CN109246129A - A kind of SM2 collaboration endorsement method and system can verify that client identity - Google Patents

A kind of SM2 collaboration endorsement method and system can verify that client identity Download PDF

Info

Publication number
CN109246129A
CN109246129A CN201811190701.0A CN201811190701A CN109246129A CN 109246129 A CN109246129 A CN 109246129A CN 201811190701 A CN201811190701 A CN 201811190701A CN 109246129 A CN109246129 A CN 109246129A
Authority
CN
China
Prior art keywords
client
key component
public key
integer
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811190701.0A
Other languages
Chinese (zh)
Other versions
CN109246129B (en
Inventor
张秋璞
彭竹
曹伟
程学彬
杨涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Yingdaxin Science & Technology Co Ltd
Original Assignee
Tianjin Yingdaxin Science & Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Yingdaxin Science & Technology Co Ltd filed Critical Tianjin Yingdaxin Science & Technology Co Ltd
Priority to CN201811190701.0A priority Critical patent/CN109246129B/en
Publication of CN109246129A publication Critical patent/CN109246129A/en
Application granted granted Critical
Publication of CN109246129B publication Critical patent/CN109246129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Abstract

The present invention provides a kind of SM2 collaboration endorsement method that can verify that client identity and systems, wherein the described method includes: client generates multiple client private key component and corresponding public key component at random;The server receives the client public key component that the client is sent, and generates privacy key component at random and represent the public key of client identity;The client generates the verification information to presetting message based on the client private key component and presetting message, and the verification information is sent to the server;The server authentication client identity guarantees that illegitimate client can not forge verification information, and generates response message based on the verification information and the privacy key component, and to response message described in the client feedback;The client generates the signing messages of the presetting message based on client private key component and the response message.Technical solution provided by the present application can be improved and use the safety of SM2 private key in mobile terminal.

Description

A kind of SM2 collaboration endorsement method and system can verify that client identity
Technical field
The present invention relates to technical field of information processing, in particular to a kind of SM2 collaboration signature that can verify that client identity Method and system.
Background technique
SM2 algorithm refers to " the information security technology SM2 ellipse curve public key cipher algorithm of GB/T 32918 (.1-.5) -2016 (having 5 minute mark standards) " public key algorithm specified in series standard, it can be applied to digital signature sign test.
In order to use private key for user safely, usually require that using special hardware cryptographic module, as safety chip, USBKey, SD encrypted card save private key for user.In mobile terminal, using hardware cryptographic module, often convenience is insufficient.For this purpose, portion SM2 private key is divided into two parts by offshoot program proposition, is respectively stored in client and server, two side's cooperated computings can just offset Breath realizes signature operation, and operation both sides can not obtain any information of other side part private key and correspond in GB/T 32918 SM2 private key in (.1-.5) -2016 " information security technology SM2 ellipse curve public key cipher algorithm (having 5 minute mark standards) ", i.e., It controls either party by attacker, can not all forge a signature.
But at least there are the following problems in current implementation: when first communication party submits signature request, the The signature request that two communication parties can not confirm that first communication party is submitted is legitimate request, can not confirm the identity of first communication party, There are the identity that first communication party falsely uses other people, continuous data falsification requirement second communication party attempt the possibility of signature Property, there is a certain security risk.Concurrently there are attacker distort or forge first communication party transmission message hash value can It can property.
Summary of the invention
The application's is designed to provide a kind of SM2 collaboration endorsement method and system that can verify that client identity, can Improve the safety of SM2 private key.
To achieve the above object, the application provides a kind of SM2 collaboration endorsement method that can verify that client identity, the side Method includes: that client generates the first integer and the second integer at random, as client private key component, and is based respectively on described first Integer and the second integer calculations client the first public key component value and client the second public key component value;Client will be described Client the first public key component value and the client the second public key component value constitute client public key component, and by the client End public key component is sent to server;The server receives the client public key component that the client is sent, random to generate Third integer as privacy key component, and is based on the client public key component value and default basic point value, generates and represent The public key of client identity;The client is generated based on the client private key component and presetting message to presetting message Verification information, and the verification information is sent to the server;The server receives the verifying that the client is sent Information verifies client identity using client public key component, and is based on the verification information and the privacy key component Response message is generated, and to response message described in the client feedback;The client is based on client private key component and institute State the signing messages that response message generates the presetting message.
To achieve the above object, the application also provides a kind of SM2 collaboration signature system that can verify that client identity, described System includes client and server, in which: client generates the first integer and the second integer at random, as client private key point Amount, and it is based respectively on first integer and the second integer calculations client the first public key component value and the second public affairs of client Key component value;Client the first public key component value and the client the second public key component value are constituted client by client Public key component, and the client public key component is sent to server;The server receives the visitor that the client is sent Family end public key component, it is random to generate third integer, as privacy key component, and based on the client public key component value with And default basic point value, generate the public key for representing client identity;The client is based on the client private key component and in advance If message generates the verification information to presetting message, and the verification information is sent to the server;The server connects The verification information that the client is sent is received, verifies client identity using client public key component, and believe based on the verifying Breath and the privacy key component generate response message, and to response message described in the client feedback;The client The signing messages of the presetting message is generated based on client private key component and the response message.
Therefore technical solution provided by the present application, SM2 private key is divided into multiple private key components, wherein server is gathered around There is a private key component, client possesses remaining private key component.The part private key that client is possessed based on system parameter with it Component submits signature request to server.The identity of server authentication client is to possess the client for specifying legal private key component End receives signature request, generates relevant part and sign and reply client, signature request and clothes of the client before The reply at business device end, the private key component possessed using it generate final SM2 signature.In this way, being assisted by server and client side With the mode of running, the safety of SM2 private key can be improved.
Other features and advantages of the present invention will be illustrated in the following description.The objectives and other advantages of the invention can It is achieved and obtained by structure specifically indicated in the written description, claims, and drawings.
Below by drawings and examples, technical scheme of the present invention will be described in further detail.
Detailed description of the invention
Attached drawing is used to provide further understanding of the present invention, and constitutes part of specification, with reality of the invention It applies example to be used to explain the present invention together, not be construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow chart that SM2 cooperates with endorsement method in the embodiment of the present invention;
Fig. 2 is the interaction schematic diagram that SM2 cooperates with signature system in the embodiment of the present invention.
Specific embodiment
Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings, it should be understood that preferred reality described herein Apply example only for the purpose of illustrating and explaining the present invention and is not intended to limit the present invention.
Referring to Fig. 1, the application provides a kind of SM2 collaboration endorsement method, which comprises
S1: client generates the first integer and the second integer at random, as client private key component, and is based respectively on described First integer and the second integer calculations client the first public key component value and client the second public key component value;
S2: the client public key component is sent to server by client;
S3: the server receives the client public key component that the client is sent, random to generate third integer, as Privacy key component, and it is based on the client public key component value and default basic point value, generation represents client identity Public key;
S4: the client generates the verifying to presetting message based on the client private key component and presetting message and believes Breath, and the verification information is sent to the server;
S5: the server receives the verification information that the client is sent, and verifies client using client public key component It holds identity, and response message is generated based on the verification information and the privacy key component, and to the client feedback The response message;
S6: the client generates the signing messages of the presetting message based on client private key and the response message.
Specifically, in practical applications, the present invention realizes one by the way that SM2 private key is divided into multiple (>=3) private key components Kind can verify that the SM2 collaboration endorsement method of client identity, wherein server end can verify that when client submits signature request Client identity.
System uses the elliptic curve parameter E (F of SM2 algorithmq), G and n, wherein E (Fq) it is to be defined on finite field FqOn Elliptic curve E, is defined on FpElliptic curve equation on (p is greater than 3 prime number) is y2=x3+ ax+b, wherein a, b ∈ Fp, and (4a3+27b2)mod p≠0。#E(Fq) indicate Point on Elliptic Curve number.G is a basic point of elliptic curve, (xG,yG) be The coordinate of G point, xG、yGIt is FqIn two elements, n be basic point G rank (n is #E (Fq) prime factor), h be #E (Fq) it is remaining because Son (h=#E (Fq)/n), [k] G indicates the multiplying of big number k and point G.
It is entlen that user A, which has length,ABit distinguishes mark IDA, remember ENTLAIt is by integer entlenAConversion and At two bytes, use cryptographic Hash function H256(SM3) the Hash Value Z of user A is acquiredA=H256(ENTLA||IDA||a||b ||xG||yG||xA||yA), wherein (xA,yA) be user A public key PAThe coordinate of point.
1. public and private key generating algorithm
C1: client generates first integer and second integer according to following formula: generating d at random1∈[1,n- 2], d2∈[1,n-2];d1Indicate first integer, d2Indicate second integer, (d1,d2) it is the client private key point Amount;
C2: client generates client the first public key component value and the second public key of the client according to following formula Component value: P1=[d1] G, P2=[d2]P1,P1Indicate first public key of client point Magnitude, P2Indicate the second public key of client component value;
C3: client is by (P1,P2) client public key component is used as to be sent to server end;
D1: server end generates the third integer according to following formula: generating d at random3∈[1,n-2];d3Described in expression Third integer, as privacy key component;
D2: server end is calculated according to following formula: PA=[d3]P2- G,Wherein PAIndicate the representative The public key of client identity, P2Indicate client the second public key component value that the client sends over;
D3: verifying [h] PAIt whether is infinite point, if [h] PAIt is infinite point, then returns to D1, it is whole regenerates third Number, and the public key for representing client identity is generated again according to the third integer regenerated;[if h] PAIt is not infinite point, By PAAs the public key for representing client identity.
2. cooperateing with signature algorithm
A1: client sets M '=ZA| | M calculates e=H256(M '), by standard (GB/T 32918.1-2016 " information security Technology SM2 ellipse curve public key cipher algorithm part 1 general provisions ") in method by the data type conversion of e be integer;
A2: client generates integer k at random1∈[1,n-1];
A3: client calculates Q1=[k1]P1=(x ', y ') calculates k '=x ' mod n.
A4: client calculates
A5: client is by (e, Q1, k ") and it is used as verification information to be sent to server end;
B1: server end parses Q1=(x ', y ') calculates k '=x ' mod n;
B2: server end calculates [(k ")-1e]G+[(k″)-1k′]P1=(x ", y "), verifying (x ", y ")=(x ', y ') are No establishment is refused to execute downwards if invalid, be executed downwards if setting up.
B3: server end generates integer k at random2∈ [1, n-1], k3∈[1,n-1];
B4: server end calculates Q2=[k2] G, Q3=[k3] G, Q '4=[k '] P1+[k2]Q1+Q3=(x '1,y′1);
B5: server end calculates r '=(e+x '1) mod n, B3 is returned to if r '=0, if r ' does not carry out B6 for 0;
B6: server end calculates
B7: server end is by (Q2,Q3,s1,s2) in response information be sent to user client A;
A6: client calculates Q4=[k '] P1+[k1d1]Q2+Q3=(x1,y1), calculate r=(e+x1)mod n;
A7: client calculatesIf s=0 or s+r mod n=0 B1 is then returned, executes A8 if the two is not satisfied;
A8: client presses standard (GB/T 32918.1-2016 " information security technology SM2 ellipse curve public key cipher algorithm Part 1 general provisions ") in method r, s are converted into byte serial, then the signing messages of presetting message M be (r, s).
A9: client call standard (" calculate GB/T 32918.2-2016 by information security technology SM2 ellipse curve public key cipher Method part 2: Digital Signature Algorithm ") in signature verification algorithm (Verify) verifying signature correctness.
Any third party can verify user A and cooperate with signature (r, s) to presetting message M with server end.
Wherein, when generating signature components r, according to GB/T 32918.2-2016 " information security technology SM2 elliptic curve Public key algorithm part 2: Digital Signature Algorithm " in definition, r=(e+x1)mod n.It signs and calculates in the collaboration of this programme In method, k " is embedded in e in the signature request that client is submitted, and need to only calculate x ' in server end1Mod n, wherein x '1It is i.e. practical The x used1, and it is utilized respectively k ", x '1Generate server-side portion signature s1、s2, finally calculated again by client corresponding x1Mod n and r, and use s1、s2Synthesize last signature (r, s).
Referring to Fig. 2, the application also provides a kind of SM2 collaboration signature system that can verify that client identity, the system Including client and server, in which:
Client generates the first integer and the second integer at random, as the private key component of client, and is based respectively on described First integer and corresponding client the first public key component value of second integer calculations and client the second public key component value;
The client public key component is sent to server by client;
The server receives the client public key component that the client is sent, random to generate third integer, as clothes Business device private key component, and it is based on the client public key component value and default basic point value, it generates and finally represents client identity Public key;
The client generates the verification information to presetting message based on the client private key component and presetting message, And the verification information is sent to the server;
The server receives the verification information that the client is sent, and verifies client body using client public key component Part, and response message is generated based on the verification information and the privacy key component, and to described in the client feedback Response message;
The client generates the signing messages of the presetting message based on client private key component and the response message.
In one embodiment, the client generates first integer and described second according to following formula at random Integer:
d1∈ [1, n-2], d2∈[1,n-2]
(d1,d2) it is the client private key component.Wherein, d1Indicate first integer, d2Indicate that described second is whole Number, n indicate the rank of default basic point value;
And the client generates described in client the first public key component value and client the according to following formula Two public key component values:
P1=[d1] G, P2=[d2]P1,
Wherein, P1Indicate the first public key of client component value, P2Indicate the second public key of client component value, G table Show the default basic point value;
Correspondingly, the client public key representation in components is (P1,P2)。
In one embodiment, the server generates the third integer according to following formula at random:
d3∈[1,n-2]
Wherein, d3The third integer is indicated, as privacy key component;
Correspondingly, the server is calculated according to following formula:
PA=[d3]P2- G,
Wherein, PAIndicate the public key for representing client identity, P2Indicate the client that the client sends over Two public key component values.
SM2 provided by the present application cooperates with endorsement method, does not use threshold schemes, and private key is divided into multiple (n >=3) private Key component, wherein server end possesses a private key component, and client possesses multiple private key components.Wherein, it is submitted in client When signature request, the private key component or part private key component that client is possessed using it do authentication to server.
When client submits signature request, wherein having contained the online verification of client identity, to avoid client Unauthorized use server end private key component.Any third party cannot disguise oneself as legitimate client, falsely use the identity of other users It is required that server end achievement unit divides signature operation, with attack analysis client private key component or forge a signature.
Server end after legal client, is signed separately in authentication signature request using the private key component calculation part of oneself Name, and send back to client.Client is signed using the part that client private key component and server end are replied, and is generated most Meeting GB/T 32918.2-2016 eventually, " information security technology SM2 ellipse curve public key cipher algorithm part 2: digital signature is calculated Method " format SM2 private key signature.
When generating signature components r, according to GB/T 32918.2-2016, " information security technology SM2 curve public key is close Code algorithm part 2: Digital Signature Algorithm " in definition, r=(e+x1)mod n.In the collaboration signature algorithm of this programme, K " is embedded in e in the signature request that client is submitted, and need to only calculate x ' in server end1Mod n, wherein x '1Actually use x1, and it is utilized respectively k ", x '1Generate server-side portion signature s1、s2, corresponding x is finally calculated by client again1mod n With r, and use s1、s2Synthesize last signature (r, s).
Therefore technical solution provided by the present application, SM2 private key is divided into multiple private key components, wherein server is gathered around There is a private key component, client possesses remaining private key component.The part private key that client is possessed based on system parameter with it Component submits signature request to server.The identity of server authentication client is to possess the client for specifying legal private key component End receives signature request, generates relevant part and sign and reply client, signature request and clothes of the client before The reply at business device end, the private key component possessed using it generate final SM2 signature.In this way, being assisted by server and client side With the mode of running, the safety of SM2 private key can be improved.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (10)

1. a kind of SM2 collaboration endorsement method that can verify that client identity, which is characterized in that the described method includes:
Client generates the first integer and the second integer at random, as the private key component of client, and is based respectively on described first Integer and corresponding client the first public key component value of second integer calculations and client the second public key component value;
Client public key component is sent to server by client;
The server receives the client public key component that the client is sent, random to generate third integer, as server Private key component, and it is based on client public key component value and default basic point value, generate the public key for finally representing client identity;
The client generates the verification information to presetting message based on the client private key component and presetting message, and will The verification information is sent to the server;
The server receives the verification information that the client is sent, and verifies client identity using client public key component, And response message is generated based on the verification information and the privacy key component, and respond to described in the client feedback Information;
The client generates the signing messages of the presetting message based on client private key component and the response message.
2. the method according to claim 1, wherein generating first integer and institute at random according to following formula State the second integer:
d1∈ [1, n-2], d2∈[1,n-2]
(d1,d2) it is the client private key component, wherein d1Indicate first integer, d2Indicate second integer, n table Show the rank of default basic point value.
3. according to the method described in claim 2, it is characterized in that, generating first public key of client point according to following formula Second public key component value described in magnitude and client:
Wherein, P1Indicate the first public key of client component value, P2Indicate that the second public key of client component value, G indicate institute State default basic point value;
Correspondingly, the client public key representation in components is (P1,P2)。
4. according to the method described in claim 3, it is characterized in that, generating the third integer at random according to following formula:
d3∈[1,n-2]
Wherein, d3The third integer is indicated, as privacy key component;
Correspondingly, it is calculated according to following formula:
Wherein, PAExpression represents the public key of client identity, P2Indicate client the second public key component that client sends over Value.
5. according to the method described in claim 4, it is characterized in that, the client be based on the client private key component and Presetting message generates the verification information to presetting message, and the verification information is sent to the server, comprising:
A1: client sets M '=ZA∥ M calculates e=H256(M '), and be integer by the data type conversion of e;Wherein, ZAIt indicates The Hash Value of user A, M indicate the presetting message;
A2: client generates integer k at random1∈[1,n-1];
A3: client calculates Q1=[k1]P1=(x ', y '), and calculate k '=x ' mod n;
A4: client calculates
A5: client is by (e, Q1, k ") and it is used as verification information to be sent to server.
6. according to the method described in claim 5, it is characterized in that, the server receives the verifying letter that the client is sent Breath verifies client identity using client public key component, and raw based on the verification information and the privacy key component At response message, and to response message described in the client feedback, comprising:
B1: server parses Q1=(x ', y ') calculates k '=x ' mod n;
B2: server calculates [(k ")-1e]G+[(k″)-1k′]P1=(x ", y "), whether verifying (x ", y ")=(x ', y ') be true, Refuse to execute downwards if invalid, be executed downwards if setting up;
B3: server generates integer k at random2∈ [1, n-1], k3∈[1,n-1];
B4: server calculates Q2=[k2] G, Q3=[k3] G, Q '4=[k '] P1+[k2]Q1+Q3=(x '1,y′1);
B5: server calculates r '=(e+x '1) mod n, B3 is returned to if r '=0, if r ' does not carry out B6 for 0;
B6: server calculates
B7: server is by (Q2,Q3,s1,s2) in response information be sent to client.
7. according to the method described in claim 6, it is characterized in that, the client is based on client private key component and the sound Information is answered to generate the signing messages of the presetting message, comprising:
A6: client calculates Q4=[k '] P1+[k1d1]Q2+Q3=(x1,y1), calculate r=(e+x1)mod n;
A7: client calculatesIt is returned if s=0 or s+r mod n=0 B1 is returned, executes A8 if the two is not satisfied;
A8: r, s are converted to byte serial by client, and set (r, s) for the signing messages of the presetting message M.
8. method according to claim 6 or 7, it is characterised in that: k " is embedded in e in the signature request that client is submitted, X ' need to be only calculated in server end1Mod n, and it is utilized respectively k ", x '1Generate the part signature s of server end1、s2, finally again Corresponding x is calculated by client1Mod n and r, wherein x1With x '1It is equal, r=(e+x1) mod n, and use s1、s2Synthesize Last signature (r, s).
9. a kind of SM2 cooperates with signature system, which is characterized in that the system comprises client and servers, in which:
Client generates the first integer and the second integer at random, as the private key component of client, and is based respectively on described first Integer and corresponding client the first public key component value of second integer calculations and client the second public key component value;
The client public key component is sent to server by client;
The server receives the client public key component that the client is sent, random to generate third integer, as server Private key component, and it is based on client public key component value and default basic point value, generate the public key for finally representing client identity;
The client generates the verification information to presetting message based on the client private key component and presetting message, and will The verification information is sent to the server;
The server receives the verification information that the client is sent, and verifies client identity using client public key component, And response message is generated based on the verification information and the privacy key component, and respond to described in the client feedback Information;
The client generates the signing messages of the presetting message based on client private key and the response message.
10. system according to claim 9, which is characterized in that described in the client generates at random according to following formula First integer and second integer:
d1∈ [1, n-2], d2∈[1,n-2]
(d1,d2) it is client private key component, wherein d1Indicate first integer, d2Indicate that second integer, n indicate pre- If the rank of basic point value;
And the client generates client the first public key component value according to following formula and the client second is public Key component value:
Wherein, P1Indicate the first public key of client component value, P2Indicate that the second public key of client component value, G indicate institute State default basic point value;
Correspondingly, the client public key representation in components is (P1,P2);
Also, the server generates the third integer according to following formula at random:
d3∈[1,n-2]
Wherein, d3The third integer is indicated, as privacy key component;
Correspondingly, the server is calculated according to following formula:
Wherein, PAExpression represents the public key of client identity, P2Indicate client the second public key component that client sends over Value.
CN201811190701.0A 2018-10-12 2018-10-12 SM2 collaborative signature method and system capable of verifying client identity Active CN109246129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811190701.0A CN109246129B (en) 2018-10-12 2018-10-12 SM2 collaborative signature method and system capable of verifying client identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811190701.0A CN109246129B (en) 2018-10-12 2018-10-12 SM2 collaborative signature method and system capable of verifying client identity

Publications (2)

Publication Number Publication Date
CN109246129A true CN109246129A (en) 2019-01-18
CN109246129B CN109246129B (en) 2020-12-25

Family

ID=65052182

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811190701.0A Active CN109246129B (en) 2018-10-12 2018-10-12 SM2 collaborative signature method and system capable of verifying client identity

Country Status (1)

Country Link
CN (1) CN109246129B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787762A (en) * 2019-02-28 2019-05-21 矩阵元技术(深圳)有限公司 Key management method, the electronic equipment of each self-generating key components of server
CN110035065A (en) * 2019-03-12 2019-07-19 华为技术有限公司 Data processing method, relevant apparatus and computer storage medium
CN110224812A (en) * 2019-06-12 2019-09-10 江苏慧世联网络科技有限公司 A kind of method and equipment that the electronic signature mobile client calculated based on Secure is communicated with Collaboration Server
CN111245594A (en) * 2019-12-31 2020-06-05 航天信息股份有限公司 Homomorphic operation-based collaborative signature method and system
CN111490878A (en) * 2020-04-09 2020-08-04 腾讯科技(深圳)有限公司 Key generation method, device, equipment and medium
WO2020168543A1 (en) * 2019-02-22 2020-08-27 云图有限公司 Data processing method and device
WO2020168544A1 (en) * 2019-02-22 2020-08-27 云图有限公司 Data processing method and device
CN111600704A (en) * 2020-05-12 2020-08-28 北京海益同展信息科技有限公司 SM 2-based key exchange method, system, electronic device and storage medium
CN111756537A (en) * 2020-07-13 2020-10-09 广州安研信息科技有限公司 Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN111817848A (en) * 2020-06-19 2020-10-23 天津赢达信科技有限公司 ECDSA signature method and system for ECC private key segmented storage
CN111934877A (en) * 2020-06-23 2020-11-13 中国科学院信息工程研究所 SM2 collaborative threshold signature method and electronic device
CN112187469A (en) * 2020-09-21 2021-01-05 浙江省数字安全证书管理有限公司 SM2 multi-party collaborative digital signature method and system based on key factor
CN112968773A (en) * 2021-01-29 2021-06-15 北京无字天书科技有限公司 Secret key authorization entrusting system and method of SM2 collaborative signature system
CN113595985A (en) * 2021-06-30 2021-11-02 江西海盾信联科技有限责任公司 Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip
CN113765670A (en) * 2020-06-03 2021-12-07 成都天瑞芯安科技有限公司 Certificateless trusted key generation method and certificateless trusted key generation system
CN114039722A (en) * 2021-01-26 2022-02-11 中安网脉(北京)技术股份有限公司 Secret sharing hidden identity SM2 signature private key generation device and method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753311A (en) * 2010-01-14 2010-06-23 杨筑平 Information privacy and identity authentication method and digital signature program
WO2014120121A1 (en) * 2013-01-29 2014-08-07 Certicom Corp. Modified sm2 elliptic curve signature algorithm supporting message recovery
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
CN107634836A (en) * 2017-09-05 2018-01-26 何德彪 A kind of SM2 digital signature generation method and system
CN107948189A (en) * 2017-12-19 2018-04-20 数安时代科技股份有限公司 Asymmetric cryptography authentication identifying method, device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753311A (en) * 2010-01-14 2010-06-23 杨筑平 Information privacy and identity authentication method and digital signature program
WO2014120121A1 (en) * 2013-01-29 2014-08-07 Certicom Corp. Modified sm2 elliptic curve signature algorithm supporting message recovery
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
CN107634836A (en) * 2017-09-05 2018-01-26 何德彪 A kind of SM2 digital signature generation method and system
CN107948189A (en) * 2017-12-19 2018-04-20 数安时代科技股份有限公司 Asymmetric cryptography authentication identifying method, device, computer equipment and storage medium

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020168543A1 (en) * 2019-02-22 2020-08-27 云图有限公司 Data processing method and device
WO2020168544A1 (en) * 2019-02-22 2020-08-27 云图有限公司 Data processing method and device
CN109787762B (en) * 2019-02-28 2021-09-21 矩阵元技术(深圳)有限公司 Key management method for server to generate key components respectively and electronic equipment
CN109787762A (en) * 2019-02-28 2019-05-21 矩阵元技术(深圳)有限公司 Key management method, the electronic equipment of each self-generating key components of server
CN110035065A (en) * 2019-03-12 2019-07-19 华为技术有限公司 Data processing method, relevant apparatus and computer storage medium
CN110224812A (en) * 2019-06-12 2019-09-10 江苏慧世联网络科技有限公司 A kind of method and equipment that the electronic signature mobile client calculated based on Secure is communicated with Collaboration Server
CN110224812B (en) * 2019-06-12 2023-03-14 江苏慧世联网络科技有限公司 Method and equipment for communication between electronic signature mobile client and collaboration server based on multi-party security calculation
CN111245594B (en) * 2019-12-31 2023-01-10 航天信息股份有限公司 Homomorphic operation-based collaborative signature method and system
CN111245594A (en) * 2019-12-31 2020-06-05 航天信息股份有限公司 Homomorphic operation-based collaborative signature method and system
CN111490878A (en) * 2020-04-09 2020-08-04 腾讯科技(深圳)有限公司 Key generation method, device, equipment and medium
CN111600704A (en) * 2020-05-12 2020-08-28 北京海益同展信息科技有限公司 SM 2-based key exchange method, system, electronic device and storage medium
CN113765670B (en) * 2020-06-03 2024-01-26 成都天瑞芯安科技有限公司 Trusted key generation method and system without certificate
CN113765670A (en) * 2020-06-03 2021-12-07 成都天瑞芯安科技有限公司 Certificateless trusted key generation method and certificateless trusted key generation system
CN111817848A (en) * 2020-06-19 2020-10-23 天津赢达信科技有限公司 ECDSA signature method and system for ECC private key segmented storage
CN111934877B (en) * 2020-06-23 2023-07-18 中国科学院信息工程研究所 SM2 collaborative threshold signature method, storage medium and electronic device
CN111934877A (en) * 2020-06-23 2020-11-13 中国科学院信息工程研究所 SM2 collaborative threshold signature method and electronic device
CN111756537A (en) * 2020-07-13 2020-10-09 广州安研信息科技有限公司 Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN111756537B (en) * 2020-07-13 2022-11-29 广州安研信息科技有限公司 Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN112187469A (en) * 2020-09-21 2021-01-05 浙江省数字安全证书管理有限公司 SM2 multi-party collaborative digital signature method and system based on key factor
CN112187469B (en) * 2020-09-21 2023-09-19 浙江省数字安全证书管理有限公司 SM2 multiparty collaborative digital signature method and system based on key factors
CN114039722A (en) * 2021-01-26 2022-02-11 中安网脉(北京)技术股份有限公司 Secret sharing hidden identity SM2 signature private key generation device and method thereof
CN112968773B (en) * 2021-01-29 2023-11-07 北京无字天书科技有限公司 Key authorization entrusting system and method of SM2 collaborative signature system
CN112968773A (en) * 2021-01-29 2021-06-15 北京无字天书科技有限公司 Secret key authorization entrusting system and method of SM2 collaborative signature system
CN113595985A (en) * 2021-06-30 2021-11-02 江西海盾信联科技有限责任公司 Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip

Also Published As

Publication number Publication date
CN109246129B (en) 2020-12-25

Similar Documents

Publication Publication Date Title
CN109246129A (en) A kind of SM2 collaboration endorsement method and system can verify that client identity
CN110224837B (en) Zero-knowledge proof method and terminal based on distributed identity
JP4649040B2 (en) Mask digital signature
US8689306B2 (en) Method for the unique authentication of a user by service providers
US20060015726A1 (en) Apparatus for partial authentication of messages
CN106851635B (en) A kind of distributed signature method and system of identity-based
US10742426B2 (en) Public key infrastructure and method of distribution
CN105074721A (en) Method for signing electronic documents with an analog-digital signature with additional verification
CN207504911U (en) A kind of data deposit system based on block chain technology
CN111159681A (en) Block chain-based digital identity implementation method and system
CN106685651A (en) Method for creating digital signatures by cooperation of client and server
CN109981292B (en) SM9 algorithm-based authentication method, device and system
CN109560935B (en) Anti-quantum-computation signature method and signature system based on public asymmetric key pool
CN110138567A (en) A kind of collaboration endorsement method based on ECDSA
CN110401540A (en) A kind of threshold group signatures method that verification can be disclosed based on block chain
CN106130724A (en) A kind of internet-of-things terminal safety implementation method using key agreement
Gulati et al. Self-sovereign dynamic digital identities based on blockchain technology
CN108768650B (en) Short message verification system based on biological characteristics
WO2022116176A1 (en) Method and device for generating digital signature, and server
Baldimtsi et al. zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials
Tan An efficient pairing‐free identity‐based authenticated group key agreement protocol
CN111191262B (en) Block chain wallet client private key protection method based on two-party signature
Hutzelman et al. Generic security service application program interface (GSS-API) authentication and key exchange for the secure shell (SSH) protocol
CN101420304B (en) Security protection method for electronic document digital signature based on discrete logarithm
NL1043779B1 (en) Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 301700 room 519, building C11, venture headquarters base, North Fuyuan Road, development zone, Wuqing District, Tianjin

Patentee after: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.

Address before: 301700 building 202, C07, north side of Fuyuan Road, Wuqing District, Tianjin

Patentee before: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.

CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: Room 903 and 904, East Tower, Building 5, No. 22, Kaihua Road, Huayuan Industrial Zone, Binhai New Area, Tianjin 300000

Patentee after: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.

Address before: 301700 room 519, building C11, venture headquarters base, North Fuyuan Road, development zone, Wuqing District, Tianjin

Patentee before: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.