CN115499126A - SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium - Google Patents

SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium Download PDF

Info

Publication number
CN115499126A
CN115499126A CN202210480769.2A CN202210480769A CN115499126A CN 115499126 A CN115499126 A CN 115499126A CN 202210480769 A CN202210480769 A CN 202210480769A CN 115499126 A CN115499126 A CN 115499126A
Authority
CN
China
Prior art keywords
key
client
private key
signature
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210480769.2A
Other languages
Chinese (zh)
Inventor
尚磊
直丹婷
曹涛
王军强
赵英华
王燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan Nuclear Microelectronics Technology Co ltd
Original Assignee
Henan Nuclear Microelectronics Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Henan Nuclear Microelectronics Technology Co ltd filed Critical Henan Nuclear Microelectronics Technology Co ltd
Priority to CN202210480769.2A priority Critical patent/CN115499126A/en
Publication of CN115499126A publication Critical patent/CN115499126A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a key pair generation method, a collaborative signing method, a decryption method, a device and a medium based on SM2 key distributed storage. The invention generates a public and private key pair by the cooperation of the client, the server and the key sharing center, each device generates and stores the respective private key factor, and the complete private key does not appear at any party in the cooperative signature and cooperative decryption processes, thereby ensuring the security of the private key. In addition, the key sharing and distribution process provided by the public and private key pair collaborative generation method ensures that only two private key factors of the client and the key sharing center are used for carrying out key calculation and distribution in the private key sharing and distribution process, the private key factor of the server does not participate in the distribution process, further ensures that the complete key does not appear in the memory of any equipment at any moment, and the complete key does not have the risk of leakage in any one piece of equipment.

Description

SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium
Technical Field
The invention belongs to a key pair generation method, a collaborative signing method, a decryption method, a key sharing authorization distribution method, a device and a medium, and particularly relates to a key pair generation method, a collaborative signing method, a decryption method, a key sharing authorization distribution method, a device and a medium based on SM2 key distributed storage.
Background
In the traditional CA security industry, the UKEY is used as a certificate storage medium, although the security degree is high, the UKEY is difficult to use, and the adaptability to novel technologies such as mobile internet, cloud computing and big data is poor. At present, digital signature and encryption and decryption technologies based on PKI technologies are widely applied to the fields of e-government affairs, e-commerce, mobile internet, big data, cloud computing, internet of things and the like. In such application environments, a client, such as an intelligent terminal and other devices, usually stores and uses a private key in a software form, and if a complete private key is stored in the intelligent terminal, based on security considerations of the intelligent terminal device, data stored in the terminal device can be easily exported by an attacker, so that in order to ensure the security of the private key in the terminal device, a key distributed storage design is adopted, the processes of key distributed storage, distributed signature and decryption are realized, it is ensured that the complete private key does not appear at any end, and further, it is especially important to ensure the storage security of the private key. In addition, based on the authorized use requirement of the certificate, when the smart key is used for storing the private key of the user, the smart key needs to be given to other people when the other people are entrusted with signing or decrypting. At present, SM2 on the mobile intelligent terminal signs or decrypts in a coordinated mode, a private key of a digital signature is stored in a split mode, a client private key factor is only stored in the mobile intelligent terminal, when others are entrusted to sign or decrypt, intelligent terminal equipment needs to be handed to others, however, mobile intelligent terminals such as mobile phones are used more and more widely at present, privacy is very high, inconvenience is brought when the mobile intelligent terminals are handed to others, and privacy is revealed.
The invention patent application 201811310717.0 discloses an SM2 secret key generation and signature method, a terminal, a server and a storage medium, wherein private keys are formed by a preset number of private key factors, the private key factors are respectively stored in different devices, the devices comprise the terminal and the server, the problem that private key files are easy to steal is effectively solved, the private key factors are dispersedly stored on the terminal and the server, and an attacker cannot obtain a complete private key from the terminal. Meanwhile, the signature calculation process needs to be carried out on the terminal device and the server in steps, the private key cannot be completely present in the memory of the terminal device, the problem that the private key file is easily leaked in the memory of the terminal device in a plaintext mode is effectively solved, and the private key is stored more safely. Although the security is improved by adopting a scattered storage mode for the private key factors, the private key factors are stored in the terminal and the server, and when the terminal equipment carries out the process of safely distributing and sharing the private key, the server private key factors need to be sent to the terminal equipment for private key synthesis and then key sharing and distribution, and the complete private key still appears in the terminal memory in a plaintext mode in the process, so that the potential safety hazard of private key leakage still exists. The Chinese patent application 201910600980.1 discloses a private key processing method based on an SM2 algorithm, a terminal and a key center, wherein a private key is directly generated through the key center, so that a second private key factor is generated by the private key and a first private key factor of a client, the first private key factor is stored through the client, and the second private key factor is stored in a server in an encrypted manner, so that the distributed protection of the private key is realized, and the situation that the complete private key does not appear at any party in the storage and use processes of the private key is ensured. And when the private key factor of a certain party is lost, the private key factor and the private key of the other party can be recovered, so that the problem of recovering the private key is solved. Although the patent application of the invention realizes the decentralized protection of the private key, and can cooperatively complete the standard digital signature and the data encryption based on the digital envelope technology, the generation of the private key pair is performed through the key center, and the transmission process of the private key factor has potential safety hazard in the process of sending the private key factor of the server side to the server side by the key center, so that the complete private key does not appear at any party in the storage and use processes of the private key. In addition, the patent application of the invention only ensures that the complete private key cannot appear at any end of the server or the client, and cannot ensure that the complete private key cannot appear in the key sharing center equipment, and the complete private key still has potential safety hazards.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a secret key pair generation method, a collaborative signing method, a decryption method and a secret key sharing authorization distribution method based on SM2 secret key distributed storage, wherein the complete secret key cannot appear in any equipment in the processes of secret key pair generation, collaborative signing, collaborative decryption and sharing authorization distribution, so that any information of the complete secret key is not leaked, and the use safety of the secret key is further ensured.
The technical problem to be solved by the present invention is to provide a terminal, a server, a key sharing center and a computer readable storage medium for implementing the above method.
In order to solve the technical problems, the invention adopts the following technical scheme:
the invention provides a secret key pair generation method based on SM2 secret key distributed storage, which comprises the following steps:
a1, the client generates a self sub private key d A The server generates a private key d B The key sharing center generates its own sub-private key d C
A2: the client, the server and the key sharing center carry out interactive operation to jointly generate a public key P;
in the process of generating the sub-private key and the public key, the client, the server and the key sharing center share the SM2 elliptic curve algorithm parameter E (F) q ) G, n and Z, wherein the elliptic curve E is an elliptic curve defined on a finite field G, G is an n-order base point on the elliptic curve E, and Z is a common body of the twoAnd (5) identifying shares.
The invention provides a cooperative signature method based on SM2 secret key distributed storage, which comprises the following steps:
b1, a client generates a message digest e according to a message original text M to be signed, generates a random number k1 at the same time, calculates a first signature intermediate variable Q1 according to k1, and then sends Q1 to a key sharing center;
b2, the key sharing center receives the Q1 and generates a random number k2, a second signature intermediate variable Q2 is calculated according to the random number k2 and the random number Q1, and then the Q2 is sent back to the client;
b3, the client receives the Q2, sends the message digests e and Q2 to the server, and the server calculates a partial signature R, a third signature intermediate variable Q3 and a fourth signature intermediate variable Q4 according to the message digests e and Q2 and sends the partial signatures R, Q3 and Q4 to the client;
b4, the client receives R, Q and Q4, sends Q3 and Q4 to a key sharing center, calculates a fifth signature intermediate variable Q5 and a sixth signature intermediate variable Q6 by the key sharing center, and sends Q5 and Q6 to the client;
and B5, the client receives the intermediate signature variables Q5 and Q6, calculates a partial signature value S, and outputs (R, S) as a complete signature.
The invention provides a cooperative decryption method based on SM2 key distributed storage, which comprises the following steps:
c1, the client receives the cooperative decryption request, generates a random number k, partially decrypts the acquired ciphertext to obtain a first decryption intermediate variable T1, and sends the T1 to the server;
c2, the server receives the T1 and according to the own sub private key d B The received plaintext intermediate variable T1 is decrypted to obtain a second decrypted intermediate variable T2, and the second decrypted intermediate variable T2 is sent to the key sharing center;
c3, the secret key sharing center receives the T2 and according to the own sub-private key d C And T2, calculating a third decryption intermediate variable T3, and sending the T3 to the client;
c4, the client side receives the T3 and the own sub private key d A And calculating a complete plaintext T.
The invention provides a secret key sharing authorization distribution method based on SM2 secret key distributed storage, which comprises the following steps:
d1, the client side initiates a secret key sharing and distributing request to a secret key sharing center, and the secret key sharing center receives the request and uses the private key D thereof C Sending the ciphertext to the client;
d2, receiving private key D by client C According to its own private key d A Calculating a temporary private key tmpD, and generating a random number d by the client AA According to tmpD, d AA Calculating d CC D is mixing AA 、d CC Respectively used as private keys of a key sharing client and a key sharing center C for storage, and d is simultaneously used AA 、d CC Distributing the key to a key sharing client;
d3, server self private key D B And keeping the operation unchanged, and performing signature or decryption operation by cooperation of the key sharing client, the server and the key sharing center.
The present invention also provides a terminal, comprising:
a sub-private key generation module for generating a sub-private key d A
A sub private key storage module for storing the generated sub private key d A
And the operation module is used for executing the key pair generation, signature and decryption operations.
The invention also provides a server, comprising:
a sub-private key generation module for generating a sub-private key d B
A sub private key storage module for storing the generated sub private key d B
And the operation module is used for executing the key pair generation, signature and decryption operations.
The present invention also provides a key sharing center, comprising:
a sub-private key generation module for generating a sub-private key d C
A sub private key storage module for storing the generated sub private key d C
And the operation module is used for executing the key pair generation, signature and decryption operations of the right.
The present invention also provides a computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method described above.
The invention generates a public and private key pair by the cooperation of the client, the server and the key sharing center, each device generates and stores the respective private key factor, and the complete private key does not appear at any party in the cooperative signature and cooperative decryption processes, thereby ensuring the security of the private key. In addition, the key sharing and distribution process provided by the public and private key pair collaborative generation method ensures that only two private key factors of the client and the key sharing center are used for carrying out key calculation and distribution in the private key sharing and distribution process, the private key factor of the server does not participate in the distribution process, further ensures that the complete key does not appear in the memory of any equipment at any moment, and the complete key does not have the risk of leakage in any one piece of equipment.
Drawings
Fig. 1 is a schematic diagram illustrating a process of generating a public-private key pair by cooperation of a client, a server and a key sharing center;
fig. 2 is a schematic diagram illustrating a process of collaborative signing by a terminal, a server and a key sharing center;
FIG. 3 is a schematic diagram illustrating a process of cooperative decryption among a terminal, a server and a key sharing center;
fig. 4 is a schematic process diagram of key sharing distribution.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Symbol and definition
e, the cipher hash function acts on the output value of the message m;
g, one base point of the elliptic curve, wherein the order of the base point is prime number;
hash (), SM3 cryptographic Hash function;
KDF (), key derivation function;
mod n modulo n, e.g., 28mod 5=3;
n is the order of the base point G;
splicing x and y, wherein x and y can be bit strings or byte strings;
elliptic curve point multiplication operation;
and (-c) elliptic curve point subtraction operation.
Example 1: as shown in fig. 1, the key pair generation method based on SM2 key distributed storage includes the following steps:
the client randomly generates a random number D1 and calculates a private key D of the client A =(1+D1) -1 modn, the server randomly generates a random number D2 and calculates a self sub-private key D B =(1+D2) -1 modn, the secret key sharing center randomly generates a random number D3 and calculates a self sub private key D C =(1+D3) -1 modn, where the random numbers D1, D2, D3 are between [1,n-1]N is the order of the elliptic curve, mod is the modulo operation.
The client sends a key pair generation request to the server, and after receiving the key pair generation request, the server calculates a first part of public keys P1= D2 [. Multidot ] G and sends the first part of public keys P1 to a key sharing center; the key sharing center receives the first partial public key P1 and calculates a second partial public key P2= D3[ ] P1+ D3[ ] G + P1; and the key sharing center sends the second part of the public key P2 to the terminal, and the terminal receives the second part of the public key P2 and calculates a complete public key P = D1 [. Multidot ] P2+ D1 [. Multidot ] G + P2, wherein [. Multidot ] represents elliptic curve point multiplication operation.
In the process of generating the sub-private key and the public key, the client, the server and the key sharing center share the SM2 elliptic curve algorithm parameter E (F) q ) G, n and Z, wherein the elliptic curve E is an elliptic curve defined on a finite field G, G is an n-order base point on the elliptic curve E, and Z is the common identification of the two parties.
Example 2: as shown in fig. 2, the cooperative signature method based on SM2 key distributed storage includes the following steps:
the client calculates M ' = Z | | | M according to a message original text M to be signed, calculates a message digest e = Hash (M ') according to M ', then calculates a first partial signature Q1= k1[ ] G according to a generated random number k1, and sends the first partial signature Q1 to a key sharing center, wherein Hash () represents a preset SM3 cryptographic Hash function, and [ ] represents elliptic curve point multiplication operation;
the key sharing center receives the first signature intermediate variable Q1, calculates a second signature intermediate variable Q2= k2 [. Multidot ] Q1 according to Q1 and the generated random number k2, and sends Q2 to the terminal;
the terminal receives the intermediate variable Q2 of the signature, and sends the message digests e and Q2 to the server, the server generates random numbers K3 and K4, and calculates K times of points G1= K4 [. X ] of the base point G]G, calculating (x 1, y 1) = k3 [. Multidot.]Q2[+]G1 and R = (x 1+ e) modn, Q3= d is calculated from its own private key B * k3modn and Q4= d B * (R + k 4) modn, then sending the partial signature R and Q3, Q4 to the client;
the client receives R, Q and Q4, sends Q3 and Q4 to the key sharing center to request the cooperative signature operation, and the password sharing center calculates a fifth signature intermediate variable Q5= k2 × d C * Q3 and sixth signature intermediate variable Q6= d C * Q4, and returning Q5 and Q6 to the client;
the client calculates a partial signature value S = (d) from the received Q5, Q6 A *k1*Q5+d A * Q6-R) modn, and outputs (R, S) as a complete signature; wherein Hash () represents the SM3 cryptographic Hash function [. X [ ]]Representing an elliptic curve point multiplication operation and mod a modulo operation.
Example 3: as shown in fig. 3, the cooperative decryption method based on SM2 key distributed storage includes the following steps:
the client receives the ciphertext C, extracts the bit string C1 from the ciphertext C, and verifies whether the C1 is a non-infinite point on the elliptic curve E after the data type conversion is carried out on the C1; if yes, randomly generating a random number k, and calculating a first decryption intermediate variable T1= k [ ] C1, wherein [ ] represents elliptic curve point multiplication operation;
the server calculates a second decryption intermediate variable T2= d according to the received T1 B -1 [*]T1, and sending T2 to the key sharing center equipment C;
the key sharing center calculates a third decryption intermediate variable T3= d from the received T2 C -1 [*]T2, and sending T3 back to the client;
the client calculates (x) according to the received T3 2 ,y 2 )=k -1 *d A -1 [*]T3[-]C1, wherein [ -]Representing an elliptic curve point subtraction operation, tmp = kdf (x 2| | | y2, klen) is calculated from (x 2, y 2), where | | represents a string concatenation, kdf () represents a predetermined key derivation function, and klen represents a predetermined output bit string length; judging tmp, if tmp is not equal to 0, extracting bit string C2 from the ciphertext, and calculating to obtain a result
Figure RE-RE-GDA0003812621000000081
Calculating the result check value u = Hash (x 2| | | M "| | | y 2) according to (x 2, y 2) and M ″, wherein
Figure RE-RE-GDA0003812621000000082
Representing an exclusive-or operation, hash () representing a predetermined cryptographic Hash function, extracting a bit string C3 from the ciphertext Cipher, comparing u and C3, and if u = C3, outputting M "as a complete plaintext.
Example 4: as shown in fig. 4, the key sharing authorization distribution method based on SM2 key distributed storage includes the following steps:
the client end initiates a key sharing distribution request to the key sharing center, and the key sharing center receives the request and uses the own private key d C Sending the ciphertext to the client;
client receives private key d C According to its own private key d A Calculating a temporary private key tmpD = d A *d C modn, client generates random number d AA According to tmpD, d AA Calculating d CC D is mixing AA 、d CC Respectively used as private keys of a key sharing client and a key sharing center C for storage, and simultaneously d AA 、d CC Distributing the key to a key sharing client;
self private key d of server B Keep unchanged, and are collaborated by a key sharing client, a server and a key sharing centerLine signing or decryption operations.
In the key sharing authorization distribution method, the client derives the shared key according to the private key of the client, authorizes the shared key to the key sharing terminal, ensures that the private key of the client is different from the private key of the authorization client and the complete private key cannot appear in the memory in the key deriving process, and ensures that the public keys of the client and the authorization client are consistent.
Example 5: the terminal comprises a sub private key generation module for generating a sub private key d A (ii) a A sub private key storage module for storing the generated sub private key d A (ii) a And the operation module is used for executing the key pair generation, signature, decryption and key sharing authorization distribution operations in the embodiments 1 to 4.
Example 6: the server side comprises: a sub-private key generation module for generating a sub-private key d B
A sub private key storage module for storing the generated sub private key d A (ii) a The operation module is used for executing the key pair generation, signature, decryption and key sharing authorization distribution operations described in the embodiments 1 to 4.
Example 7: the key sharing center includes: a sub-private key generation module for generating a sub-private key d C (ii) a A sub private key storage module for storing the generated sub private key d C (ii) a An operation module, configured to perform the operations of key pair generation, signing, decryption, and key sharing authorization distribution according to any one of claims 4 to 8.
Example 8: a computer-readable storage medium stores computer-executable instructions for causing a computer to perform key pair generation, signing, decryption, key-sharing authorization distribution operations as described in embodiments 1-4.

Claims (13)

1. A key pair generation method based on SM2 key distributed storage is characterized by comprising the following steps:
a1, the client generates a self sub private key d A The server generates a private key d B The key sharing center generates its own sub-private key d C
A2: the client, the server and the key sharing center carry out interactive operation to jointly generate a public key P;
in the sub-private key generation and public key generation processes, the client, the server and the key sharing center share SM2 elliptic curve algorithm parameters E (F) q ) G, n and Z, wherein the elliptic curve E is an elliptic curve defined on a finite field G, G is an n-order base point on the elliptic curve E, and Z is the common identification of the two parties.
2. The SM 2-key distributed storage-based key pair generation method of claim 1, wherein in step A1, the client randomly generates a random number D1 and calculates its own sub-private key D A =(1+D1) -1 mod n, the server randomly generates a random number D2 and calculates a self sub private key D B =(1+D2) -1 mod n, the key sharing center C randomly generates a random number D3 and calculates a private sub-key D of itself C =(1+D3) -1 mod n, where the random numbers D1, D2, D3 are between [1,n-1]N is the order of the elliptic curve, mod is the modulo operation.
3. The SM2 key distributed storage-based key pair generation method according to claim 1 or 2, wherein in step A3, the client a sends a key pair generation request to the server B, and after receiving the key pair generation request, the server calculates a first partial public key intermediate variable P1= D2[ ] G and sends the first partial public key intermediate variable P1 to the key sharing center; the key sharing center receives the first partial public key intermediate variable P1 and calculates a second partial public key intermediate variable P2= D3[ ] P1+ D3[ ] G + P1; and the key sharing center sends the second part public key intermediate variable P2 to the terminal, and the terminal receives the second part public key intermediate variable P2 and calculates the complete public key P = D1 [. Multidot ] P2+ D1 [. Multidot ] G + P2, wherein [. Multidot ] represents elliptic curve point multiplication.
4. A collaborative signature method based on SM2 key distributed storage is characterized by comprising the following steps:
b1, a client generates a message digest e according to a message original text M to be signed, simultaneously generates a random number k1, calculates a first signature intermediate variable Q1 according to k1, and then sends Q1 to a secret key sharing center;
b2, the key sharing center receives the first signature intermediate variable Q1 and generates a random number k2, a second signature intermediate variable Q2 is calculated according to the random number k2 and the random number Q1, and then the Q2 is sent back to the client;
b3, the client receives the second signature intermediate variable Q2, and sends the message digests e and Q2 to the server, and the server calculates a first partial signature value R, a third signature intermediate variable Q3 and a fourth signature intermediate variable Q4 according to the message digests e and Q2 and sends the partial signatures R, Q3 and Q4 to the client;
b4, the client receives R, Q and Q4, sends Q3 and Q4 to a key sharing center, calculates a fifth signature intermediate variable Q5 and a sixth signature intermediate variable Q6 by the key sharing center, and sends Q5 and Q6 to the client;
and B5, the client side signs the intermediate variables Q5 and Q6, calculates a second partial signature value S, and outputs (R, S) as a complete signature value.
5. The cooperative signature method based on SM2 key distributed storage according to claim 4, wherein in the step B1, the client calculates M ' = Z | | M according to the message original text M to be signed, calculates the message digest e = Hash (M ') according to M ', then calculates the first partial signature Q1= k1[ ] G according to the generated random number k1, and sends the first signature intermediate variable Q1 to the key sharing center, wherein Hash () represents a predetermined SM3 cryptographic Hash function, [ ] represents an elliptic curve dot product operation;
in the step B2, the key sharing center receives the first intermediate signature variable Q1, calculates a second intermediate signature variable Q2= k2[ ] Q1 according to Q1 and the generated random number k2, and sends Q2 to the terminal;
in the step B3, the terminal receives the second signed median variable Q2, and sends the message digests e and Q2 to the server, and the server generates random numbers k3 and k4, and calculates the k-times median variable G1= k4 [. X ] of the base point G]G, calculating (x 1, y 1) = k3 [. Multidot.]Q2[+]G1 and R = (x 1+ e) modn, from selfPrivate key computation third signature intermediate variable Q3= d B * k3mod n and the fourth signature intermediate variable Q4= d B * (R + k 4) mod n, then send the partial signatures R and Q3, Q4 to the client;
in the step B4, the client receives the partial signature R and the intermediate signature variables Q3 and Q4, and sends Q3 and Q4 to the key sharing center to request the cooperative signature operation, and the key sharing center calculates the fifth intermediate signature variable Q5= k2 × d C * Q3 and sixth signature intermediate variable Q6= d C * Q4, and returning Q5 and Q6 to the client;
in the step B5, the client calculates the partial signature S = (d) according to the received signature intermediate variables Q5 and Q6 A *k1*Q5+d A * Q6-R) mod n, and outputting the steps R and S as a complete signature; wherein Hash () represents the SM3 cryptographic Hash function [. X [ ]]Representing an elliptic curve point multiplication operation and mod a modulo operation.
6. A cooperative decryption method based on SM2 key distributed storage is characterized by comprising the following steps:
c1, the client receives the cooperative decryption request, generates a random number k, partially decrypts the acquired ciphertext to obtain a first decryption intermediate variable T1, and sends the T1 to the server;
c2, the server receives the T1 and according to the own sub private key d B The received first decryption intermediate variable T1, a second decryption intermediate variable T2 is calculated, and the T2 is sent to a key sharing center;
c3, the secret key sharing center receives the T2 and according to the own sub-private key d C And T2, calculating a third decryption intermediate variable T3, and sending the T3 to the client;
c4, the client side receives the T3 and the own sub private key d A And decrypting to obtain the complete plaintext T.
7. The SM2 key distributed storage-based cooperative decryption method of claim 6, wherein in the step C1, the client receives the ciphertext C, extracts the bit string C1 from the ciphertext C, and verifies whether the C1 is a non-infinite point on the elliptic curve E after the data type conversion is performed on the C1; if yes, randomly generating a random number k, and calculating a first decryption intermediate variable T1= k [ ] C1, wherein [ ] represents elliptic curve point multiplication operation;
in step C2, the server calculates a second decrypted intermediate variable T2= d according to the received first decrypted intermediate variable T1 B -1 [*]T1, and sending T2 to the key sharing center equipment C;
in step C3, the key sharing center calculates a third decryption intermediate variable T3= d according to the received T2 C -1 [*]T2, and sending T3 back to the client;
in the step C4, the client receives the T3 and the private key d thereof A Calculating (x) 2 ,y 2 )=k -1 *d A -1 [*]T3[-]C1, wherein [ -]Representing an elliptic curve point subtraction operation, tmp = kdf (x 2| | | y2, klen) is calculated from (x 2, y 2), where | | represents a string concatenation, kdf () represents a predetermined key derivation function, and klen represents a predetermined output bit string length; judging tmp, if tmp is not equal to 0, extracting bit string C2 from the ciphertext, and calculating to obtain a result
Figure FDA0003619395760000041
Calculating the result check value u = Hash (x 2| | | M "| | | y 2) according to (x 2, y 2) and M ″, wherein
Figure FDA0003619395760000042
Representing an exclusive-or operation, hash () representing a predetermined cryptographic Hash function, extracting a bit string C3 from the ciphertext C, comparing u with C3, and if u = C3, outputting M "as a complete plaintext.
8. A secret key sharing authorization distribution method based on SM2 secret key distributed storage is characterized by comprising the following steps:
d1, the client side initiates a secret key sharing and distributing request to a secret key sharing center, and the secret key sharing center receives the request and uses the private key D thereof C Sending the ciphertext to the client;
d2, receiving private key D by client C According to its own private key d A Calculating a temporary private key tmpD, and generating a random number d by the client AA According to tmpD, d AA Calculating d CC D is mixing AA 、d CC Respectively used as private keys of a key sharing client and a key sharing center C for storage, and d is simultaneously used AA 、d CC Distributing the key to a key sharing client;
d3, server self private key D B And keeping the operation unchanged, and performing signature or decryption operation by cooperation of the key sharing client, the server and the key sharing center.
9. The SM2 key distributed storage-based key sharing authorization distribution method of claim 8, wherein terminal client A bases on private key d C And its own private key d A Calculating a temporary private key tmpD = d A *d C mod n。
10. A terminal, comprising:
a sub-private key generation module for generating a sub-private key d A
A sub private key storage module for storing the generated sub private key d A
An arithmetic module for performing the key pair generation, signing and decryption operations of any one of claims 4-8.
11. A server, comprising:
a sub-private key generation module for generating a sub-private key d B
A sub private key storage module for storing the generated sub private key d B
An arithmetic module for performing the key pair generation, signing and decryption operations of any one of claims 4-8.
12. A key sharing center, comprising:
a sub-private key generation module for generating a sub-private key d C
A sub private key storage module for storing the generated sub private key d C
An arithmetic module for performing the key pair generation, signing and decryption operations of any one of claims 4-8.
13. A computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of claims 1 to 8.
CN202210480769.2A 2022-04-27 2022-04-27 SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium Pending CN115499126A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210480769.2A CN115499126A (en) 2022-04-27 2022-04-27 SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210480769.2A CN115499126A (en) 2022-04-27 2022-04-27 SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium

Publications (1)

Publication Number Publication Date
CN115499126A true CN115499126A (en) 2022-12-20

Family

ID=84465333

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210480769.2A Pending CN115499126A (en) 2022-04-27 2022-04-27 SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium

Country Status (1)

Country Link
CN (1) CN115499126A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117749465A (en) * 2023-12-15 2024-03-22 中金金融认证中心有限公司 Encryption service providing method, electronic device and storage medium
CN117749360A (en) * 2023-12-05 2024-03-22 中金金融认证中心有限公司 Collaborative key management method, collaborative key management system, storage medium and electronic equipment
CN117978408A (en) * 2024-03-28 2024-05-03 鼎铉商用密码测评技术(深圳)有限公司 Collaborative signature algorithm detection method, collaborative signature device and readable storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117749360A (en) * 2023-12-05 2024-03-22 中金金融认证中心有限公司 Collaborative key management method, collaborative key management system, storage medium and electronic equipment
CN117749465A (en) * 2023-12-15 2024-03-22 中金金融认证中心有限公司 Encryption service providing method, electronic device and storage medium
CN117978408A (en) * 2024-03-28 2024-05-03 鼎铉商用密码测评技术(深圳)有限公司 Collaborative signature algorithm detection method, collaborative signature device and readable storage medium

Similar Documents

Publication Publication Date Title
CN109088726B (en) SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties
CN111314089B (en) SM 2-based two-party collaborative signature method and decryption method
CN108173639B (en) Two-party cooperative signature method based on SM9 signature algorithm
CN109309569B (en) SM2 algorithm-based collaborative signature method and device and storage medium
CN107707358B (en) EC-KCDSA digital signature generation method and system
CN108199835B (en) Multi-party combined private key decryption method
US11223486B2 (en) Digital signature method, device, and system
Keerthi et al. Elliptic curve cryptography for secured text encryption
CN107425971B (en) Certificateless data encryption/decryption method and device and terminal
CN112564907B (en) Key generation method and device, encryption method and device, and decryption method and device
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN115499126A (en) SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
CN108055134B (en) Collaborative computing method and system for elliptic curve point multiplication and pairing operation
CN111756537B (en) Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN114065247A (en) Quantum digital mixed signcryption method
US7436966B2 (en) Secure approach to send data from one system to another
CN115361109B (en) Homomorphic encryption method supporting bidirectional proxy re-encryption
CN112737783A (en) Decryption method and device based on SM2 elliptic curve
JPH08251156A (en) Method and system for ciphering electronic mail
Avestro et al. Hybrid Algorithm Combining Modified Diffie Hellman and RSA
Kumar et al. Multiple Encryption using ECC and its Time Complexity Analysis‖
Nagaraj et al. Image security using ECC approach
CN112511310B (en) Confusion method for encrypted identity blind signature
KR20180046425A (en) Public key based encryption method and key generation server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination