 or r+k=n true, S1.6 is returned to if setting up, if invalid execute S1.10;
S1.10 calculates s=((1+dA)-1*(k-r*dA))mod n;
Whether S1.11 examines s=0 true, S1.6 is returned to if setting up, if invalid execute S1.12;
S1.12 exports random bit string W, message M and its digital signature (r, s);
S2, digital signature verification algorithm:
S2.1, the initial data of input authentication B, including elliptic curve systems parameter (basic point G, rank n), the public key of signer A
PA, random bit string W, Hash Value ZA, need the message M' and its digital signature (r', s') of sign test;
Whether S2.2 examines r' ∈ [1, n-1] true, S2.3 is executed if setting up, if invalid export authentication failed;
Whether S2.3 examines s' ∈ [1, n-1] true, S2.4 is executed if setting up, if invalid export authentication failed;
Message M' and random bit string W are carried out xor operation, obtain M by S2.4w';
S2.5, by Hash Value ZA and Mw' NOT-AND operation is carried out, obtain Me';
S2.6, using SM3 algorithms to Me' cryptographic Hash operation is carried out, obtain Hash Value e';
S2.7 calculates t=(r'+s') mod n;
Whether S2.8 examines t=0 true, authentication failed is exported if setting up, if invalid execute S2.9;
S2.9 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1',y1')=[s'] G+ [t] PA;
S2.10 calculates R=(e'+x1')mod n;
S2.11, whether checking R=r' is true, exports and is proved to be successful if setting up, if invalid export authentication failed.
2. SM2 ellipse curve signatures verification algorithm according to claim 1, which is characterized in that the Algorithm for Scalar Multiplication is mark
Montgomery Algorithm for Scalar Multiplication under quasi- projection coordinate, wherein C1、C2、C3For three multiplication units, C1(XM,ZN) it is exactly to use modular multiplication method
Unit C1To XMAnd ZNCarry out modular multiplication;The Algorithm for Scalar Multiplication includes the following steps:
Step 1, input point G=(xG,yG)∈E(F2m), k=(km-1,…k1,k0)2, wherein ki∈ { 0,1 }, positive integer i ∈ [0,
m-1];
Affine coordinate is converted into standard projection coordinate, the operation of step 2 and step 3 is carried out under standard projection coordinate;
Step 2 enables XM=1, ZM=0, XN=xG, ZN=1;
Calculate xG -1=1/xG;
Step 3 repeats following point add operation and point doubling for i from m-1 to 0:
3.1, W1=C1(XM,ZN), W2=C2(XN,ZM);
In 3.1, modular multiplication unit C1And C2Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.2, if ki=0, then ZN=(W1+W2)2, XM=(XM+ZM)4,
W1=C1(XM,ZM), W2=C2(W1,W2), W3=C3(xG,ZN),
XN=W2+W3, ZM=W1 2;
In 3.2, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.3, if ki=1, then ZM=(W1+W2)2, XN=(XN+ZN)4,
W1=C1(XN,ZN), W2=C2(W1,W2), W3=C3(xG,ZM),
XM=W2+W3, ZN=W1 2;
In 3.3, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
Step 4, if ZN=0, then XM=xG, ZM=xG+yG;Point under canonical projection coordinate is converted to affine coordinate by the step
Under point;
Step 5, if ZN≠ 0, then XM=XM/ZM, XN=XN/ZN,
W2=C2(XM+xG,XN+xG),
W3=C3(XM+xG,xG -1), W4=W2+xG 2+yG,
W2=C2(W3,W4), ZM=W2+yG;Point under canonical projection coordinate is converted to the point under affine coordinate by the step;
Step 6, x1=XM, y1=ZM;
Step 7, output [k] G=(x1,y1)。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810524715.5A CN108667623B (en) | 2018-05-28 | 2018-05-28 | SM2 elliptic curve signature verification algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810524715.5A CN108667623B (en) | 2018-05-28 | 2018-05-28 | SM2 elliptic curve signature verification algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108667623A true CN108667623A (en) | 2018-10-16 |
CN108667623B CN108667623B (en) | 2021-10-19 |
Family
ID=63777937
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810524715.5A Active CN108667623B (en) | 2018-05-28 | 2018-05-28 | SM2 elliptic curve signature verification algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108667623B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109547199A (en) * | 2018-11-19 | 2019-03-29 | 武汉大学 | A kind of method that multi-party joint generates SM2 digital signature |
CN110022210A (en) * | 2019-03-28 | 2019-07-16 | 思力科(深圳)电子科技有限公司 | Signature sign test method, signature end and sign test end based on elliptic curve cipher |
CN110336674A (en) * | 2019-06-21 | 2019-10-15 | 矩阵元技术(深圳)有限公司 | Data processing method, device, computer equipment and storage medium |
CN110365481A (en) * | 2019-07-04 | 2019-10-22 | 上海交通大学 | The optimization of the close SM2 algorithm of state is accelerated to realize system and method |
CN111147250A (en) * | 2019-12-18 | 2020-05-12 | 北京江南天安科技有限公司 | Digital signature method, device, sending end, receiving end and system |
CN112134704A (en) * | 2020-09-21 | 2020-12-25 | 中国电子科技网络信息安全有限公司 | Sm2 performance optimization implementing method |
CN112491560A (en) * | 2020-12-11 | 2021-03-12 | 武汉大学 | SM2 digital signature method and medium supporting batch verification |
CN112632475A (en) * | 2020-12-30 | 2021-04-09 | 郑州轻工业大学 | Picture copyright protection system and method based on state password and picture steganography |
CN113055189A (en) * | 2021-06-02 | 2021-06-29 | 工业信息安全(四川)创新中心有限公司 | SM2 digital signature verification failure reason judgment method, device, equipment and medium |
CN113158176A (en) * | 2021-06-02 | 2021-07-23 | 工业信息安全(四川)创新中心有限公司 | Public key analysis method, device, equipment and storage medium based on SM2 signature |
CN114205085A (en) * | 2021-12-03 | 2022-03-18 | 东北大学 | Optimization processing method of SM2 and transformation method of super book fabric platform |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1700637A (en) * | 2005-05-18 | 2005-11-23 | 上海迪申电子科技有限责任公司 | A novel elliptic curve password coprocessor |
CN101782845A (en) * | 2009-01-20 | 2010-07-21 | 北京华大信安科技有限公司 | High speed arithmetic device and method of elliptic curve code |
CN105099672A (en) * | 2015-08-04 | 2015-11-25 | 东南大学 | Hybrid encryption method and device for realizing the same |
CN105574269A (en) * | 2015-12-16 | 2016-05-11 | 青岛大学 | Design verification method of special instruction processor |
EP3099003A1 (en) * | 2015-05-28 | 2016-11-30 | Nxp B.V. | Efficient key derivation with forward secrecy |
CN107425968A (en) * | 2017-06-22 | 2017-12-01 | 广东工业大学 | A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system |
CN108964899A (en) * | 2018-07-01 | 2018-12-07 | 刘兴丹 | A kind of method, apparatus of dynamic formula and the timing Encryption Algorithm of more synchronous dynamic passwords |
-
2018
- 2018-05-28 CN CN201810524715.5A patent/CN108667623B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1700637A (en) * | 2005-05-18 | 2005-11-23 | 上海迪申电子科技有限责任公司 | A novel elliptic curve password coprocessor |
CN101782845A (en) * | 2009-01-20 | 2010-07-21 | 北京华大信安科技有限公司 | High speed arithmetic device and method of elliptic curve code |
EP3099003A1 (en) * | 2015-05-28 | 2016-11-30 | Nxp B.V. | Efficient key derivation with forward secrecy |
CN105099672A (en) * | 2015-08-04 | 2015-11-25 | 东南大学 | Hybrid encryption method and device for realizing the same |
CN105574269A (en) * | 2015-12-16 | 2016-05-11 | 青岛大学 | Design verification method of special instruction processor |
CN107425968A (en) * | 2017-06-22 | 2017-12-01 | 广东工业大学 | A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system |
CN108964899A (en) * | 2018-07-01 | 2018-12-07 | 刘兴丹 | A kind of method, apparatus of dynamic formula and the timing Encryption Algorithm of more synchronous dynamic passwords |
Non-Patent Citations (2)
Title |
---|
LAZYING_BIRD: "谈谈异或加密", 《HTTPS://BLOG.CSDN.NET/A_FLYING_BIRD/ARTICLE/DETAILS/38443945》 * |
张焕国,唐明: "《密码学引论》", 30 November 2015, 《武汉大学出版社》 * |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109547199B (en) * | 2018-11-19 | 2021-07-02 | 武汉大学 | Method for generating SM2 digital signature by combining multiple parties |
CN109547199A (en) * | 2018-11-19 | 2019-03-29 | 武汉大学 | A kind of method that multi-party joint generates SM2 digital signature |
CN110022210A (en) * | 2019-03-28 | 2019-07-16 | 思力科(深圳)电子科技有限公司 | Signature sign test method, signature end and sign test end based on elliptic curve cipher |
CN110022210B (en) * | 2019-03-28 | 2022-03-15 | 思力科(深圳)电子科技有限公司 | Signature verification method based on elliptic curve password, signature end and signature verification end |
CN110336674A (en) * | 2019-06-21 | 2019-10-15 | 矩阵元技术(深圳)有限公司 | Data processing method, device, computer equipment and storage medium |
CN110336674B (en) * | 2019-06-21 | 2022-06-24 | 矩阵元技术(深圳)有限公司 | Range proving method, range proving device, computer equipment and storage medium |
CN110365481A (en) * | 2019-07-04 | 2019-10-22 | 上海交通大学 | The optimization of the close SM2 algorithm of state is accelerated to realize system and method |
CN111147250A (en) * | 2019-12-18 | 2020-05-12 | 北京江南天安科技有限公司 | Digital signature method, device, sending end, receiving end and system |
CN112134704A (en) * | 2020-09-21 | 2020-12-25 | 中国电子科技网络信息安全有限公司 | Sm2 performance optimization implementing method |
CN112491560A (en) * | 2020-12-11 | 2021-03-12 | 武汉大学 | SM2 digital signature method and medium supporting batch verification |
CN112632475A (en) * | 2020-12-30 | 2021-04-09 | 郑州轻工业大学 | Picture copyright protection system and method based on state password and picture steganography |
CN112632475B (en) * | 2020-12-30 | 2024-03-29 | 郑州轻工业大学 | Picture copyright protection system and method based on national password and picture steganography |
CN113055189A (en) * | 2021-06-02 | 2021-06-29 | 工业信息安全(四川)创新中心有限公司 | SM2 digital signature verification failure reason judgment method, device, equipment and medium |
CN113158176A (en) * | 2021-06-02 | 2021-07-23 | 工业信息安全(四川)创新中心有限公司 | Public key analysis method, device, equipment and storage medium based on SM2 signature |
CN113055189B (en) * | 2021-06-02 | 2021-08-10 | 工业信息安全(四川)创新中心有限公司 | SM2 digital signature verification failure reason judgment method, device, equipment and medium |
CN113158176B (en) * | 2021-06-02 | 2022-08-02 | 工业信息安全(四川)创新中心有限公司 | Public key analysis method, device, equipment and storage medium based on SM2 signature |
CN114205085A (en) * | 2021-12-03 | 2022-03-18 | 东北大学 | Optimization processing method of SM2 and transformation method of super book fabric platform |
Also Published As
Publication number | Publication date |
---|---|
CN108667623B (en) | 2021-10-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108667623A (en) | A kind of SM2 ellipse curve signatures verification algorithm | |
CN107483212B (en) | Method for generating digital signature by cooperation of two parties | |
CN108667626A (en) | The two sides cooperation SM2 endorsement methods of safety | |
CN109818730B (en) | Blind signature acquisition method and device and server | |
CN108768652A (en) | It is a kind of can the attack of anti-quantum alliance's block chain bottom encryption method | |
CN107360002B (en) | Application method of digital certificate | |
CN108494559B (en) | Electronic contract signing method based on semi-trusted third party | |
Zhang et al. | The Improvement of digital signature algorithm based on elliptic curve cryptography | |
CN103701598A (en) | SM2 signature algorithm-based double-check signature method and digital signature equipment | |
CN111447065B (en) | Active and safe SM2 digital signature two-party generation method | |
CN113676333A (en) | Method for generating SM2 blind signature through cooperation of two parties | |
CN109687977A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys | |
CN110417555A (en) | A kind of safe encryption method and system of personal electric signature | |
US20150006900A1 (en) | Signature protocol | |
CN103220146A (en) | Zero knowledge digital signature method based on multivariate public key cryptosystem | |
CN116349203A (en) | Identifying denial of service attacks | |
Saepulrohman et al. | Data integrity and security of digital signatures on electronic systems using the digital signature algorithm (DSA) | |
Shankar et al. | Improved Multisignature Scheme for Authenticity of Digital Document in Digital Forensics Using Edward‐Curve Digital Signature Algorithm | |
CN112511314B (en) | Recoverable message blind signature generation method based on identity | |
CN111147240B (en) | Privacy protection method and system with traceability | |
CN110278073B (en) | Group digital signature and verification method, and equipment and device thereof | |
CN112837064B (en) | Signature method, signature verification method and signature verification device for alliance chain | |
Ghofar et al. | Digital signature based on PlayGamal algorithm | |
CN114520728B (en) | Distributed anonymous marking method and system | |
CN112131613B (en) | Mask operation method and device for SM2 algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |