CN109614802A - The signature method and sealing system of anti-quantum calculation - Google Patents

The signature method and sealing system of anti-quantum calculation Download PDF

Info

Publication number
CN109614802A
CN109614802A CN201811286452.5A CN201811286452A CN109614802A CN 109614802 A CN109614802 A CN 109614802A CN 201811286452 A CN201811286452 A CN 201811286452A CN 109614802 A CN109614802 A CN 109614802A
Authority
CN
China
Prior art keywords
signature
seal
key
public
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811286452.5A
Other languages
Chinese (zh)
Other versions
CN109614802B (en
Inventor
富尧
钟民
钟一民
汪仲祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201811286452.5A priority Critical patent/CN109614802B/en
Publication of CN109614802A publication Critical patent/CN109614802A/en
Application granted granted Critical
Publication of CN109614802B publication Critical patent/CN109614802B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention discloses the signature method and sealing system of a kind of anti-quantum calculation, and signature method includes: to issue key card in advance to seal server and each client respectively, is wherein stored with seal picture in the key card of client;It is stored with E-seal and public keys pond in seal server key card, and is each equipped with randomizer in each key card;The client of stamped signature side carries out pre- stamped signature to file using the seal picture in key card, and the file after pre- stamped signature is sent to the request of seal server and carries out stamped signature;Seal server carries out stamped signature to file in response to the request of client and generates the file with Electronic Signature;After the acquisition of chapter side is tested with the file of Electronic Signature, it is transmitted to the request of seal server and carries out testing chapter;Seal public key is calculated in the anti-quantum calculation public key of seal server by utilizing and public keys pond, and carries out testing chapter to seal signature using seal public key, then send verification result to chapter side is tested.

Description

The signature method and sealing system of anti-quantum calculation
Technical field
The present invention relates to secure communications, especially a kind of E-seal side that anti-quantum calculation is realized using key card Method.
Background technique
E-seal, also referred to as digital sealing are a kind of visual forms of expression of digital signature, can also be interpreted as The electronization of traditional seal and handwritten signature, it be functionally similar to using on paper document traditional seal or hand-written label Name.The object for needing to cover E-seal is electronic document, these electronic documents will also transmit in a network environment, this makes electricity Sub- seal application system becomes relative complex.Therefore, E-seal is not equivalent to simple E-seal picture, it must have Three kinds of fundamental characteristics such as standby ease for use, safety, scalability.
Electronic seal system is mainly used for ensureing under open network environment, and the official document to circulate in system really has Effect is not tampered.System is using cryptography as theoretical basis, to rely on, in conjunction with digital watermark technology, database technology, component skill Art etc. realizes the effect of affixing one's seal of electronic document, the functions such as confirmation of secretarial document, print control, permission control, certificate management.Meanwhile electricity Sub- seal system solves the greatest problem that traditional seal instantly is encountered, and is exactly traditional seal technology and modern paperless office Between contradiction.In the environment of an information automation, all official documents exist all in the form of digital document, traditional lid The validation testing of chapter or signature will be unable to continue to use in such a case.In addition, today so flourishing in network technology, very Multifile must but lean on the mode of mailing to transmit, this can also be seriously affected for a cross-region, multidisciplinary work Its efficiency and cost.
Currently, demand of the user to E-seal and its Related product is also more more and more urgent, many government bodies and enterprise It clearly proposes to want to using E-seal, to promote office electronization, improves the safety of existing system, increase Efficiency.Government and expert also quite pay attention to electronic signature, E-seal technology, reliable electronic signature and handwritten signature or It affixes one's seal with same legal effect.And point out, safe electronic seal is a revolution in China's seal history.Chinese safety electricity Sub- control of stamping application system advanced digital authentication technology will be applied in seal security administration in the world, strengthen to electronic seal The production of chapter and the management of application links, it is ensured that E-seal holder's identity is true and reliable.It is believed that the foreseeable future is electric Sub- seal is bound to be widely applied in many fields such as office automation, IT application in enterprises, e-commerce and e-government.
Quantum computer has great potential in password cracking.Asymmetric (public key) Encryption Algorithm of current mainstream, such as RSA cryptographic algorithms, the calculating of most of factorization or the discrete logarithm in finite field for being all based on big integer the two Difficult math question.Their difficulty that cracks also is dependent on the efficiency solved these problems.On traditional computer, it is desirable that solve the two Difficult math question, cost time are exponential time (cracking the time as the growth of public key length is increased with exponential), this is in reality It is unacceptable in the application of border.It and is that your the elegant algorithm that quantum computer is made to measure (can be broken in polynomial time The solution time is increased with the growth of public key length with the speed of k power, and wherein k is the constant unrelated with public key length) carry out it is whole Number factorization or discrete logarithm calculate, to provide possibility for RSA, cracking for discrete logarithm Encryption Algorithm.
Problem of the existing technology:
1. in the prior art, corresponding private key is obtained quickly through public key due to quantum calculation function, based on public and private The digital signature method of key is cracked by quantum computer, causes the E-seal based on digital signature technology also by quantum computer It cracks.
2. the outputting and inputting for digital signature in the prior art, based on public and private key can be known to other party, in quantum meter In the presence of calculation machine, it may be derived private key, E-seal is caused to be cracked by quantum computer.
Summary of the invention
In order to further increase the safety of stamped signature, the present invention provides a kind of method for carrying out stamped signature using E-seal.
A kind of signature method of anti-quantum calculation, comprising:
Key card is issued in advance to seal server and each client respectively, is wherein stored with print in the key card of client Chapter picture;It is stored with E-seal and public keys pond in seal server key card, and is each equipped in each key card random Number generator;
The client of stamped signature side carries out pre- stamped signature to file using the seal picture in key card, and by the text after pre- stamped signature Part is sent to the request of seal server and carries out stamped signature;
Seal server carries out stamped signature to file in response to the request of client and generates the file with Electronic Signature;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and utilize seal public key knot Close the anti-quantum calculation public key that public keys pond generates;
After the acquisition of chapter side is tested with the file of Electronic Signature, it is transmitted to the request of seal server and carries out testing chapter;
Seal public key is calculated in the anti-quantum calculation public key of seal server by utilizing and public keys pond, and public using seal Key carries out seal signature to test chapter, then sends verification result to chapter side is tested.
Several optional ways also provided below, but be not intended as the additional qualification to above-mentioned overall plan, only into The supplement of one step is preferred, and under the premise of no technology or logical contradiction, each optional way can be individually for above-mentioned totality side Case is combined, and be can also be and is combined between multiple optional ways.
Optionally, the generating mode of the anti-quantum calculation public key includes:
Randomizer in seal server key card generates public-key cryptographic keys random number rk;
Public-key cryptographic keys seed pointer function frkp acts on public-key cryptographic keys random number rk, generates public-key cryptographic keys seed pointer rkp;
It allows pointer rkp to be directed toward the group key pond inside corresponding key card, obtains public-key cryptographic keys seed krk;
Public-key cryptographic keys seed krk is acted on public-key cryptographic keys function fkk, obtains public-key cryptographic keys kk;
Enciphered signet public key is gone to obtain encrypted seal public key kkk with public-key cryptographic keys kk;
Combination { rk, kkk } public-key cryptographic keys random number rk and encrypted seal public key kkk is public as anti-quantum calculation Key discloses.
Optionally, the client progress pre- stamped signature of stamped signature side includes:
It is signed to obtain authentication signature using file of the private key to insertion seal picture;
Certification random number is generated with the randomizer in matched key card, is authenticated using the certification random number encryption Signature generates authentication signature ciphertext;
Encryption is carried out to the random number using private key and generates authentication key ciphertext;
Authentication key ciphertext and authentication signature ciphertext collectively form authentication document signature;
Client id, file and authentication document signature are sent to the request of seal server and carry out stamped signature;The seal Server carries out signature verification to the authentication document signature received, carries out stamped signature again after.
Optionally, the generating mode of the seal signature includes:
Seal server is signed to obtain with the relevant portion including at least seal public key of the private key to E-seal One signature;
Seal server generates the first random number, and carries out encryption to the first signature using first random number and form first Signature ciphertext;
Seal server carries out encryption to the first random number with private key and generates first key ciphertext;
First key ciphertext and the first signature ciphertext collectively form seal signature.
Optionally, the public key of seal server is also stored in key card, the verification mode of the seal signature includes:
The client of Zhang Fang is tested to be printed by matched key card and anti-quantum calculation public key using in the way of corresponding Chapter public key;
The first key cipher text part in seal signature is decrypted with seal server public key, it is random to obtain first Number, then the first signature ciphertext is decrypted to obtain the first signature with the first random number;
It is signed with seal server public key decryption first, and first signature is verified.
Optionally, further include stamped signature signature in the Electronic Signature, further include the verifying to stamped signature signature when testing chapter;It is described Stamped signature signature generating mode include:
Seal server signs the relevant portion in Electronic Signature with private key to obtain the second signature;
The randomizer of the key card of seal server generates the second random number, and is signed with the second random number to second Name carries out encryption and forms the second signature ciphertext;
Seal server carries out encryption to the second random number with private key and generates the second key ciphertext;
Second key ciphertext and the second signature ciphertext collectively form stamped signature signature.
Optionally, the verification mode of the stamped signature signature includes:
The client for testing Zhang Fang solves the second key cipher text part in stamped signature signature with the public key of seal server It is close, obtain the second random number;
Be decrypted to obtain the second signature to the second signature ciphertext in stamped signature signature with the second random number, and to this second Signature is verified.
Optionally, further include file signature in the Electronic Signature, further include the verifying to file signature when testing chapter;It is described The generating mode of file signature includes:
Seal server signs file with private key to obtain third signature;
The third random number carries out encryption to third signature and forms third signature ciphertext;
Seal server carries out encryption to third random number with private key and generates third key ciphertext;
Third key ciphertext and third signature ciphertext collectively form file signature;
Optionally, the verification mode of the file signature includes:
The client for testing Zhang Fang solves the third key cipher text part in file signature with the public key of seal server It is close, obtain third random number;
The third signature ciphertext in file signature is decrypted to obtain third signature with third random number, and to the third Signature is verified.
The present invention also provides a kind of sealing system of anti-quantum calculation, including seal server and respectively as stamped signature side With the client for testing Zhang Fang, comprising:
Key card is issued in advance to seal server and each client respectively, is wherein stored with print in the key card of client Chapter picture;It is stored with E-seal and public keys pond in seal server key card, and is each equipped in each key card random Number generator;
The client of stamped signature side carries out pre- stamped signature to file using the seal picture in key card, and by the text after pre- stamped signature Part is sent to the request of seal server and carries out stamped signature;
Seal server carries out stamped signature to file in response to the request of client and generates the file with Electronic Signature;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and is and public using seal The anti-quantum calculation public key that key combination public keys pond generates;
After the acquisition of chapter side is tested with the file of Electronic Signature, it is transmitted to the request of seal server and carries out testing chapter;
Seal public key is calculated in the public keys pond of the anti-quantum calculation public key of seal server by utilizing, and public using seal Key carries out seal signature to test chapter, then sends verification result to chapter side is tested.
In the present invention, key card storage of public keys, private key and E-seal picture are used;And the public key externally issued passes through Symmetric encipherment algorithm is encrypted.Key card is independent hardware isolated equipment, steals key by Malware or malicious operation Or a possibility that E-seal picture, substantially reduces.Since quantum computer is unable to get plaintext public key, then also it is unable to get Corresponding private key, therefore the E-seal of the program is not easy to be cracked by quantum computer.
In the present invention, the digital signature based on public and private key is further encrypted by random number key, and random number key is private Key encryption, forms the digital signature of encryption.Even if in the presence of quantum computer, it is also difficult to be derived private key.Cause The E-seal of this program is not easy to be cracked by quantum computer.
Detailed description of the invention
Fig. 1 is difference key card relational graph used in the present invention;
Fig. 2 is server key card internal structure chart used in the present invention;
Fig. 3 is client key card internal structure chart used in the present invention;
Fig. 4 is the relational graph of the E-seal and Electronic Signature in the present invention;
Fig. 5 is the open partial internal structure figure of the E-seal in the present invention;
Fig. 6 is the Electronic Signature internal structure chart in the present invention;
Fig. 7 is the method figure that the public key encryption in the present invention is anti-quantum calculation public key;
Fig. 8 is the flow chart that signer generates digital signature;
Fig. 9 is the flow chart that authentication verifies digital signature;
Figure 10 is the flow chart of stamped signature in the present invention;
Figure 11 is the flow chart that chapter is tested in the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
In order to better describe and illustrate embodiments herein, one or more attached drawing can refer to, but attached for describing The additional detail or example of figure are not construed as to present invention creation, current described embodiment or preferred side The limitation of the range of any one in formula.
Referring to Fig. 1~Figure 10, anti-Quantum Electronics seal method process of the present embodiment based on pool of symmetric keys is as follows.
1. seal server issues key card:
In 1.1 present invention, seal server is responsible for issuing server key card and client key card, and possesses and belong to The public and private key of oneself.
Seal server also handles the request from client, carries out stamped signature to the file that client is sent.
E-seal client can be mobile terminal or fixed terminal in the present invention, and terminal is equipped with key card.
Belong to the matched key card of each client institute and the server end key card side of issuing of a client group It is seal server, which typically belongs to the administrative department of certain enterprise or public institution.
The member that the client key card side of being awarded is managed by the supervisor side of key card, generally certain enterprise or cause list The employees at different levels of position carry out stamped signature using E-seal client or test the preparation of chapter, client according to role again Stamped signature side can be divided into and test Zhang Fang.
Supervisor side's application that client arrives key card first is opened an account.After client, which carries out registration, logs in granted, it will obtain Key card (has unique ID).
Randomizer is configured in each key card.
Key card is the independent hardware isolated equipment of similar USBkey, SDKey, host key board, and inside is divided into more A region.
Client key card stores the public key and private key, the public key of seal server, seal picture of client;
Server key card stores seal server public key and private key, the open part of E-seal, E-seal Private Parts and public keys pond,
Since server key card is stored with E-seal corresponding with multiple client difference, electronics also can be considered Seal pond.
Also identical function or algorithm etc. are stored in each key card, for carrying out corresponding operation.
Because of the hardware isolated attribute of key card, the key being stored therein or E-seal picture are by Malware or malice A possibility that operation is stolen substantially reduces.
E-seal is the data structure comprising digital signature, it simulates tradition seal in kind using computer technology, The electronic document of capping has appearance identical with the paper document that seal in kind covers, identical validity and similar use Mode.E-seal includes open part and Private Parts, is respectively stored in the different zones of key card.
The Private Parts of E-seal is exactly the private key of E-seal, this part is part that cannot be known.
The open part of E-seal includes seal essential information, seal picture, seal public key and seal signature.
Seal essential information be by E-seal label originator, E-seal user, E-seal uniquity (be equivalent to ID this Kind of identifier), E-seal signs and issues the time, E-seal title, signature algorithm, E-seal effective date, E-seal lose Imitate the composition such as date and extension.
Wherein, the generating mode of seal signature includes:
Seal server with private key (corresponding to seal server public key) to seal essential information, seal picture hash value and Seal public key is signed to obtain the first signature;
Seal server generates the first random number, and carries out encryption to the first signature using first random number and form first Signature ciphertext;
Seal server carries out encryption to the first random number with private key and generates first key ciphertext;
First key ciphertext and the first signature ciphertext collectively form seal signature.
Seal signature and the subsequent stamped signature signature referred to herein, file signature etc. can be considered digital signature, just raw Itself at digital signature, existing principle can be used to implement, signature operation (such as when generating the first signature) and verifying (example When such as verifying the first signature) process it is as follows:
Referring to Fig. 8, the original text that signer will sign makees one-way hash function operation and obtains eap-message digest, uses private key Algorithm for encryption is carried out to eap-message digest, obtained signature and original text are sent jointly into authentication.
Referring to Fig. 9, authentication will obtain original text and signature and separate, and equally carry out one-way hash function operation to original text and obtain New eap-message digest;Algorithm decryption is carried out to digital signature with corresponding public key, obtain original eap-message digest and is disappeared with new Breath abstract is compared, and illustrates that the sender of original text is reliable if completely the same, and the process original text transmitted does not have It is tampered.
1.2 users register it is granted after, obtain the key card that seal server is issued, for stamped signature or test Chapter.
2. client carry out stamped signature before preparation and send a request to seal server.
2.1 clients (signature client) access key card due to that can carry out safe number between key card and client According to interaction, therefore the specific steps being related to can both carry out in key card, can also carry out in client, subsequent stamped signature With test Zhang Tongli.
Stamped signature side is inserted into seal picture and is signed on needing the file for carrying out stamped signature using the matched key card of institute It is sent to the request of seal server after (i.e. pre- stamped signature) and carries out stamped signature.
Seal picture is inserted on needing the file for carrying out stamped signature and the mode signed includes:
It is signed to obtain authentication signature using file of the private key to insertion seal picture in stamped signature side;
Randomizer of the stamped signature side in matched key card generates certification random number, is added using the certification random number Close authentication signature generates authentication signature ciphertext;
Stamped signature side carries out encryption to the random number using private key and generates authentication key ciphertext;
Authentication key ciphertext and authentication signature ciphertext collectively form authentication document signature;
Client id (ID of signature client), file and authentication document signature are sent to seal clothes by 2.2 stamped signature sides Business device request carries out stamped signature.
3. seal server carries out stamped signature to file.
3.1 seal servers carry out signature verification to the authentication document signature received first.
3.1.1 first the authentication key cipher text part in authentication document signature is decrypted with the corresponding public key in stamped signature side, Certification random number is obtained, then authentication signature ciphertext is decrypted to obtain original authentication signature with certification random number;
Then original hashed value is obtained with the corresponding public key decryptions in the stamped signature side authentication signature again.
3.1.2 file is carried out with identical hash function that result is calculated.
3.1.3 by result obtained in 3.1.2 with being compared with the original hashed value calculated in 3.1.1, if Identical, supporting paper is derived from correct client, and is not tampered with, it can implements further stamped signature.
3.2 seal servers carry out stamped signature to file.
Key card is inserted into mobile terminal or fixed terminal interface by server end, using with the E-seal in key card Picture insertion place carries out stamped signature hereof to the file for needing to carry out stamped signature for open part and hidden parts.
Electronic Signature is a kind of electronic signature form of expression realized using E-seal, will be electric using image processing techniques Sub- signature operation is converted into visual effect identical with paper document signature, stamping, while being protected using electronic signature technology Hinder the authenticity and integrity of electronic information and the non-repudiation of signer.
Electronic Signature includes seal essential information, seal picture hash value, anti-quantum calculation public key, seal signature, file Signature, stamped signature facility information, stamped signature timestamp and stamped signature signature etc..
Wherein stamped signature facility information is the information for recording stamped signature Current hardware equipment, such as host model, the address ip, mac Address etc..Electronic Signature can be written into document, can also form independent stamped signature file, and default is for the former under normal circumstances.
Relative to the open part (seal essential information, seal picture, seal public key and seal signature) of E-seal, electricity Main change in sub- stamped signature are as follows:
Seal picture is converted to seal picture hash value;
Seal public key is converted to anti-quantum calculation public key;
Generate file signature, stamped signature facility information, stamped signature timestamp and stamped signature signature;
It is described further below for anti-quantum calculation public key, file signature and stamped signature signature.
Wherein E-seal, Electronic Signature and file can verify whether to be tampered, separately have in subsequent steps by One explanation.
In order to improve safety, when obtaining Electronic Signature to file progress stamped signature using E-seal, seal public key is all It is underground, i.e., it does not directly display in Electronic Signature,
But disclosed in a manner of anti-quantum calculation public key, the generating mode of anti-quantum calculation public key includes:
Randomizer in key card generates public-key cryptographic keys random number rk, and (each random number mentioned in the present invention is all It is preferred that quantum random number);
Public-key cryptographic keys seed pointer function frkp acts on public-key cryptographic keys random number rk, generates public-key cryptographic keys seed pointer rkp;
It allows pointer rkp to be directed toward the group key pond inside corresponding key card, obtains public-key cryptographic keys seed krk;
Public-key cryptographic keys seed krk is acted on public-key cryptographic keys function fkk, obtains public-key cryptographic keys kk;
Enciphered signet public key is gone to obtain encrypted seal public key kkk with public-key cryptographic keys kk;
Combination { rk, kkk } public-key cryptographic keys random number rk and encrypted seal public key kkk is public as anti-quantum calculation Key discloses.
Anti- quantum calculation public key can be regularly replaced, for the same seal public key, as long as changing a new public-key cryptographic keys Random number rk ', so that it may calculate new encrypted seal public key kkk ', obtain one group of new anti-quantum calculation public key Rk ', kkk ' }.
Because public keys pond is in key card, it is desirable to obtain really original seal public key, the handle only in key card Anti- quantum calculation public key and public keys pond combine operation just available original seal public key, so seal public key quilt Leakage a possibility that being cracked, substantially reduces, largely improve safety.
The generation method of stamped signature signature includes: in Electronic Signature
Seal server private key is to seal essential information, seal picture hash value, the seal public key of encryption, seal label Name, file signature, stamped signature facility information, stamped signature timestamp are signed to obtain the second signature;
The key card of seal server matches generates the second random number, and is carried out using second random number to the second signature Encryption forms the second signature ciphertext;
Seal server carries out encryption to the second random number with private key and generates the second key ciphertext;
Second key ciphertext and the second signature ciphertext collectively form stamped signature signature.
The generation method of file signature includes: in Electronic Signature
Seal server signs file with private key to obtain third signature;
The key cards of seal server matches generates third random number, and using the third random number to third sign into Row encryption forms third signature ciphertext;
Seal server carries out encryption to third random number with private key and generates third key ciphertext;
Third key ciphertext and third signature ciphertext collectively form file signature.
Other parts information can refer to the prior art and generate or directly obtain from E-seal in Electronic Signature.
File after stamped signature is sent to stamped signature side or directly issued by 3.3 seal servers tests Zhang Fang, i.e. stamped signature process is complete At.
4. after stamped signature, seal server stamped signature can be verified by testing the request of chapter side.
4.1 test that chapter client will test chapter client id and stamped signature file sends jointly to seal server.
Electronic Signature after 4.2 seal server by utilizing stamped signatures in file verifies E-seal source.
4.2.1 seal server takes out seal essential information, seal picture hash value, anti-quantum calculation in Electronic Signature Public key, seal signature.
Client
4.2.2 decryption obtains seal public key.
It is close that public key first is calculated with the public-key cryptographic keys random number rk combination group key pond in anti-quantum calculation public key Then key kk is combined with public-key cryptographic keys kk and encrypted seal public key kkk and is calculated original seal public key.
4.2.3 first with seal server public key to taken out in 4.2.1 seal signature in first key cipher text part into Row decryption obtains the first random number, then is decrypted to obtain the first signature to the first signature ciphertext with the first random number;
Then again with the first signature of seal server public key decryption, obtaining the first original hashed value (can be considered that message is plucked It wants).
4.2.4 with identical hash function when signing with generation first to the seal essential information taken out in step 4.2.1, The original seal public key being calculated in seal picture hash value and step 4.2.2 is calculated, and the second hash is obtained Value (can be considered eap-message digest).
4.2.5 the first hashed value and the second hashed value are compared, if the same illustrate that E-seal is derived from Seal server, and be not tampered with.
4.3. seal server verifies the Electronic Signature in file after stamped signature.
4.3.1 seal server takes out seal essential information, seal picture hash, the anti-quantum calculation public affairs of Electronic Signature Key, seal signature, file signature, stamped signature facility information, stamped signature timestamp and stamped signature signature.
4.3.2 first with the public key of stamped signature side to the second key cipher text part in the stamped signature signature taken out in step 4.3.1 It is decrypted, obtains the second random number;
Again the second signature ciphertext in stamped signature signature is decrypted to obtain the second signature with the second random number, then be used again The public key decryptions second of stamped signature person are signed, and original hashed value is obtained.
4.3.3 with identical hash function when signing with generation second to the seal essential information taken out in step 4.3.1, Seal picture hash, anti-quantum calculation public key, seal signature, file signature, stamped signature facility information, stamped signature timestamp are calculated Obtain result.
4.3.4 by result obtained in step 4.3.3 with comparing with the original hashed value calculated in step 4.3.2 Compared with if the same illustrating the Electronic Signature person that is derived from stamped signature, and be not tampered with.
Electronic Signature after 4.4 seal server by utilizing stamped signatures in file verifies file, and verifying Electronic Signature Method similarly.
4.4.1 seal server extraction document in file after stamped signature.
4.4.2 first with the public key of stamped signature side to the third key cipher text part in the file signature taken out in step 4.4.1 It is decrypted, obtains third random number;
Again the third signature ciphertext in file signature is decrypted to obtain third signature with third random number, then be used again The public key decryptions third of stamped signature person is signed, and original hashed value is obtained.
4.4.3 the file taken out in step 4.4.1 is calculated with hash function identical when generating third signature Obtain result.
4.4.4 by result obtained in step 4.4.3 with comparing with the original hashed value calculated in step 4.4.2 Compared with if the same supporting paper is derived from stamped signature person, and and is not tampered with.
4.5 seal servers, which are sent to verification result, tests Zhang Fang, tests chapter side's verification result.
4.5.1 seal server signs to verification result using the private key of oneself, then with the public key pair for testing Zhang Fang The signature of verification result and verification result is encrypted, and encrypted ciphertext is sent to and tests Zhang Fang.
4.5.2 it tests after Zhang Fang receives ciphertext, decrypts ciphertext with the private key of oneself, be verified result and verification result Signature.
Test Zhang Fangzai seal server public key verifications signature correctness, be verified, illustrate ciphertext actually from It seal server and is not tampered with, that is, verification result is believable.
Disclosed above is only the embodiment of the present invention, but the present invention is not limited to this, those skilled in the art Various changes and modifications can be made to the invention without departing from the spirit and scope of the present invention.These obvious modification and variations are equal Should belong to the present invention claims protection scope protection in.In addition, although being used some specific terms in this specification, this A little terms merely for convenience of description, are not constituted the present invention any specifically limited.

Claims (10)

1. a kind of signature method of anti-quantum calculation characterized by comprising
Key card is issued in advance to seal server and each client respectively, is wherein stored with seal figure in the key card of client Piece;It is stored with E-seal and public keys pond in seal server key card, and is each equipped with random number hair in each key card Raw device;
The client of stamped signature side carries out pre- stamped signature to file using the seal picture in key card, and the file after pre- stamped signature is sent out It send to seal server and requests to carry out stamped signature;
Seal server carries out stamped signature to file in response to the request of client and generates the file with Electronic Signature;
It includes at least in the Electronic Signature and is signed by the seal that the participation of seal public key generates, and combine public affairs using seal public key The anti-quantum calculation public key that pool of keys generates altogether;
After the acquisition of chapter side is tested with the file of Electronic Signature, it is transmitted to the request of seal server and carries out testing chapter;
Seal public key is calculated in the anti-quantum calculation public key of seal server by utilizing and public keys pond, and utilizes seal public key pair Seal signature carries out testing chapter, then sends verification result to chapter side is tested.
2. the signature method of anti-quantum calculation as described in claim 1, which is characterized in that the life of the anti-quantum calculation public key Include: at mode
Randomizer in seal server key card generates public-key cryptographic keys random number rk;
Public-key cryptographic keys seed pointer function frkp acts on public-key cryptographic keys random number rk, generates public-key cryptographic keys seed pointer rkp;
It allows pointer rkp to be directed toward the group key pond inside corresponding key card, obtains public-key cryptographic keys seed krk;
Public-key cryptographic keys seed krk is acted on public-key cryptographic keys function fkk, obtains public-key cryptographic keys kk;
Enciphered signet public key is gone to obtain encrypted seal public key kkk with public-key cryptographic keys kk;
Combination { rk, kkk } public-key cryptographic keys random number rk and encrypted seal public key kkk is public as anti-quantum calculation public key It opens.
3. the signature method of anti-quantum calculation as claimed in claim 2, which is characterized in that described in the client of stamped signature side carries out Pre- stamped signature includes:
It is signed to obtain authentication signature using file of the private key to insertion seal picture;
Certification random number is generated with the randomizer in matched key card, utilizes the certification random number encryption authentication signature Generate authentication signature ciphertext;
Encryption is carried out to the random number using private key and generates authentication key ciphertext;
Authentication key ciphertext and authentication signature ciphertext collectively form authentication document signature;
Client id, file and authentication document signature are sent to the request of seal server and carry out stamped signature;The seal service Device carries out signature verification to the authentication document signature received, carries out stamped signature again after.
4. the signature method of anti-quantum calculation as claimed in claim 3, which is characterized in that the generating mode of the seal signature Include:
Seal server is signed to obtain the first label with the relevant portion including at least seal public key of the private key to E-seal Name;
Seal server generates the first random number, and carries out encryption to the first signature using first random number and form the first signature Ciphertext;
Seal server carries out encryption to the first random number with private key and generates first key ciphertext;
First key ciphertext and the first signature ciphertext collectively form seal signature.
5. the signature method of anti-quantum calculation as claimed in claim 4, which is characterized in that be also stored with seal clothes in key card The public key of business device, the verification mode that the seal is signed include:
It tests the client of Zhang Fang and obtains seal public affairs using in the way of corresponding by matched key card and anti-quantum calculation public key Key;
The first key cipher text part in seal signature is decrypted with seal server public key, obtains the first random number, then The first signature ciphertext is decrypted to obtain the first signature with the first random number;
It is signed with seal server public key decryption first, and first signature is verified.
6. the signature method of anti-quantum calculation as claimed in claim 5, which is characterized in that further include label in the Electronic Signature Chapter signature further includes the verifying to stamped signature signature when testing chapter;The generating mode of stamped signature signature includes:
Seal server signs the relevant portion in Electronic Signature with private key to obtain the second signature;
The randomizer of the key card of seal server generates the second random number, and with the second random number to second sign into Row encryption forms the second signature ciphertext;
Seal server carries out encryption to the second random number with private key and generates the second key ciphertext;
Second key ciphertext and the second signature ciphertext collectively form stamped signature signature.
7. the signature method of anti-quantum calculation as claimed in claim 6, which is characterized in that the verification mode of the stamped signature signature Include:
The client for testing Zhang Fang is decrypted the second key cipher text part in stamped signature signature with the public key of seal server, obtains To the second random number;
The second signature ciphertext in stamped signature signature is decrypted with the second random number to obtain the second signature, and to second signature It is verified.
8. the signature method of anti-quantum calculation as claimed in claim 7, which is characterized in that further include text in the Electronic Signature Part signature, further includes the verifying to file signature when testing chapter;The generating mode of the file signature includes:
Seal server signs file with private key to obtain third signature;
The third random number carries out encryption to third signature and forms third signature ciphertext;
Seal server carries out encryption to third random number with private key and generates third key ciphertext;
Third key ciphertext and third signature ciphertext collectively form file signature.
9. the signature method of anti-quantum calculation as claimed in claim 8, which is characterized in that the verification mode of the file signature Include:
The client for testing Zhang Fang is decrypted the third key cipher text part in file signature with the public key of seal server, obtains To third random number;
The third signature ciphertext in file signature is decrypted to obtain third signature with third random number, and is signed to the third It is verified.
10. a kind of sealing system of anti-quantum calculation, including seal server and respectively as stamped signature side and the visitor for testing Zhang Fang Family end characterized by comprising
Key card is issued in advance to seal server and each client respectively, is wherein stored with seal figure in the key card of client Piece;It is stored with E-seal and public keys pond in seal server key card, and is each equipped with random number hair in each key card Raw device;
The client of stamped signature side carries out pre- stamped signature to file using the seal picture in key card, and the file after pre- stamped signature is sent out It send to seal server and requests to carry out stamped signature;
Seal server carries out stamped signature to file in response to the request of client and generates the file with Electronic Signature;
In the Electronic Signature include at least by seal public key participate in generate seal sign, and and utilize seal public key knot Close the anti-quantum calculation public key that public keys pond generates;
After the acquisition of chapter side is tested with the file of Electronic Signature, it is transmitted to the request of seal server and carries out testing chapter;
Seal public key is calculated in the anti-quantum calculation public key of seal server by utilizing and public keys pond, and utilizes seal public key pair Seal signature carries out testing chapter, then sends verification result to chapter side is tested.
CN201811286452.5A 2018-10-31 2018-10-31 Anti-quantum-computation signature method and signature system Active CN109614802B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811286452.5A CN109614802B (en) 2018-10-31 2018-10-31 Anti-quantum-computation signature method and signature system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811286452.5A CN109614802B (en) 2018-10-31 2018-10-31 Anti-quantum-computation signature method and signature system

Publications (2)

Publication Number Publication Date
CN109614802A true CN109614802A (en) 2019-04-12
CN109614802B CN109614802B (en) 2020-11-27

Family

ID=66002882

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811286452.5A Active CN109614802B (en) 2018-10-31 2018-10-31 Anti-quantum-computation signature method and signature system

Country Status (1)

Country Link
CN (1) CN109614802B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110837634A (en) * 2019-10-24 2020-02-25 杭州安存网络科技有限公司 Electronic signature method based on hardware encryption machine
CN110881048A (en) * 2019-12-16 2020-03-13 苏宁云计算有限公司 Safety communication method and device based on identity authentication
CN111030825A (en) * 2019-12-03 2020-04-17 南京如般量子科技有限公司 Anti-quantum computation electronic seal system based on secret shared public key pool and signature and verification method thereof
CN111291392A (en) * 2020-01-22 2020-06-16 京东数字科技控股有限公司 Electronic signature method and device, electronic equipment and storage medium
CN111666593A (en) * 2020-06-23 2020-09-15 中信银行股份有限公司 Electronic signature method and device, electronic equipment and computer readable storage medium
CN112749402A (en) * 2021-01-07 2021-05-04 苍穹数码技术股份有限公司 Electronic data processing method and device, electronic equipment and storage medium
CN114697038A (en) * 2020-12-31 2022-07-01 科大国盾量子技术股份有限公司 Quantum attack resistant electronic signature method and system
CN115189866A (en) * 2022-06-23 2022-10-14 公安部交通管理科学研究所 Electronic seal with centralized seal of multiple networks and key management method
CN117650898A (en) * 2024-01-30 2024-03-05 北京格尔国信科技有限公司 Method and system for combining quantum hybrid certificate and electronic equipment
CN115189866B (en) * 2022-06-23 2024-07-09 公安部交通管理科学研究所 Electronic seal with multiple network centralized seal and key management method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105119941A (en) * 2015-09-16 2015-12-02 浙江神州量子网络科技有限公司 Quantum seal stamping and verifying system, and configuration, stamping process and verifying method thereof
US20160226846A1 (en) * 2015-01-22 2016-08-04 Alibaba Group Holding Limited Method, apparatus, and system for quantum key distribution
CN106022035A (en) * 2016-05-03 2016-10-12 识益生物科技(北京)有限公司 Method and system for electronic signature
US20160308680A1 (en) * 2012-10-15 2016-10-20 Ty Lindteigen Certificate Authority Server Protection
CN106100849A (en) * 2016-06-16 2016-11-09 李论 One is safely and effectively to e-file and paper document stamped signature scheme thereof
CN106452775A (en) * 2015-08-07 2017-02-22 阿里巴巴集团控股有限公司 Method and apparatus for accomplishing electronic signing and signing server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160308680A1 (en) * 2012-10-15 2016-10-20 Ty Lindteigen Certificate Authority Server Protection
US20160226846A1 (en) * 2015-01-22 2016-08-04 Alibaba Group Holding Limited Method, apparatus, and system for quantum key distribution
CN106452775A (en) * 2015-08-07 2017-02-22 阿里巴巴集团控股有限公司 Method and apparatus for accomplishing electronic signing and signing server
CN105119941A (en) * 2015-09-16 2015-12-02 浙江神州量子网络科技有限公司 Quantum seal stamping and verifying system, and configuration, stamping process and verifying method thereof
CN106022035A (en) * 2016-05-03 2016-10-12 识益生物科技(北京)有限公司 Method and system for electronic signature
CN106100849A (en) * 2016-06-16 2016-11-09 李论 One is safely and effectively to e-file and paper document stamped signature scheme thereof

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110837634B (en) * 2019-10-24 2023-10-27 杭州安存网络科技有限公司 Electronic signature method based on hardware encryption machine
CN110837634A (en) * 2019-10-24 2020-02-25 杭州安存网络科技有限公司 Electronic signature method based on hardware encryption machine
CN111030825A (en) * 2019-12-03 2020-04-17 南京如般量子科技有限公司 Anti-quantum computation electronic seal system based on secret shared public key pool and signature and verification method thereof
CN110881048A (en) * 2019-12-16 2020-03-13 苏宁云计算有限公司 Safety communication method and device based on identity authentication
CN111291392B (en) * 2020-01-22 2022-09-06 京东科技控股股份有限公司 Electronic signature method and device, electronic equipment and storage medium
CN111291392A (en) * 2020-01-22 2020-06-16 京东数字科技控股有限公司 Electronic signature method and device, electronic equipment and storage medium
CN111666593B (en) * 2020-06-23 2023-05-16 中信银行股份有限公司 Electronic signature method, electronic signature device, electronic equipment and computer readable storage medium
CN111666593A (en) * 2020-06-23 2020-09-15 中信银行股份有限公司 Electronic signature method and device, electronic equipment and computer readable storage medium
CN114697038A (en) * 2020-12-31 2022-07-01 科大国盾量子技术股份有限公司 Quantum attack resistant electronic signature method and system
CN112749402A (en) * 2021-01-07 2021-05-04 苍穹数码技术股份有限公司 Electronic data processing method and device, electronic equipment and storage medium
CN112749402B (en) * 2021-01-07 2024-04-23 苍穹数码技术股份有限公司 Electronic data processing method and device, electronic equipment and storage medium
CN115189866A (en) * 2022-06-23 2022-10-14 公安部交通管理科学研究所 Electronic seal with centralized seal of multiple networks and key management method
CN115189866B (en) * 2022-06-23 2024-07-09 公安部交通管理科学研究所 Electronic seal with multiple network centralized seal and key management method
CN117650898A (en) * 2024-01-30 2024-03-05 北京格尔国信科技有限公司 Method and system for combining quantum hybrid certificate and electronic equipment

Also Published As

Publication number Publication date
CN109614802B (en) 2020-11-27

Similar Documents

Publication Publication Date Title
CN109614802A (en) The signature method and sealing system of anti-quantum calculation
CN108229188B (en) Method for signing file and verifying file by using identification key
CN109785494B (en) Traceable anonymous electronic voting method based on block chain
CN109600228A (en) The signature method and sealing system of anti-quantum calculation based on public keys pond
CN101674304B (en) Network identity authentication system and method
US8145718B1 (en) Secure messaging system with personalization information
US8108678B1 (en) Identity-based signcryption system
US10559049B2 (en) Digital passport country entry stamp
CN102647461B (en) Communication means based on HTTP, server, terminal
WO2019052286A1 (en) User identity verification method, apparatus and system based on blockchain
CN109560935A (en) The signature method and sealing system of anti-quantum calculation based on public asymmetric key pond
US20050132201A1 (en) Server-based digital signature
CN106341493A (en) Entity rights oriented digitalized electronic contract signing method
CN101183439A (en) Electronic bill processing system and processing method
US7685414B1 (en) Subscription management service for secure messaging system
CN109672530A (en) Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on unsymmetrical key pond
CN109889495B (en) Quantum computation resistant electronic seal method and system based on multiple asymmetric key pools
CN105681470A (en) Communication method, server and terminal based on hypertext transfer protocol
CN106022035A (en) Method and system for electronic signature
CN110189184A (en) A kind of electronic invoice storage method and device
CN109413078A (en) A kind of anonymous authentication scheme based on group ranking under master pattern
CN102546173A (en) Digital signature system and signature method based on certificate
CN109687977A (en) Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys
CN109586918A (en) The signature method and sealing system of anti-quantum calculation based on pool of symmetric keys
Zhang A study on application of digital signature technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant