CN105406970A - Signature method, signature device, signature verification method and signature verification device - Google Patents

Abstract

The invention provides a signature method, a signature device, a signature verification method and a signature verification device. The signature method comprises steps that, a public key and a private key are acquired; multiple to-be-signed messages are acquired; preset-quantity randomized numbers are selected for each to-be-signed message; all to-be-signed messages are signed in a batch mode according to the public key, the private key and the preset-quantity randomized numbers corresponding to each to-be-signed message. Through the signature method, the signature device, the signature verification method and the signature verification device, a processing speed can be improved.

Description

The method of signature and device, the method for certifying signature and device

Technical field

The present invention relates to field of information security technology, particularly a kind of a kind of method of method of signature and device, certifying signature and device.

Background technology

Along with the development of ecommerce, increasing electronic transaction completes on the net, needs data volume to be processed very huge, and this is abnormal large pressure for signer, is also a very large test to user's patience simultaneously.Therefore, for ensureing verifiability and the non repudiation of digital information, Proxy Signature is a kind of effective instrument.Proxy Signature not only can be used for protecting the information of user, and can ensure the verifiability of data, be instrument the most frequently used in electronic transaction simultaneously.

In prior art, when carrying out Proxy Signature, for each file to be signed, need to carry out Proxy Signature to file one by one.When verifying Proxy Signature, also need one by one to Proxy Signature Information Authentication.In a word, the processing speed of prior art is slower.

Summary of the invention

In view of this, the invention provides a kind of method of signature and device, a kind of method of certifying signature and device, can processing speed be improved.

First aspect, the invention provides a kind of method of signature, comprising:

S1: obtain PKI and private key;

S2: obtain multiple message to be signed;

S3: for each message to be signed selects a predetermined number random number;

S4: according to described PKI and described private key and a predetermined number random number corresponding to each message to be signed, approval and sign name is carried out to all message to be signed.

Further, a described predetermined number random number comprises: the first random number, the second random number, the 3rd random number, the 4th random number, the 5th random number, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂);

Described S4, comprising:

A1: for each message to be signed arranges corresponding X parameter, the initial value of X parameter corresponding for each message to be signed is set to 1;

A2: using the lowest order of the first corresponding for each message to be signed random number and the second random number as present bit;

A3: calculate X parameter corresponding to each message to be signed according to formula one respectively, wherein, formula one is: x _i=x _i× g ₁ ^ag ₂ ^b, wherein, x _ibe i-th message m to be signed _icorresponding X parameter, i=1 ..., n, i are positive integer, and n is positive integer, and n is the quantity of the message to be signed obtained, and a is the present bit of the first random number, and b is the present bit of the second random number;

A4: whether the present bit judging the first random number that each message to be signed is corresponding and the second random number is respectively highest order, if so, then performs steps A 5, otherwise, calculate using one, the left side of the present bit of the first corresponding for each message to be signed random number and the second random number as present bit, return steps A 3;

A5: for each message to be signed arranges corresponding X* parameter, the initial value of X* parameter corresponding for each message to be signed is set to 1;

A6: using the lowest order of the 3rd corresponding for each message to be signed random number, the 4th random number, the 5th random number as present bit;

A7: calculate X* parameter corresponding to each message to be signed according to formula two respectively, wherein, formula two is: wherein, be i-th message m to be signed _icorresponding X* parameter, c is the present bit of the 3rd random number, and f is the present bit of the 4th random number, and h is the present bit of the 4th random number;

A8: whether the present bit judging the 3rd random number, the 4th random number and the 5th random number that each message to be signed is corresponding is respectively highest order, if so, then performs steps A 9, otherwise, calculate v=v ², using one, the left side of the present bit of the 3rd corresponding for each message to be signed random number, the 4th random number and the 5th random number as present bit, return steps A 7;

A9: calculate E* parameter corresponding to each message to be signed according to formula three respectively, wherein, formula three is: wherein, be i-th message m to be signed _icorresponding E* parameter;

A10: calculate E parameter corresponding to each message to be signed according to formula three respectively, wherein, formula four is: wherein, e _ibe i-th message m to be signed _icorresponding E parameter;

A11: calculate the first signature corresponding to each message to be signed according to formula five respectively, calculate the second signature corresponding to each message to be signed according to formula six respectively, wherein, formula five is: y _{i, 1}=r _{(i, 1)}+ e _is ₁modq, formula six is: y _{i, 2}=r _{(i, 2)}+ e _is ₂modq, wherein, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, r _{(i, 1)}be i-th message m to be signed _ithe first corresponding random number, r _{(i, 2)}be i-th message m to be signed _ithe second corresponding random number.

Further, described S1, comprising:

B1: select two prime number p and the q that meet q| (p-1);

B2: determine that exponent number is the group Z of q _p*;

B3: from described group Z _p* middle Stochastic choice two generator g ₁, g ₂;

B4: determine territory Z _q, from described territory Z _qin determine three random element s ₁, s ₂, t;

B5: calculate v according to formula seven, formula seven is:

B6: generate described PKI and described private key, wherein, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂).

Second aspect, the invention provides a kind of method of signature, comprising:

Receive the E* parameter that the 3rd random number that the first signature and second is signed, each message to be signed is corresponding corresponding to the outside message each to be signed sent and the 4th random number, each message to be signed are corresponding;

Calculate the first parameter of the first signature correspondence of each message to be signed according to formula eight, calculate the second parameter of the second signature correspondence of each message to be signed according to formula nine, wherein, formula eight is: $y_{i,1}^{*}=y_{i,1}+u_{(i,1)}\mathrm{mod}q,$ Formula nine is: $y_{i,2}^{*}=y_{i,2}+u_{(i,2)}\mathrm{mod}q,$ be i-th message m to be signed _icorresponding corresponding first parameter of the first signature, be i-th message m to be signed _icorresponding corresponding second parameter of the second signature, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, u _{(i, 1)}be i-th message m to be signed _ithe 3rd corresponding random number, u _{(i, 2)}be i-th message m to be signed _ithe 4th corresponding random number;

The signature generating each message to be signed is right, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter.

The third aspect, the invention provides a kind of method of certifying signature, comprising:

The signature receiving the outside message each to be signed sent to and PKI, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter, m _ibe i-th message to be signed, be i-th message m to be signed _ithe first corresponding parameter, be i-th message m to be signed _ithe second corresponding parameter, PKI is expressed as: (g ₁, g ₂, p, q, t, v);

Calculate Z parameter corresponding to each message to be signed according to formula ten respectively, wherein, formula ten is: z _ibe i-th message m to be signed _icorresponding Z parameter;

For each message to be signed, judge that whether Z parameter corresponding to current message to be signed be identical with E* parameter, if so, then the signature of current message to be signed is to by checking, otherwise the signature of current message to be signed is not to by checking.

Fourth aspect, the invention provides a kind of device of signature, comprising:

First acquiring unit, for obtaining PKI and private key;

Second acquisition unit, for obtaining multiple message to be signed;

Selected cell, for selecting a predetermined number random number for each message to be signed;

Signature unit, for according to described PKI and described private key and a predetermined number random number corresponding to each message to be signed, carries out approval and sign name to all message to be signed.

Further, a described predetermined number random number comprises: the first random number, the second random number, the 3rd random number, the 4th random number, the 5th random number, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂);

Described signature unit, specifically for:

A1: for each message to be signed arranges corresponding X parameter, the initial value of X parameter corresponding for each message to be signed is set to 1;

A2: using the lowest order of the first corresponding for each message to be signed random number and the second random number as present bit;

A3: calculate X parameter corresponding to each message to be signed according to formula one respectively, wherein, formula one is: x _i=x _i× g ₁ ^ag ₂ ^b, wherein, x _ibe i-th message m to be signed _icorresponding X parameter, i=1 ..., n, i are positive integer, and n is positive integer, and n is the quantity of the message to be signed obtained, and a is the present bit of the first random number, and b is the present bit of the second random number;

A4: whether the present bit judging the first random number that each message to be signed is corresponding and the second random number is respectively highest order, if so, then performs steps A 5, otherwise, calculate using one, the left side of the present bit of the first corresponding for each message to be signed random number and the second random number as present bit, return steps A 3;

A5: for each message to be signed arranges corresponding X* parameter, the initial value of X* parameter corresponding for each message to be signed is set to 1;

A6: using the lowest order of the 3rd corresponding for each message to be signed random number, the 4th random number, the 5th random number as present bit;

A7: calculate X* parameter corresponding to each message to be signed according to formula two respectively, wherein, formula two is: wherein, be i-th message m to be signed _icorresponding X* parameter, c is the present bit of the 3rd random number, and f is the present bit of the 4th random number, and h is the present bit of the 4th random number;

A8: whether the present bit judging the 3rd random number, the 4th random number and the 5th random number that each message to be signed is corresponding is respectively highest order, if so, then performs steps A 9, otherwise, calculate v=v ², using one, the left side of the present bit of the 3rd corresponding for each message to be signed random number, the 4th random number and the 5th random number as present bit, return steps A 7;

A9: calculate E* parameter corresponding to each message to be signed according to formula three respectively, wherein, formula three is: wherein, be i-th message m to be signed _icorresponding E* parameter;

A10: calculate E parameter corresponding to each message to be signed according to formula three respectively, wherein, formula four is: wherein, e _ibe i-th message m to be signed _icorresponding E parameter;

A11: calculate the first signature corresponding to each message to be signed according to formula five respectively, calculate the second signature corresponding to each message to be signed according to formula six respectively, wherein, formula five is: y _{i, 1}=r _{(i, 1)}+ e _is ₁modq, formula six is: y _{i, 2}=r _{(i, 2)}+ e _is ₂modq, wherein, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, r _{(i, 1)}be i-th message m to be signed _ithe first corresponding random number, r _{(i, 2)}be i-th message m to be signed _ithe second corresponding random number.

Further, described first acquiring unit, specifically for:

B1: select two prime number p and the q that meet q| (p-1);

B2: determine that exponent number is the group Z of q _p*;

B3: from described group Z _p* middle Stochastic choice two generator g ₁, g ₂;

B4: determine territory Z _q, from described territory Z _qin determine three random element s ₁, s ₂, t;

B5: calculate v according to formula seven, formula seven is:

B6: generate described PKI and described private key, wherein, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂).

5th aspect, the invention provides a kind of device of signature, comprising:

First receiving element, for receiving E* parameter corresponding to the 3rd random number that the first signature and second is signed, each message to be signed is corresponding corresponding to the message each to be signed sent outside and the 4th random number, each message to be signed;

First computing unit, the first parameter that the first signature for calculating each message to be signed according to formula eight is corresponding, calculate the second parameter of the second signature correspondence of each message to be signed according to formula nine, wherein, formula eight is: $y_{i,1}^{*}=y_{i,1}+u_{(i,1)}\mathrm{mod}q,$ Formula nine is: $y_{i,2}^{*}=y_{i,2}+u_{(i,2)}\mathrm{mod}q,$ be i-th message m to be signed _icorresponding corresponding first parameter of the first signature, be i-th message m to be signed _icorresponding corresponding second parameter of the second signature, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, u _{(i, 1)}be i-th message m to be signed _ithe 3rd corresponding random number, u _{(i, 2)}be i-th message m to be signed _ithe 4th corresponding random number;

Generation unit, right for the signature generating each message to be signed, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter.

6th aspect, the invention provides a kind of device of certifying signature, comprising:

Second receiving element, for the signature that receives the message each to be signed that outside is sent to and PKI, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter, m _ibe i-th message to be signed, be i-th message m to be signed _ithe first corresponding parameter, be i-th message m to be signed _ithe second corresponding parameter, PKI is expressed as: (g ₁, g ₂, p, q, t, v);

Second computing unit, for calculating Z parameter corresponding to each message to be signed according to formula ten respectively, wherein, formula ten is: z _ibe i-th message m to be signed _icorresponding Z parameter;

Authentication unit, for for each message to be signed, judges that whether Z parameter corresponding to current message to be signed be identical with E* parameter, and if so, then the signature of current message to be signed is to by checking, otherwise the signature of current message to be signed is not to by checking.

A kind of method of the method for a kind of signature provided by the invention and device, certifying signature and device, obtain multiple message to be signed, and be that each message to be signed selects a predetermined number random number, according to a pair PKI and private key, and the predetermined number random number that each message to be signed is corresponding, approval and sign name is carried out to all message to be signed, improves the processing speed of signature.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

Fig. 1 is the flow chart of the method for a kind of signature that one embodiment of the invention provides;

Fig. 2 is the flow chart of the method for the another kind signature that one embodiment of the invention provides;

Fig. 3 is the flow chart of the method for a kind of certifying signature that one embodiment of the invention provides;

Fig. 4 is the schematic diagram of the device of a kind of signature that one embodiment of the invention provides;

Fig. 5 is the schematic diagram of the device of the another kind signature that one embodiment of the invention provides;

Fig. 6 is the schematic diagram of the device of a kind of certifying signature that one embodiment of the invention provides.

Embodiment

For making the object of the embodiment of the present invention, technical scheme and advantage clearly; below in conjunction with the accompanying drawing in the embodiment of the present invention; technical scheme in the embodiment of the present invention is clearly and completely described; obviously; described embodiment is the present invention's part embodiment, instead of whole embodiments, based on the embodiment in the present invention; the every other embodiment that those of ordinary skill in the art obtain under the prerequisite not making creative work, all belongs to the scope of protection of the invention.

As shown in Figure 1, embodiments provide a kind of method of signature, the method can comprise the following steps:

S1: obtain PKI and private key;

S2: obtain multiple message to be signed;

S3: for each message to be signed selects a predetermined number random number;

S4: according to described PKI and described private key and a predetermined number random number corresponding to each message to be signed, approval and sign name is carried out to all message to be signed.

The method of a kind of signature provided by the embodiment of the present invention, obtain multiple message to be signed, and be that each message to be signed selects a predetermined number random number, according to a pair PKI and private key, and the predetermined number random number that each message to be signed is corresponding, approval and sign name is carried out to all message to be signed, improves the processing speed of signature.

In a kind of possible implementation, a described predetermined number random number comprises: the first random number, the second random number, the 3rd random number, the 4th random number, the 5th random number, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂);

Described S4, comprising:

A1: for each message to be signed arranges corresponding X parameter, the initial value of X parameter corresponding for each message to be signed is set to 1;

A2: using the lowest order of the first corresponding for each message to be signed random number and the second random number as present bit;

A3: calculate X parameter corresponding to each message to be signed according to formula one respectively, wherein, formula one is: x _i=x _i× g ₁ ^ag ₂ ^b, wherein, x _ibe i-th message m to be signed _icorresponding X parameter, i=1 ..., n, i are positive integer, and n is positive integer, and n is the quantity of the message to be signed obtained, and a is the present bit of the first random number, and b is the present bit of the second random number;

A4: whether the present bit judging the first random number that each message to be signed is corresponding and the second random number is respectively highest order, if so, then performs steps A 5, otherwise, calculate using one, the left side of the present bit of the first corresponding for each message to be signed random number and the second random number as present bit, return steps A 3;

A5: for each message to be signed arranges corresponding X* parameter, the initial value of X* parameter corresponding for each message to be signed is set to 1;

A6: using the lowest order of the 3rd corresponding for each message to be signed random number, the 4th random number, the 5th random number as present bit;

A7: calculate X* parameter corresponding to each message to be signed according to formula two respectively, wherein, formula two is: wherein, be i-th message m to be signed _icorresponding X* parameter, c is the present bit of the 3rd random number, and f is the present bit of the 4th random number, and h is the present bit of the 4th random number;

A8: whether the present bit judging the 3rd random number, the 4th random number and the 5th random number that each message to be signed is corresponding is respectively highest order, if so, then performs steps A 9, otherwise, calculate v=v ², using one, the left side of the present bit of the 3rd corresponding for each message to be signed random number, the 4th random number and the 5th random number as present bit, return steps A 7;

A9: calculate E* parameter corresponding to each message to be signed according to formula three respectively, wherein, formula three is: wherein, be i-th message m to be signed _icorresponding E* parameter;

A10: calculate E parameter corresponding to each message to be signed according to formula three respectively, wherein, formula four is: wherein, e _ibe i-th message m to be signed _icorresponding E parameter;

A11: calculate the first signature corresponding to each message to be signed according to formula five respectively, calculate the second signature corresponding to each message to be signed according to formula six respectively, wherein, formula five is: y _{i, 1}=r _{(i, 1)}+ e _is ₁modq, formula six is: y _{i, 2}=r _{(i, 2)}+ e _is ₂modq, wherein, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, r _{(i, 1)}be i-th message m to be signed _ithe first corresponding random number, r _{(i, 2)}be i-th message m to be signed _ithe second corresponding random number.

In this implementation, because each message to be signed adopts identical PKI, therefore in steps A 4, right once calculate, can use in the process of all message to be signed, without the need to calculating respectively for each message to be signed, decrease the operation times of multiplication significantly, also therefore save computing time, improve efficiency, equally, in steps A 8, right v=v ²once calculate, without the need to calculating respectively for each message to be signed, can use in the process of all message to be signed, improve processing speed and efficiency.

In addition, before steps A 2, the JSF algorithm of SDR algorithm or Solina can be adopted to carry out recompile to the first random number and the second random number, the associating hamming value of the first random number and the second random number can be reduced like this, reduce the amount of calculation of subsequent calculations, accelerate processing speed.The first random number in A2 and subsequent step and the second random number are the first random number after recompile and the second random number.

In like manner, before steps A 6, the JSF algorithm of SDR algorithm or Solina can be adopted to carry out recompile to the 3rd random number, the 4th random number and the 5th random number, the associating hamming value of the 3rd random number, the 4th random number and the 5th random number can be reduced like this, reduce the amount of calculation of subsequent calculations, accelerate processing speed.The 3rd random number in A6 and subsequent step, the 4th random number and the 5th random number are the 3rd random number, the 4th random number and the 5th random number after recompile.

In steps A 4, when the present bit judging the first random number that current message to be signed is corresponding and the second random number is highest order, then can obtain the X parameter of current message to be signed, when the present bit of the first random number corresponding to all message to be signed and the second random number is highest order, the X parameter of all message to be signed can be obtained, particularly, can represent in the following manner: $\left(\begin{array}{c}{x}_1\\ x_2\\ ...\\ x_n\end{array}\right)=\left(\begin{array}{c}{g_1}^{{r^{\′}}_{\left(1,1\right)}}{g_2}^{{r^{\′}}_{\left(1,2\right)}}\\ {g_1}^{{r^{\′}}_{\left(2,1\right)}}{g_2}^{{r^{\′}}_{\left(2,2\right)}}\\ ...\\ {g_1}^{{r^{\′}}_{\left(n,1\right)}}{g_2}^{{r^{\′}}_{\left(n,2\right)}}\end{array}\right).$

In steps A 8, when the present bit judging the 3rd random number, the 4th random number and the 5th random number that current message to be signed is corresponding is highest order, then can obtain the X* parameter of current message to be signed, when the present bit of corresponding the 3rd random number, the 4th random number and the 5th random number of all message to be signed is highest order, the X* parameter of all message to be signed can be obtained, particularly, can represent in the following manner: $\left(\begin{array}{c}{x}_1^{*}\\ x_2^{*}\\ \mathrm{...}\\ x_n^{*}\end{array}\right)=\left(\begin{array}{c}{g_1}^{u^{\′}\left(1,1\right)}{g_2}^{u^{\′}\left(1,2\right)}{v}^{d_1^{\′}}{x}_1\\ {g_1}^{u^{\′}\left(2,1\right)}{g_2}^{u^{\′}\left(2,2\right)}{v}^{d_2^{\′}}{x}_2\\ \mathrm{...}\\ {g_1}^{u^{\′}\left(n,1\right)}{g_2}^{u^{\′}\left(n,2\right)}{v}^{d_n^{\′}}{x}_n\end{array}\right).$

In addition, the message to be signed that the embodiment of the present invention provides can be through the message after blind conversion.

In a kind of possible implementation, described S1, comprising:

B1: select two prime number p and the q that meet q| (p-1);

B2: determine that exponent number is the group Z of q _p*;

B3: from described group Z _p* middle Stochastic choice two generator g ₁, g ₂;

B4: determine territory Z _q, from described territory Z _qin determine three random element s ₁, s ₂, t;

B5: calculate v according to formula seven, formula seven is:

B6: generate described PKI and described private key, wherein, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂).

Before step B2, can also comprise: the security parameter receiving outside input, described B2, comprising: the group Z according to security parameter determination exponent number being q _p*.In general, security parameter numerical value is larger, and selected group is also larger.

In step B3, in Stochastic choice territory, generator can realize by Using Call Library Function from Pairing-BasedCryptosystems function bag.Step S3 also can be realized by which.

Once carry out the number of the message to be signed of approval and sign name, can determine according to the traffic in the unit interval.The method that the embodiment of the present invention provides, can realize at signature end.

See Fig. 2, embodiments provide a kind of method of signature, comprising:

Step 201: receive the E* parameter that the 3rd random number that the first signature and second is signed, each message to be signed is corresponding corresponding to the outside message each to be signed sent and the 4th random number, each message to be signed are corresponding;

Step 202: the first parameter calculating the first signature correspondence of each message to be signed according to formula eight, calculate the second parameter of the second signature correspondence of each message to be signed according to formula nine, wherein, formula eight is: $y_{i,1}^{*}=y_{i,1}+u_{(i,1)}\mathrm{mod}q,$ Formula nine is: $y_{i,2}^{*}=y_{i,2}+u_{(i,2)}\mathrm{mod}q,$ be i-th message m to be signed _icorresponding corresponding first parameter of the first signature, be i-th message m to be signed _icorresponding corresponding second parameter of the second signature, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, u _{(i, 1)}be i-th message m to be signed _ithe 3rd corresponding random number, u _{(i, 2)}be i-th message m to be signed _ithe 4th corresponding random number;

Step 203: the signature generating each message to be signed is right, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter.

In this implementation, according to the first signature and second signature of each message to be signed, be further processed, the signature obtaining each message to be signed is right.Method in this embodiment can realize in client, and the obtain first signature and the second signature are sent to client by signature end, and client is processing.In Proxy Signature, client needs to cast off illiteracy process to the information received.

See Fig. 3, embodiments provide a kind of method of certifying signature, comprising:

Step 301: the signature receiving the outside message each to be signed sent to and PKI, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter, m _ibe i-th message to be signed, y _i ^* _{, 1}be i-th message m to be signed _ithe first corresponding parameter, be i-th message m to be signed _ithe second corresponding parameter, PKI is expressed as: (g ₁, g ₂, p, q, t, v);

Step 302: calculate Z parameter corresponding to each message to be signed according to formula ten respectively, wherein, formula ten is: z _ibe i-th message m to be signed _icorresponding Z parameter;

Step 303: for each message to be signed, judges that whether Z parameter corresponding to current message to be signed be identical with E* parameter, and if so, then the signature of current message to be signed is to by checking, otherwise the signature of current message to be signed is not to by checking.

By the method that this embodiment provides, to the signature received to verifying.Adopt the method for batch checking in this embodiment, to the signature received to processing simultaneously, save the processing time.Need to calculate in the process of carrying out batch checking due to the truth of a matter g of each signature centering ₁, g ₂, v is all identical, therefore when carrying out computing to the truth of a matter, by the result of once-through operation, for all signatures in checking, the processing time can be saved, improves processing speed.Concrete, result of calculation can represent in the following manner: $\left(\begin{array}{c}{\mathrm{\γ}}_1\\ {\mathrm{\γ}}_2\\ ...\\ {\mathrm{\γ}}_n\end{array}\right)=\left(\begin{array}{c}{g_1}^{{y^{\′}}_{\left(1,1\right)}}{g_2}^{{y^{\′}}_{\left(1,2\right)}}{v}^{e_1^{\′}}\\ {g_1}^{{y^{\′}}_{\left(2,1\right)}}{g_2}^{{y^{\′}}_{\left(2,2\right)}}{v}^{e_2^{\′}}\\ \mathrm{...}\\ {g_1}^{{y^{\′}}_{\left(n,1\right)}}{g_2}^{{y^{\′}}_{\left(n,2\right)}}{v}^{e_n^{\′}}\end{array}\right).$ The method that the embodiment of the present invention provides can realize in verifying end.

See Fig. 4, embodiments provide a kind of device of signature, comprising:

First acquiring unit 401, for obtaining PKI and private key;

Second acquisition unit 402, for obtaining multiple message to be signed;

Selected cell 403, for selecting a predetermined number random number for each message to be signed;

Signature unit 404, for according to described PKI and described private key and a predetermined number random number corresponding to each message to be signed, carries out approval and sign name to all message to be signed.

In a kind of possible implementation, a described predetermined number random number comprises: the first random number, the second random number, the 3rd random number, the 4th random number, the 5th random number, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂);

Described signature unit 404, specifically for:

A1: for each message to be signed arranges corresponding X parameter, the initial value of X parameter corresponding for each message to be signed is set to 1;

A2: using the lowest order of the first corresponding for each message to be signed random number and the second random number as present bit;

A3: calculate X parameter corresponding to each message to be signed according to formula one respectively, wherein, formula one is: x _i=x _i× g ₁ ^ag ₂ ^b, wherein, x _ibe i-th message m to be signed _icorresponding X parameter, i=1 ..., n, i are positive integer, and n is positive integer, and n is the quantity of the message to be signed obtained, and a is the present bit of the first random number, and b is the present bit of the second random number;

A4: whether the present bit judging the first random number that each message to be signed is corresponding and the second random number is respectively highest order, if so, then performs steps A 5, otherwise, calculate using one, the left side of the present bit of the first corresponding for each message to be signed random number and the second random number as present bit, return steps A 3;

A5: for each message to be signed arranges corresponding X* parameter, the initial value of X* parameter corresponding for each message to be signed is set to 1;

A6: using the lowest order of the 3rd corresponding for each message to be signed random number, the 4th random number, the 5th random number as present bit;

A7: calculate X* parameter corresponding to each message to be signed according to formula two respectively, wherein, formula two is: wherein, be i-th message m to be signed _icorresponding X* parameter, c is the present bit of the 3rd random number, and f is the present bit of the 4th random number, and h is the present bit of the 4th random number;

A8: whether the present bit judging the 3rd random number, the 4th random number and the 5th random number that each message to be signed is corresponding is respectively highest order, if so, then performs steps A 9, otherwise, calculate v=v ², using one, the left side of the present bit of the 3rd corresponding for each message to be signed random number, the 4th random number and the 5th random number as present bit, return steps A 7;

A9: calculate E* parameter corresponding to each message to be signed according to formula three respectively, wherein, formula three is: wherein, be i-th message m to be signed _icorresponding E* parameter;

A10: calculate E parameter corresponding to each message to be signed according to formula three respectively, wherein, formula four is: wherein, e _ibe i-th message m to be signed _icorresponding E parameter;

A11: calculate the first signature corresponding to each message to be signed according to formula five respectively, calculate the second signature corresponding to each message to be signed according to formula six respectively, wherein, formula five is: y _{i, 1}=r _{(i, 1)}+ e _is ₁modq, formula six is: y _{i, 2}=r _{(i, 2)}+ e _is ₂modq, wherein, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, r _{(i, 1)}be i-th message m to be signed _ithe first corresponding random number, r _{(i, 2)}be i-th message m to be signed _ithe second corresponding random number.

In a kind of possible implementation, described first acquiring unit 401, specifically for:

B1: select two prime number p and the q that meet q| (p-1);

B2: determine that exponent number is the group Z of q _p*;

B3: from described group Z _p* middle Stochastic choice two generator g ₁, g ₂;

B4: determine territory Z _q, from described territory Z _qin determine three random element s ₁, s ₂, t;

B5: calculate v according to formula seven, formula seven is:

B6: generate described PKI and described private key, wherein, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂).

See Fig. 5, embodiments provide a kind of device of signature, comprising:

First receiving element 501, for receiving E* parameter corresponding to the 3rd random number that the first signature and second is signed, each message to be signed is corresponding corresponding to the message each to be signed sent outside and the 4th random number, each message to be signed;

First computing unit 502, the first parameter that the first signature for calculating each message to be signed according to formula eight is corresponding, calculate the second parameter of the second signature correspondence of each message to be signed according to formula nine, wherein, formula eight is: $y_{i,1}^{*}=y_{i,1}+u_{(i,1)}\mathrm{mod}q,$ Formula nine is: $y_{i,2}^{*}=y_{i,2}+u_{(i,2)}\mathrm{mod}q,$ be i-th message m to be signed _icorresponding corresponding first parameter of the first signature, be i-th message m to be signed _icorresponding corresponding second parameter of the second signature, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, u _{(i, 1)}be i-th message m to be signed _ithe 3rd corresponding random number, u _{(i, 2)}be i-th message m to be signed _ithe 4th corresponding random number;

Generation unit 503, right for the signature generating each message to be signed, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter.

See Fig. 6, embodiments provide a kind of device of certifying signature, comprising:

Second receiving element 601, for the signature that receives the message each to be signed that outside is sent to and PKI, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter, m _ibe i-th message to be signed, be i-th message m to be signed _ithe first corresponding parameter, be i-th message m to be signed _ithe second corresponding parameter, PKI is expressed as: (g ₁, g ₂, p, q, t, v);

Second computing unit 602, for calculating Z parameter corresponding to each message to be signed according to formula ten respectively, wherein, formula ten is: z _ibe i-th message m to be signed _icorresponding Z parameter;

Authentication unit 603, for for each message to be signed, judges that whether Z parameter corresponding to current message to be signed be identical with E* parameter, if, then the signature of current message to be signed is to passing through checking, otherwise the signature of current message to be signed is to not passing through checking.

The content such as information interaction, implementation between each unit in said apparatus, due to the inventive method embodiment based on same design, particular content can see in the inventive method embodiment describe, repeat no more herein.

It should be noted that: embodiments provide a kind of method of signature and device, a kind of method of certifying signature and device, can realize based on elliptic curve, multiple signature can be generated fast, effectively accelerate the processing speed of signature.For the verifying end of certifying signature, the speed verified can be accelerated, reduce the time waited for.

Embodiments provide a kind of method of signature and device, a kind of method of certifying signature and device, there is following beneficial effect:

The method of a kind of signature 1, provided by the embodiment of the present invention and device, obtain multiple message to be signed, and be that each message to be signed selects a predetermined number random number, according to a pair PKI and private key, and the predetermined number random number that each message to be signed is corresponding, approval and sign name is carried out to all message to be signed, improves the processing speed of signature.

The method of a kind of signature 2, provided by the embodiment of the present invention and device, in this implementation, because each message to be signed adopts identical PKI, right once calculate, can use in the process of all message to be signed, decrease the operation times of multiplication significantly, also therefore save computing time, improve efficiency, equally, right v=v ²once calculate, can use in the process of all message to be signed, improve processing speed and efficiency.

3, a kind of method of a kind of method of signature that provides of the embodiment of the present invention and device, certifying signature and device, use the method to verifying data signature under the environment such as bank, can protected data fail safe and prevent from forging.

4, a kind of method of certifying signature that provides of the embodiment of the present invention and device, carried out batch processing by heavy signature verification task, adopted the method for batch checking to carry out simultaneous verification to multiple signature, effectively save computing time in the process of checking.

It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element " being comprised " limited by statement, and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical factor.

One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium in.

Finally it should be noted that: the foregoing is only preferred embodiment of the present invention, only for illustration of technical scheme of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.

Claims (10)

1. a method for signature, is characterized in that, comprising:

S1: obtain PKI and private key;

S2: obtain multiple message to be signed;

S3: for each message to be signed selects a predetermined number random number;

S4: according to described PKI and described private key and a predetermined number random number corresponding to each message to be signed, approval and sign name is carried out to all message to be signed.

2. method according to claim 1, is characterized in that, a described predetermined number random number comprises: the first random number, the second random number, the 3rd random number, the 4th random number, the 5th random number, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂);

Described S4, comprising:

A1: for each message to be signed arranges corresponding X parameter, the initial value of X parameter corresponding for each message to be signed is set to 1;

A2: using the lowest order of the first corresponding for each message to be signed random number and the second random number as present bit;

A3: calculate X parameter corresponding to each message to be signed according to formula one respectively, wherein, formula one is: x _i=x _i× g ₁ ^ag ₂ ^b, wherein, x _ibe i-th message m to be signed _icorresponding X parameter, i=1 ..., n, i are positive integer, and n is positive integer, and n is the quantity of the message to be signed obtained, and a is the present bit of the first random number, and b is the present bit of the second random number;

A4: whether the present bit judging the first random number that each message to be signed is corresponding and the second random number is respectively highest order, if so, then performs steps A 5, otherwise, calculate using one, the left side of the present bit of the first corresponding for each message to be signed random number and the second random number as present bit, return steps A 3;

A5: for each message to be signed arranges corresponding X* parameter, the initial value of X* parameter corresponding for each message to be signed is set to 1;

A6: using the lowest order of the 3rd corresponding for each message to be signed random number, the 4th random number, the 5th random number as present bit;

A7: calculate X* parameter corresponding to each message to be signed according to formula two respectively, wherein, formula two is: wherein, be i-th message m to be signed _icorresponding X* parameter, c is the present bit of the 3rd random number, and f is the present bit of the 4th random number, and h is the present bit of the 4th random number;

A8: whether the present bit judging the 3rd random number, the 4th random number and the 5th random number that each message to be signed is corresponding is respectively highest order, if so, then performs steps A 9, otherwise, calculate v=v ², using one, the left side of the present bit of the 3rd corresponding for each message to be signed random number, the 4th random number and the 5th random number as present bit, return steps A 7;

A9: calculate E* parameter corresponding to each message to be signed according to formula three respectively, wherein, formula three is: wherein, be i-th message m to be signed _icorresponding E* parameter;

A10: calculate E parameter corresponding to each message to be signed according to formula three respectively, wherein, formula four is: wherein, e _ibe i-th message m to be signed _icorresponding E parameter;

A11: calculate the first signature corresponding to each message to be signed according to formula five respectively, calculate the second signature corresponding to each message to be signed according to formula six respectively, wherein, formula five is: y _{i, 1}=r _{(i, 1)}+ e _is ₁modq, formula six is: y _{i, 2}=r _{(i, 2)}+ e _is ₂modq, wherein, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, r _{(i, 1)}be i-th message m to be signed _ithe first corresponding random number, r _{(i, 2)}be i-th message m to be signed _ithe second corresponding random number.

3. method according to claim 2, is characterized in that, described S1, comprising:

B1: select two prime number p and the q that meet q| (p-1);

B2: determine that exponent number is the group Z of q _p*;

B3: from described group Z _p* middle Stochastic choice two generator g ₁, g ₂;

B4: determine territory Z _q, from described territory Z _qin determine three random element s ₁, s ₂, t;

B5: calculate v according to formula seven, formula seven is:

B6: generate described PKI and described private key, wherein, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂).

4. a method for signature, is characterized in that, comprising:

Receive the E* parameter that the 3rd random number that the first signature and second is signed, each message to be signed is corresponding corresponding to the outside message each to be signed sent and the 4th random number, each message to be signed are corresponding;

Calculate the first parameter of the first signature correspondence of each message to be signed according to formula eight, calculate the second parameter of the second signature correspondence of each message to be signed according to formula nine, wherein, formula eight is: formula nine is: be i-th message m to be signed _icorresponding corresponding first parameter of the first signature, be i-th message m to be signed _icorresponding corresponding second parameter of the second signature, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, u _{(i, 1)}be i-th message m to be signed _ithe 3rd corresponding random number, u _{(i, 2)}be i-th message m to be signed _ithe 4th corresponding random number;

The signature generating each message to be signed is right, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter.

5. a method for certifying signature, is characterized in that, comprising:

The signature receiving the outside message each to be signed sent to and PKI, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter, m _ibe i-th message to be signed, be i-th message m to be signed _ithe first corresponding parameter, be i-th message m to be signed _ithe second corresponding parameter, PKI is expressed as: (g ₁, g ₂, p, q, t, v);

Calculate Z parameter corresponding to each message to be signed according to formula ten respectively, wherein, formula ten is: z _ibe i-th message m to be signed _icorresponding Z parameter;

For each message to be signed, judge that whether Z parameter corresponding to current message to be signed be identical with E* parameter, if so, then the signature of current message to be signed is to by checking, otherwise the signature of current message to be signed is not to by checking.

6. a device for signature, is characterized in that, comprising:

First acquiring unit, for obtaining PKI and private key;

Second acquisition unit, for obtaining multiple message to be signed;

Selected cell, for selecting a predetermined number random number for each message to be signed;

Signature unit, for according to described PKI and described private key and a predetermined number random number corresponding to each message to be signed, carries out approval and sign name to all message to be signed.

7. device according to claim 6, is characterized in that, a described predetermined number random number comprises: the first random number, the second random number, the 3rd random number, the 4th random number, the 5th random number, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂);

Described signature unit, specifically for:

A1: for each message to be signed arranges corresponding X parameter, the initial value of X parameter corresponding for each message to be signed is set to 1;

A2: using the lowest order of the first corresponding for each message to be signed random number and the second random number as present bit;

A3: calculate X parameter corresponding to each message to be signed according to formula one respectively, wherein, formula one is: x _i=x _i× g ₁ ^ag ₂ ^b, wherein, x _ibe i-th message m to be signed _icorresponding X parameter, i=1 ..., n, i are positive integer, and n is positive integer, and n is the quantity of the message to be signed obtained, and a is the present bit of the first random number, and b is the present bit of the second random number;

A4: whether the present bit judging the first random number that each message to be signed is corresponding and the second random number is respectively highest order, if so, then performs steps A 5, otherwise, calculate using one, the left side of the present bit of the first corresponding for each message to be signed random number and the second random number as present bit, return steps A 3;

A5: for each message to be signed arranges corresponding X* parameter, the initial value of X* parameter corresponding for each message to be signed is set to 1;

A6: using the lowest order of the 3rd corresponding for each message to be signed random number, the 4th random number, the 5th random number as present bit;

A7: calculate X* parameter corresponding to each message to be signed according to formula two respectively, wherein, formula two is: wherein, be i-th message m to be signed _icorresponding X* parameter, c is the present bit of the 3rd random number, and f is the present bit of the 4th random number, and h is the present bit of the 4th random number;

A8: whether the present bit judging the 3rd random number, the 4th random number and the 5th random number that each message to be signed is corresponding is respectively highest order, if so, then performs steps A 9, otherwise, calculate v=v ², using one, the left side of the present bit of the 3rd corresponding for each message to be signed random number, the 4th random number and the 5th random number as present bit, return steps A 7;

A9: calculate E* parameter corresponding to each message to be signed according to formula three respectively, wherein, formula three is: wherein, be i-th message m to be signed _icorresponding E* parameter;

A10: calculate E parameter corresponding to each message to be signed according to formula three respectively, wherein, formula four is: wherein, e _ibe i-th message m to be signed _icorresponding E parameter;

A11: calculate the first signature corresponding to each message to be signed according to formula five respectively, calculate the second signature corresponding to each message to be signed according to formula six respectively, wherein, formula five is: y _{i, 1}=r _{(i, 1)}+ e _is ₁modq, formula six is: y _{i, 2}=r _{(i, 2)}+ e _is ₂modq, wherein, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, r _{(i, 1)}be i-th message m to be signed _ithe first corresponding random number, r _{(i, 2)}be i-th message m to be signed _ithe second corresponding random number.

8. device according to claim 7, is characterized in that, described first acquiring unit, specifically for:

B1: select two prime number p and the q that meet q| (p-1);

B2: determine that exponent number is the group Z of q _p*;

B3: from described group Z _p* middle Stochastic choice two generator g ₁, g ₂;

B4: determine territory Z _q, from described territory Z _qin determine three random element s ₁, s ₂, t;

B5: calculate v according to formula seven, formula seven is:

B6: generate described PKI and described private key, wherein, described PKI is expressed as: (g ₁, g ₂, p, q, t, v), described private key is expressed as: (s ₁, s ₂).

9. a device for signature, is characterized in that, comprising:

First receiving element, for receiving E* parameter corresponding to the 3rd random number that the first signature and second is signed, each message to be signed is corresponding corresponding to the message each to be signed sent outside and the 4th random number, each message to be signed;

First computing unit, the first parameter that the first signature for calculating each message to be signed according to formula eight is corresponding, calculate the second parameter of the second signature correspondence of each message to be signed according to formula nine, wherein, formula eight is: formula nine is: be i-th message m to be signed _icorresponding corresponding first parameter of the first signature, be i-th message m to be signed _icorresponding corresponding second parameter of the second signature, y _{i, 1}be i-th message m to be signed _ithe first corresponding signature, y _{i, 2}be i-th message m to be signed _ithe second corresponding signature, u _{(i, 1)}be i-th message m to be signed _ithe 3rd corresponding random number, u _{(i, 2)}be i-th message m to be signed _ithe 4th corresponding random number;

Generation unit, right for the signature generating each message to be signed, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter.

10. a device for certifying signature, is characterized in that, comprising:

Second receiving element, for the signature that receives the message each to be signed that outside is sent to and PKI, wherein, the signature of i-th message to be signed to for be i-th message m to be signed _icorresponding E* parameter, m _ibe i-th message to be signed, be i-th message m to be signed _ithe first corresponding parameter, be i-th message m to be signed _ithe second corresponding parameter, PKI is expressed as: (g ₁, g ₂, p, q, t, v);

Second computing unit, for calculating Z parameter corresponding to each message to be signed according to formula ten respectively, wherein, formula ten is: z _ibe i-th message m to be signed _icorresponding Z parameter;

Authentication unit, for for each message to be signed, judges that whether Z parameter corresponding to current message to be signed be identical with E* parameter, and if so, then the signature of current message to be signed is to by checking, otherwise the signature of current message to be signed is not to by checking.