CN112491560A - SM2 digital signature method and medium supporting batch verification - Google Patents
SM2 digital signature method and medium supporting batch verification Download PDFInfo
- Publication number
- CN112491560A CN112491560A CN202011458227.2A CN202011458227A CN112491560A CN 112491560 A CN112491560 A CN 112491560A CN 202011458227 A CN202011458227 A CN 202011458227A CN 112491560 A CN112491560 A CN 112491560A
- Authority
- CN
- China
- Prior art keywords
- signature
- verification
- user
- signatures
- mod
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Mathematical Physics (AREA)
- Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of information security, and particularly relates to an SM2 digital signature method and medium supporting batch verification. Batch verification is a special digital signature algorithm verification method, allows a verifier to verify a plurality of signatures at one time, can effectively improve the verification efficiency of digital signatures, and has wide application in a plurality of fields such as Internet of vehicles, intelligent medical systems and the like. The SM2 digital signature algorithm is high in safety, small in storage space and high in signature speed, but at present, a SM2 digital signature scheme supporting batch verification does not exist. The verification process of the original SM2 digital signature algorithm requires the recovery of RiIn the invention, R isiAs a part of the signature, the method effectively reduces the calculation amount of batch verification, and has the characteristics of high safety, simple realization and high verification efficiency.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to an SM2 digital signature method and medium supporting batch verification.
Background
The digital signature is one of cryptographic techniques for guaranteeing network security, and can guarantee the integrity, authenticity and non-repudiation of data. To achieve efficient verification of digital signatures, Naccache et al propose the concept of batch verification. Batch verification can verify a plurality of signatures at one time on the premise of ensuring high accuracy, and the verification efficiency is greatly improved. The principle is to find the same item by utilizing the isomorphism of the group, and simplify the operation, thereby reducing the time required by verification. Batch verification has wide application in the fields of car networking, intelligent medical systems and the like due to the safety and high efficiency of batch verification, and becomes a hotspot of current research.
With the continuous development of digital signatures, the national crypto-authority has issued an SM2 elliptic curve digital signature algorithm in 12 th and 17 th 2010, has the advantages of high security, small storage space and high signature speed, is widely used in various fields, and does not have an SM2 digital signature scheme supporting batch verification at present. The SM2 digital signature scheme supporting batch verification is designed, and the completeness, authenticity, non-forgeability and high efficiency of the signature are guaranteed.
Disclosure of Invention
The technical problem of the invention is mainly solved by the following technical scheme:
an SM2 digital signature method supporting batch verification, characterized in that based on the following definition
n: n is a prime number and n>2256;
mod n: performing modulo n operation;
Ai: the signer is the ith user;
v: a verifier;
e, an elliptic curve defined by elements a and b on the finite field;
an additive cyclic group with an order of a prime number q, the elements being points on an elliptic curve;
Qi: the public key of the user i is calculated in a mode of Qi=xi·G;
IDiUser i's distinguishable identification;
h (): the input is a bit string {0,1} of any length*Outputting a fixed-length cipher hash function;
Zithe signature identification of the user i is calculated in a mode of Zi=h(IDi,a,b,xG,yG,xQ,yQ);
The method comprises
step 1.1, AiCalculating ei=h(Zi||Mi);
Step 1.4, AiCalculating si=(1+xi)-1(ki-ri·xi)mod n;
Step 1.5, output signature σi=(Ri,si)
Step 2, verifying the signature, in particular the given message MiThe signature σiPublic key QiThe verifier V verifies whether the signature is valid by performing the following steps:
Step 2.2, V verification equation Ri=si·G+ti·QiIf so, the signature is received, otherwise the signature is rejected.
In the above-mentioned SM2 digital signature method supporting batch verification, a step of batch verification signature is further included, specifically, a given set of messages { M }1,M2,…,Mm}, corresponding digital signature { σ1=(R1,s1),σ2=(R2,s2),…,σm=(Rm,sm) }, the corresponding public key Q1,Q2,…,QmThe verifier V verifies whether the set of signatures is valid by performing the following steps:
Step 3, V verification equationIf so, the set of signatures is received, otherwise the set of signatures is rejected.
A computer storage medium having a computer program stored thereon, the executing of the computer program comprising the steps of:
step 1.1, AiCalculating ei=h(Zi||Mi);
Step 1.4, AiCalculating si=(1+xi)-1(ki-ri·xi)mod n;
Step 1.5, output signature σi=(Ri,si)
Step 2, verifying the signature, in particular the given message MiThe signature σiPublic key QiThe verifier V verifies whether the signature is valid by performing the following steps:
Step 2.2, V verification equation Ri=si·G+ti·QiIf so, receiving the signature, otherwise rejecting the signature;
wherein, n: n is a prime number and n>2256;
mod n: performing modulo n operation;
Ai: the signer is the ith user;
v: a verifier;
e, an elliptic curve defined by elements a and b on the finite field;
an additive cyclic group with an order of a prime number q, the elements being points on an elliptic curve;
Qi: the public key of the user i is calculated in a mode of Qi=xi·G;
IDiUser i's distinguishable identification;
h (): the input is a bit string {0,1} of any length*Outputting a fixed-length cipher hash function;
Zithe signature identification of the user i is calculated in a mode of Zi=h(IDi,a,b,xG,yG,xQ,yQ)。
In a computer storage medium as described above, further comprising a step of batch verification of a signature, in particular given a set of messages { M }1,M2,…,Mm}, corresponding digital signature { σ1=(R1,s1),σ2=(R2,s2),…,σm=(Rm,sm) }, the corresponding public key Q1,Q2,…,QmThe verifier V verifies whether the set of signatures is valid by performing the following steps:
Step 3, V verification equationIf so, the set of signatures is received, otherwise the set of signatures is rejected.
Therefore, the invention has the following advantages: first, the current SM2 digital signature scheme has the advantages of high security, small storage space and fast signature speed, but does not support the SM2 digital signature scheme of batch verification. Second, the verification process of the original SM2 digital signature algorithm requires R recoveryiIn the invention, R isiAs part of the signature, the computation amount of batch verification is effectively reduced. Finally, the security of batch verification in the invention can be realized under a random prediction model.
Drawings
FIG. 1 is a method schematic of the present invention.
Detailed Description
The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.
Example (b):
first, the symbols and definitions related to the present invention are introduced.
n: n is a prime number and n>2256。
mod n: modulo n arithmetic.
Ai: and the signer is the ith user.
V: and (4) a verifier.
e, an elliptic curve defined by the elements a and b on the finite field.
The order is the group of addition cycles of prime q, the elements being points on the elliptic curve.
Qi: the public key of the user i is calculated in a mode of Qi=xi·G。
IDiA discernible identification of user i.
h (): the input is a bit string {0,1} of any length*And the output is a cipher hash function with fixed length.
ZiThe signature identification of the user i is calculated in a mode of Zi=h(IDi,a,b,xG,yG,xQ,yQ)。
The specific description given below comprises three algorithm steps: a signature generation algorithm step, a signature verification algorithm step and a signature batch verification algorithm step.
1. And (4) signature generation algorithm.
Given message MiPrivate key xiPublic key Qi=xiG, signer AiPerforming the following steps to generate a digital signature:
(1)Aicalculating ei=h(Zi||Mi);
(4)AiCalculating si=(1+xi)-1(ki-ri·xi)mod n;
(5) Output signature σi=(Ri,si)
2. And (5) signature verification algorithm step.
Given message MiThe signature σiPublic key QiThe verifier V verifies whether the signature is valid by performing the following steps:
(2) V verification equation Ri=si·G+ti·QiIf so, the signature is received, otherwise the signature is rejected.
3. And (4) signature batch verification algorithm step.
Given a set of messages M1,M2,…,Mm}, corresponding digital signature { σ1=(R1,s1),σ2=(R2,s2),…,σm=(Rm,sm) }, the corresponding public key Q1,Q2,…,QmThe verifier V verifies whether the set of signatures is valid by performing the following steps:
(1) v random Generation of a set of random numbers { a }1,a2…,am};
(3) V verification equationIf so, the set of signatures is received, otherwise the set of signatures is rejected.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.
Claims (4)
1. An SM2 digital signature method supporting batch verification, characterized in that based on the following definition
n: n is a prime number and n>2256;
mod n: performing modulo n operation;
Ai: the signer is the ith user;
v: a verifier;
e, an elliptic curve defined by elements a and b on the finite field;
an additive cyclic group with an order of a prime number q, the elements being points on an elliptic curve;
Qi: the public key of the user i is calculated in a mode of Qi=xi·G;
IDiUser i's distinguishable identification;
h (): the input is a bit string {0,1} of any length*Outputting a fixed-length cipher hash function;
Zithe signature identification of the user i is calculated in a mode of Zi=h(IDi,a,b,xG,yG,xQ,yQ);
The method comprises
Step 1, generating a signature, in particular a given message MiPrivate key xiPublic key Qi=xiG, signer AiPerforming the following steps to generate a digital signature:
step 1.1, AiCalculating ei=h(Zi||Mi);
Step 1.4, AiCalculating si=(1+xi)-1(ki-ri·xi)mod n;
Step 1.5, output signature σi=(Ri,si)
Step 2, verifying the signature, in particular the given message MiThe signature σiPublic key QiThe verifier V verifies whether the signature is valid by performing the following steps:
Step 2.2, V verification equation Ri=si·G+ti·QiIf so, the signature is received, otherwise the signature is rejected.
2. The SM2 digital signer supporting batch verification according to claim 1Method, characterized in that it further comprises a step of batch verification of the signature, in particular given a set of messages { M }1,M2,…,Mm}, corresponding digital signature { σ1=(R1,s1),σ2=(R2,s2),…,σm=(Rm,sm) }, the corresponding public key Q1,Q2,…,QmThe verifier V verifies whether the set of signatures is valid by performing the following steps:
step 1, V randomly generating a group of random numbers { a }1,a2…,am};
3. A computer storage medium having a computer program stored thereon, the executing of the computer program comprising the steps of:
step 1, generating a signature, in particular a given message MiPrivate key xiPublic key Qi=xiG, signer AiPerforming the following steps to generate a digital signature:
step 1.1, AiCalculating ei=h(Zi||Mi);
Step 1.4, AiCalculating si=(1+xi)-1(ki-ri·xi)mod n;
Step 1.5, output signature σi=(Ri,si)
Step 2, verifying the signature, in particular the given message MiThe signature σiPublic key QiThe verifier V verifies whether the signature is valid by performing the following steps:
Step 2.2, V verification equation Ri=si·G+ti·QiIf so, receiving the signature, otherwise rejecting the signature;
wherein, n: n is a prime number and n>2256;
mod n: performing modulo n operation;
Ai: the signer is the ith user;
v: a verifier;
e, an elliptic curve defined by elements a and b on the finite field;
an additive cyclic group with an order of a prime number q, the elements being points on an elliptic curve;
Qi: the public key of the user i is calculated in a mode of Qi=xi·G;
IDiUser i's distinguishable identification;
h (): the input is a bit string {0,1} of any length*Outputting a fixed-length cipher hash function;
Zithe signature identification of the user i is calculated in a mode of Zi=h(IDi,a,b,xG,yG,xQ,yQ)。
4. A computer storage medium as claimed in claim 3, further comprising a step of batch verification of signatures, in particular given a set of messages { M }1,M2,…,Mm}, corresponding digital signature { σ1=(R1,s1),σ2=(R2,s2),…,σm=(Rm,sm) }, the corresponding public key Q1,Q2,…,QmThe verifier V verifies whether the set of signatures is valid by performing the following steps:
step 1, V randomly generating a group of random numbers { a }1,a2…,am};
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011458227.2A CN112491560A (en) | 2020-12-11 | 2020-12-11 | SM2 digital signature method and medium supporting batch verification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011458227.2A CN112491560A (en) | 2020-12-11 | 2020-12-11 | SM2 digital signature method and medium supporting batch verification |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112491560A true CN112491560A (en) | 2021-03-12 |
Family
ID=74917694
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011458227.2A Pending CN112491560A (en) | 2020-12-11 | 2020-12-11 | SM2 digital signature method and medium supporting batch verification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112491560A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022111608A1 (en) * | 2020-11-27 | 2022-06-02 | 杭州趣链科技有限公司 | Signature batch verification method and apparatus based on state cryptographic sm2 algorithm, and device and medium |
CN115174102A (en) * | 2022-06-23 | 2022-10-11 | 武汉大学 | Efficient batch verification method and system based on SM2 signature |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090112956A1 (en) * | 2005-03-31 | 2009-04-30 | Seoul National University Industry Foundation | Fast Batch Verification Method And Apparatus There-of |
US7890763B1 (en) * | 2007-09-14 | 2011-02-15 | The United States Of America As Represented By The Director, National Security Agency | Method of identifying invalid digital signatures involving batch verification |
US20120237021A1 (en) * | 2007-06-27 | 2012-09-20 | Certicom Corp. | Multi-dimensional montgomery ladders for elliptic curves |
US20150281256A1 (en) * | 2014-03-27 | 2015-10-01 | Electronics And Telecommunications Research Institute | Batch verification method and apparatus thereof |
CN107231353A (en) * | 2017-06-01 | 2017-10-03 | 成都信息工程大学 | Batch authentication method based on binary tree in a kind of intelligent grid |
CN108667623A (en) * | 2018-05-28 | 2018-10-16 | 广东工业大学 | A kind of SM2 ellipse curve signatures verification algorithm |
CN108809658A (en) * | 2018-07-20 | 2018-11-13 | 武汉大学 | A kind of digital signature method and system of the identity base based on SM2 |
CN108881225A (en) * | 2018-06-19 | 2018-11-23 | 陕西师范大学 | A kind of car networking condition method for secret protection of batch validation signature |
CN109698751A (en) * | 2018-11-09 | 2019-04-30 | 北京中宇万通科技股份有限公司 | Digital signature generates and sign test method, computer equipment and storage medium |
US20190132350A1 (en) * | 2017-10-30 | 2019-05-02 | Pricewaterhousecoopers Llp | System and method for validation of distributed data storage systems |
US20200344070A1 (en) * | 2019-04-29 | 2020-10-29 | Alibaba Group Holding Limited | Methods and devices for validating transaction in blockchain system |
-
2020
- 2020-12-11 CN CN202011458227.2A patent/CN112491560A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090112956A1 (en) * | 2005-03-31 | 2009-04-30 | Seoul National University Industry Foundation | Fast Batch Verification Method And Apparatus There-of |
US20120237021A1 (en) * | 2007-06-27 | 2012-09-20 | Certicom Corp. | Multi-dimensional montgomery ladders for elliptic curves |
US7890763B1 (en) * | 2007-09-14 | 2011-02-15 | The United States Of America As Represented By The Director, National Security Agency | Method of identifying invalid digital signatures involving batch verification |
US20150281256A1 (en) * | 2014-03-27 | 2015-10-01 | Electronics And Telecommunications Research Institute | Batch verification method and apparatus thereof |
CN107231353A (en) * | 2017-06-01 | 2017-10-03 | 成都信息工程大学 | Batch authentication method based on binary tree in a kind of intelligent grid |
US20190132350A1 (en) * | 2017-10-30 | 2019-05-02 | Pricewaterhousecoopers Llp | System and method for validation of distributed data storage systems |
CN108667623A (en) * | 2018-05-28 | 2018-10-16 | 广东工业大学 | A kind of SM2 ellipse curve signatures verification algorithm |
CN108881225A (en) * | 2018-06-19 | 2018-11-23 | 陕西师范大学 | A kind of car networking condition method for secret protection of batch validation signature |
CN108809658A (en) * | 2018-07-20 | 2018-11-13 | 武汉大学 | A kind of digital signature method and system of the identity base based on SM2 |
CN109698751A (en) * | 2018-11-09 | 2019-04-30 | 北京中宇万通科技股份有限公司 | Digital signature generates and sign test method, computer equipment and storage medium |
US20200344070A1 (en) * | 2019-04-29 | 2020-10-29 | Alibaba Group Holding Limited | Methods and devices for validating transaction in blockchain system |
Non-Patent Citations (4)
Title |
---|
APURVA S KITTUR;ALWYN R PAIS: ""A new batch verification scheme for ECDSA* signatures"", 《INDIAN ACADEMY OF SCIENCES》 * |
冯琦; 何德彪; 罗敏; 李莉: "" 移动互联网环境下轻量级SM2两方协同签名"", 《计算机研究与发展》 * |
网系佳: ""图解SM2算法流程--第2章签名验签"", 《HTTPS://BLOG.CSDN.NET/SAMSHO2/ARTICLE/DETAILS/80770862》 * |
网系佳: ""图解SM2算法流程——第2章签名验签"", 《HTTPS://BLOG.CSDN.NET/SAMSHO2/ARTICLE/DETAILS/80770862》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022111608A1 (en) * | 2020-11-27 | 2022-06-02 | 杭州趣链科技有限公司 | Signature batch verification method and apparatus based on state cryptographic sm2 algorithm, and device and medium |
CN115174102A (en) * | 2022-06-23 | 2022-10-11 | 武汉大学 | Efficient batch verification method and system based on SM2 signature |
CN115174102B (en) * | 2022-06-23 | 2024-06-14 | 武汉大学 | SM2 signature-based efficient batch verification method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5231668A (en) | Digital signature algorithm | |
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
CN107040385B (en) | Method and system for realizing signature verification algorithm based on SM2 elliptic curve | |
Burnett et al. | A biometric identity based signature scheme | |
US7912216B2 (en) | Elliptic curve cryptosystem optimization using two phase key generation | |
EP2753018B1 (en) | Signature verification device, signature verification method, program, and recording medium | |
CN112446052B (en) | Aggregated signature method and system suitable for secret-related information system | |
CN110365481A (en) | The optimization of the close SM2 algorithm of state is accelerated to realize system and method | |
CN112491560A (en) | SM2 digital signature method and medium supporting batch verification | |
Liu et al. | An efficient double parameter elliptic curve digital signature algorithm for blockchain | |
CN112152813A (en) | Certificateless content extraction signcryption method supporting privacy protection | |
CN115529141A (en) | Traceable ring signature generation method and system for logarithmic signature size | |
CN113032844B (en) | Signature method, signature verification method and signature verification device for elliptic curve | |
CN113014398B (en) | Aggregate signature generation method based on SM9 digital signature algorithm | |
CN113032845B (en) | EdDSA signature implementation method and device for resource-constrained chip | |
CN113556233B (en) | SM9 digital signature method supporting batch verification | |
CN113708927B (en) | General assignment verifier signature proving system based on SM2 digital signature | |
CN110932866B (en) | Ring signature generation method based on SM2 digital signature algorithm | |
CN110505052B (en) | Cloud data public verification method for protecting data privacy | |
EP3955110A1 (en) | Distributed computing system and method of operation thereof | |
Karati et al. | Cryptanalysis and improvement of a certificateless short signature scheme using bilinear pairing | |
CN114338029A (en) | Mercker tree signature method for resisting quantum computation attack | |
CN110995441A (en) | Multi-party collaborative EdDSA digital signature generation method and medium | |
CN115174057B (en) | Online offline signature generation method and system based on SM2 signature | |
CN115174052B (en) | Adapter signature generation method and device based on SM9 signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210312 |
|
RJ01 | Rejection of invention patent application after publication |