CN104243456B - Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system - Google Patents
Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system Download PDFInfo
- Publication number
- CN104243456B CN104243456B CN201410437599.5A CN201410437599A CN104243456B CN 104243456 B CN104243456 B CN 104243456B CN 201410437599 A CN201410437599 A CN 201410437599A CN 104243456 B CN104243456 B CN 104243456B
- Authority
- CN
- China
- Prior art keywords
- communication party
- elliptic curve
- calculation
- result
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system.Specifically, part private key can be stored respectively in communicating pair, two sides joint, which could be signed or decrypted to message etc., to be operated, communicating pair can not get any information of other side's private key, therefore attacker is in the case where invading the side of any of which one, ciphertext all can not be forged a signature or decrypt, so as to improve the security of the private key in cloud computing environment;Moreover, during signature process and decryption, communicating pair only needs to carry out seldom interaction, so as to the application demand for meeting low latency in cloud computing environment, interacting less.
Description
Technical field
The present invention relates to password field, more particularly to suitable for signature of the cloud computing based on SM2 algorithms and decryption method
And system.
Background technology
At present, digital signature and encryption and decryption technology based on public key cryptography have been widely used in ecommerce, identity
In the application such as certification, as the important tool ensured information security, and the security of private key and using being to ensure that these applications are pacified
Full basis.
In cloud computing environment, main resource is assembled to server end, and client exists generally in the form of weak terminal,
Such as smart mobile phone, this kind of weak terminal generally stores and used in the form of software private key, therefore security protection ability is poor.Than
Such as, if private key being stored in the single file of smart mobile phone completely, then attacker can then obtain private by privilege-escalation
Key, in addition, if private key completely appear in each signature calculation during, then attacker can then have many modes will
It is exported from smart mobile phone internal memory.
In order to improve the security of private key, a kind of algorithm for being referred to as Threshold cryptogrphy is proposed in the prior art, will be private
Key is split and is distributed in different physical equipments, to avoid the direct storage of whole private key informations and use.Such as, one
In the Threshold Group Signature of individual (t, n), private key can be distributed in n member, and t is individual or more than t member can cooperate complete label
Name, and signature can not be then completed during less than t member.
But, often interaction is complicated for the realization of above-mentioned algorithm, and number of communications is various, it is impossible to meet low in cloud computing environment prolong
Late, the application demand interacted less, that is to say, that aforesaid way is to cloud computing environment and does not apply to.
The content of the invention
In view of this, the invention provides suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system,
The security of the private key in cloud computing environment can be improved.
In order to achieve the above object, the technical proposal of the invention is realized in this way:
A kind of endorsement method based on SM2 algorithms suitable for cloud computing, including:
First communication party generates the sub- private key D1 of itself, and second communication party generates the sub- private key D2 of itself;
First communication party generates message M to be signed eap-message digest e and Part I signature Q1, and e and Q1 are sent to
Second communication party;
Second communication party generates Part III signature s2 and the 4th according to Q1 and e generation Part II signature r according to D2
Part signature s3, first communication party is sent to by r, s2 and s3;
First communication party generates full signature according to D1, r, s2 and s3 and exported.
A kind of decryption method based on SM2 algorithms suitable for cloud computing, including:
First communication party generates the sub- private key D1 of itself, and second communication party generates the sub- private key D2 of itself;
First communication party carries out part decryption according to D1 to the ciphertext C got, obtains Part I plaintext T1, and send
To second communication party;
Second communication party generates Part II plaintext T2 according to D2 and T1, and is sent to first communication party;
First communication party is completely decrypted according to T2 to ciphertext C, obtains complete output in plain text.
A kind of signature system based on SM2 algorithms suitable for cloud computing, including:
First communication party, for generating the sub- private key D1 of itself;And generate message M to be signed eap-message digest e and first
Part signature Q1, second communication party is sent to by e and Q1;Full signature is generated according to D1, r, s2 and s3 and exported;
Second communication party, for generating the sub- private key D2 of itself;And according to Q1 and e generation Part II signature r, and according to
D2 generation Part III signature s2 and Part IV signature s3, first communication party is sent to by r, s2 and s3.
A kind of decryption system based on SM2 algorithms suitable for cloud computing, including:
First communication party, for generating the sub- private key D1 of itself;And part solution is carried out to the ciphertext C got according to D1
It is close, Part I plaintext T1 is obtained, second communication party is sent to;Ciphertext C is completely decrypted according to T2, complete plaintext is obtained
Output;
Second communication party, for generating the sub- private key D2 of itself;And Part II plaintext T2 is generated according to D2 and T1, concurrently
Give first communication party.
It can be seen that, using scheme of the present invention, part private key can be stored respectively in communicating pair, two sides joint can just be offseted
Breath such as is signed or decrypted at the operation, and communicating pair can not get any information of other side's private key, therefore attacker is entering
In the case of invading the side of any of which one, all can not forge a signature or decrypt ciphertext, correspondingly, when by the program be applied to cloud computing
When in environment, you can improve the security of the private key in cloud computing environment;Moreover, during signature process and decryption, communication is double
Side only needs to carry out seldom interaction, so as to the application demand for meeting low latency in cloud computing environment, interacting less.
Brief description of the drawings
Fig. 1 is flow chart of the present invention suitable for the endorsement method embodiment based on SM2 algorithms of cloud computing.
Fig. 2 is the process schematic that first communication party of the present invention and second communication party generate respective sub- private key and public key.
Fig. 3 is that the process for the full signature that first communication party of the present invention and second communication party generate message M to be signed is illustrated
Figure.
Fig. 4 is flow chart of the present invention suitable for the decryption method embodiment based on SM2 algorithms of cloud computing.
Fig. 5 is the process schematic that first communication party of the present invention and second communication party decrypt the complete plaintext for obtaining ciphertext C.
Embodiment
For problems of the prior art, proposed in the present invention it is a kind of it is suitable for cloud computing environment, based on SM2
The signature scheme and decryption scheme of algorithm.SM2 algorithms are a kind of commercial cipher algorithms of standard, extensive in password product
Support and use.
In order that technical scheme is clearer, clear, develop simultaneously embodiment referring to the drawings, to institute of the present invention
The scheme of stating is described in further detail.
Fig. 1 is flow chart of the present invention suitable for the endorsement method embodiment based on SM2 algorithms of cloud computing, such as Fig. 1 institutes
Show, comprise the following steps 11~14.
Step 11:First communication party generates the sub- private key D1 of itself, and second communication party generates the sub- private key D2 of itself.
For ease of statement, communicating pair is represented with first communication party and second communication party respectively, wherein, first communication party
Can be client server, correspondingly, when first communication party is client, second communication party is then server end,
When first communication party is server end, second communication party is then client.
First communication party and second communication party share elliptic curve parameter E (Fq), G and the n of SM2 algorithms, and elliptic curve E is
Be defined on the elliptic curve on finite field Fq, G represents the basic point of n ranks on elliptic curve E, specific value of each parameter etc. all in accordance with
SM2 algorithms are preset.
First communication party and second communication party need to generate the sub- private key D1 and D2 of itself respectively, in addition, can also be further
Cooperation generation public key P.
Correspondingly, Fig. 2 is the process that first communication party of the present invention and second communication party generate respective sub- private key and public key
Schematic diagram, as shown in Fig. 2 comprising the following steps 21~26.
Step 21:First communication party produce one be located at [1, n-1] between random number, using the random number of generation as
D1。
Have:D1 ∈ [1, n-1].
Step 22:Second communication party produce one be located at [1, n-1] between random number, using the random number of generation as
D2。
Have:D2 ∈ [1, n-1].
Step 23:First communication party calculates inverse element D1s of the D1 on Fq-1mod n。
Mod represents modulus computing.
Step 24:Second communication party calculates inverse element D2s of the D2 on Fq-1mod n。
Step 25:First communication party calculates D1-1[*] G, second communication party is sent to by result of calculation P1.
Have:P1=D1-1[*] G, wherein, [*] represents elliptic curve point multiplication operation.
Step 26:Second communication party calculates D2-1[*] P1 [-] G, result of calculation P is disclosed as public key.
Have:P=D2-1[*] P1 [-] G, wherein, [-] represents that elliptic curve point subtracts computing.
It should be noted that the representation of above-mentioned steps 21~26 is by way of example only, each step is not limited to
Execution sequence, in actual applications, the execution sequence of each step can be set according to actual needs, as long as can finally obtain institute
It is same in the result needed, each schematic diagram being subsequently related to, repeat no more.
Step 12:First communication party generates message M to be signed eap-message digest e and Part I signature Q1, and by e and Q1
It is sent to second communication party.
Step 13:Second communication party generates Part III signature according to Q1 and e generation Part II signature r according to D2
S2 and Part IV signature s3, first communication party is sent to by r, s2 and s3.
Step 14:First communication party generates full signature according to D1, r, s2 and s3 and exported.
Pass through process shown in step 12~14, you can generation message M to be signed full signature.
Fig. 3 is that the process for the full signature that first communication party of the present invention and second communication party generate message M to be signed is illustrated
Figure, as shown in figure 3, comprising the following steps 31~39.
Step 31:Z and M are spliced to form M' by first communication party, and calculate Hash (M'), using result of calculation as e, its
In, Z represents first communication party and the common identity of second communication party, and Hash () represents predetermined cryptographic Hash function.
Have:M'=Z | | M, | | represent splicing;
E=Hash (M').
Step 32:First communication party produces a random number k 1 being located between [1, n-1], and calculates k1 [*] G, will count
Calculate result and be used as Q1.
Have:K1 ∈ [1, n-1];
Q1=k1 [*] G.
Step 33:E and Q1 are sent to second communication party by first communication party.
Step 34:Second communication party produces a random number k 2 being located between [1, n-1], and calculates k2 [*] G, obtains
Result of calculation Q2.
Have:K2 ∈ [1, n-1];
Q2=k2 [*] G.
Step 35:Second communication party produces a random number k 3 being located between [1, n-1], calculates k3 [*] Q1 [+] Q2,
Result of calculation (x1, y1) is obtained, and calculates x1+e mod n, using result of calculation as r, wherein, [+] represents that elliptic curve point adds
Computing.
Have:K3 ∈ [1, n-1];
(x1, y1)=k3 [*] Q1 [+] Q2;
R=x1+e mod n.
Wherein, if r is not equal to 0, step 36 is performed, if r is equal to 0, second communication party can regenerate k3, and again
Calculating obtains (x1, y1) and r, untill r is not equal to 0.
Step 36:If r is not equal to 0, second communication party calculates D2*k3mod n, using result of calculation as s2, and calculates
D2* (r+k2) mod n, regard result of calculation as s3.
Have:S2=D2*k3mod n;
S3=D2* (r+k2) mod n.
Step 37:R, s2 and s3 are sent to first communication party by second communication party.
Step 38:First communication party calculates (D1*k1) * s2+D1*s3-r mod n, obtains result of calculation s.
Have:S=(D1*k1) s2+D1*s3-r mod n.
Wherein, can be from regenerating k1 if s is equal to 0 or equal to n-r, and step related to this is re-executed, if
S is not equal to 0 and is not equal to n-r, then performs step 39.
Step 39:If s is not equal to 0 and is not equal to n-r, first communication party exports (r, s) as full signature.
Meanwhile, also exportable message M to be signed.
Each random number k 1 for being related in above steps, k2, k3 etc. are integer.
Fig. 4 is flow chart of the present invention suitable for the decryption method embodiment based on SM2 algorithms of cloud computing, such as Fig. 4 institutes
Show, comprise the following steps 41~44.
Step 41:First communication party generates the sub- private key D1 of itself, and second communication party generates the sub- private key D2 of itself.
For ease of statement, communicating pair is represented with first communication party and second communication party respectively, wherein, first communication party
Can be client server, correspondingly, when first communication party is client, second communication party is then server end,
When first communication party is server end, second communication party is then client.
First communication party and second communication party share elliptic curve parameter E (Fq), G and the n of SM2 algorithms, and elliptic curve E is
Be defined on the elliptic curve on finite field Fq, G represents the basic point of n ranks on elliptic curve E, specific value of each parameter etc. all in accordance with
SM2 algorithms are preset.
This step implements the related description that can refer in step 11, and here is omitted.
Step 42:First communication party carries out part decryption according to D1 to the ciphertext C got, obtains Part I in plain text
T1, and it is sent to second communication party.
Step 43:Second communication party generates Part II plaintext T2 according to D2 and T1, and is sent to first communication party.
Step 44:First communication party is completely decrypted according to T2 to ciphertext C, obtains complete output in plain text.
Pass through process shown in step 42~44, you can obtain ciphertext C complete plaintext.
Fig. 5 is the process schematic that first communication party of the present invention and second communication party decrypt the complete plaintext for obtaining ciphertext C,
As shown in figure 5, comprising the following steps 51~510.
Step 51:First communication party extracts Bit String C1 from ciphertext C, ciphertext C spliced by Bit String C1, C2 and C3 and
Into, and C1 is carried out after data type conversion, whether checking C1 is non-infinite point on elliptic curve E.
Have:C=C1 | | C2 | | C3.
Data type conversion is carried out to C1, typically refers to its being converted to integer from Bit String, how to carry out being converted to now
There is technology, whether how to verify C1 is that non-infinite point on elliptic curve E is similarly prior art.
If C1 is the non-infinite point on elliptic curve E, step 52 is performed, otherwise, can report an error and exit.
Step 52:First communication party calculates D1-1[*] C1, using result of calculation as T1, wherein, D1-1It is D1 on Fq
Inverse element.
Have:T1=D1-1[*]C1。
Step 53:T1 is sent to second communication party by first communication party.
Step 54:Second communication party calculates D2-1[*] T1, using result of calculation as T2, wherein, D2-1It is D2 on Fq
Inverse element.
Have:T2=D2-1[*]T1。
Step 55:T2 is sent to first communication party by second communication party.
Step 56:First communication party calculates T2 [-] C1, obtains result of calculation (x2, y2).
Have:(x2, y2)=T2 [-] C1.
Step 57:First communication party calculating KDF (x2 | | y2, klen), result of calculation t is obtained, wherein, | | splicing is represented,
KDF () is predetermined cipher key derivation function, and klen represents the bit-string length of output, and value is to preset.
Have:T=KDF (x2 | | y2, klen).
If t is not equal to 0, step 58 is performed, otherwise, can report an error and exit.
Step 58:If t is not equal to 0, first communication party extracts Bit String C2 from ciphertext C, and calculatesObtain
Result of calculation M ", wherein,Represent step-by-step XOR.
Have:
Step 59:First communication party calculating Hash (x2 | | M " | | y2), obtain result of calculation u.
Have:U=Hash (x2 | | M " | | y2).
Step 510:First communication party extracts Bit String C3 from ciphertext C, if u be equal to C3, using M " as completely it is bright
Text output.
If u is not equal to C3, it can report an error and exit.
Based on above-mentioned introduction, the present invention discloses a kind of signature system based on SM2 algorithms suitable for cloud computing
And a kind of decryption system based on SM2 algorithms suitable for cloud computing, it is described below respectively.
The signature system based on SM2 algorithms suitable for cloud computing includes:
First communication party, for generating the sub- private key D1 of itself;And generate message M to be signed eap-message digest e and first
Part signature Q1, second communication party is sent to by e and Q1;Full signature is generated according to D1, r, s2 and s3 and exported;
Second communication party, for generating the sub- private key D2 of itself;And according to Q1 and e generation Part II signature r, and according to
D2 generation Part III signature s2 and Part IV signature s3, first communication party is sent to by r, s2 and s3.
Wherein,
First communication party and second communication party share elliptic curve parameter E (Fq), G and the n of SM2 algorithms, and elliptic curve E is
The elliptic curve on finite field Fq is defined on, G is the basic point of n ranks on elliptic curve E;
D1 and D2 are a random number being located between [1, n-1].
In addition,
First communication party can be further used for, and calculate inverse element D1s of the D1 on Fq-1Mod n, and calculate D1-1[*] G, will be counted
Calculate result P1 and be sent to second communication party;
Second communication party can be further used for, and calculate inverse element D2s of the D2 on Fq-1Mod n, and calculate D2-1[*]P1[-]
G, result of calculation P is disclosed as public key, wherein, mod represents modulus computing, and [*] represents elliptic curve point multiplication operation,
Represent that elliptic curve point subtracts computing [-].
Specifically,
First communication party calculate e=Hash (M'), M'=Z | | M, wherein, | | represent splicing, Z represent first communication party and
The common identity of second communication party, Hash () represents predetermined cryptographic Hash function;And Q1=k1 [*] G is calculated, wherein,
K1 is a random number between [1, n-1], and [*] represents elliptic curve point multiplication operation.
Second communication party calculates r=x1+e mod n, (x1, y1)=k3 [*] Q1 [+] Q2, Q2=k2 [*] G;Wherein, mod
Modulus computing is represented, [*] represents elliptic curve point multiplication operation, and [+] represents elliptic curve point add operation;K2 and k3 are to be located at
A random number between [1, n-1];When r is not equal to 0, s2=D2*k3mod n, s3=D2* (r+k2) mod n are calculated.
First communication party calculates (D1*k1) * s2+D1*s3-r mod n, obtains result of calculation s, wherein, mod represents modulus
Computing, if s is not equal to 0 and is not equal to n-r, (r, s) is exported as full signature.
The decryption system based on SM2 algorithms suitable for cloud computing includes:
First communication party, for generating the sub- private key D1 of itself;And part solution is carried out to the ciphertext C got according to D1
It is close, Part I plaintext T1 is obtained, second communication party is sent to;Ciphertext C is completely decrypted according to T2, complete plaintext is obtained
Output;
Second communication party, for generating the sub- private key D2 of itself;And Part II plaintext T2 is generated according to D2 and T1, concurrently
Give first communication party.
Wherein,
First communication party and second communication party share elliptic curve parameter E (Fq), G and the n of SM2 algorithms, and elliptic curve E is
The elliptic curve on finite field Fq is defined on, G is the basic point of n ranks on elliptic curve E;
D1 and D2 are a random number being located between [1, n-1].
In addition,
First communication party can be further used for, and Bit String C1 be extracted from ciphertext C, ciphertext C is by Bit String C1, C2 and C3
It is spliced, and C1 is carried out after data type conversion, whether checking C1 is non-infinite point on elliptic curve E;If so, then
Calculate D1-1[*] C1, using result of calculation as T1, wherein, D1-1The inverse element for being D1 on Fq, [*] represents elliptic curve dot product fortune
Calculate.
Specifically,
Second communication party calculates T2=D2-1[*] T1, wherein, D2-1The inverse element for being D2 on Fq, [*] represents elliptic curve
Point multiplication operation.
First communication party can be further used for, and calculates T2 [-] C1, obtains result of calculation (x2, y2), wherein, [-] represents
Elliptic curve point subtracts computing;Calculating KDF (x2 | | y2, klen), result of calculation t is obtained, wherein, | | represent splicing, KDF () table
Show predetermined cipher key derivation function, klen represents the bit-string length of predetermined output;If t is not equal to 0, carried from ciphertext C
Bit String C2 is taken out, and is calculatedResult of calculation M " is obtained, wherein,Represent step-by-step XOR;Calculating Hash (x2 | |
M " | | y2), result of calculation u is obtained, wherein, Hash () represents predetermined cryptographic Hash function;Bit is extracted from ciphertext C
String C3, if u is equal to C3, using M " is used as complete output in plain text.
The specific workflow of said system embodiment refer to the respective description in preceding method embodiment, herein no longer
Repeat.
In summary, presently preferred embodiments of the present invention is these are only, is not intended to limit the scope of the present invention.
Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., should be included in the present invention's
Within protection domain.
Claims (22)
1. a kind of endorsement method based on SM2 algorithms suitable for cloud computing, it is characterised in that including:
First communication party generates the sub- private key D1 of itself, and second communication party generates the sub- private key D2 of itself;
First communication party generates message M to be signed eap-message digest e and Part I signature Q1, and e and Q1 are sent into second
Communication party;
Second communication party generates Part III signature s2 and Part IV according to Q1 and e generation Part II signature r according to D2
Signed s3, and r, s2 and s3 are sent into first communication party;
First communication party generates full signature according to D1, r, s2 and s3 and exported.
2. according to the method described in claim 1, it is characterised in that
First communication party and second communication party share elliptic curve parameter E (Fq), G and the n of SM2 algorithms, and elliptic curve E is definition
Elliptic curve on finite field Fq, G is the basic point of n ranks on elliptic curve E;
The first communication party, which generates the sub- private key D1 of itself, to be included:First communication party produces one and is located between [1, n-1]
Random number, regard the random number of generation as D1;
The second communication party, which generates the sub- private key D2 of itself, to be included:Second communication party produces one and is located between [1, n-1]
Random number, regard the random number of generation as D2.
3. method according to claim 2, it is characterised in that
This method further comprises:
First communication party calculates inverse element D1s of the D1 on Fq-1Mod n, and calculate D1-1[*] G, second is sent to by result of calculation P1
Communication party;
Second communication party calculates inverse element D2s of the D2 on Fq-1Mod n, and calculate D2-1[*] P1 [-] G, regard result of calculation P as public affairs
Key is disclosed, wherein, mod represents modulus computing, and [*] represents elliptic curve point multiplication operation, and [-] represents that elliptic curve point subtracts fortune
Calculate.
4. according to the method in claim 2 or 3, it is characterised in that
The eap-message digest e and Part I signature Q1 that the first communication party generates message M to be signed include:
Z and M are spliced to form M' by first communication party, and calculate Hash (M'), using result of calculation as e, wherein, Z represents first
Communication party and the common identity of second communication party, Hash () represent predetermined cryptographic Hash function;
First communication party produces a random number k 1 being located between [1, n-1], and calculates k1 [*] G, using result of calculation as
Q1, wherein, [*] represents elliptic curve point multiplication operation.
5. according to the method in claim 2 or 3, it is characterised in that
The second communication party generates Part III signature s2 and the 4th according to Q1 and e generation Part II signature r according to D2
Part signature s3 includes:
Second communication party produces a random number k 2 being located between [1, n-1], and calculates k2 [*] G, obtains result of calculation Q2,
Wherein, [*] represents elliptic curve point multiplication operation;
Second communication party produces a random number k 3 being located between [1, n-1], calculates k3 [*] Q1 [+] Q2, obtains result of calculation
(x1, y1), and x1+e mod n are calculated, using result of calculation as r, wherein, mod represents modulus computing, and [*] represents elliptic curve
Point multiplication operation, [+] represents elliptic curve point add operation;
If r is not equal to 0, second communication party calculates D2*k3mod n, using result of calculation as s2, and calculates D2* (r+k2) mod
N, regard result of calculation as s3.
6. method according to claim 4, it is characterised in that
The first communication party generates full signature and exported according to D1, r, s2 and s3 to be included:
First communication party calculates (D1*k1) * s2+D1*s3-r mod n, obtains result of calculation s, wherein, mod represents that modulus is transported
Calculate;
If s is not equal to 0 and is not equal to n-r, first communication party exports (r, s) as full signature.
7. a kind of decryption method based on SM2 algorithms suitable for cloud computing, it is characterised in that including:
First communication party generates the sub- private key D1 of itself, and second communication party generates the sub- private key D2 of itself;
First communication party carries out part decryption according to D1 to the ciphertext C that gets, obtains Part I plaintext T1, and is sent to the
Two communication parties;
Second communication party generates Part II plaintext T2 according to D2 and T1, and is sent to first communication party;
First communication party is completely decrypted according to T2 to ciphertext C, obtains complete output in plain text.
8. method according to claim 7, it is characterised in that
First communication party and second communication party share elliptic curve parameter E (Fq), G and the n of SM2 algorithms, and elliptic curve E is definition
Elliptic curve on finite field Fq, G is the basic point of n ranks on elliptic curve E;
The first communication party, which generates the sub- private key D1 of itself, to be included:First communication party produces one and is located between [1, n-1]
Random number, regard the random number of generation as D1;
The second communication party, which generates the sub- private key D2 of itself, to be included:Second communication party produces one and is located between [1, n-1]
Random number, regard the random number of generation as D2.
9. method according to claim 8, it is characterised in that
The first communication party carries out part decryption according to D1 to the ciphertext C got, and obtaining Part I plaintext T1 includes:
First communication party extracts Bit String C1 from ciphertext C, and ciphertext C is spliced by Bit String C1, C2 and C3, and C1 is entered
After row data type conversion, whether checking C1 is non-infinite point on elliptic curve E;
If so, then calculating D1-1[*] C1, using result of calculation as T1, wherein, D1-1The inverse element for being D1 on Fq, [*] represents oval
Curve point multiplication operation.
10. method according to claim 8, it is characterised in that
The second communication party includes according to D2 and T1 generations Part II plaintext T2:
Second communication party calculates D2-1[*] T1, using result of calculation as T2, wherein, D2-1The inverse element for being D2 on Fq, [*] is represented
Elliptic curve point multiplication operation.
11. method according to claim 9, it is characterised in that
The first communication party is completely decrypted according to T2 to ciphertext C, and obtaining complete output in plain text includes:
First communication party calculates T2 [-] C1, obtains result of calculation (x2, y2), wherein, [-] represents that elliptic curve point subtracts computing;
First communication party calculating KDF (x2 | | y2, klen), result of calculation t is obtained, wherein, | | splicing is represented, KDF () represents pre-
Fixed cipher key derivation function, klen represents the bit-string length of predetermined output;
If t is not equal to 0, first communication party extracts Bit String C2 from ciphertext C, and calculates, obtain result of calculation
M ", wherein,Represent step-by-step XOR;
First communication party calculating Hash (x2 | | M " | | y2), result of calculation u is obtained, wherein, the password that Hash () represents predetermined is miscellaneous
Gather function;
First communication party extracts Bit String C3 from ciphertext C, if u is equal to C3, using M " exports in plain text as complete.
12. a kind of signature system based on SM2 algorithms suitable for cloud computing, it is characterised in that including:
First communication party, for generating the sub- private key D1 of itself;And generate message M to be signed eap-message digest e and Part I
Signed Q1, and e and Q1 are sent into second communication party;Full signature is generated according to D1, r, s2 and s3 and exported;
Second communication party, for generating the sub- private key D2 of itself;And according to Q1 and e generation Part II signature r, and given birth to according to D2
Into Part III signature s2 and Part IV signature s3, r, s2 and s3 are sent to first communication party.
13. system according to claim 12, it is characterised in that
First communication party and second communication party share elliptic curve parameter E (Fq), G and the n of SM2 algorithms, and elliptic curve E is definition
Elliptic curve on finite field Fq, G is the basic point of n ranks on elliptic curve E;
D1 and D2 are a random number being located between [1, n-1].
14. system according to claim 13, it is characterised in that
First communication party is further used for, and calculates inverse element D1s of the D1 on Fq-1Mod n, and calculate D1-1[*] G, by result of calculation
P1 is sent to second communication party;
Second communication party is further used for, and calculates inverse element D2s of the D2 on Fq-1Mod n, and calculate D2-1[*] P1 [-] G, will be calculated
As a result P is disclosed as public key, wherein, mod represents modulus computing, and [*] represents elliptic curve point multiplication operation, and [-] represents ellipse
Circular curve point subtracts computing.
15. the system according to claim 13 or 14, it is characterised in that
First communication party calculates e=Hash (M'), M'=Z | | M, wherein, | | splicing is represented, Z represents first communication party and second
The common identity of communication party, Hash () represents predetermined cryptographic Hash function;And Q1=k1 [*] G is calculated, wherein, k1 is
A random number between [1, n-1], [*] represents elliptic curve point multiplication operation.
16. the system according to claim 13 or 14, it is characterised in that
Second communication party calculates r=x1+e mod n, (x1, y1)=k3 [*] Q1 [+] Q2, Q2=k2 [*] G;Wherein, mod is represented
Modulus computing, [*] represents elliptic curve point multiplication operation, and [+] represents elliptic curve point add operation;K2 and k3 are to be located at [1, n-
1] random number between;When r is not equal to 0, s2=D2*k3mod n, s3=D2* (r+k2) mod n are calculated.
17. system according to claim 15, it is characterised in that
First communication party calculates (D1*k1) * s2+D1*s3-r mod n, obtains result of calculation s, wherein, mod represents that modulus is transported
Calculate, if s is not equal to 0 and is not equal to n-r, (r, s) is exported as full signature.
18. a kind of decryption system based on SM2 algorithms suitable for cloud computing, it is characterised in that including:
First communication party, for generating the sub- private key D1 of itself;And part decryption is carried out to the ciphertext C got according to D1, obtain
To Part I plaintext T1, second communication party is sent to;Ciphertext C is completely decrypted according to T2, complete output in plain text is obtained;
Second communication party, for generating the sub- private key D2 of itself;And Part II plaintext T2 is generated according to D2 and T1, and be sent to
First communication party.
19. system according to claim 18, it is characterised in that
First communication party and second communication party share elliptic curve parameter E (Fq), G and the n of SM2 algorithms, and elliptic curve E is definition
Elliptic curve on finite field Fq, G is the basic point of n ranks on elliptic curve E;
D1 and D2 are a random number being located between [1, n-1].
20. system according to claim 19, it is characterised in that
First communication party is further used for, and extracts Bit String C1 from ciphertext C, ciphertext C spliced by Bit String C1, C2 and C3 and
Into, and C1 is carried out after data type conversion, whether checking C1 is non-infinite point on elliptic curve E;If so, then calculating
D1-1[*] C1, using result of calculation as T1, wherein, D1-1The inverse element for being D1 on Fq, [*] represents elliptic curve point multiplication operation.
21. system according to claim 19, it is characterised in that
Second communication party calculates T2=D2-1[*] T1, wherein, D2-1The inverse element for being D2 on Fq, [*] represents elliptic curve dot product fortune
Calculate.
22. system according to claim 20, it is characterised in that
First communication party is further used for, and calculates T2 [-] C1, obtains result of calculation (x2, y2), wherein, [-] represents elliptic curve
Point subtracts computing;Calculating KDF (x2 | | y2, klen), result of calculation t is obtained, wherein, | | splicing is represented, KDF () represents predetermined
Cipher key derivation function, klen represents the bit-string length of predetermined output;If t is not equal to 0, bit is extracted from ciphertext C
String C2, and calculateResult of calculation M " is obtained, wherein,Represent step-by-step XOR;Calculating Hash (x2 | | M " | | y2),
Result of calculation u is obtained, wherein, Hash () represents predetermined cryptographic Hash function;Bit String C3 is extracted from ciphertext C, if u
" exported in plain text as complete equal to C3, then using M.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410437599.5A CN104243456B (en) | 2014-08-29 | 2014-08-29 | Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410437599.5A CN104243456B (en) | 2014-08-29 | 2014-08-29 | Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104243456A CN104243456A (en) | 2014-12-24 |
| CN104243456B true CN104243456B (en) | 2017-11-03 |
Family
ID=52230806
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410437599.5A Active CN104243456B (en) | 2014-08-29 | 2014-08-29 | Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104243456B (en) |
Families Citing this family (37)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959108A (en) * | 2016-06-27 | 2016-09-21 | 收付宝科技有限公司 | Method, device and system for encrypting and decrypting cloud payment limiting secret key |
| CN106685651A (en) * | 2016-12-22 | 2017-05-17 | 北京信安世纪科技有限公司 | Method for creating digital signatures by cooperation of client and server |
| CN106685662B (en) * | 2016-12-23 | 2019-09-24 | 中国电子科技集团公司第三十研究所 | A kind of whitepack software implementation method of the close SM2 Encryption Algorithm of quotient based on residue number system |
| CN106850229B (en) * | 2017-01-22 | 2019-10-25 | 武汉理工大学 | SM2 digital signature generation method and system based on product secret division |
| CN108574570B (en) | 2017-03-08 | 2022-05-17 | 华为技术有限公司 | Private key generation method, device and system |
| CN107342855B (en) * | 2017-06-14 | 2021-02-09 | 山东同智伟业软件股份有限公司 | Signature method based on SM2 algorithm |
| CN107196763B (en) * | 2017-07-06 | 2020-02-18 | 数安时代科技股份有限公司 | SM2 algorithm collaborative signature and decryption method, device and system |
| CN107360002B (en) * | 2017-08-15 | 2020-02-07 | 武汉信安珞珈科技有限公司 | Application method of digital certificate |
| CN107483212B (en) * | 2017-08-15 | 2021-04-30 | 武汉信安珞珈科技有限公司 | Method for generating digital signature by cooperation of two parties |
| CN107634836B (en) * | 2017-09-05 | 2020-09-08 | 何德彪 | SM2 digital signature generation method and system |
| CN107864037A (en) * | 2017-10-25 | 2018-03-30 | 深圳奥联信息安全技术有限公司 | SM9 Combination with Digital endorsement method and device |
| CN109818741B (en) * | 2017-11-22 | 2022-06-07 | 航天信息股份有限公司 | Decryption calculation method and device based on elliptic curve |
| CN109936455B (en) * | 2017-12-19 | 2022-06-07 | 航天信息股份有限公司 | Digital signature method, device and system |
| CN108055136A (en) * | 2017-12-22 | 2018-05-18 | 上海众人网络安全技术有限公司 | Endorsement method, device, computer equipment and storage medium based on elliptic curve |
| CN108199835B (en) * | 2018-01-19 | 2021-11-30 | 北京江南天安科技有限公司 | Multi-party combined private key decryption method |
| CN108737103B (en) * | 2018-03-27 | 2021-06-29 | 中国科学院数据与通信保护研究教育中心 | SM2 algorithm signature method applied to CS framework |
| CN108964923B (en) * | 2018-06-22 | 2021-07-20 | 成都卫士通信息产业股份有限公司 | Interactive SM2 signature method, system and terminal for hiding private key |
| CN108989047B (en) * | 2018-07-19 | 2021-03-02 | 郑州信大捷安信息技术股份有限公司 | SM2 algorithm-based cooperative signature method and system for two communication parties |
| CN109088726B (en) * | 2018-07-19 | 2021-01-26 | 郑州信大捷安信息技术股份有限公司 | SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties |
| CN110943826B (en) * | 2018-09-21 | 2022-03-25 | 郑州信大捷安信息技术股份有限公司 | Split key signature method and system based on SM2 algorithm |
| CN109245903B (en) * | 2018-09-29 | 2021-10-01 | 北京信安世纪科技股份有限公司 | Signature method and device for cooperatively generating SM2 algorithm by two parties and storage medium |
| CN109246129B (en) * | 2018-10-12 | 2020-12-25 | 天津赢达信科技有限公司 | SM2 collaborative signature method and system capable of verifying client identity |
| CN109450640B (en) * | 2018-10-24 | 2022-05-17 | 成都卫士通信息产业股份有限公司 | SM 2-based two-party signature method and system |
| CN109274503B (en) * | 2018-11-05 | 2022-01-04 | 北京仁信证科技有限公司 | Distributed collaborative signature method, distributed collaborative signature device and soft shield system |
| CN109743166B (en) * | 2018-12-10 | 2023-06-23 | 普华诚信信息技术有限公司 | Multiparty signature generation method and security information verification system |
| CN111447065B (en) * | 2019-01-16 | 2021-03-09 | 中国科学院软件研究所 | Active and safe SM2 digital signature two-party generation method |
| WO2020223918A1 (en) * | 2019-05-08 | 2020-11-12 | 云图有限公司 | Temporary identity authentication method, apparatus and system |
| CN110278088A (en) * | 2019-07-18 | 2019-09-24 | 广州安研信息科技有限公司 | A kind of SM2 collaboration endorsement method |
| CN110535636B (en) * | 2019-07-19 | 2022-04-15 | 北京向芯力科技有限公司 | Lightweight cooperative signature method and device based on SM2 algorithm |
| CN112887097A (en) * | 2019-11-29 | 2021-06-01 | 航天信息股份有限公司 | Signature method based on SM2 elliptic curve, related device and storage medium |
| CN111274613B (en) * | 2020-01-20 | 2022-05-20 | 广州安研信息科技有限公司 | Iterative SM2 digital signature generation method, system, medium and device |
| CN111355582A (en) * | 2020-03-03 | 2020-06-30 | 成都天瑞芯安科技有限公司 | Two-party combined signature and decryption method and system based on SM2 algorithm |
| CN111130787B (en) * | 2020-03-26 | 2020-10-30 | 北京信安世纪科技股份有限公司 | Digital signature method, apparatus and storage medium |
| CN111628863B (en) * | 2020-05-29 | 2021-02-09 | 北京海泰方圆科技股份有限公司 | Data signature method and device, electronic equipment and storage medium |
| CN111754233B (en) * | 2020-06-29 | 2023-11-07 | 兴唐通信科技有限公司 | Electronic payment method and system based on multiparty signature |
| CN112636918B (en) * | 2020-12-08 | 2021-06-29 | 无锡艾立德智能科技有限公司 | Efficient two-party collaborative signature method based on SM2 |
| CN113343259B (en) * | 2021-06-17 | 2023-09-29 | 北京宏思电子技术有限责任公司 | SM 2-based joint signature realization method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5231668A (en) * | 1991-07-26 | 1993-07-27 | The United States Of America, As Represented By The Secretary Of Commerce | Digital signature algorithm |
| CN1192834A (en) * | 1995-06-05 | 1998-09-09 | 塞特科有限公司 | Multi-step digital signature method and system |
| CN101192928A (en) * | 2006-12-01 | 2008-06-04 | 华为技术有限公司 | Mobile ad hoc authentication method, network and system |
| CN101252431A (en) * | 2007-09-06 | 2008-08-27 | 广州信睿网络科技有限公司 | Realizing method of general-purpose digital signing scheme |
| CN103546288A (en) * | 2013-09-25 | 2014-01-29 | 中国科学院数据与通信保护研究教育中心 | SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device |
-
2014
- 2014-08-29 CN CN201410437599.5A patent/CN104243456B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5231668A (en) * | 1991-07-26 | 1993-07-27 | The United States Of America, As Represented By The Secretary Of Commerce | Digital signature algorithm |
| CN1192834A (en) * | 1995-06-05 | 1998-09-09 | 塞特科有限公司 | Multi-step digital signature method and system |
| CN101192928A (en) * | 2006-12-01 | 2008-06-04 | 华为技术有限公司 | Mobile ad hoc authentication method, network and system |
| CN101252431A (en) * | 2007-09-06 | 2008-08-27 | 广州信睿网络科技有限公司 | Realizing method of general-purpose digital signing scheme |
| CN103546288A (en) * | 2013-09-25 | 2014-01-29 | 中国科学院数据与通信保护研究教育中心 | SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device |
Non-Patent Citations (2)
| Title |
|---|
| Group-oriented(t,n)threshold digital signature scheme and digital multisignature;L.Harn;《IEEE》;20020806;第307-313页 * |
| SM2椭圆曲线门限密码算法;尚铭 等;《密码学报》;20140415;正文第3页第1行至第11页第8行 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104243456A (en) | 2014-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104243456B (en) | Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system | |
| US10911231B2 (en) | Method for restoring public key based on SM2 signature | |
| CN109274503A (en) | Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system | |
| CN107483212A (en) | A kind of method of both sides' cooperation generation digital signature | |
| US20180091301A1 (en) | Method and system for switching public keys in ciphertexts | |
| US20180183592A1 (en) | Public key rollup for merkle tree signature scheme | |
| US10404458B1 (en) | Multi-round key encapsulation process | |
| CN111783129A (en) | Data processing method and system for protecting privacy | |
| CN107425968A (en) | A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system | |
| WO2020084418A1 (en) | Computer implemented system and method for distributing shares of digitally signed data | |
| US20230299947A1 (en) | Computer implemented system and method for sharing a common secret | |
| US20240097894A1 (en) | Threshold key exchange | |
| Yi | Securing instant messaging based on blockchain with machine learning | |
| US10530581B2 (en) | Authenticated broadcast encryption | |
| WO2014030706A1 (en) | Encrypted database system, client device and server, method and program for adding encrypted data | |
| Tiwari | Cryptography in blockchain | |
| CN113259116A (en) | Sensor data uplink method and system based on aggregated signature | |
| WO2018102382A1 (en) | Method and system for switching public keys in ciphertexts | |
| CN107342855B (en) | Signature method based on SM2 algorithm | |
| CN116318654A (en) | SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution | |
| Zhu et al. | Outsourcing set intersection computation based on bloom filter for privacy preservation in multimedia processing | |
| CN109102294A (en) | Information transferring method and device | |
| CN112019335B (en) | SM2 algorithm-based multiparty collaborative encryption and decryption method, device, system and medium | |
| GB2610560A (en) | Generating shared cryptographic keys | |
| JP5932709B2 (en) | Transmission side device and reception side device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |