CN115499126A - SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium - Google Patents
SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium Download PDFInfo
- Publication number
- CN115499126A CN115499126A CN202210480769.2A CN202210480769A CN115499126A CN 115499126 A CN115499126 A CN 115499126A CN 202210480769 A CN202210480769 A CN 202210480769A CN 115499126 A CN115499126 A CN 115499126A
- Authority
- CN
- China
- Prior art keywords
- key
- client
- private key
- signature
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a key pair generation method, a collaborative signing method, a decryption method, a device and a medium based on SM2 key distributed storage. The invention generates a public and private key pair by the cooperation of the client, the server and the key sharing center, each device generates and stores the respective private key factor, and the complete private key does not appear at any party in the cooperative signature and cooperative decryption processes, thereby ensuring the security of the private key. In addition, the key sharing and distribution process provided by the public and private key pair collaborative generation method ensures that only two private key factors of the client and the key sharing center are used for carrying out key calculation and distribution in the private key sharing and distribution process, the private key factor of the server does not participate in the distribution process, further ensures that the complete key does not appear in the memory of any equipment at any moment, and the complete key does not have the risk of leakage in any one piece of equipment.
Description
Technical Field
The invention belongs to a key pair generation method, a collaborative signing method, a decryption method, a key sharing authorization distribution method, a device and a medium, and particularly relates to a key pair generation method, a collaborative signing method, a decryption method, a key sharing authorization distribution method, a device and a medium based on SM2 key distributed storage.
Background
In the traditional CA security industry, the UKEY is used as a certificate storage medium, although the security degree is high, the UKEY is difficult to use, and the adaptability to novel technologies such as mobile internet, cloud computing and big data is poor. At present, digital signature and encryption and decryption technologies based on PKI technologies are widely applied to the fields of e-government affairs, e-commerce, mobile internet, big data, cloud computing, internet of things and the like. In such application environments, a client, such as an intelligent terminal and other devices, usually stores and uses a private key in a software form, and if a complete private key is stored in the intelligent terminal, based on security considerations of the intelligent terminal device, data stored in the terminal device can be easily exported by an attacker, so that in order to ensure the security of the private key in the terminal device, a key distributed storage design is adopted, the processes of key distributed storage, distributed signature and decryption are realized, it is ensured that the complete private key does not appear at any end, and further, it is especially important to ensure the storage security of the private key. In addition, based on the authorized use requirement of the certificate, when the smart key is used for storing the private key of the user, the smart key needs to be given to other people when the other people are entrusted with signing or decrypting. At present, SM2 on the mobile intelligent terminal signs or decrypts in a coordinated mode, a private key of a digital signature is stored in a split mode, a client private key factor is only stored in the mobile intelligent terminal, when others are entrusted to sign or decrypt, intelligent terminal equipment needs to be handed to others, however, mobile intelligent terminals such as mobile phones are used more and more widely at present, privacy is very high, inconvenience is brought when the mobile intelligent terminals are handed to others, and privacy is revealed.
The invention patent application 201811310717.0 discloses an SM2 secret key generation and signature method, a terminal, a server and a storage medium, wherein private keys are formed by a preset number of private key factors, the private key factors are respectively stored in different devices, the devices comprise the terminal and the server, the problem that private key files are easy to steal is effectively solved, the private key factors are dispersedly stored on the terminal and the server, and an attacker cannot obtain a complete private key from the terminal. Meanwhile, the signature calculation process needs to be carried out on the terminal device and the server in steps, the private key cannot be completely present in the memory of the terminal device, the problem that the private key file is easily leaked in the memory of the terminal device in a plaintext mode is effectively solved, and the private key is stored more safely. Although the security is improved by adopting a scattered storage mode for the private key factors, the private key factors are stored in the terminal and the server, and when the terminal equipment carries out the process of safely distributing and sharing the private key, the server private key factors need to be sent to the terminal equipment for private key synthesis and then key sharing and distribution, and the complete private key still appears in the terminal memory in a plaintext mode in the process, so that the potential safety hazard of private key leakage still exists. The Chinese patent application 201910600980.1 discloses a private key processing method based on an SM2 algorithm, a terminal and a key center, wherein a private key is directly generated through the key center, so that a second private key factor is generated by the private key and a first private key factor of a client, the first private key factor is stored through the client, and the second private key factor is stored in a server in an encrypted manner, so that the distributed protection of the private key is realized, and the situation that the complete private key does not appear at any party in the storage and use processes of the private key is ensured. And when the private key factor of a certain party is lost, the private key factor and the private key of the other party can be recovered, so that the problem of recovering the private key is solved. Although the patent application of the invention realizes the decentralized protection of the private key, and can cooperatively complete the standard digital signature and the data encryption based on the digital envelope technology, the generation of the private key pair is performed through the key center, and the transmission process of the private key factor has potential safety hazard in the process of sending the private key factor of the server side to the server side by the key center, so that the complete private key does not appear at any party in the storage and use processes of the private key. In addition, the patent application of the invention only ensures that the complete private key cannot appear at any end of the server or the client, and cannot ensure that the complete private key cannot appear in the key sharing center equipment, and the complete private key still has potential safety hazards.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a secret key pair generation method, a collaborative signing method, a decryption method and a secret key sharing authorization distribution method based on SM2 secret key distributed storage, wherein the complete secret key cannot appear in any equipment in the processes of secret key pair generation, collaborative signing, collaborative decryption and sharing authorization distribution, so that any information of the complete secret key is not leaked, and the use safety of the secret key is further ensured.
The technical problem to be solved by the present invention is to provide a terminal, a server, a key sharing center and a computer readable storage medium for implementing the above method.
In order to solve the technical problems, the invention adopts the following technical scheme:
the invention provides a secret key pair generation method based on SM2 secret key distributed storage, which comprises the following steps:
a1, the client generates a self sub private key d A The server generates a private key d B The key sharing center generates its own sub-private key d C ;
A2: the client, the server and the key sharing center carry out interactive operation to jointly generate a public key P;
in the process of generating the sub-private key and the public key, the client, the server and the key sharing center share the SM2 elliptic curve algorithm parameter E (F) q ) G, n and Z, wherein the elliptic curve E is an elliptic curve defined on a finite field G, G is an n-order base point on the elliptic curve E, and Z is a common body of the twoAnd (5) identifying shares.
The invention provides a cooperative signature method based on SM2 secret key distributed storage, which comprises the following steps:
b1, a client generates a message digest e according to a message original text M to be signed, generates a random number k1 at the same time, calculates a first signature intermediate variable Q1 according to k1, and then sends Q1 to a key sharing center;
b2, the key sharing center receives the Q1 and generates a random number k2, a second signature intermediate variable Q2 is calculated according to the random number k2 and the random number Q1, and then the Q2 is sent back to the client;
b3, the client receives the Q2, sends the message digests e and Q2 to the server, and the server calculates a partial signature R, a third signature intermediate variable Q3 and a fourth signature intermediate variable Q4 according to the message digests e and Q2 and sends the partial signatures R, Q3 and Q4 to the client;
b4, the client receives R, Q and Q4, sends Q3 and Q4 to a key sharing center, calculates a fifth signature intermediate variable Q5 and a sixth signature intermediate variable Q6 by the key sharing center, and sends Q5 and Q6 to the client;
and B5, the client receives the intermediate signature variables Q5 and Q6, calculates a partial signature value S, and outputs (R, S) as a complete signature.
The invention provides a cooperative decryption method based on SM2 key distributed storage, which comprises the following steps:
c1, the client receives the cooperative decryption request, generates a random number k, partially decrypts the acquired ciphertext to obtain a first decryption intermediate variable T1, and sends the T1 to the server;
c2, the server receives the T1 and according to the own sub private key d B The received plaintext intermediate variable T1 is decrypted to obtain a second decrypted intermediate variable T2, and the second decrypted intermediate variable T2 is sent to the key sharing center;
c3, the secret key sharing center receives the T2 and according to the own sub-private key d C And T2, calculating a third decryption intermediate variable T3, and sending the T3 to the client;
c4, the client side receives the T3 and the own sub private key d A And calculating a complete plaintext T.
The invention provides a secret key sharing authorization distribution method based on SM2 secret key distributed storage, which comprises the following steps:
d1, the client side initiates a secret key sharing and distributing request to a secret key sharing center, and the secret key sharing center receives the request and uses the private key D thereof C Sending the ciphertext to the client;
d2, receiving private key D by client C According to its own private key d A Calculating a temporary private key tmpD, and generating a random number d by the client AA According to tmpD, d AA Calculating d CC D is mixing AA 、d CC Respectively used as private keys of a key sharing client and a key sharing center C for storage, and d is simultaneously used AA 、d CC Distributing the key to a key sharing client;
d3, server self private key D B And keeping the operation unchanged, and performing signature or decryption operation by cooperation of the key sharing client, the server and the key sharing center.
The present invention also provides a terminal, comprising:
a sub-private key generation module for generating a sub-private key d A ;
A sub private key storage module for storing the generated sub private key d A ;
And the operation module is used for executing the key pair generation, signature and decryption operations.
The invention also provides a server, comprising:
a sub-private key generation module for generating a sub-private key d B ;
A sub private key storage module for storing the generated sub private key d B ;
And the operation module is used for executing the key pair generation, signature and decryption operations.
The present invention also provides a key sharing center, comprising:
a sub-private key generation module for generating a sub-private key d C ;
A sub private key storage module for storing the generated sub private key d C ;
And the operation module is used for executing the key pair generation, signature and decryption operations of the right.
The present invention also provides a computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method described above.
The invention generates a public and private key pair by the cooperation of the client, the server and the key sharing center, each device generates and stores the respective private key factor, and the complete private key does not appear at any party in the cooperative signature and cooperative decryption processes, thereby ensuring the security of the private key. In addition, the key sharing and distribution process provided by the public and private key pair collaborative generation method ensures that only two private key factors of the client and the key sharing center are used for carrying out key calculation and distribution in the private key sharing and distribution process, the private key factor of the server does not participate in the distribution process, further ensures that the complete key does not appear in the memory of any equipment at any moment, and the complete key does not have the risk of leakage in any one piece of equipment.
Drawings
Fig. 1 is a schematic diagram illustrating a process of generating a public-private key pair by cooperation of a client, a server and a key sharing center;
fig. 2 is a schematic diagram illustrating a process of collaborative signing by a terminal, a server and a key sharing center;
FIG. 3 is a schematic diagram illustrating a process of cooperative decryption among a terminal, a server and a key sharing center;
fig. 4 is a schematic process diagram of key sharing distribution.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Symbol and definition
e, the cipher hash function acts on the output value of the message m;
g, one base point of the elliptic curve, wherein the order of the base point is prime number;
hash (), SM3 cryptographic Hash function;
KDF (), key derivation function;
mod n modulo n, e.g., 28mod 5=3;
n is the order of the base point G;
splicing x and y, wherein x and y can be bit strings or byte strings;
elliptic curve point multiplication operation;
and (-c) elliptic curve point subtraction operation.
Example 1: as shown in fig. 1, the key pair generation method based on SM2 key distributed storage includes the following steps:
the client randomly generates a random number D1 and calculates a private key D of the client A =(1+D1) -1 modn, the server randomly generates a random number D2 and calculates a self sub-private key D B =(1+D2) -1 modn, the secret key sharing center randomly generates a random number D3 and calculates a self sub private key D C =(1+D3) -1 modn, where the random numbers D1, D2, D3 are between [1,n-1]N is the order of the elliptic curve, mod is the modulo operation.
The client sends a key pair generation request to the server, and after receiving the key pair generation request, the server calculates a first part of public keys P1= D2 [. Multidot ] G and sends the first part of public keys P1 to a key sharing center; the key sharing center receives the first partial public key P1 and calculates a second partial public key P2= D3[ ] P1+ D3[ ] G + P1; and the key sharing center sends the second part of the public key P2 to the terminal, and the terminal receives the second part of the public key P2 and calculates a complete public key P = D1 [. Multidot ] P2+ D1 [. Multidot ] G + P2, wherein [. Multidot ] represents elliptic curve point multiplication operation.
In the process of generating the sub-private key and the public key, the client, the server and the key sharing center share the SM2 elliptic curve algorithm parameter E (F) q ) G, n and Z, wherein the elliptic curve E is an elliptic curve defined on a finite field G, G is an n-order base point on the elliptic curve E, and Z is the common identification of the two parties.
Example 2: as shown in fig. 2, the cooperative signature method based on SM2 key distributed storage includes the following steps:
the client calculates M ' = Z | | | M according to a message original text M to be signed, calculates a message digest e = Hash (M ') according to M ', then calculates a first partial signature Q1= k1[ ] G according to a generated random number k1, and sends the first partial signature Q1 to a key sharing center, wherein Hash () represents a preset SM3 cryptographic Hash function, and [ ] represents elliptic curve point multiplication operation;
the key sharing center receives the first signature intermediate variable Q1, calculates a second signature intermediate variable Q2= k2 [. Multidot ] Q1 according to Q1 and the generated random number k2, and sends Q2 to the terminal;
the terminal receives the intermediate variable Q2 of the signature, and sends the message digests e and Q2 to the server, the server generates random numbers K3 and K4, and calculates K times of points G1= K4 [. X ] of the base point G]G, calculating (x 1, y 1) = k3 [. Multidot.]Q2[+]G1 and R = (x 1+ e) modn, Q3= d is calculated from its own private key B * k3modn and Q4= d B * (R + k 4) modn, then sending the partial signature R and Q3, Q4 to the client;
the client receives R, Q and Q4, sends Q3 and Q4 to the key sharing center to request the cooperative signature operation, and the password sharing center calculates a fifth signature intermediate variable Q5= k2 × d C * Q3 and sixth signature intermediate variable Q6= d C * Q4, and returning Q5 and Q6 to the client;
the client calculates a partial signature value S = (d) from the received Q5, Q6 A *k1*Q5+d A * Q6-R) modn, and outputs (R, S) as a complete signature; wherein Hash () represents the SM3 cryptographic Hash function [. X [ ]]Representing an elliptic curve point multiplication operation and mod a modulo operation.
Example 3: as shown in fig. 3, the cooperative decryption method based on SM2 key distributed storage includes the following steps:
the client receives the ciphertext C, extracts the bit string C1 from the ciphertext C, and verifies whether the C1 is a non-infinite point on the elliptic curve E after the data type conversion is carried out on the C1; if yes, randomly generating a random number k, and calculating a first decryption intermediate variable T1= k [ ] C1, wherein [ ] represents elliptic curve point multiplication operation;
the server calculates a second decryption intermediate variable T2= d according to the received T1 B -1 [*]T1, and sending T2 to the key sharing center equipment C;
the key sharing center calculates a third decryption intermediate variable T3= d from the received T2 C -1 [*]T2, and sending T3 back to the client;
the client calculates (x) according to the received T3 2 ,y 2 )=k -1 *d A -1 [*]T3[-]C1, wherein [ -]Representing an elliptic curve point subtraction operation, tmp = kdf (x 2| | | y2, klen) is calculated from (x 2, y 2), where | | represents a string concatenation, kdf () represents a predetermined key derivation function, and klen represents a predetermined output bit string length; judging tmp, if tmp is not equal to 0, extracting bit string C2 from the ciphertext, and calculating to obtain a resultCalculating the result check value u = Hash (x 2| | | M "| | | y 2) according to (x 2, y 2) and M ″, whereinRepresenting an exclusive-or operation, hash () representing a predetermined cryptographic Hash function, extracting a bit string C3 from the ciphertext Cipher, comparing u and C3, and if u = C3, outputting M "as a complete plaintext.
Example 4: as shown in fig. 4, the key sharing authorization distribution method based on SM2 key distributed storage includes the following steps:
the client end initiates a key sharing distribution request to the key sharing center, and the key sharing center receives the request and uses the own private key d C Sending the ciphertext to the client;
client receives private key d C According to its own private key d A Calculating a temporary private key tmpD = d A *d C modn, client generates random number d AA According to tmpD, d AA Calculating d CC D is mixing AA 、d CC Respectively used as private keys of a key sharing client and a key sharing center C for storage, and simultaneously d AA 、d CC Distributing the key to a key sharing client;
self private key d of server B Keep unchanged, and are collaborated by a key sharing client, a server and a key sharing centerLine signing or decryption operations.
In the key sharing authorization distribution method, the client derives the shared key according to the private key of the client, authorizes the shared key to the key sharing terminal, ensures that the private key of the client is different from the private key of the authorization client and the complete private key cannot appear in the memory in the key deriving process, and ensures that the public keys of the client and the authorization client are consistent.
Example 5: the terminal comprises a sub private key generation module for generating a sub private key d A (ii) a A sub private key storage module for storing the generated sub private key d A (ii) a And the operation module is used for executing the key pair generation, signature, decryption and key sharing authorization distribution operations in the embodiments 1 to 4.
Example 6: the server side comprises: a sub-private key generation module for generating a sub-private key d B ;
A sub private key storage module for storing the generated sub private key d A (ii) a The operation module is used for executing the key pair generation, signature, decryption and key sharing authorization distribution operations described in the embodiments 1 to 4.
Example 7: the key sharing center includes: a sub-private key generation module for generating a sub-private key d C (ii) a A sub private key storage module for storing the generated sub private key d C (ii) a An operation module, configured to perform the operations of key pair generation, signing, decryption, and key sharing authorization distribution according to any one of claims 4 to 8.
Example 8: a computer-readable storage medium stores computer-executable instructions for causing a computer to perform key pair generation, signing, decryption, key-sharing authorization distribution operations as described in embodiments 1-4.
Claims (13)
1. A key pair generation method based on SM2 key distributed storage is characterized by comprising the following steps:
a1, the client generates a self sub private key d A The server generates a private key d B The key sharing center generates its own sub-private key d C ;
A2: the client, the server and the key sharing center carry out interactive operation to jointly generate a public key P;
in the sub-private key generation and public key generation processes, the client, the server and the key sharing center share SM2 elliptic curve algorithm parameters E (F) q ) G, n and Z, wherein the elliptic curve E is an elliptic curve defined on a finite field G, G is an n-order base point on the elliptic curve E, and Z is the common identification of the two parties.
2. The SM 2-key distributed storage-based key pair generation method of claim 1, wherein in step A1, the client randomly generates a random number D1 and calculates its own sub-private key D A =(1+D1) -1 mod n, the server randomly generates a random number D2 and calculates a self sub private key D B =(1+D2) -1 mod n, the key sharing center C randomly generates a random number D3 and calculates a private sub-key D of itself C =(1+D3) -1 mod n, where the random numbers D1, D2, D3 are between [1,n-1]N is the order of the elliptic curve, mod is the modulo operation.
3. The SM2 key distributed storage-based key pair generation method according to claim 1 or 2, wherein in step A3, the client a sends a key pair generation request to the server B, and after receiving the key pair generation request, the server calculates a first partial public key intermediate variable P1= D2[ ] G and sends the first partial public key intermediate variable P1 to the key sharing center; the key sharing center receives the first partial public key intermediate variable P1 and calculates a second partial public key intermediate variable P2= D3[ ] P1+ D3[ ] G + P1; and the key sharing center sends the second part public key intermediate variable P2 to the terminal, and the terminal receives the second part public key intermediate variable P2 and calculates the complete public key P = D1 [. Multidot ] P2+ D1 [. Multidot ] G + P2, wherein [. Multidot ] represents elliptic curve point multiplication.
4. A collaborative signature method based on SM2 key distributed storage is characterized by comprising the following steps:
b1, a client generates a message digest e according to a message original text M to be signed, simultaneously generates a random number k1, calculates a first signature intermediate variable Q1 according to k1, and then sends Q1 to a secret key sharing center;
b2, the key sharing center receives the first signature intermediate variable Q1 and generates a random number k2, a second signature intermediate variable Q2 is calculated according to the random number k2 and the random number Q1, and then the Q2 is sent back to the client;
b3, the client receives the second signature intermediate variable Q2, and sends the message digests e and Q2 to the server, and the server calculates a first partial signature value R, a third signature intermediate variable Q3 and a fourth signature intermediate variable Q4 according to the message digests e and Q2 and sends the partial signatures R, Q3 and Q4 to the client;
b4, the client receives R, Q and Q4, sends Q3 and Q4 to a key sharing center, calculates a fifth signature intermediate variable Q5 and a sixth signature intermediate variable Q6 by the key sharing center, and sends Q5 and Q6 to the client;
and B5, the client side signs the intermediate variables Q5 and Q6, calculates a second partial signature value S, and outputs (R, S) as a complete signature value.
5. The cooperative signature method based on SM2 key distributed storage according to claim 4, wherein in the step B1, the client calculates M ' = Z | | M according to the message original text M to be signed, calculates the message digest e = Hash (M ') according to M ', then calculates the first partial signature Q1= k1[ ] G according to the generated random number k1, and sends the first signature intermediate variable Q1 to the key sharing center, wherein Hash () represents a predetermined SM3 cryptographic Hash function, [ ] represents an elliptic curve dot product operation;
in the step B2, the key sharing center receives the first intermediate signature variable Q1, calculates a second intermediate signature variable Q2= k2[ ] Q1 according to Q1 and the generated random number k2, and sends Q2 to the terminal;
in the step B3, the terminal receives the second signed median variable Q2, and sends the message digests e and Q2 to the server, and the server generates random numbers k3 and k4, and calculates the k-times median variable G1= k4 [. X ] of the base point G]G, calculating (x 1, y 1) = k3 [. Multidot.]Q2[+]G1 and R = (x 1+ e) modn, from selfPrivate key computation third signature intermediate variable Q3= d B * k3mod n and the fourth signature intermediate variable Q4= d B * (R + k 4) mod n, then send the partial signatures R and Q3, Q4 to the client;
in the step B4, the client receives the partial signature R and the intermediate signature variables Q3 and Q4, and sends Q3 and Q4 to the key sharing center to request the cooperative signature operation, and the key sharing center calculates the fifth intermediate signature variable Q5= k2 × d C * Q3 and sixth signature intermediate variable Q6= d C * Q4, and returning Q5 and Q6 to the client;
in the step B5, the client calculates the partial signature S = (d) according to the received signature intermediate variables Q5 and Q6 A *k1*Q5+d A * Q6-R) mod n, and outputting the steps R and S as a complete signature; wherein Hash () represents the SM3 cryptographic Hash function [. X [ ]]Representing an elliptic curve point multiplication operation and mod a modulo operation.
6. A cooperative decryption method based on SM2 key distributed storage is characterized by comprising the following steps:
c1, the client receives the cooperative decryption request, generates a random number k, partially decrypts the acquired ciphertext to obtain a first decryption intermediate variable T1, and sends the T1 to the server;
c2, the server receives the T1 and according to the own sub private key d B The received first decryption intermediate variable T1, a second decryption intermediate variable T2 is calculated, and the T2 is sent to a key sharing center;
c3, the secret key sharing center receives the T2 and according to the own sub-private key d C And T2, calculating a third decryption intermediate variable T3, and sending the T3 to the client;
c4, the client side receives the T3 and the own sub private key d A And decrypting to obtain the complete plaintext T.
7. The SM2 key distributed storage-based cooperative decryption method of claim 6, wherein in the step C1, the client receives the ciphertext C, extracts the bit string C1 from the ciphertext C, and verifies whether the C1 is a non-infinite point on the elliptic curve E after the data type conversion is performed on the C1; if yes, randomly generating a random number k, and calculating a first decryption intermediate variable T1= k [ ] C1, wherein [ ] represents elliptic curve point multiplication operation;
in step C2, the server calculates a second decrypted intermediate variable T2= d according to the received first decrypted intermediate variable T1 B -1 [*]T1, and sending T2 to the key sharing center equipment C;
in step C3, the key sharing center calculates a third decryption intermediate variable T3= d according to the received T2 C -1 [*]T2, and sending T3 back to the client;
in the step C4, the client receives the T3 and the private key d thereof A Calculating (x) 2 ,y 2 )=k -1 *d A -1 [*]T3[-]C1, wherein [ -]Representing an elliptic curve point subtraction operation, tmp = kdf (x 2| | | y2, klen) is calculated from (x 2, y 2), where | | represents a string concatenation, kdf () represents a predetermined key derivation function, and klen represents a predetermined output bit string length; judging tmp, if tmp is not equal to 0, extracting bit string C2 from the ciphertext, and calculating to obtain a resultCalculating the result check value u = Hash (x 2| | | M "| | | y 2) according to (x 2, y 2) and M ″, whereinRepresenting an exclusive-or operation, hash () representing a predetermined cryptographic Hash function, extracting a bit string C3 from the ciphertext C, comparing u with C3, and if u = C3, outputting M "as a complete plaintext.
8. A secret key sharing authorization distribution method based on SM2 secret key distributed storage is characterized by comprising the following steps:
d1, the client side initiates a secret key sharing and distributing request to a secret key sharing center, and the secret key sharing center receives the request and uses the private key D thereof C Sending the ciphertext to the client;
d2, receiving private key D by client C According to its own private key d A Calculating a temporary private key tmpD, and generating a random number d by the client AA According to tmpD, d AA Calculating d CC D is mixing AA 、d CC Respectively used as private keys of a key sharing client and a key sharing center C for storage, and d is simultaneously used AA 、d CC Distributing the key to a key sharing client;
d3, server self private key D B And keeping the operation unchanged, and performing signature or decryption operation by cooperation of the key sharing client, the server and the key sharing center.
9. The SM2 key distributed storage-based key sharing authorization distribution method of claim 8, wherein terminal client A bases on private key d C And its own private key d A Calculating a temporary private key tmpD = d A *d C mod n。
10. A terminal, comprising:
a sub-private key generation module for generating a sub-private key d A ;
A sub private key storage module for storing the generated sub private key d A ;
An arithmetic module for performing the key pair generation, signing and decryption operations of any one of claims 4-8.
11. A server, comprising:
a sub-private key generation module for generating a sub-private key d B ;
A sub private key storage module for storing the generated sub private key d B ;
An arithmetic module for performing the key pair generation, signing and decryption operations of any one of claims 4-8.
12. A key sharing center, comprising:
a sub-private key generation module for generating a sub-private key d C ;
A sub private key storage module for storing the generated sub private key d C ;
An arithmetic module for performing the key pair generation, signing and decryption operations of any one of claims 4-8.
13. A computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of claims 1 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210480769.2A CN115499126A (en) | 2022-04-27 | 2022-04-27 | SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210480769.2A CN115499126A (en) | 2022-04-27 | 2022-04-27 | SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115499126A true CN115499126A (en) | 2022-12-20 |
Family
ID=84465333
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210480769.2A Pending CN115499126A (en) | 2022-04-27 | 2022-04-27 | SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115499126A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117749465A (en) * | 2023-12-15 | 2024-03-22 | 中金金融认证中心有限公司 | Encryption service providing method, electronic device and storage medium |
CN117749360A (en) * | 2023-12-05 | 2024-03-22 | 中金金融认证中心有限公司 | Collaborative key management method, collaborative key management system, storage medium and electronic equipment |
CN117978408A (en) * | 2024-03-28 | 2024-05-03 | 鼎铉商用密码测评技术(深圳)有限公司 | Collaborative signature algorithm detection method, collaborative signature device and readable storage medium |
-
2022
- 2022-04-27 CN CN202210480769.2A patent/CN115499126A/en active Pending
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117749360A (en) * | 2023-12-05 | 2024-03-22 | 中金金融认证中心有限公司 | Collaborative key management method, collaborative key management system, storage medium and electronic equipment |
CN117749465A (en) * | 2023-12-15 | 2024-03-22 | 中金金融认证中心有限公司 | Encryption service providing method, electronic device and storage medium |
CN117978408A (en) * | 2024-03-28 | 2024-05-03 | 鼎铉商用密码测评技术(深圳)有限公司 | Collaborative signature algorithm detection method, collaborative signature device and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109088726B (en) | SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties | |
CN111314089B (en) | SM 2-based two-party collaborative signature method and decryption method | |
CN108173639B (en) | Two-party cooperative signature method based on SM9 signature algorithm | |
CN109309569B (en) | SM2 algorithm-based collaborative signature method and device and storage medium | |
CN107707358B (en) | EC-KCDSA digital signature generation method and system | |
CN108199835B (en) | Multi-party combined private key decryption method | |
US11223486B2 (en) | Digital signature method, device, and system | |
Keerthi et al. | Elliptic curve cryptography for secured text encryption | |
CN107425971B (en) | Certificateless data encryption/decryption method and device and terminal | |
CN112564907B (en) | Key generation method and device, encryption method and device, and decryption method and device | |
CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
CN115499126A (en) | SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
CN108055134B (en) | Collaborative computing method and system for elliptic curve point multiplication and pairing operation | |
CN111756537B (en) | Two-party cooperative decryption method, system and storage medium based on SM2 standard | |
CN114065247A (en) | Quantum digital mixed signcryption method | |
US7436966B2 (en) | Secure approach to send data from one system to another | |
CN115361109B (en) | Homomorphic encryption method supporting bidirectional proxy re-encryption | |
CN112737783A (en) | Decryption method and device based on SM2 elliptic curve | |
JPH08251156A (en) | Method and system for ciphering electronic mail | |
Avestro et al. | Hybrid Algorithm Combining Modified Diffie Hellman and RSA | |
Kumar et al. | Multiple Encryption using ECC and its Time Complexity Analysis‖ | |
Nagaraj et al. | Image security using ECC approach | |
CN112511310B (en) | Confusion method for encrypted identity blind signature | |
KR20180046425A (en) | Public key based encryption method and key generation server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |