CN108768634B - Verifiable cryptographic signature generation method and system - Google Patents

Verifiable cryptographic signature generation method and system Download PDF

Info

Publication number
CN108768634B
CN108768634B CN201810538636.XA CN201810538636A CN108768634B CN 108768634 B CN108768634 B CN 108768634B CN 201810538636 A CN201810538636 A CN 201810538636A CN 108768634 B CN108768634 B CN 108768634B
Authority
CN
China
Prior art keywords
signature
participant
private key
verification
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810538636.XA
Other languages
Chinese (zh)
Other versions
CN108768634A (en
Inventor
卢伟龙
张永强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shuan Times Technology Co ltd
Original Assignee
Shuan Times Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shuan Times Technology Co ltd filed Critical Shuan Times Technology Co ltd
Priority to CN201810538636.XA priority Critical patent/CN108768634B/en
Publication of CN108768634A publication Critical patent/CN108768634A/en
Application granted granted Critical
Publication of CN108768634B publication Critical patent/CN108768634B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a verifiable encrypted signature generation method and a verifiable encrypted signature generation system, wherein the method comprises the following steps: n participants P1,P2……,Pn. The participant appoints an identity ID according to a predetermined rule; the n participants then participate in turn in the generation of a verifiable cryptographic signature in the form of a ring. The invention generates verifiable encrypted signature by multiple parties on the premise of not revealing respective private key shares, thereby ensuring the safety of the generated verifiable encrypted signature.

Description

Verifiable cryptographic signature generation method and system
Technical Field
The invention relates to the technical field of cryptography and information security, in particular to a verifiable encrypted signature generation method and a verifiable encrypted signature generation system.
Background
Verifiable cryptographic signatures are a core tool for solving the problem of fair exchange, and the technology is a research hotspot of the current privacy signature verification technology. With the development of distributed technologies such as cloud computing and block chaining, key generation also has a new application scenario, and participating parties need to agree on a private key secretly and jointly. In such application scenarios, security for generating a verifiable cryptographic signature is particularly important.
In the prior art, participants need to agree with a complete private key in advance, for each party, the complete private key is divided and then stored, and the share of each private key is difficult to keep secret, so that the private key is easy to leak, and the security of the generated verifiable encrypted signature is influenced.
Disclosure of Invention
Therefore, it is necessary to provide a verifiable cryptographic signature generation method and system for solving the above-mentioned problem affecting the security of the generated verifiable cryptographic signature, so as to generate verifiable cryptographic signatures together without revealing private key shares, thereby improving the security.
A verifiable cryptographic signature generation method, comprising:
the participant P1 generates a decryption private key, performs agreed signature key segmentation with the participants P2 and P3 … Pn, agrees with the participants P2 and P3 … Pn to obtain a public key, and generates a certificate according to the public key; participants P1, P2 … Pn hold private key shares d respectively1、d2、…dnThe private key index d ═ d1+d2+……dn
The participant P1 calculates an encrypted public key according to the decrypted private key, performs appointed binding according to the encrypted public key, the public key and the ID, and sends the bound key to the participant P2;
participants P2, P3 … Pn according to private key share d2、d3…dnSequentially carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, sending the partial signature value capable of verifying the encrypted signature to the participant P1 by the Pn, and synthesizing a complete signature value capable of verifying the encrypted signature by the participant P1 according to the signature result, the binding result and the partial signature value;
the participant P1 performs signature verification on the complete signature value, and executes the next step after the signature verification is passed;
and the participant P1 recovers a legal signature according to the decryption private key and the complete signature value.
A verifiable cryptographic signature generation system, comprising:
the initialization module is used for executing the steps that the participant P1 generates a decryption private key, the signature key division agreed with the participants P2 and P3 … Pn and the public key agreed with the participants P2 and P3 … Pn are carried out, and a certificate is generated according to the public key; participants P1, P2 … Pn hold private key shares d respectively1、d2、…dnThe private key index d ═ d1+d2+……dn
The registration module is used for executing the steps that the participant P1 calculates an encrypted public key according to the decrypted private key, performs appointed binding according to the encrypted public key, the public key and the identity ID and sends the bound to the participant P2;
a signing module for executing the participants P2, P3 … Pn according to the private key share d2、d3…dnSequentially carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, sending the partial signature value capable of verifying the encrypted signature to a party P1 by Pn, and participating inA step in which the party P1 synthesizes a complete signature value that can verify the encrypted signature from the signature result, the binding result, and the partial signature value;
the verification module is used for executing the step of signature verification of the complete signature value by the participant P1 and executing the step of the recovery module after the signature verification is passed;
and the recovery module is used for executing the step that the participant P1 recovers the signature according to the decryption private key and the complete signature value.
The method and the system for generating the verifiable encrypted signature introduce a distributed thought based on the application of a verifiable encrypted signature generation technology, and sequentially participate in the generation process of the verifiable encrypted signature in a ring form on the premise of not revealing respective private key shares, so that the safety of the generated verifiable encrypted signature is ensured; the distributed verifiable encryption signature generation scheme is easy to implement, high in safety, capable of being simply deployed in a mature fair exchange platform and high in transportability.
A verifiable cryptographic signature generation method, comprising:
the participant P1 generates its decryption private key, performs agreed signature key segmentation with the participant P2, and agrees with the participant P2 for a public key, and generates a certificate according to the public key; wherein participant P1 holds private key share dAParticipant P2 holds private key share dBThe private key index d ═ dA+dB
The participant P1 calculates an encrypted public key according to the decrypted private key, performs agreed binding according to the encrypted public key, the public key and the identity of the participant P2, and sends the bound to the participant P2;
participant P2 based on private key share dBCarrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P1; participant P1 based on private key share dACarrying out partial signature on the document to be signed, and synthesizing a complete signature value capable of verifying the encrypted signature according to the signature result, the binding result and the partial signature value;
the participant P1 performs signature verification on the complete signature value, and executes the next step after the signature verification is passed;
and the participant P1 recovers a legal signature according to the decryption private key and the complete signature value.
A verifiable cryptographic signature generation system, comprising:
the initialization module is used for the participant P1 to generate a decryption private key, to carry out agreed signature key segmentation with the participant P2, to agree with the participant P2 to generate a public key, and to generate a certificate according to the public key; wherein participant P1 holds private key share dAParticipant P2 holds private key share dBThe private key index d ═ dA+dB
The registration module is used for executing the steps that the participant P1 calculates an encrypted public key according to the decrypted private key, performs agreed binding according to the encrypted public key, the public key and the identity of the participant P2 and sends the bound key to the participant P2;
a signing module for executing a participant P2 according to private key share dBCarrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P1; participant P1 based on private key share dAA step of partially signing the document to be signed, and synthesizing a complete signature value capable of verifying the encrypted signature according to the signature result, the binding result and the partial signature value;
the verification module is used for executing the step of signature verification of the complete signature value by the participant P1 and executing the step of the recovery module after the signature verification is passed;
and the recovery module is used for executing the step that the participant P1 recovers the legal signature according to the decryption private key and the complete signature value.
The verifiable encryption signature generation method and the verifiable encryption signature generation system introduce a distributed thought based on the application of a verifiable encryption signature generation technology, and under the premise of not revealing respective private key shares, a plurality of parties participate in jointly generating the verifiable encryption signature to ensure the safety of the generated verifiable encryption signature; the distributed verifiable encryption signature generation scheme is easy to implement, high in safety, capable of being simply deployed in a mature fair exchange platform and high in transportability.
Drawings
FIG. 1 is a flow diagram of a verifiable cryptographic signature generation method of an embodiment;
FIG. 2 is a block diagram of a verifiable cryptographic signature generation system, according to an embodiment;
FIG. 3 is a flow diagram of a verifiable cryptographic signature generation method of another embodiment;
fig. 4 is a schematic structural diagram of a verifiable cryptographic signature generation system according to another embodiment.
Detailed Description
Embodiments of the verifiable cryptographic signature generation methods and systems of the present invention are described below with reference to the accompanying drawings.
In the following embodiments, a scenario is considered in which multiple parties cooperate to generate a verifiable cryptographic signature. Suppose there are n participants P1,P2……,PnAnd n is greater than 2. Participants P1 and P2 … Pn respectively correspond to an identity ID1, … … and IDn; the n participants then participate in turn in the generation of a verifiable cryptographic signature in the form of a ring. Of course, in practical applications, the participant P2……,PnA group tag may also be agreed to as a common identification ID.
Referring to fig. 1, fig. 1 is a flow chart of a verifiable cryptographic signature generation method of an embodiment, including:
step S110: the participant P1 generates a decryption private key, performs agreed signature key segmentation with the participants P2 and P3 … Pn, agrees with the participants P2 and P3 … Pn to obtain a public key, and generates a certificate according to the public key; participants P1, P2 … Pn hold private key shares d respectively1、d2、…dnThe private key index d ═ d1+d2+……dn
In this process, n participants P1, … …, Pn perform agreed signing key splitting, and the agreed manner includes but is not limited to:
1) one party executes a standard RSA key generation algorithm to generate a complete private key p, q and d, and performs addition division on the complete private key into n parts as private key shares of all participants;
2) executing a secure multi-party RSA key generation protocol to enable all parties to obtain respective private key shares;
the above step S110 belongs to an initialization stage capable of verifying generation of the encrypted signature;
as an embodiment, in the initialization stage, the following steps may be specifically included:
participant P1Generating decryption private keys x, N participants, namely participants P1, P2 … Pn, commonly agree to a public key (e, N), and generating an RSA certificate Cert (e, N) according to the public key (e, N); wherein e represents the public key exponent in the RSA public key cryptosystem, and N represents the RSA modulus.
Step S120: the participant P1 calculates an encrypted public key according to the decrypted private key, performs agreed binding according to the encrypted public key, the public key and the ID, and sends the bound to the participant P2.
The step S120 belongs to a registration stage for generating a verifiable cryptographic signature;
in one embodiment, the participant P1 generates basic parameters of the cryptosystem, and calculates an encrypted public key according to the basic parameters of the cryptosystem; and carrying out agreed binding on the agreed public key, the basic parameter of the password system, the ID and the encrypted public key.
As an embodiment, in the registration phase, the following steps may be specifically included:
(1) participant P1Selecting random numbers
Figure BDA0001678747580000061
Calculating basic parameters of cryptosystem
Figure BDA0001678747580000062
In the formula (I), the compound is shown in the specification,
Figure BDA0001678747580000063
represents an integer group ZnA group consisting of elements which are related to n,
Figure BDA0001678747580000064
representative elements
Figure BDA0001678747580000065
Taking a square operation and then taking a modulus N operation;
(2) calculating the encryption public key y-g according to the basic parameters of the cryptosystemxmodN; wherein, gxThe mod N represents the element g, and the exponentiation x and the modulo N operation are performed;
(3) and carrying out agreed binding on the agreed public key (e, N), the basic parameter g of the cryptosystem, the group identity ID and the encryption public key y, wherein the binding mode comprises but is not limited to:
1) packaging the four parameters into XML or JSON format data files;
2) packaging the four parameters into an integrity certificate CerdCert (g, y, ID (e, N)); the integrity certificate is a digital carrier binding identity information and specific parameters, can be represented as a standard X509 digital certificate, and can also be in a manufacturer-defined format;
after the binding mode is executed, a corresponding binding result can be obtained; wherein ID is participant P2……,PnThe group identity of (2).
Step S130: participants P2, P3 … Pn according to private key share d2、d3…dnAnd sequentially carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, sending the partial signature value capable of verifying the encrypted signature to the participant P1 by the Pn, and synthesizing a complete signature value capable of verifying the encrypted signature by the participant P1 according to the signature result, the binding result and the partial signature value.
In an embodiment, the step S130 may specifically include the following steps:
participant P2 based on private key share d2Carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P3; participant P3 based on private key share d3Partially signing the document to be signed, … …, and so on, up to PnAccording to private key share dnAnd carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P1.
The step S130 belongs to a signing stage capable of verifying generation of the encrypted signature; as an embodiment, in the signing phase, the following steps may be specifically included:
(1) participant P2According to the held private key share d2Partially signing a document m to be signed
Figure BDA0001678747580000071
Wherein the content of the first and second substances,
Figure BDA0001678747580000074
the document m is used as input, the Hash function H operation is carried out to obtain an abstract value H (m), and d is taken out2Performing power operation and then performing modulo N operation;
(2) participant P2According to the signature result s2Calculating partial signature value VES (K) of verifiable encrypted signature (such as integrity certificate Cerdcert (g, y, ID, (e, N)))1,2,K2,c,s);
Figure BDA0001678747580000072
K2=grmodN
c=H(m||yer||gr||ye||g||(ye)t||gt)
s=t-cr
Wherein t, r are random numbers selected arbitrarily;
Figure BDA0001678747580000073
representing the element s2After squaring operation, multiplying, performing exponentiation r operation on an element y, and then performing modulo N operation; grmod N represents that after the element g is subjected to exponentiation r operation, modulo N operation is performed; h (m | | y)er||gr||ye||g||(ye)t||gt) Representing elements y connected by document merConnecting element grConnecting element yeConnecting element g connecting element (y)e)tConnecting element gtAnd taking the abstract value obtained by the operation of the hash function H as input.
(3) Participant P2Partial signature value VES (K)1,2,K2C, s) to the participant P3
(4) Participant P3According to private key share d3Partially signing a document m to be signed
Figure BDA0001678747580000081
Wherein the content of the first and second substances,
Figure BDA0001678747580000082
the method comprises taking document m as input, performing hash function H operation to obtain abstract value H (m), and exponentiating d3Performing operation, and then performing modulo N operation;
(5) participant P3According to the signature result s3A binding result (e.g. integrity certificate cert (g, y, ID, (e, N))) and a partial signature value VES (K)1,2,K2C, s) calculating a signature parameter K1,3
Figure BDA0001678747580000083
Wherein the content of the first and second substances,
Figure BDA0001678747580000084
represents s3Squared and multiplied by element K1,2
(6) Participant P3Partial signature value VES (K)1,3,K2C, s) to the participant P4
……
By the way of analogy, the method can be used,
……
(7) participant Pn-1Partial signature value VES (K)1,n-1,K2C, s) to the participant Pn
(8) Participant PnAccording to private key share dnPartially signing a document m to be signed
Figure BDA0001678747580000085
Wherein the content of the first and second substances,
Figure BDA0001678747580000086
the method comprises taking document m as input, performing hash function H operation to obtain abstract value H (m), and exponentiating dnPerforming operation, and then performing modulo N operation;
(9) participant PnAccording to the signature result snA binding result (e.g. integrity certificate cert (g, y, ID, (e, N))) and a partial signature value VES (K)1,n-1,K2C, s) calculating a signature parameter K1,n
Figure BDA0001678747580000087
Wherein the content of the first and second substances,
Figure BDA0001678747580000088
represents snSquared and multiplied by element K1,n-1
(10) Participant PnPartial signature value VES (K)1,n,K2C, s) to the participant P1
(11) Participant P1According to private key share d1Partially signing a document m to be signed
Figure BDA0001678747580000089
Wherein the content of the first and second substances,
Figure BDA0001678747580000091
the method comprises taking document m as input, performing hash function H operation to obtain abstract value H (m), and exponentiating d1Performing operation, and then performing modulo N operation;
(12) participant P1According to the signature result s1A binding result (e.g. integrity certificate cert (g, y, ID, (e, N))) and a partial signature value VES (K)1,n,K2C, s) calculating a signature parameter K1
Figure BDA0001678747580000092
Wherein the content of the first and second substances,
Figure BDA0001678747580000093
represents s1Squared and multiplied by element K1,n
(13) Participant P1According to the signature parameter K1And a partial signature value VES (K)1,n,K2,c,s) Synthesizing a complete signature value VES (K) of a verifiable cryptographic signature1,K2,c,s)。
Step S140: the participant P1 performs signature verification on the full signature value, and after the signature verification passes, performs the next step S150.
The step S140 belongs to a verification stage capable of verifying the generation of the encrypted signature; as an embodiment, in the verification stage, the following steps may be specifically included:
(1) participant P1Based on the complete signature value VES (K)1,K2C, s) calculating the verification parameter W ═ K1)eH(m)- 2modN, wherein (K)1)eH(m)-2mod N denotes the element K1Multiplying the result by the exponentiation e, taking the document m as an input, obtaining an abstract result H (m) through Hash operation H, exponentiating-2, and then modulus N;
(2) calculating a first verification factor c' according to the verification parameter W; c ═ H (m | | | W | | | K)2||ye||g||(ye)sWc||gs(K2)c)
Wherein c ═ H (m | | W | | | K)2||ye||g||(ye)sWc||gs(K2)c) Representing by documentm connecting element W connecting element K2Connecting element yeConnecting element g connecting element (y)e)sWcConnecting element gs(K2)cThe method comprises the steps of calculating by a Hash function H to obtain an abstract value as input;
(3) using the complete signature value VES (K)1,K2And c, s) and a first verification factor c 'perform signature verification, if c is equal to c' and verification is passed, the next step is executed, otherwise, the process is ended.
Step S150: and the participant P1 recovers a legal signature according to the decryption private key and the complete signature value.
In one embodiment, the participant P1 calculates recovery parameters based on the agreed public key, recovers the signature shares based on the full signature value using the decrypted private key, and recovers the signature based on the recovery parameters and the signature shares.
The step S150 belongs to a recovery stage of verifiable encrypted signature generation; as an embodiment, in the recovery stage, the following steps may be specifically included:
(1) participant P1Calculating recovery parameters a and b according to an agreed public key (e, N), wherein coefficients a and b satisfy ea +2b ═ 1, that is, gcd (e,2) ═ 1; gcd (e,2) ═ 1 means that the greatest common divisor of e and 2 is 1, i.e., e and 2 are interdependent;
(2) using a decryption private key x and from the complete signature value VES (K)1,K2C, s) recovering the signature shares:
Figure BDA0001678747580000101
in the formula (I), the compound is shown in the specification,
Figure BDA0001678747580000102
represents the element K1Divided by, element K2To the x power of (a), H (m)2dRepresenting that a document m is used as input, and after the operation of a hash function H, the 2d power is taken;
(3) recovering RSA signature H (m) according to the recovery parameters a and b and the signature shared=H(m)aH(m)2db
An embodiment of a verifiable cryptographic signature generation system of the present invention is set forth below.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a verifiable cryptographic signature generation system according to an embodiment, including:
the initialization module 110 is used for executing the steps of generating a decryption private key by the participant P1, carrying out agreed signature key segmentation with the participants P2 and P3 … Pn, agreeing a public key with the participants P2 and P3 … Pn, and generating a certificate according to the public key; participants P1, P2 … Pn hold private key shares d respectively1、d2、…dnThe private key index d ═ d1+d2+……dn
The registration module 120 is configured to execute the steps that the participant P1 calculates an encrypted public key according to the decrypted private key, performs agreed binding according to the encrypted public key, the public key, and the ID, and sends the bound to the participant P2;
a signing module 130 for executing the participants P2, P3 … Pn according to the private key share d2、d3…dnSequentially carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, sending the partial signature value capable of verifying the encrypted signature to a participant P1 through Pn, and synthesizing a complete signature value capable of verifying the encrypted signature by the participant P1 according to the signature result, the binding result and the partial signature value;
the verification module 140 is configured to perform the steps of the participant P1 performing signature verification on the complete signature value, and after the signature verification passes, performing the step of the recovery module;
and the recovery module 150 is configured to perform a step of recovering the signature by the party P1 according to the decryption private key and the complete signature value.
The verifiable cryptographic signature generation system and the verifiable cryptographic signature generation method of the invention correspond to each other one to one, and the technical characteristics and the beneficial effects thereof described in the embodiment of the verifiable cryptographic signature generation method are all applicable to the embodiment of the verifiable cryptographic signature generation system, so that the claims are made.
In the above embodiment, where the cooperative generation of verifiable cryptographic signatures by multiple parties is based on an embodiment where n > 2, the multiple parties generation of verifiable cryptographic signatures is in the form of a ring structure. As another implementation, when n is 2, the participant P1,P2The scheme of sequentially participating in the generation process of the verifiable encrypted signature in the form of a ring is as follows:
referring to fig. 3, fig. 3 is a flow chart of a verifiable cryptographic signature generation method according to another embodiment, including:
s210: the participant P1 generates its decryption private key, performs agreed signature key segmentation with the participant P2, and agrees with the participant P2 for a public key, and generates a certificate according to the public key; wherein participant P1 holds private key share dAParticipant P2 holds private key share dBThe private key index d ═ dA+dB
In this process, the participant P1 performs agreed signature key splitting with the participant P2, and the agreed manner includes but is not limited to:
1) one party executes a standard RSA key generation algorithm to generate a complete private key p, q and d, and performs addition division on the complete private key into two parts;
2) executing a secure two-party RSA key generation protocol to enable each party to obtain respective private key shares;
then, appointing a public key with a participant P2, and generating an RSA certificate according to the public key; participant P1 holds private key share d after contracted signing key splitAParticipant P2 holds private key share dBThe private key index d ═ dA+dB
S220: the participant P1 calculates an encrypted public key according to the decrypted private key, performs agreed binding according to the encrypted public key, the public key and the identity of the participant P2, and sends the bound to the participant P2;
as an embodiment, the participant P1 generates basic parameters of the cryptosystem, and calculates an encryption public key according to the basic parameters of the cryptosystem; and carrying out agreed binding on the agreed public key, the basic parameters of the cryptosystem, the identity of the participant P2 and the encrypted public key.
S230: participant P2 based on private key share dBCarrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P1; participant P1 based on private key share dACarrying out partial signature on the document to be signed, and synthesizing a complete signature value capable of verifying the encrypted signature according to the signature result, the binding result and the partial signature value;
in one embodiment, participant P2 shares d according to the private key heldBCarrying out partial signature on the document to be signed; generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P1;
in one embodiment, participant P1 shares d according to the private keyAAnd carrying out partial signature on the document to be signed, and generating a complete signature value capable of verifying the encrypted signature according to the signature result, the binding result and the partial signature value.
S240: the participant P1 performs signature verification on the complete signature value, and executes the next step after the signature verification is passed;
in this step, the participant P1 performs signature verification on the complete signature value, and after the signature verification passes, executes the next step; if the verification fails, the signature verification process is terminated.
As an embodiment, the participant P1 calculates a verification parameter according to the complete signature value, calculates a verification factor according to the verification parameter, compares the verification factor with a corresponding verification factor in the complete signature value to verify the signature, if the verification passes, executes the next step, otherwise, ends.
S250: the participant P1 recovers a legal signature according to the decryption private key and the complete signature value;
in the step, a legal signature is restored according to the held decryption private key and the synthesized complete signature value, such as an RSA signature is restored;
in one embodiment, the participant P1 calculates recovery parameters based on the agreed public key, recovers the signature shares based on the full signature value using the decrypted private key, and recovers the signature based on the recovery parameters and the signature shares.
According to the technical scheme, based on the application of the verifiable encryption signature generation technology, a distributed thought is introduced, multiple parties participate in generating the verifiable encryption signature together on the premise of not revealing respective private key shares, and the safety of the generated verifiable encryption signature is ensured; the distributed verifiable encryption signature generation scheme is easy to implement, high in safety, capable of being simply deployed in a mature fair exchange platform and high in transportability.
In order to make the technical solution of the present invention clearer, the following further describes an implementation process of the verifiable cryptographic signature generation method with reference to the embodiment.
For step S210, it belongs to an initialization phase in which generation of the cryptographic signature can be verified;
in the initialization phase:
the participant P1 generates a decryption private key x thereof, the participant P1 agrees with the participant P2 to a public key (e, N), and generates an RSA certificate Cert (e, N) according to the public key (e, N); wherein e represents a public key index in an RSA public key cryptosystem, and N represents an RSA modulus;
for step S220, it belongs to a registration phase where the generation of the cryptographic signature can be verified;
in the registration phase:
(1) participant P1 selects a random number
Figure BDA0001678747580000141
Calculating basic parameters of cryptosystem
Figure BDA0001678747580000142
In the formula (I), the compound is shown in the specification,
Figure BDA0001678747580000143
represents an integer group ZnA group consisting of elements which are related to n,
Figure BDA0001678747580000144
representative elements
Figure BDA0001678747580000145
Taking a square operation and then taking a modulus N operation;
(2) calculating the encryption public key y-g according to the basic parameters of the cryptosystemxmodN; wherein, gxThe mod N represents the element g, and the exponentiation x and the modulo N operation are performed;
(3) binding the agreed public key (e, N), the basic parameter g of the cryptosystem, the identity ID and the encryption public key y in an agreed manner, wherein the binding manner comprises but is not limited to:
1) packaging the four parameters into XML or JSON format data files;
2) the four parameters are packaged into an integrity certificate Cerdcert (g, y, ID, (e, N)), and the integrity certificate is a digital carrier binding identity information and specific parameters, can be expressed as a standard X509 digital certificate, and can also be in a manufacturer-defined format;
after the binding mode is executed, a corresponding binding result can be obtained; where the ID is the identity of party P2.
For step S230, it belongs to the signing phase where the generation of the cryptographic signature can be verified;
in the signing phase:
(1) participant P2 based on the held private key share dBPartially signing a document m to be signed
Figure BDA0001678747580000146
Wherein the content of the first and second substances,
Figure BDA0001678747580000147
the document m is used as input, the Hash function H operation is carried out to obtain a result value H (m), and d is taken outBPerforming power operation and then performing modulo N operation;
(2) participant P2 based on signature result sBBinding results (e.g., integrity certificate cert (g, y, ID, (e, N))); computing a partial signature value VES (K) of a verifiable cryptographic signature1,B,K2,c,s);
Figure BDA0001678747580000151
K2=gr modN
c=H(m||yer||gr||ye||g||(ye)t||gt)
s=t-cr
Wherein r, t are random numbers chosen arbitrarily,
Figure BDA0001678747580000152
representing the element sBAfter squaring operation, multiplying, performing exponentiation r operation on an element y, and then performing modulo N operation; grmod N represents that after the element g is subjected to exponentiation r operation, modulo N operation is performed; h (m | | y)er||gr||ye||g||(ye)t||gt) Representing elements y connected by document merConnecting element grConnecting element yeConnecting element g connecting element (y)e)tConnecting element gtAs input, obtaining an abstract value after operation through a hash function H;
(3) participant P2 will partially sign the value VES (K)1,B,K2C, s) to participant P1;
(4) participant P1 based on private key share dAPartially signing a document m to be signed
Figure BDA0001678747580000153
Wherein the content of the first and second substances,
Figure BDA0001678747580000154
the expression takes a document m as input, carries out Hash function H operation to obtain a result value H (m), and then exponentiates dAPerforming operation, and then performing modulo N operation;
(5) participant P1 based on signature result sABinding results (e.g., trustCert (g, y, ID, (e, N))) and partial signature value VES (K)1,B,K2C, s) calculating a signature parameter K1
Figure BDA0001678747580000155
Wherein the content of the first and second substances,
Figure BDA0001678747580000156
represents sATaking the square, multiplying by sBTaking the square;
(6) participant P1 based on signature parameter K1And a partial signature value VES (K)1,B,K2C, s) synthesizing a complete signature value VES (K) that can verify the cryptographic signature1,K2,c,s)。
For step S240, it belongs to a verification phase in which the generation of the cryptographic signature can be verified;
in the verification phase:
(1) participant P1 based on the full signature value VES (K)1,K2C, s) calculating the verification parameter W ═ K1)eH(m)- 2modN, wherein (K)1)eH(m)-2mod N denotes the element K1Performing exponentiation e operation, multiplying, taking the document m as input, obtaining a result H (m) by performing Hash operation H, (m) performing exponentiation-2, and then performing modulo N;
(2) calculating a first verification factor c' according to the verification parameter W; c ═ H (m | | | W | | | K)2||ye||g||(ye)sWc||gs(K2)c)
Wherein c ═ H (m | | W | | | K)2||ye||g||(ye)sWc||gs(K2)c) Representing the connection of elements K with document m connecting elements W2Connecting element yeConnecting element g connecting element (y)e)sWcConnecting element gs(K2)cThe result value is obtained after the operation of a Hash function H for input;
(3) using the complete signature value VES (K)1,K2And c, s) and a first verification factor c 'perform signature verification, if c is equal to c' and verification is passed, the next step is executed, otherwise, the process is ended.
For step S250, it belongs to a recovery phase in which the generation of the cryptographic signature can be verified;
in the recovery phase:
(1) the participant P1 calculates the recovery parameters a, b from the agreed public key (e, N), where the coefficients a and b satisfy ea +2b ═ 1, since gcd (e,2) ═ 1; gcd (e,2) ═ 1 means that the greatest common divisor of e and 2 is 1, i.e., e and 2 are interdependent;
(2) using a decryption private key x and from the complete signature value VES (K)1,K2C, s) recovering the signature shares:
Figure BDA0001678747580000161
in the formula (I), the compound is shown in the specification,
Figure BDA0001678747580000162
represents the element K1Divided by, element K2To the x power of (a), H (m)2dRepresenting the abstract value which is obtained by taking a document m as input and operating through a hash function H, and then taking the 2d power;
(3) recovering RSA signature H (m) according to the recovery parameters a and b and the signature shared=H(m)aH(m)2db
By combining the scheme of the embodiment, on the basis of the traditional verifiable encryption signature generation technology, a distributed thought is introduced, and the generation of the verifiable encryption signature by the participation of multiple parties is realized; compared with the prior art, the invention has the following advantages:
the method is easy to implement, high in safety, capable of being simply deployed in a mature fair exchange platform and high in transportability.
An embodiment of a verifiable cryptographic signature generation system of the present invention is set forth below.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a verifiable cryptographic signature generation system according to another embodiment, including:
an initialization module 10 for executing the participant P1 to generate its decryption private key, the signature key splitting agreed with the participant P2, and the agreement of the public key with the participant P2, and generating the certificate according to the public keyA step (2); wherein participant P1 holds private key share dAParticipant P2 holds private key share dBThe private key index d ═ dA+dB
The registration module 20 is configured to execute the steps that the participant P1 calculates an encrypted public key according to the decryption private key, performs agreed binding according to the encrypted public key, the public key, and the id of the participant P2, and sends the bound key to the participant P2;
as an embodiment, when the registration module 20 performs the above steps, it may be specifically configured to execute the participant P1 to generate a basic parameter of a cryptosystem, and calculate an encryption public key according to the basic parameter of the cryptosystem; and binding the agreed public key, the basic parameter of the cryptosystem, the identity of the participant P2 and the encrypted public key.
A signing module 30 for executing a participant P2 according to private key share dBCarrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P1; participant P1 based on private key share dAA step of partially signing the document to be signed, and synthesizing a complete signature value capable of verifying the encrypted signature according to the signature result, the binding result and the partial signature value;
optionally, the signing module 30, when performing the above steps, may be specifically configured to execute the participant P2 according to the held private key share dBCarrying out partial signature on the document to be signed; generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P1; and participant P1 based on private key share dAAnd carrying out partial signature on the document to be signed, and generating a complete signature value capable of verifying the encrypted signature according to the signature result, the binding result and the partial signature value.
The verification module 40 is used for executing the steps of signature verification of the complete signature value by the participant P1 and executing the steps of a recovery module after the signature verification is passed;
in an embodiment, when the verification module 40 performs the above steps, it may be specifically configured to perform the step of calculating a verification parameter according to the complete signature value by the participant P1, calculating a verification factor according to the verification parameter, comparing the verification factor with a corresponding verification factor in the complete signature value, and performing signature verification, if the verification passes, the step of executing the recovery module 50, otherwise, ending the step.
A recovery module 50, configured to perform a step of recovering, by the party P1, a signature according to the decryption private key and the complete signature value;
in an embodiment, when the recovery module 50 performs the above steps, it may be specifically configured to perform the steps of the participant P1 calculating a recovery parameter according to an agreed public key, recovering a signature share according to the complete signature value by using a decrypted private key, and recovering a signature according to the recovery parameter and the signature share.
The verifiable cryptographic signature generation system and the verifiable cryptographic signature generation method of the invention correspond to each other one to one, and the technical characteristics and the beneficial effects thereof described in the embodiment of the verifiable cryptographic signature generation method are all applicable to the embodiment of the verifiable cryptographic signature generation system, so that the claims are made.
The invention considers the feasibility of the scheme from the engineering realization angle, introduces new tools at least, connects the existing key generation scheme at the widest, uses the existing large number library to realize the most simply and conveniently, and has obvious practicability; the half-homomorphism property of the ElGamal algorithm can be used only, and a high-consumption tool such as bilinear pairings is not additionally introduced, so that the scheme has high efficiency; the used key is based on the key generated in the agreed signature key segmentation scheme, and the agreed signature key segmentation scheme is not specifically specified and can be in butt joint with the scheme; based on basic operation in the theory of numbers, the method is convenient to realize by using various computer languages.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (11)

1. A verifiable cryptographic signature generation method, comprising:
an initialization stage: the participant P1 generates a decryption private key, performs agreed signature key segmentation with the participants P2 and P3 … Pn, agrees with the participants P2 and P3 … Pn to obtain a public key, and generates a certificate according to the public key; participants P1, P2 … Pn hold private key shares d respectively1、d2、…dnThe private key index d ═ d1+d2+……dn
A registration stage: the participant P1 calculates an encrypted public key according to the decrypted private key, performs appointed binding according to the encrypted public key, the public key and the ID, and sends the bound key to the participant P2;
and a signing stage: participants P2, P3 … Pn according to private key share d2、d3…dnSequentially carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, sending the partial signature value capable of verifying the encrypted signature to the participant P1 by the Pn, and synthesizing a complete signature value capable of verifying the encrypted signature by the participant P1 according to the signature result, the binding result and the partial signature value;
a verification stage: the participant P1 performs signature verification on the complete signature value, and executes the next step after the signature verification is passed;
and (3) a recovery stage: and the participant P1 recovers a legal signature according to the decryption private key and the complete signature value.
2. A verifiable cryptographic signature generation method as in claim 1, said method further comprising: the participant P1 generates cryptosystem basic parameters, which are used to calculate the encrypted public key.
3. The verifiable cryptographic signature generation method of claim 1, wherein the participants P2, P3 … Pn are based on private key share d2、d3…dnThe steps of sequentially carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value capable of verifying the encrypted signature to the party P1 by Pn include:
participant P2 based on private key share d2Carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P3; participant P3 based on private key share d3Partially signing the document to be signed, … …, and so on until Pn shares d according to the private keynAnd carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P1.
4. The verifiable cryptographic signature generation method of claim 1, wherein the party P1 calculates recovery parameters based on the agreed public key, recovers the signature share based on the full signature value using the decrypted private key, and recovers the signature based on the recovery parameters and the signature share.
5. A verifiable cryptographic signature generation method according to any of claims 1 to 4, characterized in that in the initialization phase:
the participant P1 generates a decryption private key, n participants agree with a public key together, and generate a corresponding RSA certificate according to the public key;
and/or
In the registration phase:
(1) the participant P1 calculates the basic parameters of the cryptosystem;
(2) calculating an encryption public key according to the basic parameters of the cryptosystem;
(3) binding the agreed public key, the basic parameter of the cryptosystem, the identity mark and the encrypted public key in an agreed manner, and obtaining a corresponding binding result;
and/or
In the signing phase:
(1) participant P2 based on the held private key share d2Carrying out partial signature on the document m to be signed;
(2) the participant P2 calculates the partial signature value VES of verifiable encrypted signature according to the signature result and the binding result2
(3) Participant P2 signs the partial signature value VES2Sent to participant P3;
(4) participant P3 based on private key share d3Carrying out partial signature on the document m to be signed;
(5) the participant P3 uses the signature result, the binding result, and the partial signature value VES according to the description thereof2Calculating its signature parameters and filling them in VES2In (1), a partial signature value VES is obtained3
(6) Participant P3 signs the partial signature value VES3Sent to participant P4;
……
by the way of analogy, the method can be used,
……
(7) participant Pn-1 will partially sign value VESn-1Sending the data to a participant Pn;
(8) participant Pn shares d according to the private keynCarrying out partial signature on the document m to be signed;
(9) the participator Pn according to the signature result, the binding result and the partial signature value VESn-1Calculating its signature parameters and filling them in VESn-1In (1), a partial signature value VES is obtainedn
(10) Participant Pn will partially sign value VESnSent to participant P1;
(11) participant P1 based on private key share d1Carrying out partial signature on the document m to be signed;
(12) participant P1 based on its described signature result, binding result and portionPartial signature value VESnCalculating the signature parameters of the signature;
(13) the participant P1 uses the signature parameters and partial signature values VES according to itnSynthesizing a complete signature value VES of the verifiable encrypted signature;
and/or
In the verification phase:
(1) the participant P1 calculates a verification parameter according to the complete signature value VES;
(2) calculating a first verification factor according to the verification parameter;
(3) carrying out signature verification by using a first verification factor in the complete signature value VES and the calculated first verification factor, if the two verification factors are matched with each other, passing the verification, executing the next step, and if not, ending the step;
and/or
In the recovery phase:
(1) the participant P1 calculates recovery parameters according to the agreed public key;
(2) recovering a signature share by using a decryption private key according to the complete signature value VES;
(3) and recovering the RSA signature according to the recovery parameters and the signature share.
6. A verifiable cryptographic signature generation method, comprising:
an initialization stage: the participant P1 generates its decryption private key, performs agreed signature key segmentation with the participant P2, and agrees with the participant P2 for a public key, and generates a certificate according to the public key; wherein participant P1 holds private key share dAParticipant P2 holds private key share dBThe private key index d ═ dA+dB
A registration stage: the participant P1 calculates an encrypted public key according to the decrypted private key, performs agreed binding according to the encrypted public key, the public key and the identity of the participant P2, and sends the bound to the participant P2;
and a signing stage: participant P2 based on private key share dBPartially signing the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, andsent to participant P1; participant P1 based on private key share dACarrying out partial signature on the document to be signed, and synthesizing a complete signature value capable of verifying the encrypted signature according to the signature result, the binding result and the partial signature value;
a verification stage: the participant P1 performs signature verification on the complete signature value, and executes the next step after the signature verification is passed;
and (3) a recovery stage: and the participant P1 recovers a legal signature according to the decryption private key and the complete signature value.
7. The verifiable cryptographic signature generation method of claim 6, said method further comprising: the party P1 generates cryptosystem basic parameters, which are used to calculate the encrypted public key.
8. The verifiable cryptographic signature generation method of claim 6, wherein the step of party P1 signature verification of said verifiable cryptographic signature value comprises:
and the participant P1 calculates a verification parameter according to the complete signature value, calculates a verification factor according to the verification parameter, compares the verification factor with a corresponding verification factor in the complete signature value to verify the signature, executes the next step if the verification is passed, and ends otherwise.
9. A verifiable cryptographic signature generation method according to any of claims 6 to 8, characterized in that in the initialization phase:
the participant P1 generates a decryption private key, the participant P1 and the participant P2 agree on a public key, and a corresponding RSA certificate is generated according to the public key;
and/or
In the registration phase:
(1) the participant P1 calculates the basic parameters of the cryptosystem;
(2) calculating an encryption public key according to the basic parameters of the cryptosystem;
(3) binding the agreed public key, the basic parameter of the cryptosystem, the identity mark and the encrypted public key in an agreed manner, and obtaining a corresponding binding result; wherein the identity is the identity of the participant P2;
and/or
In the signing phase:
(1) participant P2 based on the held private key share dBCarrying out partial signature on the document m to be signed;
(2) the participant P2 calculates the partial signature value VES of verifiable encrypted signature according to the signature result and the binding resultB
(3) Participant P2 signs the partial signature value VESBSent to participant P1;
(4) participant P1 based on private key share dACarrying out partial signature on the document m to be signed;
(5) the participant P1 uses the signature result, the binding result, and the partial signature value VES according to the description thereofBCalculating the signature parameters of the signature;
(6) the participant P1 uses the signature parameters and partial signature values VES according to itBSynthesizing a complete signature value VES of the verifiable encrypted signature;
and/or
In the verification phase:
(1) the participant P1 calculates a verification parameter according to the complete signature value VES;
(2) calculating a first verification factor according to the verification parameter;
(3) carrying out signature verification by using a first verification factor in the complete signature value VES and the calculated first verification factor, if the two verification factors are matched with each other, passing the verification, executing the next step, and if not, ending the step;
and/or
In the recovery phase:
(1) the participant P1 calculates recovery parameters according to the agreed public key;
(2) recovering a signature share by using a decryption private key according to the complete signature value VES;
(3) and recovering the RSA signature according to the recovery parameters and the signature share.
10. A verifiable cryptographic signature generation system, comprising:
the initialization module is used for executing the steps that the participant P1 generates a decryption private key, the signature key division agreed with the participants P2 and P3 … Pn and the public key agreed with the participants P2 and P3 … Pn are carried out, and a certificate is generated according to the public key; participants P1, P2 … Pn hold private key shares d respectively1、d2、…dnThe private key index d ═ d1+d2+……dn
The registration module is used for executing the steps that the participant P1 calculates an encrypted public key according to the decrypted private key, performs appointed binding according to the encrypted public key, the public key and the identity ID and sends the bound to the participant P2;
a signing module for executing the participants P2, P3 … Pn according to the private key share d2、d3…dnSequentially carrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, sending the partial signature value capable of verifying the encrypted signature to a participant P1 through Pn, and synthesizing a complete signature value capable of verifying the encrypted signature by the participant P1 according to the signature result, the binding result and the partial signature value;
the verification module is used for executing the step of signature verification of the complete signature value by the participant P1 and executing the step of the recovery module after the signature verification is passed;
and the recovery module is used for executing the step that the participant P1 recovers the signature according to the decryption private key and the complete signature value.
11. A verifiable cryptographic signature generation system, comprising: the initialization module is used for executing the steps that the participant P1 generates a decryption private key, the participant P2 carries out agreed signature key segmentation, the participant P2 agrees a public key and generates a certificate according to the public key; wherein participant P1 holds private key share dAParticipant P2 holds private key share dBThe private key index d ═ dA+dB
The registration module is used for executing the steps that the participant P1 calculates an encrypted public key according to the decrypted private key, performs agreed binding according to the encrypted public key, the public key and the identity of the participant P2 and sends the bound key to the participant P2;
a signing module for executing a participant P2 according to private key share dBCarrying out partial signature on the document to be signed, generating a partial signature value capable of verifying the encrypted signature according to the signature result and the binding result, and sending the partial signature value to the participant P1; participant P1 based on private key share dAA step of partially signing the document to be signed, and synthesizing a complete signature value capable of verifying the encrypted signature according to the signature result, the binding result and the partial signature value;
the verification module is used for executing the step of signature verification of the complete signature value by the participant P1 and executing the step of the recovery module after the signature verification is passed;
and the recovery module is used for executing the step that the participant P1 recovers the signature according to the decryption private key and the complete signature value.
CN201810538636.XA 2018-05-30 2018-05-30 Verifiable cryptographic signature generation method and system Active CN108768634B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810538636.XA CN108768634B (en) 2018-05-30 2018-05-30 Verifiable cryptographic signature generation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810538636.XA CN108768634B (en) 2018-05-30 2018-05-30 Verifiable cryptographic signature generation method and system

Publications (2)

Publication Number Publication Date
CN108768634A CN108768634A (en) 2018-11-06
CN108768634B true CN108768634B (en) 2021-03-23

Family

ID=64004022

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810538636.XA Active CN108768634B (en) 2018-05-30 2018-05-30 Verifiable cryptographic signature generation method and system

Country Status (1)

Country Link
CN (1) CN108768634B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110737907B (en) * 2019-09-26 2021-06-22 如般量子科技有限公司 Anti-quantum computing cloud storage method and system based on alliance chain
CN112906041A (en) * 2021-03-31 2021-06-04 上海简苏网络科技有限公司 Dynamic multi-party signature encryption and decryption method and system
CN113987594A (en) * 2021-10-26 2022-01-28 深圳前海微众银行股份有限公司 Block chain signature management method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506156B (en) * 2016-12-15 2018-08-03 北京三未信安科技发展有限公司 A kind of distributed Threshold Signature method based on elliptic curve
CN107017993B (en) * 2017-04-01 2020-05-05 北京江南天安科技有限公司 Multi-party combined key generation and digital signature method and system

Also Published As

Publication number Publication date
CN108768634A (en) 2018-11-06

Similar Documents

Publication Publication Date Title
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN110011802B (en) Efficient method and system for cooperatively generating digital signature by two parties of SM9
CN109309569B (en) SM2 algorithm-based collaborative signature method and device and storage medium
CN107707358B (en) EC-KCDSA digital signature generation method and system
CN108667625B (en) Digital signature method of cooperative SM2
CN107248909B (en) Certificateless secure signature method based on SM2 algorithm
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN111130804B (en) SM2 algorithm-based collaborative signature method, device, system and medium
CN107968710B (en) SM9 digital signature separation interaction generation method and system
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
US20150288527A1 (en) Verifiable Implicit Certificates
CN110601859B (en) Certificateless public key cryptographic signature method based on 25519 elliptic curve
CN106936584B (en) Method for constructing certificateless public key cryptosystem
CN108768634B (en) Verifiable cryptographic signature generation method and system
CN106789087B (en) Method and system for determining data digest of message and multi-party-based digital signature
CN113765662B (en) Signature and decryption method and system based on SM2 algorithm
CN111582867A (en) Collaborative signature and decryption method and device, electronic equipment and storage medium
CN108964906B (en) Digital signature method for cooperation with ECC
CN110943845A (en) Method and medium for cooperatively generating SM9 signature by two light-weight parties
CN108055134B (en) Collaborative computing method and system for elliptic curve point multiplication and pairing operation
WO2022116175A1 (en) Method and apparatus for generating digital signature and server
CN111565108B (en) Signature processing method, device and system
Kwak et al. Efficient distributed signcryption scheme as group signcryption
CN116346336B (en) Key distribution method based on multi-layer key generation center and related system
CN114285576B (en) Non-opposite online and offline signcryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant