CN106856431A - Improved ECDSA and sign test method - Google Patents

Improved ECDSA and sign test method Download PDF

Info

Publication number
CN106856431A
CN106856431A CN201510901744.5A CN201510901744A CN106856431A CN 106856431 A CN106856431 A CN 106856431A CN 201510901744 A CN201510901744 A CN 201510901744A CN 106856431 A CN106856431 A CN 106856431A
Authority
CN
China
Prior art keywords
calculates
sign test
trusted
mod
party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510901744.5A
Other languages
Chinese (zh)
Inventor
张宇
马博
吴江源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Huahong Integrated Circuit Co Ltd
Original Assignee
Shanghai Huahong Integrated Circuit Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Huahong Integrated Circuit Co Ltd filed Critical Shanghai Huahong Integrated Circuit Co Ltd
Priority to CN201510901744.5A priority Critical patent/CN106856431A/en
Publication of CN106856431A publication Critical patent/CN106856431A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of improved ECDSA, before identity is identified, signer and sign test direction trusted third party obtain nonce t, step (1), random selection k ∈ [1, n-1];Step (2), computing kP=(x1, y1), afterwards x1It is converted into integer;Step (3), calculates r=x1Mod n, if r=0, then rebound step (1) and obtain nonce t to trusted third party;Step (4), calculates e=H (m), wherein, H (x) is hash function;Step (5), calculates s=k-1T (e+dr) mod n, if s=0, then rebound step (1) and obtain nonce t to trusted third party;Step (6), output signature is to (r, s).The invention also discloses a kind of sign test method based on the improved ECDSA.The present invention can effectively solve the behavior that go-between pretends to be signature.

Description

Improved ECDSA and sign test method
Technical field
The present invention relates to information security field, more particularly to a kind of improved ECDSA (ECDSA).The invention further relates to a kind of sign test method based on the improved ECDSA.
Background technology
1st, ECDSA is theoretical introduces
Digital signature corresponds to the digitlization of handwritten signature, data origin authentication can be provided, with data integrity and The characteristics of non-repudiation.ECDSA is exactly the elliptic curve version of digital signature.ECDSA idiographic flows It is as follows:
|input paramete group D=(q, FR, S, a, b, P, n, h), private key d, message m.
Output signature is right(R, s).
A, random selection k ∈ [1, n-1];
B, computing kP=(x1, y1), afterwards x1It is converted into integer;
C, calculating r=x1Mod n, if r=0, then rebound step a;
D, calculating e=H (m), wherein, H(X) it is hash function;
E, calculating s=k-1(e+dr) mod n, if s=0, then rebound step a;
F, output signature are to (r, s).
So obtain this signature to other users just can by public key with signature determination is determine whether to (r, s) The signature of user.Verify that the idiographic flow of signature is as follows:
|input paramete group D=(q, FR, S, a, b, P, n, h), public key Q, message m is signed to (r, s).
A, determine r ∈ [1, n-1], s ∈ [1, n-1], otherwise sign test failure;
B, calculating e=H (m), wherein, J(X) it is hash function;
C, calculating w=s-1mod n;
D, calculating u1=ew mod n, u2=rw mod n;
E, calculating X=u1P+u2Q, if X is infinite point, signature failure;
F, X=(x:, afterwards being converted into integer;
If G, with it is equal, sign test success, otherwise sign test failure.
2nd, Mafia's fraud
Alice is in the dining room of Bob --- and the dining room that Mafia possesses is had a meal, and Carol is in the market of Dave --- and one High-grade jeweler's shop of family is done shopping, and Bob and Carol is mafioso, and they can be communicated by a cryptochannel, And Al ice and Dave do not know this fraud.
After Alice has a meal in the dining room of Bob, when preparation is checked and identifies identity to Bob, Bob notifies that Carol starts this Field fraud, Carol also buys jewel and prepares to identify identity to Dave, so, when Alice carries out digital label to the bill of Bob After name, the digital signature of Alice is transmitted to Carol by Bob again, and Carol can just be carried out using the digital signature of Alice with Dave Transaction, furthermore, Alice have purchased jewel to Mafia.
So if being improved to digital signature, and digital signature is introduced into time parameter, then when Alice is to Bob Bill be digitally signed after, the digital signature of Alice is transmitted to Carol by Bob again, and the digital signature of Alice has just been lost Imitate, so Mafia also cannot just implement fraud.
Former ECDSA signature can be what is be recycled, and when introduced between after the factor, ECDSA signatures just cannot be by him People reuses.
The content of the invention
The technical problem to be solved in the present invention is to provide a kind of improved ECDSA, can effectively solve Certainly go-between pretends to be the row of signature;Therefore, the present invention also provides one kind being calculated based on the improved digital signature of elliptic curve The sign test method of method.
In order to solve the above technical problems, improved ECDSA of the invention, comprises the following steps:
Before identity is identified, signer and sign test direction trusted third party obtain nonce t (t < n), wherein, n is The rank of elliptic curve, the idiographic flow of that signature is as follows:
|input paramete group D=(q, FR, S, a, b, P, n, h), private key d, public key Q, message m, nonce t;
Step (1), random selection k ∈ [1, n-1];
Step (2), computing kP=(x1, y1), afterwards x1It is converted into integer;
Step (3), calculates r=x1Mod n, if r=0, then rebound step (1) and when being obtained to trusted third party Between random number t;
Step (4), calculates e=H (m), wherein, H (x) is hash function;
Step (5), calculates s=k-1T (e+dr) mod n, if s=0, then rebound step (1) and to the credible 3rd Side obtains nonce t;
Step (6), output signature is to (r, s).
Based on the sign test method of above-mentioned improved ECDSA, comprise the following steps:Identifying identity Before, signer and sign test direction trusted third party obtain nonce t;
|input paramete group D=(q, FR, S, a, b, P, n, h), nonce t, message m is signed to (r, s);
Step (I), determines r ∈ [1, n-1], s ∈ [1, n-1], otherwise sign test failure;
Step (II), calculates e=H (m), wherein, H (x) is hash function;
Step (III), calculates W=s-1mod n;
Step (IV), calculates u1=tew mod n, u2=trw mod n;
Step (V), calculates X=u1P+u2Q, if X is infinite point, signature failure;
Step (VI), X=(x1, y1), afterwards x1It is converted into integer;
Step (VII), if x1It is equal with r, then sign test success, otherwise sign test failure.
In this case, because under different time, t is different, it is assumed that Alice carries out numeral to the bill of Bob During signature, t=t1.The cost time is needed because the digital signature of Alice is transmitted to Carol by Bob, Carol provides number to Dave The nonce t=t of word signature2(t1≠t2), the nonce t=t of Dave sign tests2, so the digital signature of Alice (t=t1) being cannot be by Dave sign test.So Mafia cannot just be checked using the money of Alice to them.
Compared with traditional ellipse curve signature, the present invention can solve the behavior that go-between pretends to be signature.If someone Signature only in special time effectively, if it is exactly impossible that other people want to pretend to be the signature of this person.From this point, first by can Letter third party provides a random number for changing over time, and the ECDSA of signer can change according to this random number so that ECDSA signatures can not again be falsely used by other people.
Brief description of the drawings
The present invention is further detailed explanation with specific embodiment below in conjunction with the accompanying drawings:
Fig. 1 is improved ECDSA flow chart;
Fig. 2 is sign test flow chart corresponding with the improved ECDSA.
Specific embodiment
Fig. 1 illustrates specific implementation details of the invention there is provided below scheme.
USA National Institute of Standard and Technology (NIST) recommends 5 sets of parameters for the elliptic curve cipher of prime field.This Set of parameter therein is used in embodiment, it is specific as follows:
In finite field FPIn, there is elliptic curve E, it is defined as follows:
E:y2=x3+ ax2+ b
Wherein:
P=0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFF FFFFFFFFFFFF;
A=0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFF FFFFFFFFFFFC;
B=0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce 3c3e27d2604b.
The coordinate of basic point P is,
[0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296,
0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5]
The rank n of basic point is,
0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551。
Assuming that private key d is,
D=0x2CA1411A41B17B24CC8C3B089CFD033F1920202A6C0DE8ABB97D F1498D50D2C8.
Nonce t is,
0xDE1D6C79DE7DF80410C86E073DB2B80828DB2AB5E3D285BE740CD478478F6CE9。
Step one, random selection k ∈ [1, n-1];
K=0xA0640D4957F27D091AB1AEBC69949D96E5AC2BB283ED5284A567 4758B12F08DF.
Step 2, computing kP=(x1, y1);
The coordinate of kP is,
[0xD73CD3722BAE6CC0B39065BB4003D8ECE1EF2F7A8A55BFD677234B 0B3B902650, 0x7FB6E56C2A703DD7E7E9557EAD184588AB38066718EE4B808CD18DDD825D8866]。
Step 3, calculates r=x1Mod n, if r=0, then rebound step one;
R=0xD73CD3722BAE6CC0B39065BB4003D8ECE1EF2F7A8A55BFD67723 4B0B3B902650.
Step 4, calculates e=H (m), wherein, H (x) is hash function;
Assuming that e is,
E=0x1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F680617 2EF5F94A06AD.
Step 5, calculates s=tk-1(e+dr) mod n;
S=0xFAE726AC808D31657D76DD694DE947685BCCEFCF478D902C4DB2 EFB19DA9CF.
Step 6, output signature is to (r, s).
With reference to shown in Fig. 2, sign test example is as follows:
Step one, calculates e=H (m), wherein, H (x) is hash function.
E with signature as,
E=0x1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F680617 2EF5F94A06AD.
Step 2, calculates w=s-1Inodn;
W=0x9726409CCE9F14FDD743617455CAD733C52157D5ECED55CD3A1C 6F3BA87C0713.
Step 3, calculates ul=tew mod n, u2=trw mod n;
u1=0x4230443019AF06D9B2BEB55EBEAEF17537567CB205F87CFD3C6F79 D5978837CC;
u2=0xE31FA66A651BD372F13FA47FB48F04D8F2EAC254287E1DAA01E901 F50C30703B.
Step 4, calculates X=u1P+u2Q, if X is infinite point, signature failure.
The coordinate of point X is,
[0xD73CD3722BAE6CC0B39065BB4003D8ECE1EF2F7A8A55BFD677234B 0B3B902650, 0x7FB6E56C2A703DD7E7E9557EAD184588AB38066718EE4B808CD18DDD825D8866]
Because the abscissa of X is equal with r, sign test success.
Above by embodiment, the present invention has been described in detail, but protection scope of the present invention be not limited to it is described Embodiment.Without departing from the principles of the present invention, those skilled in the art can also make many deformations and improvement, these Also should be regarded as protection scope of the present invention.

Claims (4)

1. a kind of improved ECDSA, it is characterised in that comprise the following steps:
Before identity is identified, signer and sign test direction trusted third party obtain nonce t, t < n;Wherein, n is ellipse Order of a curve;
|input paramete group D=(q, FR, S, a, b, P, n, h), private key d, public key Q, message m, nonce t;
Step (1), random selection k ∈ [1, n-1];
Step (2), computing kP=(x1, y1), afterwards x1It is converted into integer;
Step (3), calculates r=x1Mod n, if r=0, then rebound step (1) and to trusted third party obtain the time with Machine number t;
Step (4), calculates e=H (m), wherein, H (x) is hash function;
Step (5), calculates s=k-1T (e+dr) mod n, if s=0, then rebound step (1) and obtained to trusted third party Take nonce t;
Step (6), output signature is to (r, s).
2. algorithm as claimed in claim 1, it is characterised in that:The value of t is that trusted third party is preparing signature card in step (5) The random value that bright identity is given, the random value can be changed over time and changed.
3. a kind of sign test method based on algorithm described in claim 1 or 2, it is characterised in that comprise the following steps:Identifying body Before part, signer and sign test direction trusted third party obtain nonce t;
|input paramete group D=(q, FR, S, a, b, P, n, h), nonce t, message m is signed to (r, s);
Step (I), determines r ∈ [1, n-1], s ∈ [1, n-1], otherwise sign test failure;
Step (II), calculates e=H (m), wherein, H (x) is hash function;
Step (III), calculates w=s-1mod n;
Step (IV), calculates u1=tew mod n, u2=trw mod n;
Step (V), calculates X=u1P+u2Q, if X is infinite point, signature failure;
Step (VI), X=(x1, y1), afterwards x1It is converted into integer;
Step (VII), if x1It is equal with r, then sign test success, otherwise sign test failure.
4. method as claimed in claim 3, it is characterised in that:The value of t is that trusted third party is preparing to sign in step (IV) The random value that identity is given is proved, the random value can be changed over time and changed.
CN201510901744.5A 2015-12-09 2015-12-09 Improved ECDSA and sign test method Pending CN106856431A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510901744.5A CN106856431A (en) 2015-12-09 2015-12-09 Improved ECDSA and sign test method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510901744.5A CN106856431A (en) 2015-12-09 2015-12-09 Improved ECDSA and sign test method

Publications (1)

Publication Number Publication Date
CN106856431A true CN106856431A (en) 2017-06-16

Family

ID=59132185

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510901744.5A Pending CN106856431A (en) 2015-12-09 2015-12-09 Improved ECDSA and sign test method

Country Status (1)

Country Link
CN (1) CN106856431A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005039A (en) * 2018-08-30 2018-12-14 天津通卡智能网络科技股份有限公司 A method of accelerating ecdsa sign test in embedded device end
CN109150544A (en) * 2018-08-30 2019-01-04 天津通卡智能网络科技股份有限公司 A method of accelerating sm2 sign test in embedded device end
CN113114466A (en) * 2021-03-23 2021-07-13 武汉珈港科技有限公司 Parallel signature checking method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103427997A (en) * 2013-08-16 2013-12-04 西安西电捷通无线网络通信股份有限公司 Method and device for generating digital signature
CN103475473A (en) * 2013-08-26 2013-12-25 广东数字证书认证中心有限公司 Digital signature method, digital signature equipment, password operation method in digital signature, and server

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103427997A (en) * 2013-08-16 2013-12-04 西安西电捷通无线网络通信股份有限公司 Method and device for generating digital signature
CN103475473A (en) * 2013-08-26 2013-12-25 广东数字证书认证中心有限公司 Digital signature method, digital signature equipment, password operation method in digital signature, and server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张宇: "基于ECDSA的故障攻击研究", 《西安电子科技大学硕士学位论文》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005039A (en) * 2018-08-30 2018-12-14 天津通卡智能网络科技股份有限公司 A method of accelerating ecdsa sign test in embedded device end
CN109150544A (en) * 2018-08-30 2019-01-04 天津通卡智能网络科技股份有限公司 A method of accelerating sm2 sign test in embedded device end
CN113114466A (en) * 2021-03-23 2021-07-13 武汉珈港科技有限公司 Parallel signature checking method
CN113114466B (en) * 2021-03-23 2023-09-29 武汉珈港科技有限公司 Parallel signature verification method

Similar Documents

Publication Publication Date Title
CN110473105B (en) Block chain transaction settlement method, system and related equipment
JP6903064B2 (en) Data transfer control method and system based on integrated blockchain
KR102050129B1 (en) Block chain supporting multiple one-way functions used for verification of blocks
US11017036B2 (en) Publicly verifiable proofs of space
CN107171794A (en) A kind of electronic document based on block chain and intelligent contract signs method
CN110503434B (en) Data verification method, device, equipment and storage medium based on Hash algorithm
CN111125736A (en) Pathogenic gene detection method based on privacy protection intersection calculation protocol
CN109818730B (en) Blind signature acquisition method and device and server
GB2520446A (en) Quorum based data processing
US9027103B2 (en) Method and system for securely accessing to protected resource
CN106685651A (en) Method for creating digital signatures by cooperation of client and server
CN113411188B (en) Electronic contract signing method, electronic contract signing device, storage medium and computer equipment
CN110264172B (en) Transaction processing method and device based on blockchain
CN110363509A (en) A kind of information protecting method and device
CN113988857A (en) NFT transaction method, transaction system, computer-readable storage medium and terminal device
CN106856431A (en) Improved ECDSA and sign test method
WO2020192236A1 (en) Blind signature-based transaction method and device
CN111859030A (en) Public auditing method supporting composite data
US20200099521A1 (en) Trusted ring
WO2011144247A1 (en) Digital signature method and apparatus
CN113645036A (en) Ether shop transaction privacy protection method based on ring signature and intelligent contract
CN106570423A (en) Data tamper-proofing method and system
CN111768199A (en) Digital currency transaction method and local wallet system
CN107659411B (en) Method and system for tracking user signature by condition in encrypted currency
CN106685648B (en) A kind of distributed signature method and system based on elliptic curve

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170616

RJ01 Rejection of invention patent application after publication