CN1832402A - Numberical signature method based on lever function and super-increment sequence - Google Patents

Abstract

This invention designs a number signature method for public keys utilizing a lever function and the performance of a super increment sequence and n-Mo solving problem including generation of cryptographic keys, digit signature and identity verification, in which, the user owns a private key and a public key and the private key can not be protruded from the public, the private key is used in generating the signature code of the file or information, the public key is used in verifying it, which can be used in the signature and verification of any files and data in computer and communication network and the identity verification and content confirmation in electronic business.

Description

A kind of digital signature method based on lever function and super increasing sequence

(1) technical field

Public-key cryptography digital signature method (being called for short public key digital signature method or endorsement method) belongs to cryptographic technique and field of computer technology, is one of core technology of information security.

(2) background technology

Classic cryptographic technique, symmetric cryptographic technique and public key cryptography technology three phases have been experienced in the development of cryptographic technique.1978, American scholar Diffie and Hellman proposed the thought of public-key cryptosystem, indicate the arriving of public key cryptography technology.At present, generally the digital signature technology of Shi Yonging have RSA scheme, Rabin scheme and E1Gamal scheme (referring to " applied cryptography ", U.S. Bruce Schneier work, Wu Shizhong, Zhu Shixiong etc. translate, China Machine Press, in January, 2000,334-342 page or leaf).In order to improve fail safe, the ElGamal scheme is everlasting and is realized that at this moment, it is ECC scheme on the elliptic curve.Also have a DSA signature scheme in addition, it is the improvement of ElGamal signature scheme.

Said method all is that the American invents.Their fail safe is difficult to complexity of calculation based on big number, and promptly in the limited time and resource, it almost is impossible that big number is carried out that factorization or discrete logarithm find the solution.But along with the raising of the operational speed of a computer, their security intensity has weakened possibility.

(3) summary of the invention

The present invention is to " a kind of key encrypt method based on lever function and the super increasing sequence " (patent No.: amplify and replenish for ZL03156920.X), so both mathematics prerequisites and generation public-key cryptography all are consistent with the scheme of private cipher key.

By the present invention, make common key cryptosystem can be used for data encryption based on lever function and super increasing sequence, also can be used for digital signature.

Digital signature technology is used for the affirmation of computer network and communication network both sides identity and guarantees the non repudiation of transmission content and the discriminating that financial document is concluded the business and file is signed and issued middle identity.

The present invention wishes that our country can have the core technology of oneself in public key encryption and digital signature field, to guarantee the information security and the safety with sovereign right of country, improves the technological means that financial fraud is taken precautions against by China simultaneously.

In this Section has omitted the proof to related properties and conclusion, fills if desired, and we will present immediately.

3.1 two basic conceptions

3.1.1 super increasing sequence

If A ₁, A ₂..., A _nBe n mutually different positive integer, and satisfy

A _i＞∑A _i?(i＝2，3，…，n；j＝1，2，…，i-1)

Claim that then such positive integer sequence is a super increasing sequence, be designated as { A ₁, A ₂..., A _n, note by abridging and be { A _i.

Character: (1≤m≤n) is from super increasing sequence { A for positive integer m arbitrarily _iIn optional m, this m add up and (be subclass with) then: $E=A_{i_1}+A_{i_2}+\·\·\·+A_{i_m}$ Be well-determined.

3.1.2 lever function

If l (.) is by the injective function of integer to integer, its domain of definition be 1,2 ..., n}, codomain be 5,6 ..., n+4}.

In the ZL03156920.X encryption method, when from PKI derivation private key or when decoding ciphertext, need to consider { l (i) } full number of permutations n! , when n was enough big, the full arrangement of exhaustive { l (i) } was infeasible; But when private key and ciphertext are recovered expressly, only need consider { l (i) } add up and, in the polynomial time of n, separate.Therefore, as if being fulcrum with the ciphertext, then l (.) is that " disclosing " end amount of calculation is big, and " privately owned " end amount of calculation is little.It is lever function that our weighing-appliance has the l (.) of above-mentioned character.

In the method, the notion that still needs lever function.

3.2 the technical scheme of digital signature

The present invention is a kind of public key digital signature method based on lever function and super increasing sequence, is called for short the REESSE2 digital signature method, according to this method, can make the digital signature chip, or exploitation digital signature software etc.Therefore, the present invention is a kind of production figures signature product mandatory basic principle of institute and technical scheme, rather than physical product itself.

This digital signature scheme is made up of three parts such as key generation, digital signature and authentications.

3.2.1 digital signature and authentication operation

Suppose that user P desire sends a file or the message F with own digital signature by network to user Q, its operating process is as follows:

Key generates: at first, user P should go to the 3rd side authoritative institution (ca authentication center or digital certificate center) to get a pair of private key (Private Key) and PKI (Public Key) that is generated parts output by key, private key must must not be leaked by user P oneself keeping; PKI then allows openly to provide to the external world with the form of public key certificate, so that use.

The digital signature operation: user P signs to file or message F with the private key of oneself on the machine of operation digital signature parts, obtains signed codevector, and file F is sent to user Q together with signed codevector.

Authentication operation: user Q obtains the public key certificate of user P from the CA center, on the machine of operation authentication parts, file F and its signed codevector of receiving are verified, to identify whether signed codevector is that user P does, and whether file F is modified in transmission course.

3.2.2 key generating portion

The key generating portion is used for the ca authentication center, is used for producing a pair of private key and PKI.Its implementation is:

(1) produces the super increasing sequence { A that item number is n at random ₁, A ₂..., A _n}

(2) find a positive prime number $M>{\mathrm{\Σ}}_{i=1}^n{A}_i,$ It satisfies q| (M-1) and S ²| (M-1)

Here, q＜n+4 is any prime number, S ∈ (2 ⁶⁴, ) for usually counting

(3) produce different in twos functional value l (i) at random, 5≤l (i)≤(n+4), i=1,2 ..., n

(4) choose suitable positive integer W＜M and Z＜M

(5) calculate non-super increasing sequence C _i← (A _i+ Z*l (i)) * W mod M, i=1,2 ..., n is last, with ({ A _i, { l (i) }, W, Z, M) as private key, with ({ C _i, M) as PKI.

Attention: in this article, { l (i) } be l (1), l (2) ..., l (n) } write a Chinese character in simplified form { C _iBe { C ₁, C ₂..., C _nWrite a Chinese character in simplified form." * " is multiplication." mod " represents complementation." gcd " represents greatest common divisor.

Represent the aliquant U of S.

3.2.3 digital signature

Transmit leg is the private key ({ A of signer with oneself _i, { l (i) }, W, Z, M) as signature key.If F is for waiting to sign file or message, Hash is an one-way hash function.

(1) make eap-message digest H=Hash (F), its binary form is b ₁b ₂B _n

(2) calculate $k\←{\mathrm{\Σ}}_{i=1}^n{b}_i*l\left(i\right),$ $E\←{\mathrm{\Σ}}_{i=1}^n{b}_i*A_i$

(3) work as x ^SIt (is H that ≡ H (mod M) separates ^(M-1)/S)≡ 1 (mod M)) time, H ← H+1

(4) find a random integers R＜M to make U ← ((H) ^R+E*W) ^S* H mod M satisfies And x ^S≡ U (mod M) nothing is separated, wherein, (H)+H=M

(5) calculate V ← ((H) ^(-R)+k*Z*W) ^UMod M, wherein, (R)+and after the R=M-1 algorithm is carried out, obtaining digital signature sign indicating number (U, V), it can send to the verifier with file F.

3.2.4 authentication

The recipient is with the public-key cryptography ({ C of transmit leg _i, M) as authentication secret.If F is for waiting to sign file or message, (U, V, Q) is its signed codevector.

(1) make eap-message digest H=Hash (F), its binary form is b ₁b ₂B _n

(2) calculate $\stackrel{\‾}{E}\←{\mathrm{\Σ}}_{i=1}^n{b}_i*C_i\mathrm{mod}M$

(3) work as x ^S≡ H (mod M) is when separating, H ← H+1

(4) calculate X ← U ^U* V ^SMod M, Y ← ((H) ^E*S* H) ^UMod M

(5) as if X=Y, V ≠ 1, U ^(M-1)/S≠ 1 and

, then the signer identity effectively and F be not modified,

Otherwise, the invalid or F of signer identity has been modified algorithm in transmission carry out after, can reach and differentiate the signature true and false, the purpose that anti-sender denies and anti-assailant revises.

3.3 the fail safe of this digital signature method

By demonstration, have quite high fail safe based on the public key digital signature method of lever function and super increasing sequence, when being used, it and encryption method can satisfy the needs of practical application.

Detailed process is (fill if desired, we will present immediately) slightly.

3.4 advantage and good effect

3.4.1 fail safe is higher

In at present used digital signature schemes such as RSA, ElGamal, the problem of having utilized big number to be difficult to calculate, along with the raising of computer speed, their fail safe will be affected.And this digital signature method is a uncertainty of having utilized l (.) function, just in the arithmetic speed of just considering computer when exhaustive, so, possess higher fail safe.

3.4.2 arithmetic speed is very fast

In this digital signature method, no matter be signature or checking, relate generally to Mo Jia and modular multiplication, they are the linear function of n (general n≤128).The number of times of Montgomery Algorithm is very limited, and because modulus M is less, therefore, speed also can be very fast.

3.4.3 it is favourable to national security

The Internet is a kind of open net, and information transmitted must be encrypted and sign in the above.Since important departments such as the Chinese government, national defence, finance, the tax already internet usage as means of communication, so information security is related to national security and economic security.But the information security of a vast big country can not be based upon on the external cryptographic algorithm basis, and therefore, public key encryption and the signature algorithm of studying us seem imperative and be significant.

(4) embodiment

Characteristics based on the public key digital signature method of lever function and super increasing sequence are that it can allow each user obtain two keys, and a key can disclose, and a key can only the individual have.Like this, can not worry that key divulged a secret in transmittance process.When the agreement correspondent was transmitted information on the net, the sender used the private cipher key of oneself that file or message are carried out digital signature, and the recipient uses sender's public-key cryptography that it is verified after receiving file and signed codevector.

CA (Certificate Authentication) authentication center that each user can arrive appointment obtains two keys.The ca authentication center is the mechanism that the user is registered and key is produced, distributes and manages.It utilizes the key generation method generation user's of 3.2.2 joint public-key cryptography and private cipher key.

This digital signature method can realize that it comprises two parts with logic circuit chip or program language: (1), is used by the ca authentication center as key generation method with 3.2.2 joint content; (2) save content as digital signature and auth method with 3.2.3 joint and 3.2.4, use by the general user.

Illustrate public-key cryptography digital signature method below based on coprime sequence

Below, our the Hash function of employing is:

H ₀=101110 (binary numbers)

H _i＝(H _i-1B _i)((～H _i-1)Λ(～B _i)) (i＝1，2，…，L)

Wherein, represents binary XOR, and Λ represents binary and computing ,～represent binary inverse, B _iThe message grouping of expression n bit long, L equals total bit number of message divided by n.

Above-mentioned Hash function only is used for saying something, and the Hash function in the practical application is than this Hash function complexity.

4.1 key generates example

If super increasing sequence { A _iBe 1,3,7,12,25,51, its length is 6, i.e. n=6 (in the practical application, super increasing sequence length should be 80 at least).

S=7 is usually counted in order, should S＞2 in the practical application ⁶⁴

Find M=1471＞1+3+7+12+25+51=99.

Be not difficult to verify that M satisfies (7 ²* 2*3*5) | (M-1).

Produce at random: l (1)=6, l (2)=5, l (3)=10, l (4)=9, l (5)=7, l (6)=8.

Choose W=123＜M and Z=321＜M.

Calculate C _i=(A _i+ Z*l (i)) W mod M obtains non-super increasing sequence:

C ₁＝(A ₁+Z*l(1))W?mod?M＝(1+321*6)123?mod?1471＝237021?mod?1471＝190

C ₂＝(A ₂+Z*l(2))W?mod?M＝(3+321*5)123?mod?1471＝197784?mod?1471＝670

C ₃＝(A ₃+Z*l(3))W?mod?M＝(7+321*10)123?mod?1471＝395691?mod?1471＝1463

C ₄＝(A ₄+Z*l(4))W?mod?M＝(12+321*9)123?mod?1471＝356823?mod?1471＝841

C ₅＝(A ₅+Z*l(5))W?mod?M＝(25+321*7)123?mod?1471＝279456?mod?1471＝1437

C ₆＝(A ₆+Z*l(6))W?mod?M＝(51+321*8)123?mod?1471＝322137?mod?1471＝1459

With ({ C _i, M) as public-key cryptography, with ({ A _i, { l (i) }, W, Z, M) as private cipher key.

4.2 digital signature example

If ({ A _i{ l (i) }, W, Z, M) be the private key of signature usefulness.

If wait the binary form of signing file or message F be: 011,010 101,000 111000.

Because n=6 is so each message block length is 6 bits, then L=18/6=3.

(1)

Utilize Hash function calculation eap-message digest:

H ₁＝(H ₀B ₁)((～H ₀)Λ(～B ₁))＝(101110011010)(010001Λ100101)＝110101

H ₂＝(H ₁B ₂)((～H ₁)Λ(～B ₂))＝(110101101000)(001010Λ010111)＝011111

H ₃＝(H ₂B ₃)((～H ₂)Λ(～B ₃))＝(011111111000)(100000Λ000111)＝100111

b ₁b ₂b ₃b ₄b ₅b ₆=H ₃=100111 are eap-message digest, and its 10 system form is H=2 ⁵+ 2 ²+ 2+1=39.

(2)

Calculate $k={\mathrm{\Σ}}_{i=1}^6{b}_i*l\left(i\right)=1*l\left(1\right)+1*l\left(4\right)+1*l\left(5\right)+1*l\left(6\right)=6+9+7+8=30.$

$E={\mathrm{\Σ}}_{i=1}^n{b}_i*A_i\mathrm{mod}M=1*A_1+1*A_4+1*A_5+1*A_6=1+12+25+51=89$

(3) because H ^(M-1)/S)≡ 39 ^1470/7≡ 666 (mod 1471), so during H=39, x ^S≡ H (mod M) nothing is separated.Note, according to the character of congruence, if H ^(M-1)/S≡ 1 (mod M), then explanation is separated.

(4)

Calculate (H)=1471-39=1432.Make R=15＜M.

Calculate U=((H) ^R+E*W) ^S* H mod M=(1432 ^15+89*123) ⁷* 39 mod M

＝1432 ²⁹⁴*39?mod?1471＝1394*39?mod?1471＝1410。

Be not difficult to verify, And U ^(M-1)/SSet up mod 1471=666 ≠ 1.

(5)

Calculate (R)=1470-15=1455.

Calculate V=((H) ^(-R)+k*Z*W) ^UMod M=(1432 ^{1455+30*321*123}) ¹⁴¹⁰Mod M

＝(1432 ¹¹²⁵) ¹⁴¹⁰?mod?1471＝1432 ¹²⁰?mod?1471＝1444。

So (1410,1444) are signed codevector, its binary form can be attached to the file back and send to the recipient.

4.3 authentication example

If ({ C _i, M) for the checking usefulness PKI, (1410,1444) are signed codevector.

The binary form of file or message F is: 011,010 101,000 111000.

Because n=6 is so each message block length is 6 bits, then L=18/6=3.

(1)

Utilize Hash function calculation eap-message digest:

H ₁＝(H ₀B ₁)((～H ₀)Λ(～B ₁))＝(101110011010)(010001Λ100101)＝110101

H ₂＝(H ₁B ₂)((～H ₁)Λ(～B ₂))＝(110101101000)(001010Λ010111)＝011111

H ₃＝(H ₂B ₃)((～H ₂)Λ(～B ₃))＝(011111111000)(100000Λ000111)＝100111

b ₁b ₂b ₃b ₄b ₅b ₆=H ₃=100111 are eap-message digest, and its 10 system form is H=2 ⁵+ 2 ²+ 2+1=39.

(2)

Calculate $\stackrel{\‾}{E}={\mathrm{\Σ}}_{i=1}^n{b}_i*C_i\mathrm{mod}M=C_1+C_4+C_5+C_6\mathrm{mod}1471$

$=190+841+1437+1459+\mathrm{mod}1471=985.$

(3) because H ^(M-1)/S≡ 39 ^1470/7≡ 666 (mod 1471), so during H ≡ 39, x ^S≡ H (mod M) nothing is separated.

(4)

Calculate X=U ^U* V ^SMod M=1410 ¹⁴¹⁰* 1444 ⁷Mod M=271*1347 mod 1471=229

Calculate Y=((H) ^E*S* H) ^UMod M

＝(1432 ^985*7*39) ¹⁴¹⁰?mod?M＝(716*39) ¹⁴¹⁰?mod?1471＝229。

(5) X=Y=229, V ≠ 1, U ^(M-1)/S≠ 1 and So,, signature is effectively.

This explanation the other side identity is correct, and file or message F before signature be consistent behind the signature, promptly in communication process, do not distorted by other people.

Finish for example.

Claims (1)

1, a kind of digital signature method based on lever function and super increasing sequence, form by key generation, digital signature and three parts of authentication, the key generating portion is used for producing user's a pair of private cipher key and public-key cryptography (being private key and PKI), digital signature partly uses the private key of oneself that file or message are produced signed codevector for transmit leg, authentication partly uses the PKI of transmit leg to come the certifying signature sign indicating number for the recipient, it is characterized in that

● the key generating portion has adopted the following step:

(1) produces the super increasing sequence { A that item number is n at random ₁, A ₂..., A _n)

(2) find a positive prime number $M{>\mathrm{\Σ}}_{i=1}^n{A}_i,$ It satisfies q| (M-1) and S ²| (M-1)

Here, q＜n+4 is any prime number,

For usually counting

(3) produce different in twos functional value l (i) at random, 5≤l (i)≤(n+4), i=1,2 ..., n

(4) choose suitable positive integer W＜M and Z＜M

(5) calculate non-super increasing sequence C _i=(A _i+ Z*l (i)) * W mod M, i=1,2 ..., n

After the end, with ({ C _i, M) as PKI, with ({ A _i, { l (i) }, W, Z, M) as private key, wherein, PKI can disclose to external world, private key can only be had privately by the user;

● digital signature has partly adopted the following step:

Transmit leg is with the private key ({ A of oneself _i, { l (i) }, W, Z, M) as signature key, at file F

(1) make eap-message digest H=Hash (F), its binary form is b ₁b ₂B _n

(2) calculate $k={\mathrm{\Σ}}_{i=1}^n{b}_i*l\left(i\right),$ $E={\mathrm{\Σ}}_{i=1}^n{b}_i*A_i$

(3) work as x ^SIt (is H that ≡ H (mod M) separates ^(M-1)/S≡ 1 (mod M)) time, H=H+1

(4) find a random integers R＜M to make U=((H) ^R+E*W) ^S* H mod M satisfies And x ^S≡ U (mod M) nothing is separated, wherein, (H)+H=M

(5) calculate V=((H) ^(-R)+k*Z*W) ^UMod M, wherein, (R)+and R=M-1 is last, obtains signed codevector (U, V), and they can be attached to file F back and send to the recipient;

● the following step has partly been adopted in authentication:

The recipient is with the PKI ({ C of transmit leg _i, M) as authentication secret, at file F and signed codevector (U, V)

(1) make eap-message digest H=Hash (F), its binary form is b ₁b ₂B _n

(2) calculate $E={\mathrm{\Σ}}_{i=1}^n{b}_i*c_i\mathrm{mod}M$

(3) work as x ^S≡ H (mod M) is when separating, H=H+1

(4) calculate X=U ^U* V ^SMod M, $Y={({(-H)}^{\stackrel{\‾}{E}*S}*H)}^U\mathrm{mod}M$

(5) as if X=Y, V ≠ 1, U ^(M-1)/S≠ 1 and

Then the signer identity effectively and F be not modified,

Otherwise the invalid or F of signer identity is modified in transmission.