CN107342855A - Endorsement method based on SM2 algorithms - Google Patents

Endorsement method based on SM2 algorithms Download PDF

Info

Publication number
CN107342855A
CN107342855A CN201710447438.8A CN201710447438A CN107342855A CN 107342855 A CN107342855 A CN 107342855A CN 201710447438 A CN201710447438 A CN 201710447438A CN 107342855 A CN107342855 A CN 107342855A
Authority
CN
China
Prior art keywords
client
service end
key
random
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710447438.8A
Other languages
Chinese (zh)
Other versions
CN107342855B (en
Inventor
王永起
王珂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongzhi Weiye Software Co.,Ltd.
Original Assignee
Albert Shandong Software Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Albert Shandong Software Ltd By Share Ltd filed Critical Albert Shandong Software Ltd By Share Ltd
Priority to CN201710447438.8A priority Critical patent/CN107342855B/en
Publication of CN107342855A publication Critical patent/CN107342855A/en
Application granted granted Critical
Publication of CN107342855B publication Critical patent/CN107342855B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Abstract

Endorsement method of the invention based on SM2 algorithms comprises the following steps:S1, client and service end generate random sub-key a and b using limitation power mode, calculate a, b inverse element interaction process, form constant v, calculate output public key P.S2, client generate e, while random generation DH interaction k11 according to original text M to be signed, and e and k11 are transmitted to service end.S3, service end generate DH interactions k22 and sent to client, client and service end at random consults temporary key k, and then by client generating portion signature Q2.S4, client, which transmit Q2 to service end, server synchronization, calculates r and s, final output signature value [r, s].Present invention, avoiding private key it is excessive cause signature overflow risk, and further simplify algorithm, lifted operation efficiency.

Description

Endorsement method based on SM2 algorithms
Technical field
The present invention relates to a kind of endorsement method based on SM2 algorithms.
Background technology
Digital signature is to form electronic cipher by certain crypto-operation generation series of sign and code to be signed, and is come Instead of writing signature or seal, technical identification can be also carried out for the signature of this electronic type, its degree of accuracy verified is general The checking of manual signature and seal and it is incomparable.Digital signature be in current ecommerce, E-Government using it is most universal, A kind of electric endorsement method that technology is most ripe, operability is most strong.
In order to improve the security of digital signature, signature algorithm gradually towards interaction less, reduce configured transmission quantity direction Development, and gradually step up the treatment effeciency of algorithm.
Application publication number be CN104243456A Chinese invention patent disclose it is a kind of " be applied to cloud computing based on The signature and decryption method and system of SM2 algorithms ", it can store part private key respectively in communicating pair, and two sides combine could be right Message such as is signed or decrypted at the operation, and communicating pair can not get any information of other side's private key, therefore attacker exists In the case of invading the side of any of which one, ciphertext all can not be forged a signature or decrypt, so as to improve the private in cloud computing environment The security of key;Moreover, during signature process and decryption, interaction that communicating pair only needs to carry out also simplify a lot, from And it disclosure satisfy that low latency in cloud computing environment, the application demand interacted less.But first communication party and second communication party produce Sub- private key of the length between [1, n-1], its product are likely larger than n, and private key can be more than n-2 in actual operation, cause private key It is excessive to cause signature to overflow risk.Moreover, calculating process is relatively cumbersome, it is necessary to which extra condition is entered in calculating process of signing Row processing, in signature process is exported, it is also desirable to which multiple network interaction calculates, and reduces operation efficiency.
The content of the invention
Cause signature to overflow risk in order to avoid private key is excessive, and further simplify algorithm, lift operation efficiency, the present invention A kind of endorsement method based on SM2 algorithms is provided.
The present invention proposes following technical scheme:A kind of endorsement method based on SM2 algorithms, it comprises the following steps:
Step a:Key generates,
Client shares SM2 elliptic curve parameter E (Fq), G, n, Z with service end, and elliptic curve E is to be defined on Elliptic curve on confinement Fq, G are the basic point of n ranks on elliptic curve E, and Z is the shared identity of both sides;
Client generates the sub-key a of itself, and service end generates the sub-key b of itself, client and service end interaction life Into public key P;
Step b:Signature computing;
Characterized in that,
In the step a, client generates random sub-key a and b with service end using limitation power mode, makes son close Key a and b product are less than n-2;A, b inverse element interaction process are calculated, forms constant v, calculates output public key P;
The signature computing of the step b comprises the following steps:
Step b1:Client generates e, while random generation DH interaction k11 according to original text M to be signed, by e and k11 transmit to Service end;
Step b2:Service end generates DH interactions k22 and sent to client, client and service end at random consults temporary key K, and then by client generating portion signature Q2;
Step b3:Q2 is transmitted to service end, server synchronization and is calculated r and s, final output signature value [r, s] by client.
Further, in the step a, use limitation power mode generate random sub-key a and b method for:Client The SM2 elliptic curves parameter that end is shared with service end also includes c and T, c=log2 n, and c round numbers;T=2q(c/2), wherein Q functions are round numbers function;
The sub-key a for making to generate at random is between [1, T], and sub-key b is between [1, T];
A, b inverse element interaction process are calculated, forms constant v, the method for calculating output public key P is:Client calculates a inverse element a-1It is V1 that mod n, which obtain its value,;It is P1 to calculate a [*] G and obtain its value;V1 and P1 are sent to service end;Service end calculates b's Inverse element b-1It is V2 that mod n, which obtain its value, and the result for calculating (V1*V2) mod n is designated as v;Calculate public key information P=P1 [*] b [-] G。
Further, the step b1 includes:Z and M are assembled into M ' by client, are calculated HASH (M '), are obtained its result For e;
Client generates random number k 1 at random so that k1 calculates 2 between [1, n]k1Mod n are as k11.
Further, the step b2 includes:
Service end generates random number k 2 at random so that k2 calculates 2 between [1, n]k2Mod n are as k22, service end K22 is sent to client;
Now client utilizes k22k1Mod n and service end utilize k11k2Mod n are calculated, and can obtain identical It is worth for k;
In client, point D (x, y)=k [*] G, calculating (e+x) the mod n calculated on elliptic curve obtains r, if r is for 0 Or r+k is equal to n and then needs to renegotiate generation k, calculates Q2=a*r, and Q2 is sent to service end.
Further, the step b3 includes:
After service end receives Q2, by same calculation formula, D (x, y)=k [*] G, calculating (e+x) mod n are obtained R, [v* (k-Q2*b+r)] mod n, you can obtain signature value s;Need to regenerate k if s is equal to 0 and carry out signature computing;Fortune [r, s] is exported as final signature value after calculation.
Beneficial effect:
1st, by way of limiting power so that each sub-key product is not more than n-2, after ensureing sub-key synthesis Final key be less than n-2, evaded private key it is excessive cause signature overflow risk.
2nd, high in the clouds is calculated the partial information synthesized in signature value by way of precomputation in advance, convenient follow-up synthesis Substitute into, lift treatment effeciency.Realize concurrent operation.In signature process, after the calculating that k is completed by interaction, both sides can be same Shi Jinhang concurrent operations calculate r values, without the network interaction for carrying out r values again.
3rd, signature process is interacted using DH, and provisional parameter k is generated for both sides, is reducing the situation of configured transmission quantity Under, only transmission is big counts product, it is not easy to which be cracked reduction sub-key.
4th, quantitative storage, utilization space get the time.During final s signature outputs, directly employ and generating The v values exported during key pair, it is not repeated to calculate (V1*V2) mod n, lifts operation efficiency.
Brief description of the drawings
Fig. 1 is flow chart of the method for the present invention.
Embodiment
As shown in figure 1, the substantially flow of this method is:S1, client and service end are generated using limitation power mode Random sub-key a and b, calculate a, b inverse element interaction process, form constant v, calculate output public key P.S2, client are according to waiting to sign Original text M generates e, while random generation DH interaction k11, and e and k11 are transmitted to service end.S3, service end generate DH interactions at random K22, which is sent to client, client and service end, consults temporary key k, and then by client generating portion signature Q2.S4, visitor Q2 is transmitted to service end, server synchronization and calculates r and s, final output signature value [r, s] in family end.
The idiographic flow of this method is elaborated below:This method mainly includes key generation and computing two of signing Process.
1st, key generation process
Client shares SM2 elliptic curve parameter E (Fq), G, n, c, Z, T with service end, and elliptic curve E is definition Elliptic curve on finite field Fq, G be elliptic curve E on n ranks basic point, c=log2 n, and c round numbers;T=2q(c/2), its Middle q functions are round numbers function, and Z is the common identity of both sides.
Client generation random number a so that a is between [1, T], the sub-key as client.
Service end generation random number b so that b is between [1, T], the sub-key as service end.
Client calculates a inverse element a-1It is V1 that mod n, which obtain its value,;A [*] G is calculated, it is P1 to obtain its value.By V1 and P1 Send to service end;Service end calculates b inverse element b-1Mod n, it is V2 to obtain its value, and its result of calculating (V1*V2) mod n is designated as v;Public key information P=P1 [*] b [-] G is calculated, wherein [*] calculates for elliptic curve dot product, [-] subtracts calculating for elliptic curve point.
The above-mentioned generation and distribution for completing key, client child key is a, and service terminals key is b, and contains public affairs Key P and keyword v.
2nd, the process of signature computing
Z and M are assembled into M ' by client, calculate HASH (M '), it is e to obtain its result, and HASH is expressed as predetermined Hash Function.
Client generates random number k 1 at random so that k1 calculates 2 between [1, n]k1Mod n are as k11.
Client sends e and k11 to service end.
Service end generates random number k 2 at random so that k2 calculates 2 between [1, n]k2Mod n are as k22.
Service end sends k22 to client.
Now client utilizes k22k1Mod n and service end utilize k11k2Mod n are calculated, and can obtain identical It is worth for k.
In client, point D (x, y)=k [*] G, calculating (e+x) the mod n calculated on elliptic curve obtains r, if r is for 0 Or r+k is equal to n and then needs to renegotiate generation k, calculates Q2=a*r, and Q2 is sent to service end.Wherein [*] represents curve On dot product (similarly hereinafter).
After service end receives Q2, by same calculation formula, D (x, y)=k [*] G, calculating (e+x) mod n are obtained R, [v* (k-Q2*b+r)] mod n, you can obtain signature value s.Need to regenerate k if s is equal to 0 and carry out signature computing.Fortune [r, s] is exported as final signature value after calculation.

Claims (5)

1. a kind of endorsement method based on SM2 algorithms, it comprises the following steps:
Step a:Key generates,
Client shares SM2 elliptic curve parameter E (Fq), G, n, Z with service end, and elliptic curve E is to be defined on finite field Elliptic curve on Fq, G are the basic point of n ranks on elliptic curve E, and Z is the shared identity of both sides;
Client generates the sub-key a of itself, and service end generates the sub-key b of itself, and client and service end interaction generation are public Key P;
Step b:Signature computing;
Characterized in that,
In the step a, client generates random sub-key a and b with service end using limitation power mode, makes sub-key a It is less than n-2 with b product;A, b inverse element interaction process are calculated, forms constant v, calculates output public key P;
The signature computing of the step b comprises the following steps:
Step b1:Client generates e, while random generation DH interaction k11 according to original text M to be signed, and e and k11 are transmitted to service End;
Step b2:Service end generates DH interactions k22 and sent to client, client and service end at random consults temporary key k, enters And by client generating portion signature Q2;
Step b3:Q2 is transmitted to service end, server synchronization and is calculated r and s, final output signature value [r, s] by client.
2. the endorsement method as claimed in claim 1 based on SM2 algorithms, it is characterised in that
In the step a, use limitation power mode generate random sub-key a and b method for:Client is shared with service end SM2 elliptic curves parameter also include c and T, c=log2 n, and c round numbers;T=2q(c/2), wherein q functions are round numbers Function;
The sub-key a for making to generate at random is between [1, T], and sub-key b is between [1, T];
A, b inverse element interaction process are calculated, forms constant v, the method for calculating output public key P is:Client calculates a inverse element a- 1It is V1 that modn, which obtains its value,;It is P1 to calculate a [*] G and obtain its value;V1 and P1 are sent to service end;Service end calculates the inverse of b First b-1It is V2 that mod n, which obtain its value, and the result for calculating (V1*V2) modn is designated as v;Calculate public key information P=P1 [*] b [-] G.
3. the endorsement method as claimed in claim 1 based on SM2 algorithms, it is characterised in that the step b1 includes:Client Z and M are assembled into M ', calculate HASH (M '), it is e to obtain its result;
Client generates random number k 1 at random so that k1 calculates 2 between [1, n]k1Mod n are as k11.
4. the endorsement method as claimed in claim 1 based on SM2 algorithms, it is characterised in that the step b2 includes:
Service end generates random number k 2 at random so that k2 calculates 2 between [1, n]k2Mod n are as k22, and service end is by k22 Send to client;
Now client utilizes k22k1Modn and service end utilize k11k2Modn is calculated, and can obtain identical value is k;
In client, point D (x, y)=k [*] G, calculating (e+x) modn calculated on elliptic curve obtains r, if r is for 0 or r+k Then need to renegotiate generation k equal to n, calculate Q2=a*r, and Q2 is sent to service end.
5. the endorsement method as claimed in claim 1 based on SM2 algorithms, it is characterised in that the step b3 includes:
After service end receives Q2, by same calculation formula, D (x, y)=k [*] G, calculating (e+x) modn obtain r, [v* (k-Q2*b+r)] mod n, you can obtain signature value s;Need to regenerate k if s is equal to 0 and carry out signature computing;Will after computing [r, s] exports as final signature value.
CN201710447438.8A 2017-06-14 2017-06-14 Signature method based on SM2 algorithm Active CN107342855B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710447438.8A CN107342855B (en) 2017-06-14 2017-06-14 Signature method based on SM2 algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710447438.8A CN107342855B (en) 2017-06-14 2017-06-14 Signature method based on SM2 algorithm

Publications (2)

Publication Number Publication Date
CN107342855A true CN107342855A (en) 2017-11-10
CN107342855B CN107342855B (en) 2021-02-09

Family

ID=60220778

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710447438.8A Active CN107342855B (en) 2017-06-14 2017-06-14 Signature method based on SM2 algorithm

Country Status (1)

Country Link
CN (1) CN107342855B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450640A (en) * 2018-10-24 2019-03-08 成都卫士通信息产业股份有限公司 Two side's endorsement methods and system based on SM2
CN109936455A (en) * 2017-12-19 2019-06-25 航天信息股份有限公司 A kind of methods, devices and systems of digital signature

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109936455A (en) * 2017-12-19 2019-06-25 航天信息股份有限公司 A kind of methods, devices and systems of digital signature
CN109936455B (en) * 2017-12-19 2022-06-07 航天信息股份有限公司 Digital signature method, device and system
CN109450640A (en) * 2018-10-24 2019-03-08 成都卫士通信息产业股份有限公司 Two side's endorsement methods and system based on SM2
CN109450640B (en) * 2018-10-24 2022-05-17 成都卫士通信息产业股份有限公司 SM 2-based two-party signature method and system

Also Published As

Publication number Publication date
CN107342855B (en) 2021-02-09

Similar Documents

Publication Publication Date Title
CN104243456B (en) Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system
US9172529B2 (en) Hybrid encryption schemes
CA2806357C (en) Authenticated encryption for digital signatures with message recovery
CN109450640B (en) SM 2-based two-party signature method and system
US20120096273A1 (en) Authenticated encryption for digital signatures with message recovery
CN108989047A (en) A kind of communicating pair collaboration endorsement method and system based on SM2 algorithm
CN110505062B (en) Dynamic elliptic curve encryption method applied to alliance chain
CN109743166B (en) Multiparty signature generation method and security information verification system
CN109995509B (en) Authentication key exchange method based on message recovery signature
US11368312B2 (en) Signature generation and verification system
CN113742670B (en) Multiparty collaborative decryption method and device
CA2669472A1 (en) Compressed ecdsa signatures
CN107342855A (en) Endorsement method based on SM2 algorithms
CN110932855A (en) Quantum key distribution method based on block chain
CN110086630A (en) Generation method based on Margaret Edwards Curve Digital Signature
CN112468284A (en) SHE-based secure outsourcing method
Shijin et al. Security analysis and improvement of hybrid signcryption scheme based on heterogeneous system
EP2571192A1 (en) Hybrid encryption schemes
CN110943826B (en) Split key signature method and system based on SM2 algorithm
Luo et al. Certificateless Hybrid Signcryption Scheme with Known Session-Specific Temporary Information Security.
CN116743505B (en) Safety transmission encryption method based on national secret
Meng et al. Research on Fast Encryption Method for Smart Energy Management System in Smart Gird
CN105207969A (en) Lightweight stream encryption method for Internet of Things in low-consumption environment
CN113315636B (en) Key exchange method for secure communication between automobile ECUs
CN113904777B (en) SM2 digital signature algorithm-based signcryption method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 250101 room 2301, 6 tower, Shun Tai Plaza, 2000 Shun Hua Road, hi tech Zone, Ji'nan, Shandong.

Patentee after: Tongzhi Weiye Software Co.,Ltd.

Address before: 250101 room 2301, 6 tower, Shun Tai Plaza, 2000 Shun Hua Road, hi tech Zone, Ji'nan, Shandong.

Patentee before: SHANDONG TONGZHI WEIYE SOFTWARE Co.,Ltd.

CP01 Change in the name or title of a patent holder