CN111654369B - Digital signature method and system with security only depending on discrete logarithm - Google Patents
Digital signature method and system with security only depending on discrete logarithm Download PDFInfo
- Publication number
- CN111654369B CN111654369B CN202010500185.8A CN202010500185A CN111654369B CN 111654369 B CN111654369 B CN 111654369B CN 202010500185 A CN202010500185 A CN 202010500185A CN 111654369 B CN111654369 B CN 111654369B
- Authority
- CN
- China
- Prior art keywords
- parameter
- signature
- formula
- random number
- zero
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method for making security dependent only on discrete logarithmA digital signature method and system. The method comprises the following steps: acquiring system parameters of a digital signature system; random numbers alpha and beta are selected to obtain a private key SK = (alpha, beta); generating a public key according to the private key; selecting a message m and a random number k; wherein m ∈ Z n ,Z n Is an integer set consisting of 0 to n-1, and R represents random selection; generating a signature by adopting a signature mode of discrete logarithm according to the message m and the random number k; and performing consistency verification on the signature. The invention can resist collision attack and improve the safety performance of the digital signature system.
Description
Technical Field
The invention relates to the field of information security, in particular to a digital signature method and a digital signature system, wherein the security of the digital signature method only depends on discrete logarithm.
Background
Digital signatures are a basic cryptographic primitive in cryptography, and have a wide range of applications, such as digital certificates, electronic money transactions, and the like. However, current digital signature algorithms still have deficiencies in terms of security, computational complexity, and signature length, such as:
security relies on a hash function. The existing digital signature algorithm needs to calculate the hash value of the data before signing the data. This approach limits the security of the signature algorithm to that of the hash function. In other words, if the hash function is not secure, the signature algorithm is not secure. For example, in the internationally known ECDSA algorithm, the signature process involves a hash function and requires the hash function to satisfy collision resistance, and if an attacker finds a collision of the hash function, the ECDSA algorithm can be broken.
The signature computation complexity is high. When the signature is performed, complex operations, such as exponential operation and bilinear mapping operation, are usually required, so that the signature speed is low, and therefore, the application requirement of large-scale quick signature cannot be met.
The signature data is longer. Because part of the digital signature algorithm needs to carry out bitwise operation, exponential operation or bilinear mapping operation, signature data output by the algorithm is longer.
Disclosure of Invention
The invention aims to provide a digital signature method and a digital signature system, the security of which only depends on discrete logarithm, so as to resist collision attack and improve the security performance of the digital signature system.
In order to achieve the purpose, the invention provides the following scheme:
a digital signature method whose security relies only on discrete logarithms, comprising:
acquiring system parameters of a digital signature system;
random numbers alpha and beta are selected to obtain a private key SK = (alpha, beta); wherein the content of the first and second substances, is an integer set consisting of 1 to n-1;
generating a public key according to the private key;
selecting a message m and a random number k; wherein m ∈ Z n ,Z n Is an integer set consisting of 0 to n-1, and R represents random selection;
generating a signature by adopting a signature mode of discrete logarithm according to the message m and the random number k;
and performing consistency verification on the signature.
Optionally, the acquiring system parameters of the digital signature system specifically includes:
obtaining a finite field F q ;
Obtaining an elliptic curve y 2 =x 3 + ax + b in the finite field F q Two parameters a, b;
optionally, the formula for generating the public key according to the private key is as follows:
wherein the public key is PK = (A, B).
Optionally, the generating a signature by using a signature manner of discrete logarithm according to the message m and the random number k specifically includes:
according to the random number k, using formula (x) 1 ,y 1 ) = k · G determine new coordinate point (x) 1 ,y 1 );
According to the abscissa x of the new coordinate point 1 Using the formula σ 1 =x 1 mod n calculates a first parameter σ 1 ;
According to said first parameter, using the formula σ 2 =k -1 (α+m+β·σ 1 ) mod n generates the second parameter σ 2 ;
Judging whether the first parameter or the second parameter is zero;
when the first parameter is zero or the second parameter is zero, updating the random number k, and returning to utilize a formula (x) according to the random number k 1 ,y 1 ) = k · G determine new coordinate point (x) 1 ,y 1 ) A step (2);
when the first parameter is not zero and the second parameter is not zero, determining that the signature is (sigma) 1 ,σ 2 )。
Optionally, the performing consistency verification on the signature specifically includes:
judging whether the numerical values of the first parameter and the second parameter are both within [1, n-1 ];
rejecting the signed consistency verification request when the value of the first parameter is not within [1, n-1] or the value of the second parameter is not within [1, n-1 ];
when the values of the first parameter and the second parameter are both [1, n-1]]When the new coordinate point is located, the abscissa x of the new coordinate point is set 1 Substituting the elliptic curve to obtain an update value y of the ordinate 1 ′;
Optionally, the obtaining system parameters of the digital signature system specifically includes:
obtaining a large prime number q, p, wherein q is more than or equal to 2 160 ,p≥2 1024 And q | p-1;
acquiring a generator of a cyclic group G as G, wherein the order of the generator is q;
determining system parameters of the digital signature system as follows: SP = (G, q, p).
Optionally, the formula for generating the public key according to the private key is as follows:
wherein the public key is PK = (A, B).
Optionally, the generating a signature by using a discrete logarithm signature manner according to the message m and the random number k specifically includes:
using the formula X = g according to the random number k k mod p determines the calculation factor X;
using the formula sigma based on the calculation factor 1 Computing a first parameter σ = X mod q 1 ;
According to said first parameter, using the formula σ 2 =k -1 (α+m+β·σ 1 ) mod q generating a second parameter σ 2 ;
Judging whether the first parameter or the second parameter is zero;
when the first parameter is zero or the second parameter is zero, updating the random number k, and returning to the step of utilizing a formula X = g according to the random number k k mod p determining a calculation factor X;
when the first parameter is not zero and the second parameter is not zero, determining that the signature is (sigma) 1 ,σ 2 )。
Optionally, the performing consistency verification on the signature specifically includes:
judging whether the numerical values of the first parameter and the second parameter are both within [1, q-1 ];
rejecting the signed consistency verification request when the value of the first parameter is not within [1, q-1] or the value of the second parameter is not within [1, q-1 ];
when the values of the first parameter and the second parameter are both [1, q-1]]Inner time, will be based on the public key and message signature pair (m, σ) 1 ,σ 2 ) By the formulaObtaining an updated value X' of the calculation factor; where PK = (a, B) is a public key;
judging whether sigma is satisfied 1 =X′mod q;
When sigma is satisfied 1 When = X' mod q, the signature consistency verification is successful;
when sigma is not satisfied 1 X' mod q, the signature consistency verification fails.
The present invention also provides a digital signature system whose security depends only on discrete logarithms, comprising:
the system parameter acquisition module is used for acquiring system parameters of the digital signature system;
the private key generation module is used for selecting random numbers alpha and beta to obtain a private key SK = (alpha, beta); wherein, the first and the second end of the pipe are connected with each other, is an integer set consisting of 1 to n-1;
the public key generating module is used for generating a public key according to the private key;
the message selection module is used for selecting a message m and a random number k; wherein m ∈ Z n ,Z n Is an integer set consisting of 0 to n-1, and R represents random selection;
the signature module is used for generating a signature by adopting a signature mode of discrete logarithm according to the message m and the random number k;
and the consistency verification module is used for performing consistency verification on the signature.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the digital signature process of the invention does not involve the hash function, so the collision attack of the hash function can be resisted. Moreover, the invention is based on the digital signature mode of discrete logarithm, and has low computational complexity, high efficiency and short signature data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a digital signature method of the present invention whose security depends only on discrete logarithms;
fig. 2 is a schematic structural diagram of a digital signature system with security relying only on discrete logarithm according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a flow chart of the digital signature method of the invention, the security of which only depends on discrete logarithm. As shown in fig. 1, the digital signature method whose security depends only on discrete logarithm of the present invention includes the following steps:
step 100: system parameters of a digital signature system are obtained. The system parameters refer to basic parameters required to be deployed for completing digital signature and are also parameters for performing a digital signature algorithm.
Step 200: random numbers α and β are chosen, resulting in the private key SK = (α, β). Wherein the content of the first and second substances, is an integer set composed of 1 to n-1.
Step 300: and generating a public key according to the private key.
Step 400: a message m and a random number k are selected. Wherein m ∈ Z n ,Z n Is an integer set consisting of 0 to n-1, and R represents random selection;
step 500: and generating a signature by adopting a signature mode of discrete logarithm according to the message m and the random number k.
Step 600: and carrying out consistency verification on the signature.
Two specific examples are provided below to further illustrate the security of the present invention relying on discrete logarithm only digital signature methods.
Example 1
The present embodiment is a digital signature method based on elliptic curve discrete logarithm, and the process is as follows:
generating system parameters: finite field of F q Elliptic curve y 2 =x 3 + ax + b in the finite field F q The two parameters above are a, b. Group of points on elliptic curveThe generator of (a) is G, the order of which is a large prime number n, where n > 2 160 Then the system parameters are:
is calculated as follows
The public key is PK = (a, B).
Signature: selecting a message m ∈ Z n Random numberUsing the formula (x) 1 ,y 1 ) = k · G determine new coordinate point (x) 1 ,y 1 ) G is a coordinate point, and a new coordinate point (x) is generated after the coordinate point and k are calculated 1 ,y 1 )。
From the abscissa x of the new coordinate point 1 Using the formula σ 1 =x 1 modn calculates a first parameter σ 1 ;
According to said first parameter, using the formula σ 2 =k -1 (α+m+β·σ 1 ) mod n generates the second parameter σ 2 ;
If σ is 1 =0 or σ 2 If =0, the random number k is reselected and σ is recalculated 1 ,σ 2 ;
If σ is 1 Not equal to 0 and σ 2 Not equal to 0, then the signature is determined to be (sigma) 1 ,σ 2 )。
And (3) verification: check sigma 1 ,σ 2 Whether all belong to [1, n-1]]And if not, rejecting the signature verification.
If σ is 1 ,σ 2 All belong to [1, n-1]]The abscissa x of the new coordinate point is compared 1 Substitution into elliptic curve y 2 =x 3 + ax + b to obtain the updated value y of the ordinate 1 ′。
With (x) 1 ,y 1 '), a public key A, B and a message signature pair (m, σ) 1 ,σ 2 ) To input, check if the following equation holds
If the equality is established, the signature consistency verification is successful; otherwise, the signature consistency verification fails.
The derivation of the above equation is given:
thus, (x) 1 ,y′ 1 )=(x 1 ,y 1 ) Namely, it isThe verification is successful when the equation is established.
Example 2
The embodiment is a digital signature based on discrete logarithm, and the specific process is as follows:
generating system parameters: selecting a large prime number q, p, wherein q is more than or equal to 2 160 ,p≥2 1024 And q | p-1. If the generator of the cycle group G is G and the order thereof is q, the system parameter is SP = (G, G, q, p)
And (3) key generation: selecting random numbersAs the private key SK = (α, β), calculation is as follows
A=g α mod p∈G
B=g β mod p∈G
The public key is PK = (a, B).
X=g k mod p
σ 1 =X mod q
σ 2 =k -1 (α+m+β·σ 1 )mod q
If σ is 1 =0 or σ 2 If =0, the random number k is reselected and σ is recalculated 1 ,σ 2 ;
If σ is 1 Not equal to 0 and σ 2 Not equal to 0, then the signature is determined to be (sigma) 1 ,σ 2 )。
And (3) verification: check sigma 1 ,σ 2 Whether all belong to [1, q-1]]And if not, rejecting the signature verification.
Otherwise, the public key A, B and the message signature pair (m, sigma) 1 ,σ 2 ) For input, X 'is calculated as follows'
Check if the following equation holds
σ 1 =X′mod q
If the equation σ 1 If X' mod q is true, the signature consistency verification is successful; otherwise, the signature consistency verification fails.
The derivation of the above equation is given:
thus, X' mod q = (g) k mod p)mod q=σ 1 。
The embodiment 1 and the embodiment 2 of the present invention are the same in nature, that is, the signature and the verification process are based on discrete logarithm, and the difference is that the embodiment 1 and the embodiment 2 operate under different cryptographic system conditions. Example 1 is based on elliptic curve discretization, whereas example 2 is based on ordinary discrete logarithms. The cryptographic system based on the elliptic curve discrete logarithm has higher algorithm efficiency and shorter data.
Based on the digital signatures whose security depends only on discrete logarithm shown in the above embodiments 1 and 2, the present invention further provides a digital signature system whose security depends only on discrete logarithm, and fig. 2 is a schematic structural diagram of the digital signature system whose security depends only on discrete logarithm according to the present invention. As shown in fig. 2, the digital signature system whose security depends only on discrete logarithm of the present invention includes:
a system parameter obtaining module 201, configured to obtain system parameters of the digital signature system.
A private key generating module 202, configured to select random numbers α and β, and obtain a private key SK = (α, β); wherein the content of the first and second substances, is a whole composed of 1 to n-1A set of numbers.
And the public key generating module 203 is configured to generate a public key according to the private key.
A message selection module 204, configured to select a message m and a random number k; wherein m ∈ Z n ,Z n Is an integer set composed of 0 to n-1, and R represents a random choice.
And the signature module 205 is configured to generate a signature by using a discrete logarithm signature method according to the message m and the random number k.
A consistency verification module 206, configured to perform consistency verification on the signature.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.
Claims (4)
1. A digital signature method whose security depends only on discrete logarithms, comprising:
acquiring system parameters of a digital signature system; the method specifically comprises the following steps:
obtaining a finite field F q ;
Obtaining an elliptic curve y 2 =x 3 + ax + b in the finite field F q Two parameters a, b;
obtaining the generation of the point group G on the elliptic curveAn element G, the order of which is a large prime number n, where n > 2 160 ;
Determining system parameters of the digital signature system as follows: SP = (F) q ,a,b,G,G,n);
Random numbers alpha and beta are selected to obtain a private key SK = (alpha, beta); wherein the alpha is a linear alpha-alpha, is an integer set consisting of 1 to n-1;
generating a public key according to the private key; the formula for generating the public key according to the private key is as follows:
wherein the public key is PK = (A, B);
selecting a message m and a random number k; wherein m ∈ Z n ,Z n Is an integer set consisting of 0 to n-1, and R represents random selection;
generating a signature by adopting a signature mode of discrete logarithm according to the message m and the random number k; the method specifically comprises the following steps:
from said random number k, using the formula (x) 1 ,y 1 ) = k · G determine new coordinate point (x) 1 ,y 1 );
According to the abscissa x of the new coordinate point 1 Using the formula σ 1 =x 1 modn calculates a first parameter σ 1 ;
According to said first parameter, using the formula σ 2 =k -1 (α+m+β·σ 1 ) modn generates the second parameter σ 2 ;
Judging whether the first parameter or the second parameter is zero;
when the first parameter is zero or the second parameter is zero, updating the random number k, and returning to utilize a formula (x) according to the random number k 1 ,y 1 ) = k · G determine new coordinate point (x) 1 ,y 1 ) A step (2);
when the first parameter is not zero and the second parameter is not zero, determining that the signature is (sigma) 1 ,σ 2 );
Performing consistency verification on the signature; the method specifically comprises the following steps:
judging whether the numerical values of the first parameter and the second parameter are both in the range of [1, n-1 ];
rejecting the signed consistency verification request when the value of the first parameter is not within [1, n-1] or the value of the second parameter is not within [1, n-1 ];
when the values of the first parameter and the second parameter are both [1, n-1]]When the new coordinate point is located, the abscissa x of the new coordinate point is set 1 Substituting the elliptic curve to obtain an updated value y of the ordinate 1 ′;
2. A digital signature method whose security depends only on discrete logarithms, comprising:
acquiring system parameters of a digital signature system; the method specifically comprises the following steps:
obtaining a big prime number q, p, wherein q is more than or equal to 2 160 ,p≥2 1024 And q | p-1;
acquiring a generator of a cyclic group G as G, wherein the order of the generator is q;
determining system parameters of the digital signature system as follows: SP = (G, q, p);
random numbers alpha and beta are selected to obtain a private key SK = (alpha, beta); wherein the alpha is a linear alpha-alpha, is an integer set composed of 1 to n-1;
generating a public key according to the private key; the formula for generating the public key according to the private key is as follows:
wherein the public key is PK = (A, B);
selecting a message m and a random number k; wherein m ∈ Z n ,Z n Is an integer set consisting of 0 to n-1, and R represents random selection;
generating a signature by adopting a signature mode of discrete logarithm according to the message m and the random number k; the method specifically comprises the following steps:
according to the random number k, using the formula X = g k mod p determines the calculation factor X;
using the formula sigma based on the calculation factor 1 Computing a first parameter σ = X mod q 1 ;
According to the first parameter, using a formula sigma 2 =k -1 (α+m+β·σ 1 ) modq generating a second parameter σ 2 ;
Judging whether the first parameter or the second parameter is zero;
when the first parameter isWhen the value is zero or the second parameter is zero, updating the random number k, and returning to the formula X = g according to the random number k k mod p determining a calculation factor X;
when the first parameter is not zero and the second parameter is not zero, determining that the signature is (sigma) 1 ,σ 2 );
The consistency verification of the signature specifically includes:
judging whether the numerical values of the first parameter and the second parameter are both within [1, q-1 ];
rejecting the signed consistency verification request when the value of the first parameter is not within [1, q-1] or the value of the second parameter is not within [1, q-1 ];
when the values of the first parameter and the second parameter are both [1, q-1]]Inner time, will be based on the public key and message signature pair (m, σ) 1 ,σ 2 ) By the formulaObtaining a calculation factor update value X'; wherein PK = (a, B) is a public key;
judging whether sigma is satisfied 1 =X′modq;
When sigma is satisfied 1 When = X' modq, the signature consistency verification is successful;
when sigma is not satisfied 1 = X' modq, the signature consistency verification fails.
3. A digital signature system whose security relies only on discrete logarithms, comprising:
the system parameter acquisition module is used for acquiring system parameters of the digital signature system; the method specifically comprises the following steps:
obtaining a finite field F q ;
Obtaining an elliptic curve y 2 =x 3 + ax + b in the finite field F q Two parameters a, b;
obtaining a generator G of a point group G on the elliptic curve, wherein the order of the generator G is a large prime number n, and n is more than 2 160 ;
Determining system parameters of the digital signature system as follows: SP = (F) q ,a,b,G,G,n);
The private key generation module is used for selecting random numbers alpha and beta to obtain a private key SK = (alpha, beta); wherein the alpha is a linear alpha-alpha, is an integer set consisting of 1 to n-1;
the public key generating module is used for generating a public key according to the private key; the formula for generating the public key according to the private key is as follows:
wherein the public key is PK = (A, B);
the message selection module is used for selecting a message m and a random number k; wherein m ∈ Z n ,Z n Is an integer set consisting of 0 to n-1, and R represents random selection; />
The signature module is used for generating a signature by adopting a signature mode of discrete logarithm according to the message m and the random number k; the method specifically comprises the following steps:
from said random number k, using the formula (x) 1 ,y 1 ) = k · G determine new coordinate point (x) 1 ,y 1 );
According to the abscissa x of the new coordinate point 1 Using the formula σ 1 =x 1 modn calculates a first parameter σ 1 ;
According to the first parameter, using a formula sigma 2 =k -1 (α+m+β·σ 1 ) modn generates the second parameter σ 2 ;
Judging whether the first parameter or the second parameter is zero;
when the first parameter is zero or the second parameter is zero, updating the random number k, and returning to utilize a formula (x) according to the random number k 1 ,y 1 ) = k · G determine new coordinate point (x) 1 ,y 1 ) A step (2);
when the first parameter is not zero and the second parameter is not zero, determining that the signature is (sigma) 1 ,σ 2 );
The consistency verification module is used for performing consistency verification on the signature; the method specifically comprises the following steps:
judging whether the numerical values of the first parameter and the second parameter are both in the range of [1, n-1 ];
rejecting the signed consistency verification request when the value of the first parameter is not within [1, n-1] or the value of the second parameter is not within [1, n-1 ];
when the values of the first parameter and the second parameter are both [1, n-1]]When the new coordinate point is located, the abscissa x of the new coordinate point is set 1 Substituting the elliptic curve to obtain an update value y of the ordinate 1 ′;
4. A digital signature system whose security relies only on discrete logarithms, comprising:
the system parameter acquisition module is used for acquiring system parameters of the digital signature system; the method specifically comprises the following steps:
obtaining a big prime number q, p, wherein q is more than or equal to 2 160 ,p≥2 1024 And q | p-1;
acquiring a generator of a cyclic group G as G, wherein the order of the generator is q;
determining system parameters of the digital signature system as follows: SP = (G, q, p);
the private key generation module is used for selecting random numbers alpha and beta to obtain a private key SK = (alpha, beta); wherein the alpha is a linear alpha-alpha, is an integer set consisting of 1 to n-1;
the public key generating module is used for generating a public key according to the private key; the formula for generating the public key according to the private key is as follows:
wherein the public key is PK = (A, B);
the message selection module is used for selecting a message m and a random number k; wherein m ∈ Z n ,Z n Is an integer set consisting of 0 to n-1, and R represents random selection;
the signature module is used for generating a signature by adopting a signature mode of discrete logarithm according to the message m and the random number k; the method specifically comprises the following steps:
according to the random number k, using the formula X = g k modp determines a calculation factor X;
using the formula sigma based on the calculation factor 1 = Xmodq calculating the first parameter σ 1 ;
According to said first parameter, using the formula σ 2 =k -1 (α+m+β·σ 1 ) modq generating a second parameter σ 2 ;
Judging whether the first parameter or the second parameter is zero;
when the first parameter is zero or the second parameter is zero, updating the random number k, and returning to the step of utilizing a formula X = g according to the random number k k modp determining a calculation factor X;
when the first parameter is not zero and the second parameter is not zero, determining that the signature is (sigma) 1 ,σ 2 );
The consistency verification module is used for performing consistency verification on the signature; the method specifically comprises the following steps:
judging whether the numerical values of the first parameter and the second parameter are both within [1, q-1 ];
rejecting the signed consistency verification request when the value of the first parameter is not within [1, q-1] or the value of the second parameter is not within [1, q-1 ];
when the values of the first parameter and the second parameter are both [1, q-1]]Internal time, the pair (m, σ) will be signed according to the public key and the message 1 ,σ 2 ) Using the formulaObtaining an updated value X' of the calculation factor; wherein PK = (a, B) is a public key;
judging whether sigma is satisfied 1 =X′modq;
When σ is satisfied 1 When = X' modq, the signature consistency verification is successful;
when sigma is not satisfied 1 X' modq, the signature consistency verification fails.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010500185.8A CN111654369B (en) | 2020-06-04 | 2020-06-04 | Digital signature method and system with security only depending on discrete logarithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010500185.8A CN111654369B (en) | 2020-06-04 | 2020-06-04 | Digital signature method and system with security only depending on discrete logarithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111654369A CN111654369A (en) | 2020-09-11 |
CN111654369B true CN111654369B (en) | 2023-04-11 |
Family
ID=72347321
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010500185.8A Active CN111654369B (en) | 2020-06-04 | 2020-06-04 | Digital signature method and system with security only depending on discrete logarithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111654369B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101441693A (en) * | 2008-11-25 | 2009-05-27 | 西安理工大学 | Security protection method for electric document digital signing based on elliptical curve |
CN110213048A (en) * | 2019-05-31 | 2019-09-06 | 武汉大学 | A kind of lightweight SM2 Proxy Signature generation method and system |
-
2020
- 2020-06-04 CN CN202010500185.8A patent/CN111654369B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101441693A (en) * | 2008-11-25 | 2009-05-27 | 西安理工大学 | Security protection method for electric document digital signing based on elliptical curve |
CN110213048A (en) * | 2019-05-31 | 2019-09-06 | 武汉大学 | A kind of lightweight SM2 Proxy Signature generation method and system |
Also Published As
Publication number | Publication date |
---|---|
CN111654369A (en) | 2020-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109714153B (en) | Efficient aggregated signature method | |
KR101089121B1 (en) | Fast batch verification method and apparatus there-of | |
CN107911217B (en) | Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system | |
CN112446052B (en) | Aggregated signature method and system suitable for secret-related information system | |
CN110505061B (en) | Digital signature algorithm and system | |
Kittur et al. | Batch verification of digital signatures: approaches and challenges | |
CN112187469B (en) | SM2 multiparty collaborative digital signature method and system based on key factors | |
CN107171788B (en) | Identity-based online and offline aggregated signature method with constant signature length | |
JP2004501385A (en) | Elliptic curve encryption method | |
CN112436938B (en) | Digital signature generation method and device and server | |
CN116346328A (en) | Digital signature method, system, equipment and computer readable storage medium | |
CN113032844B (en) | Signature method, signature verification method and signature verification device for elliptic curve | |
CN113014398B (en) | Aggregate signature generation method based on SM9 digital signature algorithm | |
CN114117547A (en) | SM9 digital signature accelerated generation method and digital signature accelerated verification method based on pre-calculation table | |
CN111654369B (en) | Digital signature method and system with security only depending on discrete logarithm | |
CN116827559A (en) | Efficient verifiable time signature method and system based on BLS | |
US20080002825A1 (en) | Method and a system for a quick verification rabin signature scheme | |
US20150281256A1 (en) | Batch verification method and apparatus thereof | |
CN102111270A (en) | Limited blind signature method based on elliptic curve discrete logarithm problem (ECDLP) | |
CN110932866B (en) | Ring signature generation method based on SM2 digital signature algorithm | |
CN112491560A (en) | SM2 digital signature method and medium supporting batch verification | |
US9252941B2 (en) | Enhanced digital signatures algorithm method and system utilitzing a secret generator | |
Koppl et al. | Performance Comparison of ECDH and ECDSA | |
CN115174052B (en) | Adapter signature generation method and device based on SM9 signature | |
US20230135566A1 (en) | Methods and apparatus for cryptographic signature generation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20201224 Address after: 100085 no.054, Room 201, north side, second floor, No.36 Haidian West Street, Haidian District, Beijing Applicant after: Macy Technology (Beijing) Co.,Ltd. Address before: 100085 Room 201, north side, 2nd floor, 36 Haidian West Street, Haidian District, Beijing Applicant before: Beijing Chain Technology Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |