CN108667623A - A kind of SM2 ellipse curve signatures verification algorithm - Google Patents

A kind of SM2 ellipse curve signatures verification algorithm Download PDF

Info

Publication number
CN108667623A
CN108667623A CN201810524715.5A CN201810524715A CN108667623A CN 108667623 A CN108667623 A CN 108667623A CN 201810524715 A CN201810524715 A CN 201810524715A CN 108667623 A CN108667623 A CN 108667623A
Authority
CN
China
Prior art keywords
point
algorithm
bit string
carried out
hash value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810524715.5A
Other languages
Chinese (zh)
Other versions
CN108667623B (en
Inventor
王丽雪
熊晓明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201810524715.5A priority Critical patent/CN108667623B/en
Publication of CN108667623A publication Critical patent/CN108667623A/en
Application granted granted Critical
Publication of CN108667623B publication Critical patent/CN108667623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Complex Calculations (AREA)

Abstract

The invention discloses a kind of SM2 ellipse curve signatures verification algorithms, include the following steps:Digital signature generating algorithm:The initial data for inputting signer A, includes systematic parameter (basic point G, rank n), the private key d of Hash Value ZA, signer A of elliptic curveA, message M to be signed;Obtain random bit string W;The present invention is during digital signature generates, one section of random bit string is obtained first, then NAND operation will be carried out with Hash Value again after message to be signed and random bit string xor operation, if signing messages is intercepted and captured by criminal during transmission, criminal in not knowing signature process xor operation and in the case of NOT-AND operation, it cannot crack and forge completely, to improve the safety of signing messages, crack and forge after preventing criminal from intercepting and capturing signing messages.

Description

A kind of SM2 ellipse curve signatures verification algorithm
Technical field
The present invention relates to field of information security technology, and in particular to a kind of SM2 ellipse curve signatures verification algorithm.
Background technology
Identity identifying technology is to ensure that the leading force of information security, the design and realization of Verification System become heavy to closing It wants.Only by the identity authorization system of high reliability, the information security of ability effective guarantee communicating pair prevents information from passing It is intercepted and captured by criminal during defeated.SM2 is the curve public key that national Password Management office issued on December 17th, 2010 Cryptographic algorithm, digital signature technology are an important applications of ellipse curve public key cipher algorithm, it in hyundai electronics commercial affairs and Play key player in government affairs, it is ensured that integrality of the message in transmission process is authenticated the identity of sender, Prevent the generation denied in transaction.
Existing SM2 signature sign test algorithms mostly directly disappear to be signed during signature generates (signature verification) It ceases (message to be verified) and Hash Value carries out head and the tail concatenation, this head and the tail connecting method is too simple, is easy by not The attack of method molecule, safety are relatively low.
For SM2 ellipse curve public key cipher algorithms in calculating process, most time-consuming is exactly Algorithm for Scalar Multiplication, and is transported in dot product Most time-consuming for modular inversion in calculation, required time is more than ten times of modular multiplication, due to completing a point multiplication operation in difference The number of the modular inversion of required progress under coordinate is different, in the Montgomery Algorithm for Scalar Multiplication under affine coordinate system, Each point processing (point plus, point doubling) is required for carrying out a modular inversion, when multiple modular inversion can expend a large amount of Between, in the Montgomery Algorithm for Scalar Multiplication under standard projection coordinate, point processing (point plus, point doubling) need not carry out the inverse fortune of mould It calculates, but the number of modular multiplication can greatly increase, and equally can also take a substantial amount of time.Traditional Montgomery Algorithm for Scalar Multiplication Point multiplication operation is only often carried out under a coordinate system, is only used a modular multiplication unit and the method using serial computing, is caused Point multiplication operation speed is slower, and then the sign test process arithmetic speed that causes entirely to sign is slower, the problem of taking considerable time.
Invention content
The shortcomings that it is an object of the invention to overcome the prior art with it is insufficient, provide a kind of arithmetic speed faster, safety Higher SM2 ellipse curve signatures verification algorithm.
The purpose of the invention is achieved by the following technical solution:
A kind of SM2 ellipse curve signatures verification algorithm, includes the following steps:
S1, digital signature generating algorithm:
S1.1, the initial data of input signer A, includes systematic parameter (basic point G, rank n), the Hash Value of elliptic curve The private key d of ZA, signer AA, message M to be signed;
S1.2 obtains random bit string W;
Message M and random bit string W are carried out xor operation, obtain M by S1.3w
S1.4, by Hash Value ZA and MwNOT-AND operation is carried out, M is obtainede
S1.5, using SM3 algorithms to MeCryptographic Hash operation is carried out, Hash Value e is obtained;
S1.6 generates random number k ∈ [1, n-1];
S1.7 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1,y1)=[k] G;
S1.8 calculates r=(e+x1)mod n;
Whether S1.9 examines r=0 or r+k=n true, S1.6 is returned to if setting up, if invalid execute S1.10;
S1.10 calculates s=((1+dA)-1*(k-r*dA))mod n;
Whether S1.11 examines s=0 true, S1.6 is returned to if setting up, if invalid execute S1.12;
S1.12 exports random bit string W, message M and its digital signature (r, s);
S2, digital signature verification algorithm:
S2.1, the initial data of input authentication B, including elliptic curve systems parameter (basic point G, rank n), signer A's Public key PA, random bit string W, Hash Value ZA, need the message M' and its digital signature (r', s') of sign test;
Whether S2.2 examines r' ∈ [1, n-1] true, S2.3 is executed if setting up, if invalid export authentication failed;
Whether S2.3 examines s' ∈ [1, n-1] true, S2.4 is executed if setting up, if invalid export authentication failed;
Message M' and random bit string W are carried out xor operation, obtain M by S2.4w';
S2.5, by Hash Value ZA and Mw' NOT-AND operation is carried out, obtain Me';
S2.6, using SM3 algorithms to Me' cryptographic Hash operation is carried out, obtain Hash Value e';
S2.7 calculates t=(r'+s') mod n;
Whether S2.8 examines t=0 true, authentication failed is exported if setting up, if invalid execute S2.9;
S2.9 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1',y1')=[s'] G+ [t] PA
S2.10 calculates R=(e'+x1')mod n;
S2.11, whether checking R=r' is true, exports and is proved to be successful if setting up, if invalid export authentication failed.
Preferably, the Algorithm for Scalar Multiplication is the Montgomery Algorithm for Scalar Multiplication under standard projection coordinate, wherein C1、C2、C3It is three A multiplication unit, C1(XM,ZN) it is exactly to use mould multiplication unit C1To XMAnd ZNCarry out modular multiplication;The Algorithm for Scalar Multiplication includes following Step:
Step 1, input point G=(xG,yG)∈E(F2m), k=(km-1,…k1,k0)2, wherein ki∈ { 0,1 }, positive integer i ∈[0,m-1];
Affine coordinate is converted into standard projection coordinate, the fortune of step 2 and step 3 is carried out under standard projection coordinate It calculates;
Step 2 enables XM=1, ZM=0, XN=xG, ZN=1;
Calculate xG -1=1/xG
Step 3 repeats following point add operation and point doubling for i from m-1 to 0:
3.1, W1=C1(XM,ZN), W2=C2(XN,ZM);
In 3.1, modular multiplication unit C1And C2Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.2, if ki=0, then ZN=(W1+W2)2, XM=(XM+ZM)4,
W1=C1(XM,ZM), W2=C2(W1,W2), W3=C3(xG,ZN),
XN=W2+W3, ZM=W1 2
In 3.2, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.3, if ki=1, then ZM=(W1+W2)2, XN=(XN+ZN)4,
W1=C1(XN,ZN), W2=C2(W1,W2), W3=C3(xG,ZM),
XM=W2+W3, ZN=W1 2
In 3.3, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
Step 4, if ZN=0, then XM=xG, ZM=xG+yG;The step is converted to the point under canonical projection coordinate affine Point under coordinate;
Step 5, if ZN≠ 0, then XM=XM/ZM, XN=XN/ZN,
W2=C2(XM+xG,XN+xG),
W3=C3(XM+xG,xG -1), W4=W2+xG 2+yG,
W2=C2(W3,W4), ZM=W2+yG;Point under canonical projection coordinate is converted to the point under affine coordinate by the step;
Step 6, x1=XM, y1=ZM
Step 7, output [k] G=(x1,y1)。
The present invention has advantageous effect below compared with prior art:
(1) present invention obtains one section of random bit string first during digital signature generates, then will be to be signed NAND operation is carried out with Hash Value again after message and random bit string xor operation, if signing messages is not during transmission by Method molecule is intercepted and captured, criminal in not knowing signature process xor operation and in the case of NOT-AND operation, cannot break completely Solution and forgery are cracked and are forged after preventing criminal from intercepting and capturing signing messages to improve the safety of signing messages;
(2) present invention is during digital signature authentication, after message to be verified and random bit string xor operation NAND operation is carried out with Hash Value again, if signing messages to be verified is distorted by criminal during transmission, Criminal during not knowing sign test xor operation and in the case of NOT-AND operation, the signing messages after distorting is cannot It is proved to be successful, to improve the safety of verification system;
(3) present invention signature is generated uses a kind of improved Montgomery point with the Algorithm for Scalar Multiplication in signature-verification process Multiplication algorithm carry out point multiplication operation, affine coordinate is converted into standard projection coordinate, eliminate point processing in point multiplication operation (point plus, Point doubling) during modular inversion, carry out modular multiplication by way of three modular multiplication unit parallel computations, and Required modular inversion is simultaneously while point processing (point plus, point doubling), when standard projection coordinate is converted to affine coordinate It carries out, greatly accelerates the speed of point multiplication operation, reduce operation time.
Description of the drawings
Fig. 1 is the flow chart of digital signature generating algorithm of the present invention;
Fig. 2 is the flow chart of digital signature verification algorithm of the present invention;
Fig. 3 is the flow chart of Montgomery Algorithm for Scalar Multiplication of the present invention.
Specific implementation mode
Present invention will now be described in further detail with reference to the embodiments and the accompanying drawings, but embodiments of the present invention are unlimited In this.
Technical problem to be solved by the invention is to provide a kind of SM2 ellipse curve signatures verification algorithms, sign and give birth to SM2 It is improved at algorithm (signature verification algorithm), obtains one section of random bit string first, it is then that message to be signed is (to be tested The message of card) with random bit string xor operation after again with Hash Value carry out NAND operation, improve signature sign test system peace Quan Xing, signature, which is generated, to be carried out a little with the Algorithm for Scalar Multiplication in signature-verification process using a kind of improved Montgomery Algorithm for Scalar Multiplication Affine coordinate is converted to standard projection coordinate by multiplication, eliminates point processing in point multiplication operation (point plus, point doubling) process In modular inversion, carry out modular multiplication by way of three modular multiplication unit parallel computations, and point processing (point plus, Point doubling) while, required modular inversion is carried out at the same time when standard projection coordinate is converted to affine coordinate, is greatly speeded up The speed of point multiplication operation, reduces operation time.
Involved SM2 elliptic curves and algorithm are defined in binary field F in the present invention2mOn, elliptic curve Equation be non-super singular curve y2+ xy=x3+ax2+ b, wherein a, b ∈ F2m, and b ≠ 0.Elliptic curve E (F2m)={ (x, y) | x,y∈F2m, and meet equation y2+ xy=x3+ax2+ b } ∪ { O }, wherein O is infinite point;By binary field F2mUnder it is non-super Unusual elliptic curve equation y2+ xy=x3+ax2+ b is converted to the equation Y under standard projection coordinate2Z+XYZ=X3+aX2Z+bZ3, Subpoint (X:Y:Z), Z ≠ 0 and affine point (X/Z, Y/Z) are corresponding, and infinite point ∞ corresponds to (0:1:0).
As shown in Figures 1 to 3, a kind of SM2 ellipse curve signatures verification algorithm, includes the following steps:
S1, as shown in Figure 1, digital signature generating algorithm:
S1.1, the initial data of input signer A, includes systematic parameter (basic point G, rank n), the Hash Value of elliptic curve The private key d of ZA, signer AA, message M to be signed;
S1.2 obtains random bit string W;
Message M and random bit string W are carried out xor operation, obtain M by S1.3w
S1.4, by Hash Value ZA and MwNOT-AND operation is carried out, M is obtainede
S1.5, using SM3 algorithms to MeCryptographic Hash operation is carried out, Hash Value e is obtained;
S1.6 generates random number k ∈ [1, n-1];
S1.7 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1,y1)=[k] G;
S1.8 calculates r=(e+x1)mod n;
Whether S1.9 examines r=0 or r+k=n true, S1.6 is returned to if setting up, if invalid execute S1.10;
S1.10 calculates s=((1+dA)-1*(k-r*dA))mod n;
Whether S1.11 examines s=0 true, S1.6 is returned to if setting up, if invalid execute S1.12;
S1.12 exports random bit string W, message M and its digital signature (r, s);
S2, as shown in Fig. 2, digital signature verification algorithm:
S2.1, the initial data of input authentication B, including elliptic curve systems parameter (basic point G, rank n), signer A's Public key PA, random bit string W, Hash Value ZA, need the message M' and its digital signature (r', s') of sign test;
Whether S2.2 examines r' ∈ [1, n-1] true, S2.3 is executed if setting up, if invalid export authentication failed;
Whether S2.3 examines s' ∈ [1, n-1] true, S2.4 is executed if setting up, if invalid export authentication failed;
Message M' and random bit string W are carried out xor operation, obtain M by S2.4w';
S2.5, by Hash Value ZA and Mw' NOT-AND operation is carried out, obtain Me';
S2.6, using SM3 algorithms to Me' cryptographic Hash operation is carried out, obtain Hash Value e';
S2.7 calculates t=(r'+s') mod n;
Whether S2.8 examines t=0 true, authentication failed is exported if setting up, if invalid execute S2.9;
S2.9 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1',y1')=[s'] G+ [t] PA
S2.10 calculates R=(e'+x1')mod n;
S2.11, whether checking R=r' is true, exports and is proved to be successful if setting up, if invalid export authentication failed.
As shown in figure 3, the Algorithm for Scalar Multiplication is the Montgomery Algorithm for Scalar Multiplication under standard projection coordinate, wherein C1、C2、C3 For three multiplication units, C1(XM,ZN) it is exactly to use mould multiplication unit C1To XMAnd ZNCarry out modular multiplication;The Algorithm for Scalar Multiplication includes Following step:
Step 1, input point G=(xG,yG)∈E(F2m), k=(km-1,…k1,k0)2, wherein ki ∈ { 0,1 }, positive integer i ∈[0,m-1];
Affine coordinate is converted into standard projection coordinate, the fortune of step 2 and step 3 is carried out under standard projection coordinate It calculates;
Step 2 enables XM=1, ZM=0, XN=xG, ZN=1;
Calculate xG -1=1/xG
Step 3 repeats following point add operation and point doubling for i from m-1 to 0:
3.1, W1=C1(XM,ZN), W2=C2(XN,ZM);
In 3.1, modular multiplication unit C1And C2Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.2, if ki=0, then ZN=(W1+W2)2, XM=(XM+ZM)4,
W1=C1(XM,ZM), W2=C2(W1,W2), W3=C3(xG,ZN),
XN=W2+W3, ZM=W1 2
In 3.2, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.3, if ki=1, then ZM=(W1+W2)2, XN=(XN+ZN)4,
W1=C1(XN,ZN), W2=C2(W1,W2), W3=C3(xG,ZM),
XM=W2+W3, ZN=W1 2
In 3.3, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
Step 4, if ZN=0, then XM=xG, ZM=xG+yG;The step is converted to the point under canonical projection coordinate affine Point under coordinate;
Step 5, if ZN≠ 0, then XM=XM/ZM, XN=XN/ZN,
W2=C2(XM+xG,XN+xG),
W3=C3(XM+xG,xG -1), W4=W2+xG 2+yG,
W2=C2(W3,W4), ZM=W2+yG;Point under canonical projection coordinate is converted to the point under affine coordinate by the step;
Step 6, x1=XM, y1=ZM
Step 7, output [k] G=(x1,y1)。
The present invention obtains one section of random bit string, then to be signed disappears first during digital signature generates NAND operation is carried out with Hash Value again after breath and random bit string xor operation, if signing messages is illegal during transmission Molecule is intercepted and captured, criminal in not knowing signature process xor operation and in the case of NOT-AND operation, cannot crack completely And forgery is cracked and is forged after preventing criminal from intercepting and capturing signing messages to improve the safety of signing messages; During digital signature authentication, it will be carried out and non-fortune with Hash Value again after message to be verified and random bit string xor operation It calculates, if signing messages to be verified is distorted by criminal during transmission, criminal is not knowing sign test In the case of xor operation in the process and NOT-AND operation, the signing messages after distorting cannot be proved to be successful, to improve The safety of verification system;Signature is generated uses a kind of improved Montgomery with the Algorithm for Scalar Multiplication in signature-verification process Algorithm for Scalar Multiplication carries out point multiplication operation, and affine coordinate is converted to standard projection coordinate, eliminates (the point of point processing in point multiplication operation Add, point doubling) during modular inversion, modular multiplication is carried out by way of three modular multiplication unit parallel computations, and And while point processing (point plus, point doubling), required modular inversion when standard projection coordinate is converted to affine coordinate It is carried out at the same time, greatly accelerates the speed of point multiplication operation, reduce operation time;It can ensure that message is complete in transmission process Whole property, is authenticated the identity of sender, prevents the generation denied in transaction.
Above-mentioned is the preferable embodiment of the present invention, but embodiments of the present invention are not limited by the foregoing content, He it is any without departing from the spirit and principles of the present invention made by changes, modifications, substitutions, combinations, simplifications, should be The substitute mode of effect, is included within the scope of the present invention.

Claims (2)

1. a kind of SM2 ellipse curve signatures verification algorithm, which is characterized in that include the following steps:
S1, digital signature generating algorithm:
Systematic parameter (basic point G, rank n), Hash Value ZA, the label of S1.1, the initial data of input signer A, including elliptic curve The private key d of recipe AA, message M to be signed;
S1.2 obtains random bit string W;
Message M and random bit string W are carried out xor operation, obtain M by S1.3w
S1.4, by Hash Value ZA and MwNOT-AND operation is carried out, M is obtainede
S1.5, using SM3 algorithms to MeCryptographic Hash operation is carried out, Hash Value e is obtained;
S1.6 generates random number k ∈ [1, n-1];
S1.7 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1,y1)=[k] G;
S1.8 calculates r=(e+x1)mod n;
Whether S1.9 examines r=0 or r+k=n true, S1.6 is returned to if setting up, if invalid execute S1.10;
S1.10 calculates s=((1+dA)-1*(k-r*dA))mod n;
Whether S1.11 examines s=0 true, S1.6 is returned to if setting up, if invalid execute S1.12;
S1.12 exports random bit string W, message M and its digital signature (r, s);
S2, digital signature verification algorithm:
S2.1, the initial data of input authentication B, including elliptic curve systems parameter (basic point G, rank n), the public key of signer A PA, random bit string W, Hash Value ZA, need the message M' and its digital signature (r', s') of sign test;
Whether S2.2 examines r' ∈ [1, n-1] true, S2.3 is executed if setting up, if invalid export authentication failed;
Whether S2.3 examines s' ∈ [1, n-1] true, S2.4 is executed if setting up, if invalid export authentication failed;
Message M' and random bit string W are carried out xor operation, obtain M by S2.4w';
S2.5, by Hash Value ZA and Mw' NOT-AND operation is carried out, obtain Me';
S2.6, using SM3 algorithms to Me' cryptographic Hash operation is carried out, obtain Hash Value e';
S2.7 calculates t=(r'+s') mod n;
Whether S2.8 examines t=0 true, authentication failed is exported if setting up, if invalid execute S2.9;
S2.9 calculates elliptic curve point (x using Algorithm for Scalar Multiplication1',y1')=[s'] G+ [t] PA
S2.10 calculates R=(e'+x1')mod n;
S2.11, whether checking R=r' is true, exports and is proved to be successful if setting up, if invalid export authentication failed.
2. SM2 ellipse curve signatures verification algorithm according to claim 1, which is characterized in that the Algorithm for Scalar Multiplication is mark Montgomery Algorithm for Scalar Multiplication under quasi- projection coordinate, wherein C1、C2、C3For three multiplication units, C1(XM,ZN) it is exactly to use modular multiplication method Unit C1To XMAnd ZNCarry out modular multiplication;The Algorithm for Scalar Multiplication includes the following steps:
Step 1, input point G=(xG,yG)∈E(F2m), k=(km-1,…k1,k0)2, wherein ki∈ { 0,1 }, positive integer i ∈ [0, m-1];
Affine coordinate is converted into standard projection coordinate, the operation of step 2 and step 3 is carried out under standard projection coordinate;
Step 2 enables XM=1, ZM=0, XN=xG, ZN=1;
Calculate xG -1=1/xG
Step 3 repeats following point add operation and point doubling for i from m-1 to 0:
3.1, W1=C1(XM,ZN), W2=C2(XN,ZM);
In 3.1, modular multiplication unit C1And C2Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.2, if ki=0, then ZN=(W1+W2)2, XM=(XM+ZM)4,
W1=C1(XM,ZM), W2=C2(W1,W2), W3=C3(xG,ZN),
XN=W2+W3, ZM=W1 2
In 3.2, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
3.3, if ki=1, then ZM=(W1+W2)2, XN=(XN+ZN)4,
W1=C1(XN,ZN), W2=C2(W1,W2), W3=C3(xG,ZM),
XM=W2+W3, ZN=W1 2
In 3.3, modular multiplication unit C1、C2、C3Concurrent operation can accelerate arithmetic speed, reduce operation time;
Step 4, if ZN=0, then XM=xG, ZM=xG+yG;Point under canonical projection coordinate is converted to affine coordinate by the step Under point;
Step 5, if ZN≠ 0, then XM=XM/ZM, XN=XN/ZN,
W2=C2(XM+xG,XN+xG),
W3=C3(XM+xG,xG -1), W4=W2+xG 2+yG,
W2=C2(W3,W4), ZM=W2+yG;Point under canonical projection coordinate is converted to the point under affine coordinate by the step;
Step 6, x1=XM, y1=ZM
Step 7, output [k] G=(x1,y1)。
CN201810524715.5A 2018-05-28 2018-05-28 SM2 elliptic curve signature verification algorithm Active CN108667623B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810524715.5A CN108667623B (en) 2018-05-28 2018-05-28 SM2 elliptic curve signature verification algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810524715.5A CN108667623B (en) 2018-05-28 2018-05-28 SM2 elliptic curve signature verification algorithm

Publications (2)

Publication Number Publication Date
CN108667623A true CN108667623A (en) 2018-10-16
CN108667623B CN108667623B (en) 2021-10-19

Family

ID=63777937

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810524715.5A Active CN108667623B (en) 2018-05-28 2018-05-28 SM2 elliptic curve signature verification algorithm

Country Status (1)

Country Link
CN (1) CN108667623B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547199A (en) * 2018-11-19 2019-03-29 武汉大学 A kind of method that multi-party joint generates SM2 digital signature
CN110022210A (en) * 2019-03-28 2019-07-16 思力科(深圳)电子科技有限公司 Signature sign test method, signature end and sign test end based on elliptic curve cipher
CN110336674A (en) * 2019-06-21 2019-10-15 矩阵元技术(深圳)有限公司 Data processing method, device, computer equipment and storage medium
CN110365481A (en) * 2019-07-04 2019-10-22 上海交通大学 The optimization of the close SM2 algorithm of state is accelerated to realize system and method
CN111147250A (en) * 2019-12-18 2020-05-12 北京江南天安科技有限公司 Digital signature method, device, sending end, receiving end and system
CN112134704A (en) * 2020-09-21 2020-12-25 中国电子科技网络信息安全有限公司 Sm2 performance optimization implementing method
CN112491560A (en) * 2020-12-11 2021-03-12 武汉大学 SM2 digital signature method and medium supporting batch verification
CN112632475A (en) * 2020-12-30 2021-04-09 郑州轻工业大学 Picture copyright protection system and method based on state password and picture steganography
CN113055189A (en) * 2021-06-02 2021-06-29 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113158176A (en) * 2021-06-02 2021-07-23 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature
CN114205085A (en) * 2021-12-03 2022-03-18 东北大学 Optimization processing method of SM2 and transformation method of super book fabric platform

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700637A (en) * 2005-05-18 2005-11-23 上海迪申电子科技有限责任公司 A novel elliptic curve password coprocessor
CN101782845A (en) * 2009-01-20 2010-07-21 北京华大信安科技有限公司 High speed arithmetic device and method of elliptic curve code
CN105099672A (en) * 2015-08-04 2015-11-25 东南大学 Hybrid encryption method and device for realizing the same
CN105574269A (en) * 2015-12-16 2016-05-11 青岛大学 Design verification method of special instruction processor
EP3099003A1 (en) * 2015-05-28 2016-11-30 Nxp B.V. Efficient key derivation with forward secrecy
CN107425968A (en) * 2017-06-22 2017-12-01 广东工业大学 A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system
CN108964899A (en) * 2018-07-01 2018-12-07 刘兴丹 A kind of method, apparatus of dynamic formula and the timing Encryption Algorithm of more synchronous dynamic passwords

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700637A (en) * 2005-05-18 2005-11-23 上海迪申电子科技有限责任公司 A novel elliptic curve password coprocessor
CN101782845A (en) * 2009-01-20 2010-07-21 北京华大信安科技有限公司 High speed arithmetic device and method of elliptic curve code
EP3099003A1 (en) * 2015-05-28 2016-11-30 Nxp B.V. Efficient key derivation with forward secrecy
CN105099672A (en) * 2015-08-04 2015-11-25 东南大学 Hybrid encryption method and device for realizing the same
CN105574269A (en) * 2015-12-16 2016-05-11 青岛大学 Design verification method of special instruction processor
CN107425968A (en) * 2017-06-22 2017-12-01 广东工业大学 A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system
CN108964899A (en) * 2018-07-01 2018-12-07 刘兴丹 A kind of method, apparatus of dynamic formula and the timing Encryption Algorithm of more synchronous dynamic passwords

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LAZYING_BIRD: "谈谈异或加密", 《HTTPS://BLOG.CSDN.NET/A_FLYING_BIRD/ARTICLE/DETAILS/38443945》 *
张焕国,唐明: "《密码学引论》", 30 November 2015, 《武汉大学出版社》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547199B (en) * 2018-11-19 2021-07-02 武汉大学 Method for generating SM2 digital signature by combining multiple parties
CN109547199A (en) * 2018-11-19 2019-03-29 武汉大学 A kind of method that multi-party joint generates SM2 digital signature
CN110022210A (en) * 2019-03-28 2019-07-16 思力科(深圳)电子科技有限公司 Signature sign test method, signature end and sign test end based on elliptic curve cipher
CN110022210B (en) * 2019-03-28 2022-03-15 思力科(深圳)电子科技有限公司 Signature verification method based on elliptic curve password, signature end and signature verification end
CN110336674A (en) * 2019-06-21 2019-10-15 矩阵元技术(深圳)有限公司 Data processing method, device, computer equipment and storage medium
CN110336674B (en) * 2019-06-21 2022-06-24 矩阵元技术(深圳)有限公司 Range proving method, range proving device, computer equipment and storage medium
CN110365481A (en) * 2019-07-04 2019-10-22 上海交通大学 The optimization of the close SM2 algorithm of state is accelerated to realize system and method
CN111147250A (en) * 2019-12-18 2020-05-12 北京江南天安科技有限公司 Digital signature method, device, sending end, receiving end and system
CN112134704A (en) * 2020-09-21 2020-12-25 中国电子科技网络信息安全有限公司 Sm2 performance optimization implementing method
CN112491560A (en) * 2020-12-11 2021-03-12 武汉大学 SM2 digital signature method and medium supporting batch verification
CN112632475A (en) * 2020-12-30 2021-04-09 郑州轻工业大学 Picture copyright protection system and method based on state password and picture steganography
CN112632475B (en) * 2020-12-30 2024-03-29 郑州轻工业大学 Picture copyright protection system and method based on national password and picture steganography
CN113055189A (en) * 2021-06-02 2021-06-29 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113158176A (en) * 2021-06-02 2021-07-23 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature
CN113055189B (en) * 2021-06-02 2021-08-10 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113158176B (en) * 2021-06-02 2022-08-02 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature
CN114205085A (en) * 2021-12-03 2022-03-18 东北大学 Optimization processing method of SM2 and transformation method of super book fabric platform

Also Published As

Publication number Publication date
CN108667623B (en) 2021-10-19

Similar Documents

Publication Publication Date Title
CN108667623A (en) A kind of SM2 ellipse curve signatures verification algorithm
CN107483212B (en) Method for generating digital signature by cooperation of two parties
CN108667626A (en) The two sides cooperation SM2 endorsement methods of safety
CN109818730B (en) Blind signature acquisition method and device and server
CN108768652A (en) It is a kind of can the attack of anti-quantum alliance's block chain bottom encryption method
CN107360002B (en) Application method of digital certificate
CN108494559B (en) Electronic contract signing method based on semi-trusted third party
Zhang et al. The Improvement of digital signature algorithm based on elliptic curve cryptography
CN103701598A (en) SM2 signature algorithm-based double-check signature method and digital signature equipment
CN111447065B (en) Active and safe SM2 digital signature two-party generation method
CN113676333A (en) Method for generating SM2 blind signature through cooperation of two parties
CN109687977A (en) Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys
CN110417555A (en) A kind of safe encryption method and system of personal electric signature
US20150006900A1 (en) Signature protocol
CN103220146A (en) Zero knowledge digital signature method based on multivariate public key cryptosystem
CN116349203A (en) Identifying denial of service attacks
Saepulrohman et al. Data integrity and security of digital signatures on electronic systems using the digital signature algorithm (DSA)
Shankar et al. Improved Multisignature Scheme for Authenticity of Digital Document in Digital Forensics Using Edward‐Curve Digital Signature Algorithm
CN112511314B (en) Recoverable message blind signature generation method based on identity
CN111147240B (en) Privacy protection method and system with traceability
CN110278073B (en) Group digital signature and verification method, and equipment and device thereof
CN112837064B (en) Signature method, signature verification method and signature verification device for alliance chain
Ghofar et al. Digital signature based on PlayGamal algorithm
CN114520728B (en) Distributed anonymous marking method and system
CN112131613B (en) Mask operation method and device for SM2 algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant