CN106533682A - Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same - Google Patents

Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same Download PDF

Info

Publication number
CN106533682A
CN106533682A CN201610991199.8A CN201610991199A CN106533682A CN 106533682 A CN106533682 A CN 106533682A CN 201610991199 A CN201610991199 A CN 201610991199A CN 106533682 A CN106533682 A CN 106533682A
Authority
CN
China
Prior art keywords
point
mod
calculates
count
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610991199.8A
Other languages
Chinese (zh)
Inventor
张宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Huahong Integrated Circuit Co Ltd
Original Assignee
Shanghai Huahong Integrated Circuit Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Huahong Integrated Circuit Co Ltd filed Critical Shanghai Huahong Integrated Circuit Co Ltd
Priority to CN201610991199.8A priority Critical patent/CN106533682A/en
Publication of CN106533682A publication Critical patent/CN106533682A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an improved point-to-point elliptic-curve type digital signature algorithm. The algorithm comprises the following steps that: (1), a formula t=Hash(IDA||IDB||count)mod n is calculated, wherein the count is equal to 0X00000001; and if t is equal to 0, the count++ is realized and the t is calculated again; (2), k belonging to [1, n-1] is selected randomly; (3), a formula kP=(x1,y1) is operated and the x1 is transformed into an integer; (4), a formula r=x1 mod n is calculated; and if the r is equal to 0, the step (2) is carried out again; (5), an expression e=H(m) is calculated, wherein the H(x) is a hash function; (6), an expression s=k <1>t (e+dr) mod n is calculated; if the s is equal to 0, the step (2) is carried out again to obtain a random number; and (7), a signature pair (r,s) is outputted. In addition, the invention also discloses a signature verification method based on the improved point-to-point elliptic-curve type digital signature algorithm. A point-to-point signature verification behavior is realized.

Description

Point-to-point ECDSA and sign test method
Technical field
The present invention relates to information security field, more particularly to a kind of point-to-point ECDSA (ECDSA).The invention further relates to a kind of sign test method based on the improved ECDSA.
Background technology
1st, ECDSA is theoretical introduces
Digitized of the digital signature corresponding to handwritten signature, data origin authentication can be provided, with data integrity and The characteristics of non-repudiation.ECDSA is exactly the elliptic curve version of digital signature.ECDSA idiographic flows It is as follows:
|input paramete group D=(q, FR, S, a, b, P, n, h), private key d, message m.
Output signature is to (r, s)
A, random selection k ∈ [1, n-1];
B computing kP=(x1, y1), afterwards x1It is converted into integer;
C, calculating r=x1Mod n, if r=0, then rebound step a;
D calculates e=H (m), wherein, H (x) is hash function;
E, calculating s=k-1(e+dr) mod n, if s=0, then rebound step a;
F, output signature are to (r, s).
So obtain this signature to other users just can by public key with signature determination is determine whether to (r, s) The signature of user.The idiographic flow of checking signature is as follows:
|input paramete group D=(q, FR, S, a, b, P, n, h), public key Q, message m are signed to (r, s).
A, determine r ∈ [1, n-1], s ∈ [1, n-1], otherwise sign test failure;
B, calculating e=H (m), wherein, H (x) is hash function
C, calculating w=s-1mod n;
D, calculating u1=ew mod n, u2=rw mod n;
E, calculating X=u1P+u2Q, if X is infinite point, signature failure;
F, X=(x1, y1) afterwards X1It is converted into integer;
If G, X1It is equal with r, then sign test success, otherwise sign test failure.
2nd, Mafia's problem
Alice has a meal in the dining room that one, the dining room of Bob Mafia possesses, and Carol is in the market one of Dave High-grade jeweler's shop of family does shopping, and Bob and Carol is mafioso, and they can be communicated by a cryptochannel, And Alice and Dave do not know this fraud.
After Alice has a meal in the dining room of Bob, preparation check and to Bob identify identity when, Bob notify Carol start this Field fraud, Carol are also bought gem to Dave and prepare to identify identity, so, when Alice carries out digital label to the bill of Bob After name, the digital signature of Alice is passed to Carol by Bob again, and Carol can just utilize the digital signature of Alice to carry out with Dave Transaction, furthermore, Alice have purchased gem to Mafia.
So if being improved to digital signature, and digital signature is introduced into ID (identity mark reality), then Mafia is just Alice cannot be pretended to be, because Alice is Alice and Bob in the signature that the dining room of Bob is carried out, and Carol is in the market of Dave The sig ID of needs is Carol and Dave.
The content of the invention
The technical problem to be solved in the present invention is to provide a kind of point-to-point ECDSA, can be effective Solve the problems, such as point-to-point signature;Ensure to realize in other node IDs relative to conventional elliptical curve signature method simultaneously Man-in-the-middle attack.
To solve above-mentioned technical problem, point-to-point ECDSA of the invention comprises the steps:
|input paramete group D=(IDA, IDB, q, FR, S, a, b, P, n, h), private key d, public key Q, message m, wherein, IDA, IDB It is the ID of both parties respectively;
Output signature is to (r, s);
Step (1), calculates t=Hash (IDA||IDB| | count) mod n, count=0x00000001, if t=0, So count++, recalculates t;
Step (2), random selection k ∈ [1, n-1];
Step (3), computing kP=(x1, y1), afterwards x1It is converted into integer;
Step (4), calculates r=x1Mod n, if r=0, then rebound step (2);
Step (5), calculates e=H (m), wherein, H (x) is hash function;
Step (6), calculates s=k-1T (e+dr) mod n, if s=0, then rebound step (2) obtains random number;
Step (7), output signature is to (r, s).
Based on the sign test method of above-mentioned improved ECDSA, comprise the steps:
|input paramete group D=(IDA, IDB, q, FR, S, a, b, P, n, h), message m is signed to (r, s), wherein, IDA, IDB It is the ID of both parties respectively;
Step (1), calculates t=Hash (IDA||IDB| | count) mod n, count=0x00000001, if t=0, So count++, recalculates t;
Step (2), determines r ∈ [1, n-1], s ∈ [1, n-1], otherwise sign test failure;
Step (3), calculates e=H (m), wherein, H (x) is hash function;
Step (4), calculates w=s-1mod n;
Step (5), calculates u1=tew mod n, u2=trw mod n;
Step (6), calculates X=u1P+u2Q, if X is infinite point, signature failure;
Step (7), X=(x1, y1), afterwards x1It is converted into integer;
Step (8), if x1It is equal with r, then sign test success, otherwise sign test failure.
In this case, because under different ID, t is different, it is assumed that when A is digitally signed to the bill of B, t =t1.C provides the t=t of digital signature to B2(t1≠t2), t=t during C sign tests2, so the digital signature (t=t of A1) being cannot By C sign tests.So go-between just cannot be checked to them using the money of A.
Compared with traditional ellipse curve signature, the present invention can solve the behavior that go-between pretends to be signature.If someone Signature must add the ID of both parties, if it is exactly impossible that other people want to pretend to be the signature of this person.From this point so that ECDSA signatures can not be falsely used again by other people.
Description of the drawings
The present invention is further detailed explanation with specific embodiment below in conjunction with the accompanying drawings:
Fig. 1 is improved ECDSA flow chart;
Fig. 2 is sign test flow chart corresponding with the improved ECDSA.
Specific embodiment
Fig. 1 illustrates the specific implementation details of the present invention there is provided below scheme.
USA National Institute of Standard and Technology (NIST) recommends 5 sets of parameters for the elliptic curve cipher of prime field.This Set of parameter therein is adopted in embodiment, it is specific as follows:
In finite field Fp, there is elliptic curve E, which is defined as follows:
E:y2=x3+ax2+b
Wherein:
P=0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFF FFFFFFFFFFFF;
A=0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFF FFFFFFFFFFFC;
B=0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce 3c3e27d2604b.
The coordinate of basic point P is,
[0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A139 45D898C296,
0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5]
The rank n of basic point is,
0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551。
Assume that private key d is
D=0x2CA1411A41B17B24CC8C3B089CFD033F1920202A6C0DE8ABB97D F1498D50D2C8.
Assume IDAFor 0x61626364
Assume IDBFor 0x65666768
Calculating t is
0x832F0D3EDF2E5CC121986AE425247B4379B47B3A1D83D5D171013910D8DE7E49。
Step one, random selection k ∈ [1, n-1];
K=0xA0640D4957F27D091AB1AEBC69949D96E5AC2BB283ED5284A567 4758B12F08DF.
Step 2, computing kP=(x1, y1);
The coordinate of kP is,
[0xD73CD3722BAE6CC0B39065BB4003D8ECE1EF2F7A8A55BFD677234B 0B3B902650,
0x7FB6E56C2A703DD7E7E9557EAD184588AB38066718EE4B808CD18DDD825D8866]。
Step 3, calculates r=x1Mod n, if r=0, then rebound step one;
R=0xD73CD3722BAE6CC0B39065BB4003D8ECEIEF2F7A8A55BFD67723 4B0B3B902650.
Step 4, calculates e=H (m), wherein, H (x) is hash function;
Assume that e is,
E=0x1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F680617 2EF5F94A06AD.
Step 5, calculates s=tk-1(e+dr)mod n;
S=0x3BC8BB9E6F20285CC8E6C3D478F238A22256DFA025B028AA11D4 DC642C77D0BC.
Step 6, output signature is to (r, s).
With reference to shown in Fig. 2, sign test example is as follows:
Step one, calculates e=H (m), wherein, H (x) is hash function.
E with signature as,
E=0x1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F680617 2EF5F94A06AD.
Step 2, calculates w=s-1mod n;
W=0x5D68908FF534F2C8F150412D11E9CF0A09FEAEDE0C3A727B4A05 6ADF9222C89C.
Step 3, calculates u1=tew mod n, u2=trw mod n;
u1=0x4230443019AF06D9B2BEB55EBEAEF17537567CB205F87CFD3C6F79 D5978837CC;
u2=0xD73CD3722BAE6CC0B39065BB4003D8ECE1EF2F7A8A55BFD677234B 0B3B902650.
Step 4, calculates X=u1P+u2Q, if X is infinite point, signature failure.
The coordinate of point X is,
[0xD73CD3722BAE6CC0B39065BB4003D8ECE1EF2F7A8A55BFD677234B 0B3B902650,
0x7FB6E56C2A703DD7E7E9557EAD184588AB38066718EE4B808CD18DDD825D8866]
Because the abscissa of X is equal with r, sign test success.
Above by embodiment, the present invention has been described in detail, but protection scope of the present invention be not limited to it is described Embodiment.Without departing from the principles of the present invention, those skilled in the art can also make many deformations and improvement, these Also should be regarded as protection scope of the present invention.

Claims (2)

1. a kind of point-to-point ECDSA, it is characterised in that comprise the steps:
|input paramete group D=(IDA, IDB, q, FR, S, a, b, P, n, h), private key d, public key Q, message m, wherein, IDA, IDBRespectively It is the ID of both parties;
Output signature is to (r, s);
Step (1), calculates t=Hash (IDA||IDB| | count) mod n, count=0x00000001, if t=0, then Count++, recalculates t;
Step (2), random selection k ∈ [1, n-1];
Step (3), computing kP=(x1, y1), afterwards x1It is converted into integer;
Step (4), calculates r=x1Mod n, if r=0, then rebound step (2);
Step (5), calculates e=H (m), wherein, H (x) is hash function;
Step (6), calculates s=k-1T (e+dr) mod n, if s=0, then rebound step (2) obtains random number;
Step (7), output signature is to (r, s).
2. a kind of sign test method based on algorithm described in claim 1, it is characterised in that comprise the steps:
|input paramete group D=(IDA, IDB, q, FR, S, a, b, P, n, h), message m is signed to (r, s), wherein, IDA, IDBRespectively It is the ID of both parties;
Step (1), calculates t=Hash (IDA||IDB| | count) mod n, count=0x00000001, if t=0, then Count++, recalculates t;
Step (2), determines r ∈ [1, n-1], s ∈ [1, n-1], otherwise sign test failure;
Step (3), calculates e=H (m), wherein, H (x) is hash function;
Step (4), calculates w=s-1mod n;
Step (5), calculates u1=tew mod n, u2=trw mod n;
Step (6), calculates X=u1P+u2Q, if X is infinite point, signature failure;
Step (7), X=(x1, y1), afterwards x1It is converted into integer;
Step (8), if x1It is equal with r, then sign test success, otherwise sign test failure.
CN201610991199.8A 2016-11-10 2016-11-10 Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same Pending CN106533682A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610991199.8A CN106533682A (en) 2016-11-10 2016-11-10 Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610991199.8A CN106533682A (en) 2016-11-10 2016-11-10 Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same

Publications (1)

Publication Number Publication Date
CN106533682A true CN106533682A (en) 2017-03-22

Family

ID=58350580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610991199.8A Pending CN106533682A (en) 2016-11-10 2016-11-10 Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same

Country Status (1)

Country Link
CN (1) CN106533682A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114465735A (en) * 2022-04-12 2022-05-10 北京象帝先计算技术有限公司 Signature checking system, electronic device, electronic equipment and signature checking method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101441693B (en) * 2008-11-25 2010-09-01 西安理工大学 Security protection method for electric document digital signing based on elliptical curve
CN103532721A (en) * 2013-10-23 2014-01-22 北京旋极信息技术股份有限公司 Digital signature method, signature verification method, and method of distinguishing transaction signature and common signature
CN105610583A (en) * 2014-11-04 2016-05-25 上海华虹集成电路有限责任公司 ECDSA method for resisting error curve attack

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101441693B (en) * 2008-11-25 2010-09-01 西安理工大学 Security protection method for electric document digital signing based on elliptical curve
CN103532721A (en) * 2013-10-23 2014-01-22 北京旋极信息技术股份有限公司 Digital signature method, signature verification method, and method of distinguishing transaction signature and common signature
CN105610583A (en) * 2014-11-04 2016-05-25 上海华虹集成电路有限责任公司 ECDSA method for resisting error curve attack

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114465735A (en) * 2022-04-12 2022-05-10 北京象帝先计算技术有限公司 Signature checking system, electronic device, electronic equipment and signature checking method
CN114465735B (en) * 2022-04-12 2022-06-17 北京象帝先计算技术有限公司 Signature checking system, electronic device, electronic equipment and signature checking method

Similar Documents

Publication Publication Date Title
CN110473105B (en) Block chain transaction settlement method, system and related equipment
JP6903064B2 (en) Data transfer control method and system based on integrated blockchain
CN109167661B (en) Byzantine fault-tolerant consensus method applied to alliance chain and terminal
US11341487B2 (en) System and method for information protection
US8452974B2 (en) Image processing apparatus, electronic signature generation system, electronic signature key generation method, image processing method, and program
JP2009526411A5 (en)
US10887104B1 (en) Methods and systems for cryptographically secured decentralized testing
CN114329527A (en) Intersection data acquisition method, equipment and system
CN113411188B (en) Electronic contract signing method, electronic contract signing device, storage medium and computer equipment
CN106899413B (en) Digital signature verification method and system
CN110289951B (en) Shared content supervision method based on threshold key sharing and block chain
US11409907B2 (en) Methods and systems for cryptographically secured decentralized testing
CN101441693B (en) Security protection method for electric document digital signing based on elliptical curve
CN112436938B (en) Digital signature generation method and device and server
CN116566626B (en) Ring signature method and apparatus
CN115396115B (en) Block chain data privacy protection method, device, equipment and readable storage medium
CN106856431A (en) Improved ECDSA and sign test method
WO2022116176A1 (en) Method and device for generating digital signature, and server
CN106533682A (en) Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same
CN113645036A (en) Ether shop transaction privacy protection method based on ring signature and intelligent contract
CN110474773A (en) Electronic Signature generation and verification method and electronic device with digital watermarking
CN107733645A (en) Coded communication authentication method and system
CN109327475B (en) Multi-layer identity authentication method, device, equipment and storage medium
CN114611152B (en) Query method and query system
Wu et al. Cryptanalysis of an identity-based public auditing protocol for cloud storage

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170322

RJ01 Rejection of invention patent application after publication