CN101860434A - Method and device for implementing digital signature - Google Patents
Method and device for implementing digital signature Download PDFInfo
- Publication number
- CN101860434A CN101860434A CN 201010189912 CN201010189912A CN101860434A CN 101860434 A CN101860434 A CN 101860434A CN 201010189912 CN201010189912 CN 201010189912 CN 201010189912 A CN201010189912 A CN 201010189912A CN 101860434 A CN101860434 A CN 101860434A
- Authority
- CN
- China
- Prior art keywords
- hash
- result
- digital signature
- place
- mapping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method and a device for implementing digital signature, which are used for ensuring accurate execution of algorithms when the digital signature is performed on data based on a hash algorithm and a digital signature algorithm with equal digits. The method comprises the following steps of: performing hash operation on the data to be signed according to the hash algorithm in accordance with specified digits; performing shrunken mapping on a hash result obtained through the hash operation to reduce the digits of the data contained in the hash result into the digits smaller than the specified digits; and performing digital signature operation on the mapping result according to the digital signature algorithm in accordance with the specified digits. Therefore, when the digital signature is performed on the data based on the hash algorithm and the digital signature algorithm with the equal digits, the condition that the hash result is greater than a signature modulus can be avoided so as to ensure the accurate execution of the digital signature algorithm. The invention discloses the device for implementing the digital signature at the same time.
Description
Technical field
The present invention relates to data encryption technology, particularly a kind of implementation method of digital signature and device.
Background technology
At present, public key algorithm has obtained extensive use, and is popularized with very fast speed.Public key algorithm comprises hash operation and digital signature computing two parts, and wherein the digital signature computing is the pith that public key algorithm is used.In the practical application, when specific data being realized digital signature with public key algorithm, to use hash algorithm earlier, data to be signed are done the hash computing, and then the hash result done preliminary treatment (cover filling), adopt public key cryptography to do digital signature computing (hereinafter to be referred as the signature computing) again, finally obtain enciphered data through digital signature.
In historical usage, once adopted 160 SHA1 hash algorithm to do the hash computing, adopt 1024 public key cryptography to do the computing of RSA signature, the figure place of signature algorithm is much larger than the figure place of hash algorithm.In the past, for the safety requirements of signature algorithm, be the intensity that will guarantee RSA, once needed 1024 or above RSA, and for the safety requirements of hash algorithm, only need to adopt 160 SHA1 to carry out hash algorithm and promptly think safe.Obviously, signature algorithm will guarantee security intensity, just need the longer public key cryptography of figure place, and the increase of public key cryptography figure place then means the increase of resource consumption, comprises memory space, amount of calculation, communication bandwidth or the like.
At the problems referred to above, at present, adopt ellipse curve public key cipher algorithm (ECC) signature algorithm to realize digital signature, can under public key cryptography figure place very minor premise, guarantee the security intensity of signature computing like this.For example, under the prior art, adopt the ECC signature algorithm of 256 public key cryptographies promptly can be considered to safe; And be considered to 160 SHA1 hash algorithm safely in the past, and in the environment that attack technology develops rapidly, its fail safe has been subjected to threat, is to guarantee security intensity, and under the prior art, the SHA256 hash algorithm that has adopted 256 is to improve its fail safe.As seen, at present the public key algorithm that adopts is based on a kind of data ciphering method that the identical hash algorithm of length and ECC signature algorithm are realized digital signature, has remedied the not enough and bigger defective of resource cost of the algorithm security in the conventional art.
Yet still there are some defectives in above-mentioned public key algorithm, mainly is presented as:
When 256 ECC signature algorithms and 256 s' SHA256 hash algorithm is used in combination, the situation that this signature algorithm figure place and hash algorithm figure place equate, there is unmatched problem, because, 256 hash result, make the follow-up signature computing of doing 256 not have the cover space, be unfavorable for improving the fail safe of signature algorithm.Secondly, the situation of hash result's numerical value may occur, thereby can't do correct signature computing greater than the ECC modulus.
Summary of the invention
The invention provides a kind of implementation method and device of digital signature,, guarantee the correct execution of algorithm in order to when data being carried out digital signature based on the hash algorithm of phase equal-order digits and Digital Signature Algorithm.
The concrete technical scheme that the embodiment of the invention provides is as follows:
A kind of method that realizes digital signature comprises:
According to meeting the hash algorithm of specifying figure place, data to be signed are carried out the hash computing;
The hash result who obtains through the hash computing is dwindled mapping, be reduced to less than described appointment figure place with the figure place of data that the hash result is comprised;
According to the Digital Signature Algorithm that meets described appointment figure place mapping result is carried out the digital signature computing.
A kind of device of realizing digital signature comprises:
The hash arithmetic element is used for according to meeting the hash algorithm of specifying figure place data to be signed being carried out the hash computing;
Map unit is used for the hash result who obtains through the hash computing is dwindled mapping, is reduced to less than described appointment figure place with the figure place of data that the hash result is comprised;
The signature arithmetic element is used for according to the Digital Signature Algorithm that meets described appointment figure place mapping result being carried out the digital signature computing.
In the embodiment of the invention, after data to be signed are met the hash computing of specifying figure place, the hash result who obtains is dwindled mapping, figure place with data that the hash result is comprised is reduced to less than described appointment figure place, according to the Digital Signature Algorithm that meets described appointment figure place mapping result is carried out the digital signature computing again.Like this, when data being carried out digital signature, can avoid occurring the situation of hash result, thereby guarantee the correct execution of Digital Signature Algorithm greater than the signature modulus based on the hash algorithm of phase equal-order digits and Digital Signature Algorithm.
Description of drawings
Fig. 1 is for being used to realize the apparatus function structure chart of digital signature in the embodiment of the invention;
Fig. 2 carries out the data signature flow chart in the embodiment of the invention to data to be signed.
Embodiment
When data being carried out digital signature,, in the embodiment of the invention,, data to be signed are carried out the hash computing according to meeting the hash algorithm of specifying figure place in order to guarantee the correct execution of algorithm based on the hash algorithm of phase equal-order digits and Digital Signature Algorithm; The hash result who obtains through the hash computing is dwindled mapping, be reduced to less than described appointment figure place with the figure place of data that the hash result is comprised; According to the Digital Signature Algorithm that meets described appointment figure place mapping result is carried out the digital signature computing.
Below in conjunction with accompanying drawing the preferred embodiment of the present invention is elaborated.
Consult shown in Figure 1ly, in the embodiment of the invention, be used to realize that the device of digital signature comprises hash arithmetic element 10, map unit 11 and signature arithmetic element 12, wherein,
Hash arithmetic element 10 is used for according to meeting the hash algorithm of specifying figure place data to be signed being carried out the hash computing;
Map unit 11 is used for the hash result who obtains through the hash computing is dwindled mapping, is reduced to less than described appointment figure place with the figure place of data that the hash result is comprised;
Signature arithmetic element 12 is used for according to the Digital Signature Algorithm that meets described appointment figure place mapping result being carried out the digital signature computing.
Based on above-mentioned principle, in the embodiment of the invention, cooperating with 256 hash algorithms and 256 s' ECC Digital Signature Algorithm is example, do the digital signature computing in order to guarantee next step ECC algorithm of hash result of calculation of 256 with 256, need do preliminary treatment to the hash result, so-called preliminary treatment promptly is the hash result to be done to dwindle mapping earlier, and then do filling, just can adopt 256 ECC Digital Signature Algorithms to carry out digital signature afterwards.Consult shown in Figure 2ly, adopt said apparatus as follows the detailed process that data to be signed carry out digital signature:
Step 200: adopt 256 hash algorithm, data to be signed are carried out the hash computing.
Adopt 256 hash algorithm, the hash result of acquisition is that figure place is 256.
Step 210: 256 the hash result who obtains through the hash computing is dwindled mapping, be reduced to less than 256 with the figure place of data that the hash result is comprised.
Step 220: adopt 256 Digital Signature Algorithm that mapping result is carried out the digital signature computing.
In above-mentioned steps 210, so-calledly dwindle mapping, multiple implementation is arranged, for example, intercepting, modulo operation or other mappings are calculated.Wherein,
So-called intercept operation is obtained the specific data part exactly from the hash result, implementation including but not limited to: remove hash forward part data as a result, obtain remaining rear section data; Also can remove hash rear section data as a result, obtain remaining forward part data.The specific implementation step of intercept operation is: determine default intercepting figure place and interception position; Remove the data that meet described intercepting figure place at described interception position, and with the remaining data that obtains as mapping result.During intercept operation, remove the length of data, can be provided with voluntarily by the keeper according to applied environment, as, a byte or N byte (N>1) removed.In order to avoid conflict as far as possible, preferable, need go down to remove few data of trying one's best in the prerequisite that guarantees follow-up operation effect, be truncated to most data.
So-called conflict, promptly be meant different data to be signed, the result of its hash computing is different, the result of digital signature computing also is different, if different data to be signed are through the hash computing, before the signature computing or after the signature, identical hash result occurred, conflict has taken place exactly.For example, two different data to be signed, its hash result separately only has any different in the most previous byte, other figure places all are identical, so, if when shining upon processing, first byte is cut out, get the remainder of back, conflict had then just taken place before carrying out the digital signature computing.
The probability that conflict takes place changes with the difference of intercepted length, and the data of removal are many more, and the remaining data that obtains is just few more, and the probability that then clashes is just big more.Therefore, in the present embodiment, when presetting intercept method, should reduce the data volume of removal as far as possible, and keep remaining data as much as possible, as long as guarantee the cover space.
For intercept operation, in the practical application, for an extreme example, if most of data that 256 hash result is comprised all remove, as, only obtaining the data of a byte, the hash result only has 256 kinds of variations so, is easy to be attacked.So when carrying out intercept operation, keep the data that comprise among the hash result as much as possible, reduce probability under attack.Otherwise, only remove a byte as if the data that the hash result is comprised, and obtain remaining 31 bytes, then varied number is 10 the 75 power orders of magnitude, obviously, can avoid under attack well.However, because cut out 1 byte, just had conflict in theory inevitably, only, the probability that this conflict occurs is very little, and its order of magnitude is the inverse that changes number, and its fail safe is in credible scope.The experiment proved that when carrying out intercept operation, keeping 20 bytes is lower limits, promptly will keep the data of the above length of 20 bytes, could guarantee the fail safe of algorithm.
For example, cooperating with 256 hash algorithms and 256 s' ECC Digital Signature Algorithm is example, and 256 hash result exports with binary form, have 32 bytes, remove 1 byte foremost, get rest parts (31 bytes), a byte space foremost can be used as the cover space.Preferably, the principle of cover is: the highest order zero padding can be hexadecimal 04 as, cover byte, and just binary zero 0001000, guaranteed to have foremost 0 of 4 binary digits.
So-called modulo operation promptly is to adopt the modulus of ECC signature algorithm to do modulo operation one time, obtains the delivery result.In actual applications, as the mapping means, only having solved the problem of highest order with modulo operation, is to clash the less a kind of method of likelihood ratio; But,, do not have enough cover spaces because the space that is available is limited, can't arrange the cover agreement of other kinds, can only not carry out cover, only guarantee highest order 0, to guarantee that follow-up digital signature computing can correctly carry out, guarantee that promptly mapping result is less than the signature modulus.。Wherein, so-called modulus is default in an ECC signature algorithm parameter, i.e. a parameter in the elliptic curve parameter.
The specific implementation step of modulo operation is: determine the employed modulus of Digital Signature Algorithm, adopt described modulus that described hash result is carried out modulo operation, and with the delivery result that obtains as mapping result.Wherein, in order to guarantee to shine upon effect,, preferable when hash the possibility of result during greater than the modulus of signature algorithm, modulo operation is realized in the following ways: modulus and hash result with Digital Signature Algorithm are divided by, do not get the merchant, only get remainder, the remainder that calculates, as mapping result, like this, can guarantee to reflect the size of mapping result, less than the employed modulus of Digital Signature Algorithm.
Other mappings are here calculated, and can be any feasible mappings, as long as the hash result is mapped to space less than 256.Preferable, when follow-up cover was filled, the data division that need are filled was placed on a data high position, need mapped data partly be placed on the data low level, filled the back and constituted 256 filling result, and this filling result of 256 can provide ECC to do the digital signature computing.
Simultaneously, when adopting other mappings that the hash result is shone upon processing, also need to consider to avoid clashing the possibility that reduces to be attacked as far as possible.The conflict here, be meant that equally hash is calculated after owing to also will shine upon processing, just may occur exporting identical mapping result at the different hash results that export.For example, two kinds of hash results' difference only is the highest order byte, and other bytes are identical, if adopt the intercept method remove the highest order byte to realize mapping, just can make having come to the same thing after the mapping.So in the practical application, at different hash results, when shining upon processing, the byte number that as far as possible reduce last year, the mapping result of as far as possible avoiding different hash results to export after mapping is handled is identical.
In sum, in the embodiment of the invention, after data to be signed are met the hash computing of specifying figure place, the hash result who obtains is dwindled mapping, figure place with data that the hash result is comprised is reduced to less than described appointment figure place, according to the Digital Signature Algorithm that meets described appointment figure place mapping result is carried out the digital signature computing again.Like this, when data being carried out digital signature, can avoid occurring the situation of hash result, thereby guarantee the correct execution of Digital Signature Algorithm greater than the signature modulus based on the hash algorithm of phase equal-order digits and Digital Signature Algorithm.On the other hand, when being the mapping means with the intercept operation in the embodiment of the invention, for follow-up Digital Signature Algorithm provides the cover space, the formulation of signature agreement in helping using.
Those skilled in the art should understand that the application's embodiment can be provided as method, system or computer program.Therefore, the application can adopt complete hardware embodiment, complete software implementation example or in conjunction with the form of the embodiment of software and hardware aspect.And the application can adopt the form that goes up the computer program of implementing in one or more computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) that wherein include computer usable program code.
The application is that reference is described according to the flow chart and/or the block diagram of method, equipment (system) and the computer program of the embodiment of the present application.Should understand can be by the flow process in each flow process in computer program instructions realization flow figure and/or the block diagram and/or square frame and flow chart and/or the block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, make the instruction of carrying out by the processor of computer or other programmable data processing device produce to be used for the device of the function that is implemented in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame appointments.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, make the instruction that is stored in this computer-readable memory produce the manufacture that comprises command device, this command device is implemented in the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.
These computer program instructions also can be loaded on computer or other programmable data processing device, make on computer or other programmable devices and to carry out the sequence of operations step producing computer implemented processing, thereby the instruction of carrying out on computer or other programmable devices is provided for being implemented in the step of the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.
Although described the application's preferred embodiment, in a single day those skilled in the art get the basic creative notion of cicada, then can make other change and modification to these embodiment.So claims are intended to all changes and the modification that are interpreted as comprising preferred embodiment and fall into the application's scope.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (10)
1. a method that realizes digital signature is characterized in that, comprising:
According to meeting the hash algorithm of specifying figure place, data to be signed are carried out the hash computing;
The hash result who obtains through the hash computing is dwindled mapping, be reduced to less than described appointment figure place with the figure place of data that the hash result is comprised;
According to the Digital Signature Algorithm that meets described appointment figure place mapping result is carried out the digital signature computing.
2. the method for claim 1, it is characterized in that, after the hash result who obtains through the hash computing is dwindled mapping, before mapping result being carried out the digital signature computing, comprising: mapping result is carried out cover fill according to the Digital Signature Algorithm that meets described appointment figure place.
3. method as claimed in claim 2 is characterized in that, mapping result is carried out cover fill, and comprising: place padding data in a high position, placing at low level needs mapping (enum) data.
4. as claim 1,2 or 3 described methods, it is characterized in that described dwindling is mapped as intercept operation, comprising:
Determine default intercepting figure place and interception position;
Remove the data that meet described intercepting figure place at described interception position, and with the remaining data that obtains as mapping result.
5. method as claimed in claim 4 is characterized in that described remaining data comprises at least 20 bytes.
6. as claim 1,2 or 3 described methods, it is characterized in that described dwindling is mapped as modulo operation, comprising:
Determine the employed modulus of described Digital Signature Algorithm;
Adopt described modulus that described hash result is carried out modulo operation, and with the delivery result that obtains as mapping result.
7. a device of realizing digital signature is characterized in that, comprising:
The hash arithmetic element is used for according to meeting the hash algorithm of specifying figure place data to be signed being carried out the hash computing;
Map unit is used for the hash result who obtains through the hash computing is dwindled mapping, is reduced to less than described appointment figure place with the figure place of data that the hash result is comprised;
The signature arithmetic element is used for according to the Digital Signature Algorithm that meets described appointment figure place mapping result being carried out the digital signature computing.
8. device as claimed in claim 7, it is characterized in that, described map unit is after the hash result that the hash computing is obtained dwindles mapping, described signature arithmetic element was carried out cover to mapping result and is filled before according to the Digital Signature Algorithm that meets described appointment figure place mapping result being carried out the digital signature computing.
9. as claim 7 or 8 described devices, it is characterized in that, when described map unit is dwindled mapping to the hash result who obtains through the hash computing, determine default intercepting figure place and interception position, and remove the data that meet described intercepting figure place at described interception position, and with the remaining data that obtains as mapping result.
10. device as claimed in claim 7, it is characterized in that, when described map unit is dwindled mapping to the hash result who obtains through the hash computing, determine the employed modulus of described Digital Signature Algorithm, and adopt described modulus that described hash result is carried out modulo operation, and with the delivery result that obtains as mapping result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010189912XA CN101860434B (en) | 2010-05-25 | 2010-05-25 | Method and device for implementing digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010189912XA CN101860434B (en) | 2010-05-25 | 2010-05-25 | Method and device for implementing digital signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101860434A true CN101860434A (en) | 2010-10-13 |
| CN101860434B CN101860434B (en) | 2012-05-02 |
Family
ID=42946106
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010189912XA Expired - Fee Related CN101860434B (en) | 2010-05-25 | 2010-05-25 | Method and device for implementing digital signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101860434B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110290108A (en) * | 2019-05-17 | 2019-09-27 | 深圳市网心科技有限公司 | Data processing method, system and relevant device in a kind of block chain network |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1121754A (en) * | 1993-05-05 | 1996-05-01 | 刘尊全 | A repertoire of mappings for a cryptosystem |
| US20080226064A1 (en) * | 2007-03-12 | 2008-09-18 | Atmel Corporation | Chinese remainder theorem - based computation method for cryptosystems |
-
2010
- 2010-05-25 CN CN201010189912XA patent/CN101860434B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1121754A (en) * | 1993-05-05 | 1996-05-01 | 刘尊全 | A repertoire of mappings for a cryptosystem |
| US20080226064A1 (en) * | 2007-03-12 | 2008-09-18 | Atmel Corporation | Chinese remainder theorem - based computation method for cryptosystems |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110290108A (en) * | 2019-05-17 | 2019-09-27 | 深圳市网心科技有限公司 | Data processing method, system and relevant device in a kind of block chain network |
| CN110290108B (en) * | 2019-05-17 | 2020-10-13 | 深圳市网心科技有限公司 | Data processing method, system and related equipment in block chain network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101860434B (en) | 2012-05-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3198781B1 (en) | Techniques for distributing secret shares | |
| CN103427997B (en) | A kind of method generating digital signature and device | |
| CN105531713A (en) | Generating multiple secure hashes from a single data buffer | |
| CN105450620A (en) | Information processing method and device | |
| EP3758275B1 (en) | Post quantum public key signature operation for reconfigurable circuit devices | |
| CN106470102A (en) | Encryption apparatus, the storage device with encryption apparatus, its encryption and decryption approaches | |
| US20120203990A1 (en) | Method for storing and recovering data, utilization of the method in a storage cloud, storage server and computer program product | |
| EP3886360A1 (en) | Robust state synchronization for stateful hash-based signatures | |
| CN103067162A (en) | Method and device of data transmission | |
| CN111884986B (en) | Data encryption processing method and device and storage medium | |
| CN104811298A (en) | Method and device for realizing encryption | |
| US10536264B2 (en) | Efficient cryptographically secure control flow integrity protection | |
| CN103906039A (en) | Method and device for preventing leakage of mobile phone numbers | |
| CN103631660A (en) | Method and device for distributing storage resources in GPU in big integer calculating process | |
| RU2016104608A (en) | SYSTEM FOR JOINT USE OF THE CRYPTOGRAPHIC KEY | |
| CN111082926A (en) | Key synchronization method and system | |
| KR20160048860A (en) | Methods and apparatuses for prime number generation and storage | |
| CN102737270A (en) | Security co-processor of bank smart card chip based on domestic algorithms | |
| CN116635847A (en) | Implementing resilient deterministic encryption | |
| WO2020078804A1 (en) | Puf based securing of device update | |
| CN104753666B (en) | Cipher key processing method and device | |
| CN103546281B (en) | Dynamic key generation method and device | |
| JP2010134465A (en) | Hash encryption device and method | |
| CN105933120A (en) | Spark platform-based password hash value recovery method and device | |
| CN102495980A (en) | Credible password module capable of reconstructing dynamically |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee after: BEIJING WATCHDATA Co.,Ltd. Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120502 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |