CN113904777B - SM2 digital signature algorithm-based signcryption method - Google Patents

SM2 digital signature algorithm-based signcryption method Download PDF

Info

Publication number
CN113904777B
CN113904777B CN202111110965.2A CN202111110965A CN113904777B CN 113904777 B CN113904777 B CN 113904777B CN 202111110965 A CN202111110965 A CN 202111110965A CN 113904777 B CN113904777 B CN 113904777B
Authority
CN
China
Prior art keywords
calculating
random number
elliptic curve
signcryption
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111110965.2A
Other languages
Chinese (zh)
Other versions
CN113904777A (en
Inventor
何德彪
陈鑫
罗敏
刘丽群
崔晓晖
黄欣沂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN202111110965.2A priority Critical patent/CN113904777B/en
Publication of CN113904777A publication Critical patent/CN113904777A/en
Application granted granted Critical
Publication of CN113904777B publication Critical patent/CN113904777B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a signcryption method based on SM2 digital signature algorithm, which is based on domestic commercial cipher algorithm and comprises four algorithms of initializing algorithm, key generating algorithm, signcryption algorithm and signcryption algorithm, thereby realizing autonomous and controllable data storage and sharing, promoting the application of domestic commercial cipher algorithm, realizing the data storage and sharing which can prove safe under the environments of cloud computing, internet of things, blockchain and the like, meeting the security requirements of confidentiality, authentication, integrity, non-counterfeitability and the like of transmitted information, and simultaneously meeting the compliance requirements of domestic commercial cipher application.

Description

SM2 digital signature algorithm-based signcryption method
Technical Field
The invention relates to the field of computers, in particular to a signcryption method based on an SM2 digital signature algorithm.
Background
The signcryption is an important cryptography primitive, can simultaneously complete two functions of digital signature and encryption in a reasonable logic step, has higher efficiency than a scheme of encryption before signature, and can simultaneously realize data confidentiality and integrity protection. The SM2 algorithm is an elliptic curve public key cryptographic algorithm, and includes a digital signature algorithm, a key exchange protocol and a public key encryption algorithm. The SM2 algorithm has become a national public key algorithm standard GM/T0003.2-2012 and enters an international standard ISO/IEC 14888-3:2016, the method has important significance for information security establishment in China.
With the wide application of technologies such as cloud computing, internet of things, blockchain, etc., security and privacy of data storage and sharing have become an increasingly focused issue for researchers. Unlike traditional encryption-before-signature schemes, the signcryption scheme reduces the amount of computation and ciphertext expansion while meeting the security requirements of confidentiality, authentication, non-counterfeitability and the like of data storage and sharing. However, the design of the existing signcryption schemes is based on foreign cryptographic algorithms/standards, and the design of the signcryption schemes based on domestic commercial cryptographic algorithms, so as to realize autonomous and controllable data security sharing/transmission, is a problem to be solved.
Disclosure of Invention
The technical problems of the invention are mainly solved by the following technical proposal:
a signcryption method based on an SM2 digital signature algorithm, comprising:
an administrator defines an elliptic curve, a plurality of hash functions and two prime numbers, generates a generating element with one order as one prime number based on the elliptic curve, and finally outputs a system function with parameters in the generating element, the two prime numbers, the hash functions and the elliptic curve;
a step of generating a secret key, in which a sender generates a random number and a sender public key containing a generator; the receiver generates a random number and a receiver public key containing the generator;
a signcryption step of calculating and outputting a signcryption text comprising elliptic parameters, plaintext data, a sender private key, a receiver public key and a random number according to given plaintext data, a sender private key and a random number;
and (3) a decryption step: and the decryption user sends out a decryption request, calculates partial parameters in the signcryption and verifies, and outputs clear text data if the verification is passed, otherwise, refuses the decryption request.
The above-mentioned signcryption method based on SM2 digital signature algorithm, the initialization step specifically includes:
step 2.1, selecting the length l as a large prime number p and q;
step 2.2, selecting the definition in finite field F p Elliptic curve E: y 2 =x 3 +a·x+bmodq;
Step 2.3, selecting a generator G with the order q on the elliptic curve E;
step 2.4, selecting 3 hash functions H 0 :{0,1} * →{0,1} 256 ,H 1 :{0,1} * →{0,1} n And
step 2.5, outputting system parameters params= { p, q, a, b, G, H 0 ,H 1 ,H 2 };
In the above-mentioned signcryption method based on SM2 digital signature algorithm, the key generation step specifically includes:
step 3.1, the sender generates a random number with a random number generator
Step 3.3 sender computes public Key P S =d S ·G;
Step 3.3, the receiver generates a random number using a random number generator
Step 3.4, the receiver calculates the public key P R =d R ·G。
The signcryption method based on the SM2 digital signature algorithm specifically comprises the following steps:
step 4.1, generating random number by random number generator
Step 4.2, calculating elliptic curve point T 1 =k·G=(x 1 ,y 1 );
Step 4.3, calculating elliptic curve point T 2 =k·P R
Step 4.4, calculating the hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
Step 4.5, calculating bit string
Step 4.6, calculating the hash value e=h 2 (Z S ||c);
Step 4.7, calculating the integer r=e+x 1 mod q;
Step 4.8, calculating the integer s= (1+d) S ) -1 ·(k-r·d S )mod q;
Step 4.9, outputting the signcrypt text ct= (c, r, s).
The signature method based on the SM2 digital signature algorithm specifically comprises the following steps:
step 5.1, calculating the hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
Step 5.2, calculating the hash value e=h 2 (Z S ||c);
Step 5.3, calculating an integer t=r+smod q;
step 5.4, calculating elliptic curve point T 1 =s·G+t·P S =(x 1 ,y 1 );
Step 5.5, verification equation r=e+x 1 Whether mod q is true, if not, rejecting the message, and terminating;
step 5.6, calculating elliptic curve point T 2 =d R ·T 1
Step 5.7, calculating and outputting the plaintext data
Compared with the prior art, the invention has the following advantages and beneficial effects: at present, the design of the signcryption scheme adopts foreign password algorithms/standards, and the domestic commercial password algorithm has not been applied to the design of the signcryption scheme. In the signature scheme designed by the invention, based on an SM2 digital signature algorithm, autonomous and controllable data safe storage and sharing under the environments of cloud computing, the Internet of things, block chains and the like are realized, the security requirements of confidentiality, authentication, integrity, non-counterfeitability and the like of transmission information are met, and the compliance requirements of domestic and commercial password application are met.
Drawings
Fig. 1 is a flow chart of a method of the present invention.
Detailed Description
The technical scheme of the invention is further specifically described below through examples and with reference to the accompanying drawings.
Examples:
1. first, the symbols and definitions according to the present embodiment will be explained
q: large prime number
F q : a finite field containing q elements.
a,b:F q Elements of (a) defining F q An elliptic curve E.
E(F q ):F q The set of all rational points of the upper elliptic curve E, including the infinity point O.
#E(F q ):E(F q ) The number of upper points, called elliptic curve E (F q ) Is a step of (a).
O: a particular point on the elliptic curve is called the infinity point or zero point.
A cyclic group containing all points of the elliptic curve E and infinity points.
G: group ofIs a generator of (1).
H (.): secure cryptographic hash functions such as SM3 algorithm.
M: message value.
n: message length.
I: and splicing bit strings.
2. The scheme comprises four algorithms: initializing algorithm, key generation algorithm, signcryption algorithm and decryption algorithm.
Initializing an algorithm Setup: the system administrator executes the following algorithm to generate the system parameters.
1) Selecting the length l as a large prime number p and q;
2) The selection is defined in a finite field F p Elliptic curve E: y 2 =x 3 +a·x+bmodq;
3) Selecting a generator G with the order q on an elliptic curve E;
4) Selecting 3 hash functions H 0 :{0,1} * →{0,1} 256 ,H 1 :{0,1} * →{0,1} n And
5) Outputting system parameters params= { p, q, a, b, G, H 0 ,H 1 ,H 2 };
Key generation algorithm KeyGen: the sender and the receiver execute the algorithm to generate respective public and private keys.
1) Sender generates random numbers using a random number generator
2) Sender calculates public key P S =d S ·G;
3) Random number generator for generating random number by receiver
4) The receiver calculates the public key P R =d R ·G;
The signcryption algorithm Signcrypt: given plaintext data M ε {0,1} n Receiver public key P R And sender private key d S The following operation steps are executed:
1) Random number generation by random number generator
2) Calculating elliptic curve point T 1 =k·G=(x 1 ,y 1 );
3) Calculating elliptic curve point T 2 =k·P R
4) Computing hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
5) Calculating bit strings
6) Calculating a hash value e=h 2 (Z S ||c);
7) Calculating the integer r=e+x 1 mod q;
8) Calculate the integer s= (1+d) S ) -1 ·(k-r·d S )mod q;
9) Output signcrypt text ct= (c, r, s);
the decryption algorithm un signncrypt: in order to decrypt and verify the signcryption ciphertext ct= (c, r, s), the decrypting user performs the following operation steps:
1) Computing hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
2) Calculating a hash value e=h 2 (Z S ||c);
3) Calculating an integer t=r+smod q;
4) Calculating elliptic curve point T 1 =s·G+t·P S =(x 1 ,y 1 );
5) Verification equation r=e+x 1 Whether mod q is true, if not, rejecting the message, and terminating;
6) Calculating elliptic curve point T 2 =d R ·T 1
7) Calculate and output plaintext data
The specific embodiments described herein are offered by way of example only to illustrate the spirit of the invention. Those skilled in the art may make various modifications or additions to the described embodiments or substitutions thereof without departing from the spirit of the invention or exceeding the scope of the invention as defined in the accompanying claims.

Claims (2)

1. A signcryption method based on an SM2 digital signature algorithm, comprising:
an administrator defines an elliptic curve, a plurality of hash functions and two prime numbers, generates a generating element with one order as one prime number based on the elliptic curve, and finally outputs a system function with parameters in the generating element, the two prime numbers, the hash functions and the elliptic curve; the initialization step specifically comprises the following steps:
step 2.1, selecting the length l as a large prime number p and q;
step 2.2, selecting the definition in finite field F p Elliptic curve E: y 2 =x 3 +a·x+bmodq;
Step 2.3, selecting a generator G with the order q on the elliptic curve E;
step 2.4, selecting 3 hash functions H 0 :{0,1} * →{0,1} 256 ,H 1 :{0,1} * →{0,1} n And
step 2.5, outputting system parameters params= { p, q, a, b, G, H 0 ,H 1 ,H 2 };
A step of generating a secret key, in which a sender generates a random number and a sender public key containing a generator; the receiver generates a random number and a receiver public key containing the generator; the key generation step specifically comprises the following steps:
step 3.1, the sender generates a random number with a random number generator
Step 3.3 sender computes public Key P S =d S ·G;
Step 3.3, the receiver generates a random number using a random number generator
Step 3.4, the receiver calculates the public key P R =d R ·G;
A signcryption step of calculating and outputting a signcryption text comprising elliptic parameters, plaintext data, a sender private key, a receiver public key and a random number according to given plaintext data, a sender private key and a random number; the signcryption step specifically comprises the following steps:
step 4.1, generating random number by random number generator
Step 4.2, calculating elliptic curve point T 1 =k·G=(x 1 ,y 1 );
Step 4.3, calculating elliptic curve point T 2 =k·P R
Step 4.4, calculating the hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
Step 4.5, calculating bit string
Step 4.6, calculating the hash value e=h 2 (Z S ||c);
Step 4.7, calculating the integer r=e+x 1 mod q;
Step 4.8, calculating the integer s= (1+d) S ) -1 ·(k-r·d S )mod q;
Step 4.9, outputting a signcrypt text ct= (c, r, s);
and (3) a decryption step: and the decryption user sends out a decryption request, calculates partial parameters in the signcryption and verifies, and outputs clear text data if the verification is passed, otherwise, refuses the decryption request.
2. The method for decrypting the signature based on the SM2 digital signature algorithm as recited in claim 1, wherein the step of decrypting the signature specifically comprises:
step 5.1, calculating the hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
Step 5.2,Calculating a hash value e=h 2 (Z S ||c);
Step 5.3, calculating an integer t=r+smod q;
step 5.4, calculating elliptic curve point T 1 =s·G+t·P S =(x 1 ,y 1 );
Step 5.5, verification equation r=e+x 1 Whether mod q is true, if not, rejecting the message, and terminating;
step 5.6, calculating elliptic curve point T 2 =d R ·T 1
Step 5.7, calculating and outputting the plaintext data
CN202111110965.2A 2021-09-23 2021-09-23 SM2 digital signature algorithm-based signcryption method Active CN113904777B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111110965.2A CN113904777B (en) 2021-09-23 2021-09-23 SM2 digital signature algorithm-based signcryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111110965.2A CN113904777B (en) 2021-09-23 2021-09-23 SM2 digital signature algorithm-based signcryption method

Publications (2)

Publication Number Publication Date
CN113904777A CN113904777A (en) 2022-01-07
CN113904777B true CN113904777B (en) 2023-10-03

Family

ID=79028863

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111110965.2A Active CN113904777B (en) 2021-09-23 2021-09-23 SM2 digital signature algorithm-based signcryption method

Country Status (1)

Country Link
CN (1) CN113904777B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001166687A (en) * 1999-09-29 2001-06-22 Hitachi Software Eng Co Ltd Group signature generating method and system
CN104811302A (en) * 2015-05-15 2015-07-29 陕西师范大学 Oval curve mixing signcryption method based on certificateless effect
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN107612680A (en) * 2017-09-14 2018-01-19 哈尔滨理工大学 A kind of national secret algorithm in mobile network's payment
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN110365487A (en) * 2019-07-19 2019-10-22 北京向芯力科技有限公司 A kind of collaboration endorsement method and device based on SM2 algorithm
CN112118111A (en) * 2020-09-04 2020-12-22 中国科学院大学 SM2 digital signature method suitable for threshold calculation
CN112367175A (en) * 2020-11-12 2021-02-12 西安电子科技大学 Implicit certificate key generation method based on SM2 digital signature
CN113055161A (en) * 2021-03-09 2021-06-29 武汉大学 Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001166687A (en) * 1999-09-29 2001-06-22 Hitachi Software Eng Co Ltd Group signature generating method and system
CN104811302A (en) * 2015-05-15 2015-07-29 陕西师范大学 Oval curve mixing signcryption method based on certificateless effect
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN107612680A (en) * 2017-09-14 2018-01-19 哈尔滨理工大学 A kind of national secret algorithm in mobile network's payment
CN110365487A (en) * 2019-07-19 2019-10-22 北京向芯力科技有限公司 A kind of collaboration endorsement method and device based on SM2 algorithm
CN112118111A (en) * 2020-09-04 2020-12-22 中国科学院大学 SM2 digital signature method suitable for threshold calculation
CN112367175A (en) * 2020-11-12 2021-02-12 西安电子科技大学 Implicit certificate key generation method based on SM2 digital signature
CN113055161A (en) * 2021-03-09 2021-06-29 武汉大学 Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
冯琦等.移动互联网环境下轻量级SM2两方协同签名.计算机研究与发展.2020,(10),130-140. *

Also Published As

Publication number Publication date
CN113904777A (en) 2022-01-07

Similar Documents

Publication Publication Date Title
CN108173639B (en) Two-party cooperative signature method based on SM9 signature algorithm
JP4527358B2 (en) An authenticated individual cryptographic system that does not use key escrow
CN111314089B (en) SM 2-based two-party collaborative signature method and decryption method
CN105024994B (en) Without the safety to computing label decryption method is mixed without certificate
CN110830236B (en) Identity-based encryption method based on global hash
CN109462481B (en) Secret signcryption method based on asymmetric bilinear pairings
CN111106936A (en) SM 9-based attribute encryption method and system
CN107395368B (en) Digital signature method, decapsulation method and decryption method in media-free environment
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN114268439B (en) Identity-based authentication key negotiation method based on grid
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
CN113285959A (en) Mail encryption method, decryption method and encryption and decryption system
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
CN107086912B (en) Ciphertext conversion method, decryption method and system in heterogeneous storage system
CN109873699A (en) A kind of voidable identity public key encryption method
CN111030801A (en) Multi-party distributed SM9 key generation and ciphertext decryption method and medium
CN113660087A (en) SM9 identification cryptographic algorithm hardware implementation system based on finite field
CN115499126A (en) SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium
CN114065247A (en) Quantum digital mixed signcryption method
CN111756537B (en) Two-party cooperative decryption method, system and storage medium based on SM2 standard
Aydos et al. Implementing network security protocols based on elliptic curve cryptography
CN110224835B (en) Certificateless identity hiding authentication encryption method
CN109981254B (en) Micro public key encryption and decryption method based on finite lie type group decomposition problem
CN113904777B (en) SM2 digital signature algorithm-based signcryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant