CN115549905A - SM2 key generation method and related method, computer device and storage medium - Google Patents

SM2 key generation method and related method, computer device and storage medium Download PDF

Info

Publication number
CN115549905A
CN115549905A CN202211241725.0A CN202211241725A CN115549905A CN 115549905 A CN115549905 A CN 115549905A CN 202211241725 A CN202211241725 A CN 202211241725A CN 115549905 A CN115549905 A CN 115549905A
Authority
CN
China
Prior art keywords
key
public key
user
cipher
pub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211241725.0A
Other languages
Chinese (zh)
Inventor
封维端
袁峰
张立圆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wuzitianshu Technology Co ltd
Original Assignee
Beijing Wuzitianshu Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wuzitianshu Technology Co ltd filed Critical Beijing Wuzitianshu Technology Co ltd
Priority to CN202211241725.0A priority Critical patent/CN115549905A/en
Publication of CN115549905A publication Critical patent/CN115549905A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an SM2 key generation method, a corresponding public key recovery method, a digital signature generation method, a digital signature verification method, a data encryption method and a data decryption method, and provides corresponding computer equipment and a computer readable storage medium, wherein the SM2 key generation method comprises the following steps: step one, step two and/or step three, wherein, step one, establish the system parameter; generating a user signature private key ds based on the system parameters A (ii) a Thirdly, generating a user encryption private key de based on the system parameters A . The user signature/encryption key is calculated by combining the user distinguishable identification and the KGC system master key, so that a large amount of calculation resources are saved; the signature public key and the encryption public key are recovered by using the private key generator, so that the generation and the use of the signature key and the encryption key are distinguished from each other in an algorithm level, and the mixed use is avoided.

Description

SM2 key generation method and related method, computer device and storage medium
Technical Field
The present invention relates to the field of information security technologies, and in particular, to an SM2 key generation method, a related method, a computer device, and a storage medium.
Background
The SM2 cryptographic algorithm is a public key cryptographic algorithm issued by the national crypto authority. A conventional certificate-based Public Key Infrastructure (PKI) system is a system that associates a Public Key, user identity information, and a discernible identity with a trusted third party using digital certificates.
However, the certificate-based PKI system is used, the certificate management has a high requirement on the computing device at the user end, and in the application scenarios such as the vehicle network and the internet of things, the certificate-based PKI system brings a large operation overhead to the computing device at the user end. To this end, identity-based cryptographic algorithms use a user's discernable identity as the user's public key, such as the SM9 identity cryptographic algorithm issued by the national crypto authority, to simplify certificate management. However, the SM9 identity cipher algorithm itself is also computationally expensive.
In order to overcome the high calculation overhead in certificate management and SM9 identification cryptographic algorithm, the invention provides a method for generating an SM2 key for a user based on a user identification and Key Generation Center (KGC), signature verification, encryption and decryption, and the SM2 public key algorithm is used to simplify the high calculation overhead brought by certificate management.
Disclosure of Invention
In view of the above, the present invention provides an SM2 key generation method, a related method, a computer device and a storage medium, so as to solve the problem of high computation overhead in the above certificate management and SM9 identity cryptographic algorithm.
The SM2 key generation method provided by the invention comprises the following steps: the first step, the second step and/or the third step,
wherein,
step one, establishing system parameters;
generating a user signature private key ds based on the system parameters A
Thirdly, generating a user encryption private key de based on the system parameters A
Further, the first step comprises the following steps:
s11, a user and a secret key generation center KGC share parameters G and n of an elliptic curve E (Fq) of an SM2 algorithm, wherein the E (Fq) is an elliptic curve defined on a finite field Fq, G represents a base point with an upper order of n on the elliptic curve E (Fq), and n is a prime number;
s12, generating a system master private key ms and a system master public key P by the key generation center KGC Pub Wherein the system master public key P Pub =[ms]X G, square bracket [ 2 ]]Represents a point multiplication on the elliptic curve E (Fq), the system master public key P Pub Is a point on the elliptic curve E (Fq), and is a square bracket in each of the following calculation formulas]Each represents a point doubling operation on the elliptic curve E (Fq);
s13, randomly selecting a first private key generator kid by the key generation center KGC 0 ∈[1,n-1]And a second private key generator kid 1 ∈[1,n-1]And kid 0 And kid 1 Not equal;
s14, the key generation center KGC discloses the system master public key P Pub First private key generator kid 0 And a second private key generator kid 1
Further, the second step comprises the following steps:
s21, the user generates a first random number r A ∈[1,n-1]Calculate U A =[r A ]×G;
S22, the user enables the U A And a discernible identity ID of said user A Submitting the key to the KGC; (ii) a
S23, the key generation center KGC calculates a first partial key value t by using the system master private key ms A And the first public key recovery data W A And combining said first partial key value t A And the first public key recovery data W A Sending the ciphertext to the user, and returning a first ciphertext Cipher to the user 1 Or second ciphertext Cipher 2
S24, the user receives the first ciphertext Cipher 1 Or second ciphertext Cipher 2 Obtaining said first partial key value t after decryption A And said first public key recovery data W A Calculating H A =H 256 (ENTL A ‖ID A ‖x Pub ‖y Pub ) And h A =H 256 (x W ‖y W ‖H A ) CalculatingThe user signature private key ds A =(h A ×t A +r A ) mod n, holding the user signature private key ds A And the first public key recovery data W A Wherein H is 256 Is a hash function with 256 bits output; ENTL A The discernable identification ID represented by 2 bytes A The byte length of (d); II denotes concatenation of byte strings; x is the number of Pub ,y Pub Master public key P for the system Pub The coordinates of (a); x is the number of W ,y W Recovering data W for said first public key A The coordinates of (a); x mod y represents the x-to-y remainder operation.
Further, in step S23, the calculating includes the steps of:
A1. calculating the H A =H 256 (ENTL A ‖ID A ‖x Pub ‖y Pub ) And converted into a byte string;
A2. generating a second random number w epsilon [1,n-1];
A3. calculating the first public key recovery data W A =[w]×G+U A +[kid 0 ]×P pub
A4. Calculating the h A =H 256 (x W ‖y W ‖H A ) And converted into a byte string;
A5. h is measured by A Converting into an integer, and if the converted integer is 0, turning to the step A2;
A6. calculating said first partial key value t A =(h A -1 ×(w+kid 0 ×ms)+kid 0 X ms) modn, then the key generation center KGC combines the first partial key value t with the first partial key value t A And said first public key recovery data W A Sending the data to the user, wherein the data comprises a sending method B or a sending method C,
the sending method B comprises the following steps:
B1. calculation of K = [ ms ]]×U A First key k = KDF (x) K ||y K 128), where x K ,y K KDF is a key derivation function, the first key K being the coordinate of K, the first key K being derived from the secretA 128-bit byte string generated by a key derivation function;
B2. combining said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W According to the conversion into byte strings;
B3. cryptographic algorithm for plaintext t using said first key k and SM4 A ||x W ||y W Encrypting to obtain the first ciphertext Cipher text Cipher 1 =SM4_ENC(k,t A ||x W ||y W ) And the first ciphertext Cipher 1 Transmitting to the user, wherein, SM4_ ENC (k, t) A ||x W ||y W ) Representing the use of SM4 encryption algorithm and the first key k of 128 bits for the plaintext t A ||x W ||y W Carrying out encryption calculation and outputting a ciphertext;
the sending method C comprises the following steps:
C1. combining said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Converting into a byte string;
C2. using said U A As a third public key, and uses SM2 encryption algorithm to encrypt the plaintext t A ||x W ||y W Encrypting to obtain the second ciphertext Cipher 2 =SM2_ENC(U A ,t A ||x W ||y W ) And combining the second ciphertext Cipher text Cipher 2 Transmitting to the user, wherein, SM2_ ENC (U) A ,t A ||x W ||y W ) Indicating the use of the SM2 encryption algorithm and said third public key U A For the plaintext t A ||x W ||y W Performs an encryption calculation and outputs a ciphertext,
in step S24, when the decryption is performed,
if the sending method B is used in the step S23, the decryption method is a method D, and the method D includes the following steps:
D1. calculation of K' = [ r ] A ]×P Pub Second key k' = KDF (x) K’ ||y K’ 128), where x K’ ,y K’ K ', the second key K' being a 128-bit byte string generated by the key derivation function;
D2. cipher the first ciphertext Cipher using the second key k' and an SM4 cryptographic algorithm 1 And (3) decrypting to obtain a plaintext:
t A ||x W ||y W =SM4_DEC(k’,Cipher 1 ),
wherein, SM4_ DEC (k', cipher) 1 ) Representing the use of the SM4 decryption algorithm and the second key k' of 128 bits for the first ciphertext Cipher 1 Carrying out decryption calculation and outputting a plaintext;
D3. combining said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Is converted into an integer, thereby decrypting to obtain the first partial key value t A And said first public key recovery data W A
If the sending method C is used in the step S23, the decryption method is a method E, and the method E includes the following steps:
E1. using said first random number r A As a first private key, and using SM2 decryption algorithm to encrypt the second ciphertext Cipher 2 And decrypting to obtain a plaintext:
t A ||x W ||y W =SM2_DEC(r A ,Cipher 2 );
wherein, SM2_ DEC (r) A ,Cipher 2 ) Representing the use of the SM2 decryption algorithm and a first private key r A For the second ciphertext Cipher 2 Carrying out decryption calculation and outputting a plaintext;
E2. combining said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Is converted into an integer, thereby decrypting to obtain the first partial key value t A And said first public key recovery data W A
Further, the third step includes the following steps:
s31, the user generates a third random number rr A ∈[1,n-1]Calculate UU A =[rr A ]×G;
S32, the UU is processed by the user A And a discernible identity ID of said user A Submitting the key to the KGC;
s33, the key generation center KGC calculates a second partial signature key value tt by using the system master private key ms A And a second public key recovery data WW A And signing said second partial signature key value tt A And a second public key recovery data WW A Sending the third ciphertext to the user and returning the third ciphertext to the user 3 Or the fourth ciphertext Cipher 4
S34, the user receives the third ciphertext Cipher 3 Or fourth Cipher text Cipher 4 Decrypting to obtain said second partial signature key value tt A And a second public key to recover the data WW A Calculating hh A =H 256 (x WW ‖y WW ‖H A ) Then calculates the user encryption private key de A =(hh A ×tt A +rr A ) modn and stores the user encryption private key de A And a second public key recovery data WW A Wherein x is WW ,y WW Recovering data WW for said second public key A The coordinates of (a).
Further, in step S33, the calculating includes the steps of:
G1. calculating the H A =H 256 (ENTL A ‖ID A ‖x Pub ‖y Pub );
G2. Generating a fourth random number ww E [1,n-1];
G3. computing said second public key recovery data WW A =[ww]×G+UU A +[kid 1 ]×P pub
G4. Calculating hh A =H 256 (x WW ‖y WW ‖H A ) Wherein x is WW ,y WW Recovering data WW for said second public key A And converted to byte strings;
G5. subjecting the hh to A Conversion to integersIf the integer is 0 after the conversion, go to the step G2;
G6. calculating tt A =(hh A -1 ×(ww+kid 1 ×ms)+kid 1 X ms) mod n, and then the key generation center KGC applies the second partial key value tt A And a second public key recovery data WW A Sending the data to the user, wherein the data comprises a sending method H or a sending method I,
the sending method H comprises the following steps:
H1. calculating KK = [ ms ]]×UU A Third key kk = KDF (x) KK ||y KK 128), where x KK ,y KK The third key KK is a 128-bit byte string generated by the key derivation function for the coordinates of the KK;
H2. combining said second partial key value tt A And a second public key recovery data WW A Coordinate x of WW And y WW Converting into a byte string;
H3. using the third key kk and SM4 cryptographic algorithm pair tt A ||x WW ||y WW Encrypting to obtain the third ciphertext Cipher text Cipher 3 =SM4_ENC(kk,tt A ||x WW ||y WW ) And combining the third ciphertext Cipher text Cipher 3 Sending the data to the user;
the sending method I comprises the following steps:
I1. combining said second partial key value tt A And a second public key recovery data WW A Coordinate x of WW And y WW Converting into a byte string;
I2. using the UU A As a fourth public key, and using SM2 encryption algorithm to tt A ||x WW ||y WW Encrypting to obtain the fourth ciphertext Cipher text Cipher 4 =SM2_ENC(UU A ,tt A ||x WW ||y WW ) And combining the fourth ciphertext Cipher text Cipher 4 Is sent to the user in the form of a message,
in the step S34, the method includes the following steps:
at the time of the decryption, the decryption is performed,
if the sending method H is used in the step S33, the decryption method is a method J, and the method J includes the following steps:
J1. calculating KK' = [ rr ] A ]×P Pub Fourth key kk' = KDF (x) KK’ ||y KK’ 128), where x KK’ ,y KK’ The fourth key KK 'is a 128-bit byte string generated by the key derivation function as coordinates of the KK';
J2. using the fourth key kk' and SM4 cryptographic algorithm to Cipher the third ciphertext Cipher 3 Decrypting to obtain plaintext
tt A ||x WW ||y WW =SM4_DEC(kk’,Cipher 3 );
J3. Dividing said second partial key value tt A And a second public key recovery data WW A Coordinate x of WW 、y WW Is converted into an integer, thereby decrypting to obtain the second partial key value tt A And a second public key recovery data WW A
If the sending method I is used in the step S33, the decryption method is a method K, where the method K includes the following steps:
K1. using said third random number rr A As a second private key, and uses SM2 decryption algorithm to encrypt the fourth ciphertext Cipher 4 Decrypting to obtain plaintext
tt A ||x WW ||y WW =SM2_DEC(rr A ,Cipher 4 );
K2. Dividing said second partial key value tt A And a second public key recovery data WW A Coordinate x of WW 、y WW Is converted into an integer, thereby decrypting to obtain the second partial key value tt A And a second public key recovery data WW A
The invention also provides a public key recovery method, wherein the first public key P 'is generated by adopting the SM2 secret key generation method' A Or/and generating a second public key PP' A
Wherein,
said generating a first public keyP’ A Using a user's discernible identity ID A System master public key P of key generation center KGC pub First public key recovery data W A And a first private key generator kid 0 Generating a corresponding first public key P' A The method comprises the following steps:
G1. calculation of H11= H 256 (ENTL‖ID A ‖x Pub ‖y Pub ) Wherein H is 256 For a hash function with an output of 256 bits, ENTL is said distinguishable identification ID represented by 2 bytes A Is the byte length of (b) | denotes the concatenation of the byte strings, x Pub ,y Pub Master public key P for the system Pub The coordinates of (a);
G2. recovering the first public key into data W A Coordinate x of W 、y W Convert to byte string, calculate H11= H 256 (x W ‖y W Iih 11) and converting said H11 to an integer;
G3. calculating P' A =W A +[kid 0 ×h11]×P pub
The second public key PP 'is generated' A Is to use said distinguishable identification ID A System master public key P of key generation center KGC pub Second public key recovery data WW A And a second private key generator kid 1 Generating a corresponding second public key PP' A The method comprises the following steps:
m1. Calculating the H11= H 256 (ENTL‖ID A ‖x Pub ‖y Pub );
M2. Recovering data WW from the second public key A Coordinate x of WW 、y WW Convert to byte string, calculate H22= H 256 (x WW ‖y WW Iih 11) and converting the H22 to an integer;
m3. Calculating PP' A =WW A +[kid 1 ×h22]×P pub
The invention also provides an SM2 secret key generation method, wherein the public key recovery method is adopted, and the method comprises the following steps:
s25, the user selects to carry out first public key verification, and the method comprises the following steps:
F1. generating a first public key P 'by adopting the public key recovery method' A
F2. Calculating P A =[d A ]×G;
F3. If P' A =P A If the first public key is successfully verified, otherwise, the first public key is failed to be verified;
or comprises the following steps:
s35, the user selects to carry out second public key verification, and the method comprises the following steps:
l1, generating a second public key PP 'by adopting the public key recovery method' A
L2. Calculating PP A =[de A ]×G;
L3, if PP' A =PP A If the second public key is verified successfully, otherwise, the second public key is verified unsuccessfully.
The invention also provides a digital signature generation method, wherein the digital signature is calculated for the data e to be signed by adopting the SM2 key generation method.
The invention also provides a digital signature verification method, wherein the public key recovery method is adopted to verify the signature value.
The invention also provides a data encryption method, wherein the data plaintext is encrypted by adopting the public key recovery method.
The invention also provides a data decryption method, wherein the SM2 key generation method is adopted to decrypt the encrypted data ciphertext.
The invention also provides a computer device comprising a memory, a first processor and a first computer program stored on said memory and executable on said first processor, the first computer program when executed by the first processor implementing one or more of the following methods:
the SM2 key generation method, the public key recovery method, the digital signature generation method, the digital signature verification method, the data encryption method, and the data decryption method described above.
The invention also provides a computer-readable storage medium for storing a second computer program executable by at least one second processor for causing the at least one second processor to perform one or more of the following methods:
the SM2 key generation method, the public key recovery method, the digital signature generation method, the digital signature verification method, the data encryption method, and the data decryption method described above.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention ensures that the user distinguishes the signature key and the encryption key through the private key generator in the process of generating the signature key and the encryption key, and the signature verifier and the data encryptor also need to use the private key generator to recover the signature public key and the encryption public key, thereby distinguishing the generation and the use of the signature key and the encryption key from the aspect of algorithm and avoiding mixed use.
2. The invention saves a large amount of computing resources. The SM2 public key of the user is recovered and verified by using the user identifier, the public key recovery data and the KGC master public key, so that a large amount of calculation and network resources required by certificate-based certificate chain verification are avoided.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed for the embodiment or the prior art description will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 shows a flowchart of an SM2 key generation method according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
An SM2 key generation method provided by the present invention is described in detail below with reference to the accompanying drawings.
Fig. 1 shows a flowchart of an SM2 key generation method according to an embodiment of the present invention. As shown in fig. 1, the SM2 key generation method includes the following steps:
establishing system parameters, comprising the following steps:
s11, a user and a Key Generation Center (KGC) share parameters G and n of an elliptic curve E (Fq) of an SM2 algorithm, wherein the E (Fq) is an elliptic curve defined on a finite field Fq, G represents a base point with an upper order of n on the elliptic curve E (Fq), n is a prime number, and specific values of the parameters are preset according to the SM2 algorithm;
s12, generating a system master private key ms and a system master public key P by a key generation center KGC Pub In which P is Pub =[ms]X G, square bracket [ 2 ]]Means a point multiplication on the elliptic curve E (Fq), P Pub Is a point on the elliptic curve E (Fq), it is noted that, in the present invention, the square bracket in each calculation formula]All represent point operations on the elliptic curve E (Fq);
s13, randomly selecting a first private key generator kid by a key generation center KGC 0 ∈[1,n-1]And a second private key generator kid 1 ∈[1,n-1]And kid 0 And kid 1 Not equal, wherein the first private key generator kid 0 Generating an identifier for the user signature private key, wherein the identifier is used for generating the user signature private key; kid 1 Generating an identifier for the user decryption private key, wherein the identifier is used for generating the user decryption private key;
s14, the key generation center KGC discloses P Pub 、kid 0 And kid 1
Generating a user signature private key based on the system parameters, comprising the following steps:
s21, generating a first random number r by a user A ∈[1,n-1]Based on the first random number r A And G, calculating U A =[r A ]×G;
S22. The user connects U A And a user's distinguishable identification ID A Submitting the key to the KGC;
s23, the key generation center KGC calculates a first partial key value t by using a system master private key ms A And the first public key recovery data W A And combining said first partial key value t A And the first public key recovery data W A Sending the data to a user, wherein the calculation specifically comprises the following steps:
A1. calculate H A =H 256 (ENTL A ‖ID A ‖x Pub ‖y Pub ) And converted into a byte string, wherein ENTL A Is a distinguishable identification ID expressed by 2 bytes A The byte length of (d); II denotes concatenation of byte strings; x is the number of Pub ,y Pub System master public key P as KGC Pub Coordinates of (A), H 256 For a hash function (such as SM3 cryptographic algorithm) with 256 bits output, the conversion into byte strings is performed according to the method given by 4.2.6 in the national standard GB/T32918.1-2016;
A2. generating a second random number w E [1,n-1];
A3. calculating the first public key recovery data W based on the second random number W A =[w]×G+U A +[kid 0 ]×P pub
A4. Recovering data W based on the first public key A Calculate h A =H 256 (x W ‖y W ‖H A ) And converted into a byte string, where x W ,y W Recovering data W for a first public key A The conversion into the byte strings is carried out according to the method given by 4.2.6 in the national standard GB/T32918.1-2016;
A5. h is to be A Converting into an integer, and if the converted integer is 0, turning to the step A2;
wherein, h is A The conversion into integers is carried out according to the method given in GB/T32918.1-2016 (4.2.3);
A6. calculating said first partial key value t A =(h A -1 ×(w+kid 0 ×ms)+kid 0 X ms) mod n, and then the key generation center KGC combines said first partial key value t A And said first public key recovery data W A Sending the data to a user, wherein x mod y represents the complementation operation of x to y, and comprises a sending method B or a sending method C,
the sending method B comprises the following steps:
B1. calculation of K = [ ms ]]×U A First key k = KDF (x) K ||y K 128), where x K ,y K KDF is GB/T32918.4-2016 (GB/T32918.4-2016) — part 4 of the information security technology SM2 elliptic curve public key cryptographic algorithm: public key encryption algorithm "key derivation function in section 5.4.3, the first key k is a 128-bit byte string generated by the key derivation function;
B2. combining said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Converting into byte strings according to a method given by 4.2.6 in GB/T32918.1-2016;
B3. cryptographic algorithm for plaintext t using first key k and SM4 A ||x W ||y W Encrypting to obtain a first ciphertext Cipher 1 =SM4_ENC(k,t A ||x W ||y W ) And combines the first ciphertext Cipher with the second ciphertext Cipher 1 Sent to the user, wherein, SM4_ ENC (k, t) A ||x W ||y W ) Shows that the plaintext T is encrypted by using an SM4 encryption algorithm defined in GB/T32907-2016 (GB/T) -an information security technology SM4 block cipher algorithm and a 128-bit first key k A ||x W ||y W Carrying out encryption calculation and outputting a ciphertext;
the sending method C comprises the following steps:
C1. dividing said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Converting into a byte string, wherein the conversion is carried out according to a method given by 4.2.6 in GB/T32918.1-2016;
C2. using U A As a third public key, and using SM2 cryptographic algorithm pairPlaintext t A ||x W ||y W Encrypting to obtain a second ciphertext Cipher 2 =SM2_ENC(U A ,t A ||x W ||y W ) And combining the second ciphertext Cipher text Cipher 2 Sent to the user, wherein, SM2_ ENC (U) A ,t A ||x W ||y W ) Indicating the use of the SM2 encryption algorithm and the third public key U in GB/T32918.4-2016 A For the plaintext t A ||x W ||y W Carrying out encryption calculation and outputting a ciphertext;
s24, the user receives a first ciphertext Cipher returned by the key generation center KGC 1 Or second ciphertext Cipher 2 Obtaining said first partial key value t after decryption A And said first public key recovery data W A Calculating H A =H 256 (ENTL A ‖ID A ‖x Pub ‖y Pub ) And h A =H 256 (x W ‖y W ‖H A ) Calculating the user signature private key ds A =(h A ×t A +r A ) (mod n) holding the user signature private key ds A And the first public key recovery data W A
At the time of the decryption, the decryption is performed,
if the sending method B is used in step S23, the decryption method is method D, and the method D includes the following steps:
D1. calculation of K' = [ r ] A ]×P Pub Second key k' = KDF (x) K’ ||y K’ 128), where x K’ ,y K’ A second key K 'is a 128-bit byte string generated by a key derivation function, which is the coordinate of K';
D2. cipher text Cipher using second key k' and SM4 Cipher algorithm 1 And (3) decrypting to obtain a plaintext:
t A ||x W ||y W =SM4_DEC(k’,Cipher 1 );
wherein, SM4_ DEC (k', cipher) 1 ) Indicating that the first ciphertext Cipher was cipherer using the SM4 decryption algorithm in GB/T32907-2016 and the 128-bit second key k 1 And carrying out decryption calculation and outputting a plaintext.
D3. The first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Is converted into an integer, thereby decrypting to obtain the first partial key value t A And said first public key recovery data W A . Wherein, t is A And x W 、y W The conversion into integers is carried out according to the method given in GB/T32918.1-2016 (4.2.3);
if the sending method C is used in step S23, the decryption method is method E, and the method E includes the following steps:
E1. using a first random number r A As the first private key, and uses SM2 decryption algorithm to encrypt the second ciphertext Cipher 2 And decrypting to obtain a plaintext:
t A ||x W ||y W =SM2_DEC(r A ,Cipher 2 ),
wherein, SM2_ DEC (r) A ,Cipher 2 ) Indicating the use of the SM2 decryption algorithm and the first private key r in GB/T32918.4-2016 A For the second ciphertext Cipher text Cipher 2 Carrying out decryption calculation and outputting a plaintext;
E2. the first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Is converted into an integer, thereby decrypting to obtain the first partial key value t A And said first public key recovery data W A . Wherein, t is A And x W 、y W The conversion into integers is carried out according to the method given in GB/T32918.1-2016 (4.2.3);
s25, the user can select whether to carry out first public key verification. If the first public key verification is not carried out, the success of the generation of the private key of the user signature is returned, and if the first public key verification is carried out, the method comprises the following steps:
F1. using a distinguishable identification ID A System master public key P of key generation center KGC pub First public key recovery data W A And a first private key generator kid 0 Generating a corresponding first public key P' A (i.e., resume the firstPublic key P' A ) The generating comprises the following steps:
G1. calculation of H11= H 256 (ENTL‖ID A ‖x Pub ‖y Pub ) Wherein ENTL represents ID for 2 bytes A The byte length of (d);
G2. recovering the first public key to the data W by the method given by 4.2.6 in GB/T32918.1-2016 A Coordinate x of W 、y W Convert to byte string, calculate H11= H 256 (x W ‖y W Iih 11) and converting H11 to an integer according to the method given in GB/T32918.1-2016 at 4.2.3;
G3. calculating P' A =W A +[kid 0 ×h11]×P pub
F2. Calculating P A =[d A ]×G;
F3. If P' A =P A If the first public key is successfully verified, otherwise, the first public key is failed to be verified;
F4. and if the first public key is successfully verified, returning that the generation of the user signature private key is successful, otherwise, returning that the generation of the user signature private key is failed.
Generating a user encryption private key based on the system parameters (the step and the step two can be performed at random or simultaneously, or only one step can be performed as required), comprising the following steps:
s31, generating a third random number rr by the user A ∈[1,n-1]Calculate UU A =[rr A ]×G;
S32, the UU is processed by the user A And a user's distinguishable identification ID A Submitting the key to the KGC;
s33, the key generation center KGC calculates a second partial signature key value tt by using a system master private key ms A And a second public key recovery data WW A And will be A And WW A And sending the data to a user, wherein the calculation comprises the following steps:
G1. calculate H A =H 256 (ENTL A ‖ID A ‖x Pub ‖y Pub );
G2. Generating a fourth random number ww E [1,n-1];
G3. calculating the second public key recovery data WW based on the fourth random number WW A =[ww]×G+UU A +[kid 1 ]×P pub
G4. Recovering data WW based on said second public key A Calculating hh A =H 256 (x WW ‖y WW ‖H A ) Wherein x is WW ,y WW Recovering data WW for second public key A And is converted into a byte string according to the method given by 4.2.6 in GB/T32918.1-2016;
G5. the hh was treated according to the method given in GB/T32918.1-2016 (4.2.3) A Converting into an integer, and if the converted integer is 0, turning to the step G2;
G6. calculating tt A =(hh A -1 ×(ww+kid 1 ×ms)+kid 1 X ms) (mod n), then the key generation center KGC combines the second partial key value tt A And a second public key recovery data WW A Sending the data to a user, wherein the data comprises a sending method H or a sending method I,
the sending method H comprises the following steps:
H1. calculating KK = [ ms =]×UU A Third key kk = KDF (x) KK ||y KK 128), where x KK ,y KK KK, where KK is a 128-bit byte string generated by a key derivation function;
H2. combining said second partial key value tt A And a second public key recovery data WW A Coordinate x of WW And y WW Converting into byte strings according to a method given by 4.2.6 in GB/T32918.1-2016;
H3. cryptographic algorithm tt on plain text using said third key kk and SM4 A ||x WW ||y WW Encrypting to obtain a third ciphertext Cipher 3 =SM4_ENC(kk,tt A ||x WW ||y WW ) And combining the third ciphertext Cipher text Cipher 3 Sent to the user, wherein, SM4_ ENC (kk, tt) A ||x WW ||y WW ) Shows that the plaintext tt is encrypted by using an SM4 encryption algorithm defined in GB/T32907-2016 (GB/T) -an information security technology SM4 block cipher algorithm and a 128-bit third key kk A ||x WW ||y WW Carrying out encryption calculation and outputting a ciphertext;
the sending method I comprises the following steps:
I1. combining said second partial key value tt A And a second public key recovery data WW A Coordinate x of WW And y WW Converting into byte strings according to a method given by 4.2.6 in GB/T32918.1-2016;
I2. using UU A As a fourth public key, and using SM2 encryption algorithm to encrypt the plaintext tt A ||x WW ||y WW Encrypting to obtain a fourth ciphertext Cipher 4 =SM2_ENC(UU A ,tt A ||x WW ||y WW ) And combining the fourth ciphertext Cipher text Cipher 4 Sending to the user, wherein, SM2_ ENC (UU) A ,tt A ||x WW ||y WW ) Indicating the use of SM2 encryption algorithm and the fourth public key UU in GB/T32918.4-2016 A For the plain text tt A ||x WW ||y WW Carrying out encryption calculation and outputting a ciphertext;
s34, the user receives the third ciphertext Cipher text Cipher returned by the key generation center KGC 3 Or the fourth ciphertext Cipher 4 Decrypting to obtain a second partial signature key value tt A And a second public key recovery data WW A Calculating hh A =H 256 (x WW ‖y WW ‖H A ) Then calculates the user's encrypted private key de A =(hh A ×tt A +rr A ) (modn) and saving the user encryption private key de A And said second public key recovery data WW A
At the time of the decryption, the decryption is performed,
if the sending method H is used in step S33, the decryption method is method J, and the method J includes the following steps:
J1. calculating KK' = [ rr ] A ]×P Pub Fourth key kk' = KDF (x) KK’ ||y KK’ ,128 Wherein x is KK’ ,y KK’ The fourth key KK 'is a 128-bit byte string generated by a key derivation function, in coordinates of KK';
J2. cipher the third ciphertext Cipher using a fourth key kk' and an SM4 cryptographic algorithm 3 Decrypting to obtain plaintext
tt A ||x WW ||y WW =SM4_DEC(kk’,Cipher 3 ),
Wherein, SM4_ DEC (kk', cipher) 3 ) Indicating that the third ciphertext Cipher text Cipher is decrypted using the SM4 decryption algorithm in GB/T32907-2016 and the 128-bit fourth key kk 3 Carrying out decryption calculation and outputting a plaintext;
J3. the second partial key values tt are assigned in accordance with the method given in GB/T32918.1-2016 (4.2.3) A And a second public key recovery data WW A Coordinate x of WW 、y WW Is converted into an integer, thereby decrypting to obtain the second partial key value tt A And a second public key recovery data WW A
If the sending method I is used in S33, the decryption method is method K, and the method K includes the following steps:
K1. using the third random number rr A As a second private key, and uses SM2 decryption algorithm to encrypt the fourth ciphertext Cipher 4 Decrypting to obtain plaintext
tt A ||x WW ||y WW =SM2_DEC(rr A ,Cipher 4 )
Wherein, SM2_ DEC (rr) A ,Cipher 4 ) Indicating the use of the SM2 decryption algorithm and the second private key rr in GB/T32918.4-2016 A For the fourth ciphertext Cipher 4 Carrying out decryption calculation and outputting a plaintext;
K2. the second partial key value tt is assigned in accordance with the method given in GB/T32918.1-2016 (4.2.3) A And a second public key recovery data WW A Coordinate x of WW 、y WW Is converted into an integer, thereby decrypting to obtain the second partial key value tt A And a second public key recovery data WW A
S35, the user can select whether to carry out second public key verification. And if the second public key verification is not carried out, returning that the generation of the user encryption private key is successful. If the second public key verification is carried out, the method comprises the following steps:
l1. Using distinguishable identification ID A System master public key P of key generation center KGC pub Second public key recovery data WW A And a second private key generator kid 1 Generating a corresponding second public key PP' A (i.e., recovering the second public key PP' A ) The generating comprises the following steps:
m1. Calculation H11= H 256 (ENTL‖ID A ‖x Pub ‖y Pub ) Wherein ENTL represents ID for 2 bytes A The byte length of (d);
m2, recovering the second public key to the data WW by a method given by 4.2.6 in GB/T32918.1-2016 A Coordinate x of WW 、y WW Convert to byte string, calculate H22= H 256 (x WW ‖y WW Iih 11) and converting H22 to an integer according to the method given in GB/T32918.1-2016 at 4.2.3;
m3. Calculating PP' A =WW A +[kid 1 ×h22]×P pub
L2. Calculating PP A =[de A ]×G;
L3, if PP' A =PP A If the verification of the second public key is successful, otherwise, the verification of the second public key is failed;
and L4, if the second public key is successfully verified, returning that the generation of the user encryption private key is successful, otherwise, returning that the generation of the user encryption private key is failed.
It should be noted that, in the SM2 key generation method, step F1 and step L1 are the first public key P' A And a second public key PP' A The public key recovery method of (1). Namely, the invention also provides a public key recovery method, which comprises the specific steps of the step F1 or/and the step L1.
The invention also provides a digital signature generation method, which adopts the SM2 key generation method, wherein the user, namely the signer, uses the SM2 key generation method to calculate and obtain the user signaturePrivate key ds A Then, a digital signature is calculated for 256 bits of data e to be signed, specifically, the user follows A of 6.1 in GB/T32981.2-2016 3 -A 7 Generates a signature value (r, s).
The invention also provides a digital signature verification method, which adopts the SM2 key generation method, wherein the signature verifier uses the distinguishable identification ID of the signer (namely the user) for the received 256 bits of data ee to be signed and signature values (rr, ss) A First public key recovery data W A System master public key P of KGC and key generation center pub Performing signature verification, comprising the steps of: recovering the complete first public key P 'using step F1' A Using a first public key P' A B as a public key according to 7.1 in GB/T32981.2-2016 5 -B 7 Step verifies the signature value (rr, ss).
The invention also provides a data encryption method, which adopts the SM2 key generation method, wherein a data encryptor B uses the distinguishable identification ID of an encrypted data receiver A (namely a user) A Second public key recovery data WW A System master public key P of KGC and key generation center pub The method for encrypting the data plaintext m to be encrypted comprises the following steps: recovering the complete second public key PP 'by using the step L1' A Using the second public key PP' A The data plaintext m is encrypted as a public key according to an encryption algorithm of 6.1 in GB/T32981.4-2016.
The invention also provides a data decryption method, which adopts the SM2 key generation method, wherein the encrypted data receiver A uses the user encrypted private key de A The method for decrypting the encrypted data ciphertext C to recover the plaintext comprises the following steps: and decrypting according to a decryption algorithm of 7.1 in GB/T32981.4-2016.
In summary, the SM2 key generation method provided by the present invention can be used for generating a signature private key and an encryption private key, and the signature private key can generate a digital signature; the encryption private key may be used to encrypt and decrypt data. The public key recovery method can recover a user (signature/encryption) public key from a user's distinguishable identification and (signature/encryption) public key recovery data, wherein the signature public key is used for digital signature verification, and the encryption public key is used for encrypting data.
The invention also provides a computer device, which comprises a memory, a first processor and a first computer program stored on the memory and capable of running on the first processor, wherein the first computer program realizes one or more methods of the two SM2 key generation methods, the public key recovery method, the digital signature generation method, the digital signature verification method, the data encryption method and the data decryption method when being executed by the first processor.
The present invention also provides a computer readable storage medium for storing a second computer program executable by at least one second processor to cause the at least one second processor to perform one or more of the two SM2 key generation methods, the public key recovery method, the digital signature generation method, the digital signature verification method, the data encryption method and the data decryption method described above.
The SM2 key generation method provided by the invention jointly calculates the user signature/encryption key through the user side and the KGC according to the user distinguishable identification and the KGC system master key, thereby saving a large amount of calculation resources. In the process of generating the user signature/encryption key, the invention can distinguish the user signature/encryption key through the private key generator, and the signature verifier and the data encryptor also need to use the private key generator to recover the signature public key and the encryption public key, thereby enabling the generation and the use of the signature key and the encryption key to be distinguished from the aspect of algorithm and avoiding the mixed use. Meanwhile, the KGC may generate a signature key and an encryption key for the user using the same master private key. The signature verifier and the data encryptor can recover the signature public key and the encryption public key through the system main public key of the KGC, the public key recovery data of the user and the distinguishable identification of the user and carry out signature verification or data encryption.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by functions and internal logic of the process, and should not limit the implementation process of the embodiments of the present invention in any way.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (14)

  1. An sm2 key generation method, comprising the steps of: the first step, the second step and/or the third step,
    wherein,
    establishing system parameters;
    generating a user signature private key ds based on the system parameters A
    Thirdly, generating a user encryption private key de based on the system parameters A
  2. 2. The SM2 key generation method of claim 1, wherein the first step comprises the steps of:
    s11, a user and a secret key generation center KGC share parameters G and n of an elliptic curve E (Fq) of an SM2 algorithm, wherein the E (Fq) is an elliptic curve defined on a finite field Fq, G represents a base point with an upper order of n on the elliptic curve E (Fq), and n is a prime number;
    s12, generating a system master private key ms and a system master public key P by the key generation center KGC Pub Wherein the system master public key P Pub =[ms]X G, square bracket [ 2 ]]Represents a point multiplication on the elliptic curve E (Fq), the system master public key P Pub Is a point on the elliptic curve E (Fq), and is a square bracket in each of the following calculation formulas]Each represents a point doubling operation on the elliptic curve E (Fq);
    s13, randomly selecting a first private key generator kid by the key generation center KGC 0 ∈[1,n-1]And a second private key generatorAdult character kid 1 ∈[1,n-1]And kid 0 And kid 1 Not equal;
    s14, the key generation center KGC discloses the system master public key P Pub First private key generator kid 0 And a second private key generator kid 1
  3. 3. The SM2 key generation method according to claim 2, wherein the second step comprises the steps of:
    s21, the user generates a first random number r A ∈[1,n-1]Calculate U A =[r A ]×G;
    S22, the user enables the U A And a discernible identity ID of said user A Submitting the key to the KGC; (ii) a
    S23, the key generation center KGC calculates a first partial key value t by using the system master private key ms A And the first public key recovery data W A And combining said first partial key value t A And the first public key recovery data W A Sending the ciphertext to the user, and returning a first ciphertext Cipher to the user 1 Or second ciphertext Cipher 2
    S24, the user receives the first ciphertext Cipher 1 Or second ciphertext Cipher 2 Obtaining said first partial key value t after decryption A And said first public key recovery data W A Calculating H A =H 256 (ENTL A ‖ID A ‖x Pub ‖y Pub ) And h A =H 256 (x W ‖y W ‖H A ) Calculating the user signature private key ds A =(h A ×t A +r A ) mod n, holding the user signature private key ds A And the first public key recovery data W A Wherein H is 256 Is a hash function with 256 bits output; ENTL A The discernable identification ID represented by 2 bytes A The byte length of (d); II denotes concatenation of byte strings; x is the number of Pub ,y Pub Is the system master public key P Pub The coordinates of (a); x is the number of W ,y W Is a stand forThe first public key recovering data W A The coordinates of (a); x mod y represents the x-to-y remainder operation.
  4. 4. The SM2 key generation method of claim 3,
    in step S23, the calculating includes the following steps:
    A1. calculating the H A =H 256 (ENTL A ‖ID A ‖x Pub ‖y Pub ) And converted into a byte string;
    A2. generating a second random number w epsilon [1,n-1];
    A3. calculating the first public key recovery data W A =[w]×G+U A +[kid 0 ]×P pub
    A4. Calculating the h A =H 256 (x W ‖y W ‖H A ) And converted into a byte string;
    A5. h is to be A Converting into an integer, and if the converted integer is 0, turning to the step A2;
    A6. calculating said first partial key value t A =(h A -1 ×(w+kid 0 ×ms)+kid 0 X ms) mod n, then the key generation center KGC combines the first partial key value t A And said first public key recovery data W A Sending the data to the user, wherein the data comprises a sending method B or a sending method C,
    the sending method B comprises the following steps:
    B1. calculating K = [ ms =]×U A First key k = KDF (x) K ||y K 128), where x K ,y K For the coordinates of K, KDF is a key derivation function, the first key K is a 128-bit byte string generated by the key derivation function;
    B2. combining said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W According to the conversion into byte strings;
    B3. cryptographic algorithm for plaintext t using said first key k and SM4 A ||x W ||y W Encrypting to obtain the first ciphertext Cipher text Cipher 1 =SM4_ENC(k,t A ||x W ||y W ) And combining the first ciphertext Cipher text Cipher 1 Transmitting to the user, wherein, SM4_ ENC (k, t) A ||x W ||y W ) Representing the use of SM4 encryption algorithm and the first key k of 128 bits for the plaintext t A ||x W ||y W Carrying out encryption calculation and outputting a ciphertext;
    the sending method C comprises the following steps:
    C1. combining said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Converting into a byte string;
    C2. using said U A As a third public key, and uses SM2 encryption algorithm to encrypt the plaintext t A ||x W ||y W Encrypting to obtain the second ciphertext Cipher 2 =SM2_ENC(U A ,t A ||x W ||y W ) And combining the second ciphertext Cipher text Cipher 2 Transmitting to the user, wherein, SM2_ ENC (U) A ,t A ||x W ||y W ) Indicating the use of the SM2 encryption algorithm and said third public key U A For the plaintext t A ||x W ||y W Performing encryption calculation and outputting a ciphertext, in the step S24, when performing the decryption,
    if the sending method B is used in the step S23, the decryption method is a method D, and the method D includes the following steps:
    D1. calculation of K' = [ r ] A ]×P Pub Second key k' = KDF (x) K’ ||y K’ 128), where x K’ ,y K’ K ', the second key K' being a 128-bit byte string generated by the key derivation function;
    D2. cipher the first ciphertext Cipher using the second key k' and an SM4 cryptographic algorithm 1 And (3) decrypting to obtain a plaintext:
    t A ||x W ||y W =SM4_DEC(k’,Cipher 1 ),
    wherein, SM4_ DEC (k', cipher) 1 ) Representing the use of the SM4 decryption algorithm and the second key k' of 128 bits for the first ciphertext Cipher 1 Carrying out decryption calculation and outputting a plaintext;
    D3. combining said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Is converted into an integer, thereby decrypting to obtain said first partial key value t A And said first public key recovery data W A
    If the sending method C is used in the step S23, the decryption method is a method E, and the method E includes the following steps:
    E1. using said first random number r A As a first private key, and using SM2 decryption algorithm to encrypt the second ciphertext Cipher 2 And decrypting to obtain a plaintext:
    t A ||x W ||y W =SM2_DEC(r A ,Cipher 2 );
    wherein, SM2_ DEC (r) A ,Cipher 2 ) Representing the use of the SM2 decryption algorithm and a first private key r A For the second ciphertext Cipher 2 Carrying out decryption calculation and outputting a plaintext;
    E2. combining said first partial key value t A And the first public key recovery data W A Coordinate x of W 、y W Is converted into an integer, thereby decrypting to obtain the first partial key value t A And said first public key recovery data W A
  5. 5. The SM2 key generation method of claim 4, wherein the third step comprises the steps of:
    s31, the user generates a third random number rr A ∈[1,n-1]Calculate UU A =[rr A ]×G;
    S32, the UU is processed by the user A And a discernible identity ID of said user A Submitting the key to the KGC;
    s33, the key generation center KGC uses the system master private key ms calculating a second partial signature key value tt A And a second public key recovery data WW A And signing said second partial signature key value tt A And a second public key recovery data WW A Sending the third ciphertext to the user and returning the third ciphertext to the user 3 Or the fourth ciphertext Cipher 4
    S34, the user receives the third ciphertext Cipher 3 Or the fourth ciphertext Cipher 4 Decrypting to obtain said second partial signature key value tt A And a second public key recovery data WW A Calculating hh A =H 256 (x WW ‖y WW ‖H A ) Then, the user encryption private key de is calculated A =(hh A ×tt A +rr A ) mod n and save the user encryption private key de A And a second public key recovery data WW A Wherein x is WW ,y WW Recovering data WW for said second public key A The coordinates of (a).
  6. 6. The SM2 key generation method according to claim 5, wherein in the step S33, the calculation includes the steps of:
    G1. calculating the H A =H 256 (ENTL A ‖ID A ‖x Pub ‖y Pub );
    G2. Generating a fourth random number ww E [1,n-1];
    G3. computing said second public key recovery data WW A =[ww]×G+UU A +[kid 1 ]×P pub
    G4. Calculating hh A =H 256 (x WW ‖y WW ‖H A ) Wherein x is WW ,y WW Recovering data WW for said second public key A And converted into a string of bytes;
    G5. subjecting the hh to A Converting into an integer, and if the converted integer is 0, turning to the step G2;
    G6. calculating tt A =(hh A -1 ×(ww+kid 1 ×ms)+kid 1 X ms) mod n, then the key is generatedCentering KGC on said second partial key value tt A And a second public key recovery data WW A Sending the data to the user, wherein the data comprises a sending method H or a sending method I,
    the sending method H comprises the following steps:
    H1. calculating KK = [ ms ]]×UU A Third key kk = KDF (x) KK ||y KK 128), where x KK ,y KK The third key KK is a 128-bit byte string generated by the key derivation function, for the coordinates of KK;
    H2. combining said second partial key value tt A And a second public key to recover the data WW A Coordinate x of WW And y WW Converting into a byte string;
    H3. using the third key kk and SM4 cryptographic algorithm pair tt A ||x WW ||y WW Encrypting to obtain the third ciphertext Cipher text Cipher 3 =SM4_ENC(kk,tt A ||x WW ||y WW ) And combining the third ciphertext Cipher text Cipher 3 Sending the data to the user;
    the sending method I comprises the following steps:
    I1. combining said second partial key value tt A And a second public key recovery data WW A Coordinate x of WW And y WW Converting into a byte string;
    I2. using the UU A As a fourth public key, and using SM2 encryption algorithm to tt A ||x WW ||y WW Encrypting to obtain the fourth ciphertext Cipher text Cipher 4 =SM2_ENC(UU A ,tt A ||x WW ||y WW ) And combining the fourth ciphertext Cipher text Cipher 4 Is sent to the user in the form of a message,
    in the step S34, the method includes the following steps:
    at the time of the decryption, the decryption is performed,
    if the sending method H is used in the step S33, the decryption method is a method J, and the method J includes the following steps:
    J1. calculating KK' = [ rr ] A ]×P Pub Fourth key kk' = KDF (x) KK’ ||y KK’ 128), where x KK’ ,y KK’ The fourth key KK 'is a 128-bit byte string generated by the key derivation function as coordinates of the KK';
    J2. cipher the third ciphertext Cipher using the fourth key kk' and the SM4 cryptographic algorithm 3 Decrypting to obtain plaintext
    tt A ||x WW ||y WW =SM4_DEC(kk’,Cipher 3 );
    J3. Combining said second partial key value tt A And a second public key recovery data WW A Coordinate x of WW 、y WW Is converted into an integer, thereby decrypting to obtain said second partial key value tt A And a second public key recovery data WW A
    If the sending method I is used in the step S33, the decryption method is a method K, where the method K includes the following steps:
    K1. using said third random number rr A As a second private key, and uses SM2 decryption algorithm to encrypt the fourth ciphertext Cipher 4 Decrypting to obtain plaintext
    tt A ||x WW ||y WW =SM2_DEC(rr A ,Cipher 4 );
    K2. Combining said second partial key value tt A And a second public key recovery data WW A Coordinate x of WW 、y WW Is converted into an integer, thereby decrypting to obtain the second partial key value tt A And a second public key recovery data WW A
  7. 7. Method for recovering a public key, characterized in that a first public key P 'is generated by using any of claims 3 to 4' A Or/and generating a second public key PP 'with any of claims 5 to 6' A
    Wherein,
    the first public key P 'is generated' A Using a user's distinguishable identification ID A System master public key P of key generation center KGC pub First public key recovery data W A And a first private key generatorkid 0 Generating a corresponding first public key P' A The method comprises the following steps:
    G1. calculation of H11= H 256 (ENTL‖ID A ‖x Pub ‖y Pub ) Wherein H is 256 For a hash function with an output of 256 bits, ENTL is said distinguishable identification ID represented by 2 bytes A Is the byte length of | denotes the concatenation of the byte string, x Pub ,y Pub Master public key P for the system Pub The coordinates of (a);
    G2. recovering the first public key to data W A Coordinate x of W 、y W Convert to byte string, calculate H11= H 256 (x W ‖y W Iih 11) and converting said H11 to an integer;
    G3. calculating P' A =W A +[kid 0 ×h11]×P pub
    The second public key PP 'is generated' A Is to use said distinguishable identification ID A System master public key P of key generation center KGC pub Second public key recovery data WW A And a second private key generator kid 1 Generating a corresponding second public key PP' A The method comprises the following steps:
    m1. Calculating the H11= H 256 (ENTL‖ID A ‖x Pub ‖y Pub );
    M2. Recovering data WW from the second public key A Coordinate x of WW 、y WW Convert to byte string, calculate H22= H 256 (x WW ‖y WW Iih 11) and converting the H22 to an integer;
    m3. Calculating PP' A =WW A +[kid 1 ×h22]×P pub
  8. SM2 key generation method, characterised by applying any one of claims 3-4 or/and applying any one of claims 5-6, and by applying claim 7, wherein,
    when any one of claims 3 to 4 is used and claim 7 is used, the method comprises the following steps:
    s25, the user selects to carry out first public key verification, and the method comprises the following steps:
    F1. generating a first public key P 'of claim 7' A
    F2. Calculating P A =[d A ]×G;
    F3. If P' A =P A If the first public key is successfully verified, otherwise, the first public key is failed to be verified;
    when any one of claims 5 to 6 is used and claim 7 is used, the method comprises the following steps:
    s35, the user selects to carry out second public key verification, and the method comprises the following steps:
    l1. With claim 7, generating a second public key PP' A
    L2. Calculating PP A =[de A ]×G;
    L3, if PP' A =PP A If the second public key is successfully verified, otherwise, the second public key is failed to be verified.
  9. 9. A digital signature generation method, characterized in that a digital signature is calculated for data to be signed e using the SM2 key generation method of any one of claims 1 to 6 and 8.
  10. 10. A digital signature verification method, characterized in that the signature value is verified by the public key recovery method of claim 7.
  11. 11. A data encryption method, characterized in that the data plaintext is encrypted by the public key recovery method according to claim 7.
  12. 12. A data decryption method, characterized in that the encrypted data cipher text is decrypted by using the SM2 key generation method of any one of claims 1 to 6 and 8.
  13. 13. Computer arrangement comprising a memory, a first processor and a first computer program stored on said memory and executable on said first processor, the first computer program when executed by the first processor implementing one or more of the following methods:
    the SM2 key generation method of any of claims 1-6 and 8;
    the public key recovery method of claim 7;
    the digital signature generation method of claim 9;
    the digital signature verification method of claim 10;
    the data encryption method of claim 11;
    a method of decrypting data as claimed in claim 12.
  14. 14. Computer-readable storage medium, characterized in that the computer-readable storage medium is used for storing a second computer program, which is executable by at least one second processor for causing the at least one second processor to perform one or several of the following methods:
    the SM2 key generation method of any of claims 1-6 and 8;
    the public key recovery method of claim 7;
    the digital signature generation method of claim 9;
    the digital signature verification method of claim 10;
    the data encryption method of claim 11;
    a method of decrypting data as claimed in claim 12.
CN202211241725.0A 2022-10-11 2022-10-11 SM2 key generation method and related method, computer device and storage medium Pending CN115549905A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211241725.0A CN115549905A (en) 2022-10-11 2022-10-11 SM2 key generation method and related method, computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211241725.0A CN115549905A (en) 2022-10-11 2022-10-11 SM2 key generation method and related method, computer device and storage medium

Publications (1)

Publication Number Publication Date
CN115549905A true CN115549905A (en) 2022-12-30

Family

ID=84733212

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211241725.0A Pending CN115549905A (en) 2022-10-11 2022-10-11 SM2 key generation method and related method, computer device and storage medium

Country Status (1)

Country Link
CN (1) CN115549905A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102201920A (en) * 2011-07-12 2011-09-28 北京中兴通数码科技有限公司 Method for constructing certificateless public key cryptography
CN102761413A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm
US20140211938A1 (en) * 2013-01-29 2014-07-31 Certicom Corp. Modified elliptic curve signature algorithm for message recovery
CN112699394A (en) * 2021-01-13 2021-04-23 北卡科技有限公司 SM9 algorithm-based key application method
CN112887081A (en) * 2020-09-04 2021-06-01 深圳奥联信息安全技术有限公司 SM 2-based signature verification method, device and system
CN114499887A (en) * 2022-02-15 2022-05-13 北京无字天书科技有限公司 Signature key generation and related methods, systems, computer devices, and storage media

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102761413A (en) * 2011-04-27 2012-10-31 航天信息股份有限公司 Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm
CN102201920A (en) * 2011-07-12 2011-09-28 北京中兴通数码科技有限公司 Method for constructing certificateless public key cryptography
US20140211938A1 (en) * 2013-01-29 2014-07-31 Certicom Corp. Modified elliptic curve signature algorithm for message recovery
CN112887081A (en) * 2020-09-04 2021-06-01 深圳奥联信息安全技术有限公司 SM 2-based signature verification method, device and system
CN112699394A (en) * 2021-01-13 2021-04-23 北卡科技有限公司 SM9 algorithm-based key application method
CN114499887A (en) * 2022-02-15 2022-05-13 北京无字天书科技有限公司 Signature key generation and related methods, systems, computer devices, and storage media

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
袁峰;王晓春;封维端;张立圆;王学进;药乐;蒋楠;程朝辉;蔡先勇;王一曲;王栋: "信息安全技术 SM9密码算法使用规范", 国家市场监督管理总局;国家标准化管理委员会, 15 April 2022 (2022-04-15) *

Similar Documents

Publication Publication Date Title
CN108173639B (en) Two-party cooperative signature method based on SM9 signature algorithm
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
CN108989053B (en) Method for realizing certificateless public key cryptosystem based on elliptic curve
CN111106936B (en) SM 9-based attribute encryption method and system
CN107395368B (en) Digital signature method, decapsulation method and decryption method in media-free environment
US11223486B2 (en) Digital signature method, device, and system
CN112564907B (en) Key generation method and device, encryption method and device, and decryption method and device
CN112104453B (en) Anti-quantum computation digital signature system and signature method based on digital certificate
CN109873699B (en) Revocable identity public key encryption method
CN110601859B (en) Certificateless public key cryptographic signature method based on 25519 elliptic curve
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN113285959A (en) Mail encryption method, decryption method and encryption and decryption system
CN109194474A (en) A kind of data transmission method and device
CN111030801A (en) Multi-party distributed SM9 key generation and ciphertext decryption method and medium
CN110855425A (en) Lightweight multiparty cooperative SM9 key generation and ciphertext decryption method and medium
CN115499126A (en) SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium
CN114448641A (en) Privacy encryption method, electronic equipment, storage medium and chip
CN111756537B (en) Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN111262709B (en) Trapdoor hash function-based unlicensed bookmark encryption system and method
CN113098681A (en) Port order enhanced and updatable blinded key management method in cloud storage
CN114070549A (en) Key generation method, device, equipment and storage medium
CN114205077B (en) Mixed encryption secure communication method based on boom key distribution algorithm
CN114978488A (en) SM2 algorithm-based collaborative signature method and system
CN115549905A (en) SM2 key generation method and related method, computer device and storage medium
CN114285580A (en) Online and offline signcryption method from certificateless to public key infrastructure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination