CN111740843A - Distributed EdDSA signature method, device, equipment and storage medium - Google Patents

Distributed EdDSA signature method, device, equipment and storage medium Download PDF

Info

Publication number
CN111740843A
CN111740843A CN202010559653.9A CN202010559653A CN111740843A CN 111740843 A CN111740843 A CN 111740843A CN 202010559653 A CN202010559653 A CN 202010559653A CN 111740843 A CN111740843 A CN 111740843A
Authority
CN
China
Prior art keywords
signature
private key
generating
public key
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010559653.9A
Other languages
Chinese (zh)
Inventor
涂彬彬
王现方
张立廷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Westone Information Industry Inc
Original Assignee
Chengdu Westone Information Industry Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Westone Information Industry Inc filed Critical Chengdu Westone Information Industry Inc
Priority to CN202010559653.9A priority Critical patent/CN111740843A/en
Publication of CN111740843A publication Critical patent/CN111740843A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The utility model discloses a distributed EdDSA signature method, which comprises the following steps: generating a first private key, and generating and publishing a first public key corresponding to the first private key by using the system information and the first private key; acquiring second public keys corresponding to other signing parties, and generating a combined public key by using the first public key and the second public key; acquiring information to be signed, and signing the information to be signed by using a first private key to obtain and publish a first intermediate signature; acquiring second intermediate signatures published by other signatories, and performing signature modulus processing by using the joint public key, the first intermediate signature and the second intermediate signature to obtain and publish a first signature; acquiring second signatures published by other signing parties, and generating a signature result by using the first signature and the second signature; the method utilizes a plurality of signing parties to carry out combined signing, so that the problem of single point failure can be avoided, and the security of a signature private key is improved; in addition, the present disclosure also provides an apparatus, a device and a storage medium, which also have the above-mentioned advantageous effects.

Description

Distributed EdDSA signature method, device, equipment and storage medium
Technical Field
The present disclosure relates to the field of signature technologies, and in particular, to a distributed EdDSA signature method, a distributed EdDSA signature apparatus, a distributed EdDSA signature device, and a computer-readable storage medium.
Background
The EdDSA (Edwards-curve Digital Signature Algorithm, Edwards curve Digital Signature Algorithm) Algorithm is an RCF8023 standard Signature Algorithm, which is a deterministic Signature Algorithm. The EdDSA algorithm may be instantiated as an Ed25519 signature algorithm and an Ed448 signature algorithm via edwards25519 and edwards448 curves, respectively. The method has the advantages of small public key size and signature size, high key generation speed, high signature speed, high single signature and batch signature verification speed and high safety, so the method has a wide application range.
However, the related art generally implements EdDSA signature by using a single key signature method, that is, a single signer signs information by using its own key. However, single-key signature is difficult to avoid the single-point failure problem, and a large security problem is caused after the private key is lost or leaked. Therefore, the related art is prone to have safety problems and potential safety hazards when EdDSA signature is performed.
Therefore, how to solve the problems of security and potential safety hazard easily occurring when EdDSA signature is performed in the related art is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, an object of the present disclosure is to provide a distributed EdDSA signature method, a distributed EdDSA signature apparatus, a distributed EdDSA signature device, and a computer readable storage medium, which solve the problems that a security problem is easy to occur and a security risk exists when EdDSA signature is performed in the related art.
In order to solve the above technical problem, the present disclosure provides a distributed EdDSA signature method, including:
generating a first private key, and generating and publishing a first public key corresponding to the first private key by using system information and the first private key;
acquiring second public keys corresponding to other signing parties, and generating a combined public key by using the first public key and the second public key;
acquiring information to be signed, and signing the information to be signed by using the first private key to obtain and publish a first intermediate signature;
acquiring a second intermediate signature published by the other signers, and performing signature modulus processing by using the joint public key, the first intermediate signature and the second intermediate signature to obtain and publish a first signature;
and acquiring a second signature published by the other signers, and generating a signature result by using the first signature and the second signature.
Optionally, the method further comprises:
acquiring identity information, and generating first sharing information by using the identity information;
sending the first shared information to other signatory parties through a secure channel, and acquiring second shared information sent by other signatory parties through the secure channel;
generating a first shared private key by using the first shared information and the second shared information;
and generating a first shared public key corresponding to the first shared private key by using the system information and the first shared private key, and publishing the first shared public key.
Optionally, the obtaining a second intermediate signature published by the other signers, and performing signature modulo processing by using the joint public key, the first intermediate signature, and the second intermediate signature to obtain and publish a first signature includes:
obtaining a first Lagrange coefficient according to the identity information;
and acquiring the second intermediate signature published by a target signature party in the other signature parties, performing signature modulo processing by using the first Lagrangian coefficient, the joint public key, the first intermediate signature and the second intermediate signature to obtain the first signature, and publishing the first signature.
Optionally, the obtaining a second signature published by the other signer, and generating a signature result by using the first signature and the second signature includes:
acquiring the second signature published by the target label name party;
calculating a second Lagrange coefficient corresponding to the target label name party;
generating the signature result using the first Lagrangian coefficient, the second Lagrangian coefficient, the first signature, and the second signature.
Optionally, the generating a first private key and generating and publishing a first public key corresponding to the first private key by using system information and the first private key includes:
generating a first random number and determining the first random number as the first private key;
generating a private key hash value corresponding to the first private key, and calculating by using the private key hash value to obtain a private key intermediate value;
determining an ellipse base point from the system information, and acquiring the first public key according to the intermediate value of the private key based on the ellipse base point;
and publishing the first public key.
Optionally, the obtaining information to be signed and signing the information to be signed by using the first private key to obtain and publish a first intermediate signature includes:
acquiring the information to be signed, and determining a private key hash value corresponding to the first private key;
signing the private key hash value and the information to be signed to obtain the first intermediate signature;
publishing the first intermediate signature.
Optionally, the obtaining a second intermediate signature published by the other signers, and performing signature modulo processing by using the joint public key, the first intermediate signature, and the second intermediate signature to obtain and publish a first signature includes:
acquiring the second intermediate signature, and generating an intermediate signature by using the first intermediate signature and the second intermediate signature;
determining a private key intermediate value corresponding to the private key hash value, and generating a signature intermediate value by using the private key intermediate value, the intermediate signature, the information to be signed, the joint public key and the private key hash value;
and performing modulus processing on the signature intermediate value to obtain the first signature, and publishing the first signature.
Optionally, after the obtaining of the second signature published by the other signer, before the generating of the signature result by using the first signature and the second signature, the method further includes:
carrying out signature legal verification by utilizing the second signature, the system information, a second intermediate signature, the joint public key, the information to be signed, the first intermediate signature and the second public key;
if the signature is not verified legally, terminating the signature;
and if the signature is verified legally, executing the step of generating a signature result by using the first signature and the second signature.
Optionally, the method further comprises:
acquiring a target signature result;
performing signature verification on the target signature result according to the system information, and judging whether the target signature result passes the verification;
if the signature passes the verification, determining that the target signature result is correct;
and if the signature verification fails, determining that the target signature result is wrong.
The present disclosure also provides a distributed EdDSA signature apparatus, including:
the public key generating module is used for generating a first private key, and generating and publishing a first public key corresponding to the first private key by using system information and the first private key;
the combined public key generating module is used for acquiring second public keys corresponding to other signing parties and generating a combined public key by using the first public key and the second public key;
the intermediate signature acquisition module is used for acquiring information to be signed and signing the information to be signed by using the first private key to obtain and publish a first intermediate signature;
the first signature generation module is used for acquiring a second intermediate signature published by the other signers, and performing signature modulo processing by using the joint public key, the first intermediate signature and the second intermediate signature to obtain and publish a first signature;
and the signature result generating module is used for acquiring a second signature published by the other signers and generating a signature result by using the first signature and the second signature.
The present disclosure also provides a distributed EdDSA signature device, comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the distributed EdDSA signature method described above.
The present disclosure also provides a computer readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the distributed EdDSA signature method described above.
The distributed EdDSA signature method provided by the disclosure generates a first private key, and generates and publishes a first public key corresponding to the first private key by using system information and the first private key; acquiring second public keys corresponding to other signing parties, and generating a combined public key by using the first public key and the second public key; acquiring information to be signed, and signing the information to be signed by using a first private key to obtain and publish a first intermediate signature; acquiring second intermediate signatures published by other signatories, and performing signature modulus processing by using the joint public key, the first intermediate signature and the second intermediate signature to obtain and publish a first signature; and acquiring second signatures published by other signing parties, and generating a signature result by using the first signature and the second signature.
Therefore, in the method, the first public key and the second public keys of other signatories are required to form a combined public key during signature, and each signatory performs signature respectively during signature to obtain a first intermediate signature and a second intermediate signature. And after the first round of signature is finished, performing signature modulo processing on the first round of signature by using the joint public key, namely performing second round of signature, and finally generating a signature result by using the first signature and the second signature. By using a plurality of signing parties to carry out combined signing, the problem of single point failure which is difficult to avoid by single key signing can be avoided, even if the key of a certain signing party is leaked or lost, the signature can not be forged, the signature safety is improved, and the problems that the safety problem is easy to occur and the potential safety hazard exists when the related technology carries out EdDSA signing are solved. Meanwhile, the application range is expanded, and the method can be applied to distributed environments such as cloud computing and the Internet of things.
In addition, the present disclosure also provides a distributed EdDSA signature apparatus, a distributed EdDSA signature device, and a computer readable storage medium, which also have the above-mentioned advantageous effects.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a distributed EdDSA signature method provided in an embodiment of the present disclosure;
fig. 2 is a flowchart of a two-party distributed EdDSA signature method according to an embodiment of the present invention;
fig. 3 is a flowchart of a target signature result verification method provided in an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a distributed EdDSA signature apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a distributed EdDSA signature device according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In a possible implementation manner, please refer to fig. 1, where fig. 1 is a flowchart of a distributed EdDSA signature method provided in an embodiment of the present disclosure. The method comprises the following steps:
s101: and generating a first private key, and generating and publishing a first public key corresponding to the first private key by using the system information and the first private key.
In this embodiment, a main body for executing all or part of the steps of the distributed EdDSA signature method is any signing party participating in the signature, the signing party may be referred to as a local signing party, and other signing parties participating in the signature may be referred to as other signing parties. Specifically, the signer who receives the signature instruction may be determined as the local signer, or the signer who is to be subjected to the information to be signed may be determined as the local signer.
Before participating in the signature, a first private key for signature needs to be generated, and the embodiment does not limit the specific content of the first private key, which may be a permanent private key of a local signer or a temporary private key for signature. The embodiment of the method for generating the first private key is not limited, and for example, a random number may be generated and determined as the first private key. And after the first private key is obtained, generating a corresponding first public key by using the system information and the first private key, and publishing the first public key. The system information is used to specify the method for generating the first public key and the parameters or data necessary for generating the first public key, and since EdDSA signatures need to be jointly performed by each party, the public key generation methods adopted by the respective signatories should be the same so as to achieve compatibility. The embodiment does not limit the specific generation method of the first public key, and can be selected according to actual needs.
S102: and acquiring second public keys corresponding to other signing parties, and generating a combined public key by using the first public key and the second public key.
The second public key corresponds to other signing parties, and specifically, each other signing party generates a corresponding second public key by using the same method as the local signing party and publishes the second public key. The number of other signatory parties is at least one, and can be multiple. And after second public keys published by other signatory parties are obtained, generating a combined public key by using the first public key and the second public key so as to perform signature operation by using the combined public key in the subsequent process. The generation method of the joint public key may be set according to actual needs, for example, the first public key and the second public key may be operated according to a joint public key calculation rule to obtain a corresponding joint public key.
S103: and acquiring the information to be signed, and signing the information to be signed by using a first private key to obtain and publish a first intermediate signature.
The information to be signed is information that needs to be signed, and the specific content of the information to be signed is not limited in this embodiment. After the information to be signed is obtained, the first private key is used for signing the information to be signed, and a first intermediate signature can be obtained. The first signature result is a signature which is carried out by the local signing party by using the first private key, and the obtained first intermediate signature can be used for carrying out subsequent combined signature.
Specifically, when the information to be signed is sent to all signers, a first intermediate signature can be generated according to the information to be signed and published; when only the local signing party acquires the information to be signed, the information to be signed needs to be sent to other signing parties, so that the other signing parties can generate corresponding second intermediate signatures according to the information to be signed.
S104: and acquiring second intermediate signatures published by other signatories, and performing signature modulus processing by using the joint public key, the first intermediate signature and the second intermediate signature to obtain and publish the first signature.
The second intermediate signature is a signature result obtained after the other signing parties sign the information to be signed by using a second private key corresponding to the second public key. And after all the second intermediate signatures are obtained, signature modulus processing is carried out by using the joint public key, the first intermediate signature and the second intermediate signatures, and the first signature is obtained and published. A first signature. The signature modulo processing is signature operation, and the specific form may be that after the signature is performed, the signature result is modulo processed to obtain a first signature.
S105: and acquiring second signatures published by other signing parties, and generating a signature result by using the first signature and the second signature.
The second signature is a second signature generated by each other signer, and after the second signature is obtained, the second signature can be legally verified so as to determine whether each other signer legally signs; or when all other signing parties are credible signing parties, the second signature is not legally verified, and the first signature and the second signature are used for generating a signature result. Besides the first signature and the second signature, the signature result may further include information to be signed, a joint public key, a first intermediate signature, and a second intermediate signature, so as to perform signature verification.
By applying the distributed EdDSA signature method provided by the embodiment of the disclosure, a first public key and second public keys of other signatories are required to form a combined public key during signature, and each signatory carries out signature respectively during signature to obtain a first intermediate signature and a second intermediate signature. And after the first round of signature is finished, performing signature modulo processing on the first round of signature by using the joint public key, namely performing second round of signature, and finally generating a signature result by using the first signature and the second signature. By using a plurality of signing parties to carry out combined signing, the problem of single point failure which is difficult to avoid by single key signing can be avoided, even if the key of a certain signing party is leaked or lost, the signature can not be forged, the signature safety is improved, and the problems that the safety problem is easy to occur and the potential safety hazard exists when the related technology carries out EdDSA signing are solved. Meanwhile, the application range is expanded, and the method can be applied to distributed environments such as cloud computing and the Internet of things.
Based on the above embodiments, in one possible implementation, there is one other signer, i.e., the distributed EdDSA signature is a two-party signature. In this embodiment, a specific two-party signature process will be described, please refer to fig. 2, where fig. 2 is a flowchart of a two-party distributed EdDSA signature method provided by an embodiment of the present invention, where:
in this embodiment, the local signer may be P, the other signer (i.e. the other signer) is Q, P generates a random number k1 as a private key, and calculates a hash value of the private keyH(k1)=(h0,h1,...,h{2b-1}) H is a hash algorithm, and after obtaining the hash value of the private key, the following may be performed:
s1=2{b-2}+∑(3≤i≤b-3}2ihi∈{2{b-2},2{b-2}+8,...,2{b-1}-8}
calculating the intermediate value of the private key and generating a first public key A by using the intermediate value1It has 2b position. Since EdDSA algorithm can be instantiated as Ed25519 signature algorithm or Ed448 signature algorithm by twisting edwards curve edwards25519 or edwards curve 448, respectively, in Ed25519 signature algorithm, b is fixed to take 256; in the Ed448 signature algorithm, b is taken 456 fixedly.
Wherein A is1=[s1]B and B are base points on the elliptic curve. In the generation of A1Then, it is published. Similarly, Q also generates the second public key A by adopting the method2Specifically, the method comprises the following steps:
q generating a random number k2As a private key and computes a hash value of the private key H (k)2)=(g0,g1,...,g{2b-1}) After obtaining the hash value of the private key, the following steps may be performed:
s2=2{b-2}+∑(3≤i≤b-3}2igi∈{2{b-2},2{b-2}+8,...,2{b-1}-8}
calculating the intermediate value of the private key and generating a second public key A by using the intermediate value2Wherein A is2=[s2]And B, after the second public key is generated, publishing the second public key.
After acquiring the first public key and the second public key, both P and Q generate a joint public key a by using the first public key and the second public key, wherein the joint public key a is [ s ]2]B+[s1]B=[s]B。
After the P obtains the information M to be signed, the P can perform signature processing by using the hash value of the private key and the information to be signed to obtain a first intermediate signature R1Wherein r is1=H(hb,...,h{2b-1},M),R1=[r1]B. In the formation of R1Then, M and R are added1And sending the intermediate signature to Q so that Q calculates to obtain a second intermediate signature and further obtain a second signature, specifically:
q calculation
r2=H(gb,...,g{2b-1},M),R2=[r2]B
Obtaining a second intermediate signature R2And according to
R=R1+R2=[r1]B+[r2]B
Calculating to obtain an intermediate signature R, and according to
S2=(r2+H(R,A,M)s2)mod L
Calculating to obtain a second signature S2And after the second signature is obtained, sending the second intermediate signature and the second signature to P. P obtains a second intermediate signature R2Post-computing the intermediate signature R, and according to
S1=(r1+H(R,A,M)s1)mod L
Calculating a first signature S1And verifying whether the second signature is correct, in particular, determining
S2·B=R2+H(R,A,M)·A2
If the first signature is valid, the second signature is correct, and Q is correct and legally finished, so that the signature is verified according to the result
S=S1+S2=(r1+r2+H(R,A,M)(s1+s2))mod L=(r+H(R,A,M)s)mod L
And generating a joint signature S, and forming a signature result (R, S) by using the joint signature S and the intermediate signature R to finish the signature process.
Based on the foregoing embodiment, in a possible implementation manner, the number of the other signing parties is multiple, that is, at least two, a private key hash value may be generated according to the first private key, and the generation of the first public key and the subsequent signing operation are completed by using the private key hash value. The specific parameters used in this example, such as radix point, hash function, security parameters, etc., refer to the EdDSA standard. In particular, each labelThe name side can use PkN, P may be represented by 1, 2iDetermining as local signer, and adding PjAnd i ≠ j is determined as other signers, the step S101 may include:
s1011: a first random number is generated and determined to be a first private key.
In this embodiment, a first random number may be generated, and the first random number may be determined as the first private key. The specific size of the first random number is not limited in this embodiment, and the first random number may use kiMeaning that the random number corresponding to each signing party can utilize kjAnd (4) showing.
S1012: and generating a private key hash value corresponding to the first private key, and calculating by using the private key hash value to obtain a private key intermediate value.
In computing the hash value of the private key, the hash algorithm used in the EdDSA standard may be employed, according to:
H(ki)=(hi,0,hi,1,...,hi,2b-1)
performing a calculation in which H (k)i) Which is a hash value of the private key, having a total of 2b bits. Since EdDSA algorithm can be instantiated as Ed25519 signature algorithm or Ed448 signature algorithm by twisting edwards curve edwards25519 or edwards curve 448, respectively, in Ed25519 signature algorithm, b is fixed to take 256; in the Ed448 signature algorithm, b is taken 456 fixedly.
After the hash value of the private key is obtained through calculation, the following steps can be performed:
si=2b-2+∑3≤i≤b-32jhi,j∈{2b-2,2b-2+8,...,2b-1-8}
calculating to obtain the intermediate value of the private key, wherein siIs the private key intermediate value. The intermediate value of the private key is used for generating a public key corresponding to the signing party.
S1013: and determining an ellipse base point from the system information, and acquiring a first public key according to the intermediate value of the private key based on the ellipse base point.
In this embodiment, the first public key corresponding to the first private key may be determined based on an elliptic curve, specifically, an elliptic base point is determined on the elliptic curve, and based on the elliptic base point, the first public key is obtained by using the intermediate value of the private key. Specifically, the ellipse base point may be determined from the system information, so that each signer determines a corresponding public key based on the ellipse base point, and after determining the ellipse base point, the method includes:
Ai=[si]B
determining a first public key, wherein AiIs the first public key and B is the ellipse base point.
S1014: the first public key is published.
The first public key is published after it is obtained, i.e. sent to all other signatories.
And after the first public key is published, acquiring a second public key published by other signers, and generating a joint public key by using the second public key and the first public key. In this embodiment, the first public key and the second public key may be added to obtain the joint public key. Specifically, the following steps are carried out:
A=A1+A2+...+An
and generating a joint public key, wherein A is the joint public key.
In this embodiment, the intermediate signature may also be generated by using a hash value of a private key, and specifically, the step S103 may include:
s1031: and acquiring the information to be signed, and determining a private key hash value corresponding to the first private key.
And after the information to be signed is obtained, determining a private key hash value corresponding to the first private key. When the private key hash value has been generated at the time of generating the first public key, the private key hash value may be directly obtained; when the first public key is generated without generating the private key hash value, the private key hash value corresponding to the first private key may be generated at this time.
S1032: and carrying out signature processing on the private key hash value and the information to be signed to obtain a first intermediate signature.
Specifically, the private key hash value and the information to be signed may be used to perform signature calculation, that is, perform signature processing, so as to obtain the first intermediate signature. The signature calculation may be hash calculation, and the specific calculation method is not limited in this embodiment. The concrete can be as follows:
ri=H(hi,b,...,hi,2b-1,M),Ri=[ri]B
calculating the intermediate signature corresponding to each signing party, wherein RiIs the first intermediate signature, and M is the information to be signed.
S1033: the first intermediate signature is published.
And after the first intermediate signature is obtained, the first intermediate signature is published, and the subsequent signature operation is completed.
In this embodiment, the step S104 may include:
s1041: a second intermediate signature is obtained and an intermediate signature is generated using the first intermediate signature and the second intermediate signature.
And after acquiring the second intermediate signature generated by each other signing party according to the process, generating the intermediate signature by using the first intermediate signature and the second intermediate signature. Specifically, the following may be mentioned:
R=R1+R2+…+Rn
an intermediate signature is generated, where R is the intermediate signature.
S1042: and determining a private key intermediate value corresponding to the private key hash value, and generating a signature intermediate value by using the private key intermediate value, the intermediate signature, the information to be signed, the joint public key and the private key hash value.
After obtaining the intermediate signature, determining the intermediate value of the private key, and according to (r)i+H(R,A,M)si) And generating a signature intermediate value, wherein H is a signature algorithm, and the specific content of the signature algorithm is not limited in this embodiment.
S1043: and performing modulus processing on the intermediate value of the signature to obtain a first signature, and publishing the first signature.
After obtaining the signature median, the following are followed:
Si=(ri+H(R,A,M)si)mod L
generating a first signature, wherein SiIs the first signature, and L is the modulus of the modulo operation.
After the first signature is generated and published, the second signature published by other signing parties is obtained, and a signature result is generated by using the first signature and the second signature, specifically, the method may include:
S=S1+S2+…+Sn=(r1+r2+…+rn+H(R,A,M)(s1+s2+…+sn))mod L
=(r+H(R,A,M)s)mod L
and generating a joint signature, wherein S is the joint signature, and forming a signature result (R, S) by using the joint signature S and the intermediate signature R to finish the signature process. Other contents can also be included in the signature result, for example, the information M to be signed and the joint public key a, and the signature result is (a, M, R, S).
Based on the above embodiment, in one possible implementation manner, in order to ensure the correctness of the signature result, after the second signature published by other signature parties is acquired, the second signature can be subjected to signature legal verification so as to confirm whether the second signature is legal or not. Specifically, after acquiring the second signature published by the other signing parties, before generating the signature result by using the first signature and the second signature, the method may further include:
carrying out signature legal verification by utilizing the second signature, the system information, the second intermediate signature, the joint public key, the information to be signed, the first intermediate signature and the second public key;
specifically, in this embodiment, the following steps may be performed:
Sj·B=Rj+H(R,A,M)·Aj
and verifying the second signature, namely judging whether the above formula is satisfied. When the above formula is satisfied, the signature is determined to pass the legal verification, and when the above formula is not satisfied, the signature is determined not to pass the legal verification.
If the signature is not verified legally, terminating the signature;
if the signature is not verified legally, it is indicated that the other signers corresponding to the second signature do not normally perform signature, and thus the current signature is terminated.
And if the signature is verified legally, executing a step of generating a signature result by using the first signature and the second signature.
If all the second signatures pass the signature verification, it is determined that each of the other signers normally performs the signature, and therefore the signature result can be generated using the second signatures, that is, the step of generating the signature result using the first signature and the second signature can be performed.
When more than two signing parties are used for joint signing, in some cases, it is not guaranteed that all signing parties are online during signing, or that all signing parties can participate in each signing. Therefore, in a possible implementation manner, a thresholding signature method can be adopted to sign the information to be signed and generate a corresponding signature result, so that the correctness of the signature result is ensured, and the requirement on the number of the parties participating in the signature can be reduced. Specifically, before generating the first signature, the method may further include:
step 11: and acquiring identity information, and generating first sharing information by using the identity information.
The identity information includes local identity information and other identity information, which is used to represent the identity of each signer, the specific content of the identity information is not limited in this embodiment, and the identity information of each signer remains unchanged. In this embodiment, id may be utilizedjIdentity information representing other signatory parties. After obtaining the identity information, the following may be followed:
fi(x)=si+ai1x+…+ai(t-1)xt-1mod L,x=idj
calculating to obtain the first shared information, wherein fi(idj) Is the first shared information. The first shared information is multiple, and each first shared information corresponds to one signing party, namely, the first shared information includes first shared information generated by using other identity information corresponding to other signing parties and first shared information generated by using local identity information corresponding to a local signing party.
Step 12: and sending the first shared information to other signatory parties through a secure channel, and acquiring second shared information sent by other signatory parties through the secure channel.
After the first shared information is obtained, the first shared information is sent to other corresponding signatory parties through a secure channel, that is, the first shared information corresponding to other signatory parties is sent to other signatory parties, and second shared information sent by other signatory parties is obtained through the secure channel. It should be noted that the secure channel is a channel that can ensure information transmission security, and a specific form of the secure channel is not limited in this embodiment, and may be, for example, a one-to-one channel, that is, each secure channel is connected to only two signers. The second shared information is each other signer, and the shared information generated by using the local identity information can be used as fj(idi) And (4) showing.
Step 13: and generating a first shared private key by using the first shared information and the second shared information.
And after all the second shared information is acquired, generating a first shared private key by using the first shared information and the second shared information. Specifically, the following may be mentioned:
Figure BDA0002545810840000131
computing a first shared private key, wherein diIs the first shared private key. The embodiment does not limit the specific generation method of the first shared private key, and for example, the first shared private key may be generated by the above method, or the first shared private key may be generated by another key generation method.
Step 14: and generating a first shared public key corresponding to the first shared private key by using the system information and the first shared private key, and publishing the first shared public key.
After the first shared private key is determined, a first shared public key corresponding to the first shared private key is generated by using the system information and the first shared private key, which may specifically be according to:
Figure BDA0002545810840000132
generating a first shared public key, whichIn (A)i *Is the first shared public key. The generated first shared private key may be used to generate a first signature, and the first shared public key may be used to perform a signature validation prior to subsequent generation of a signature result.
It should be noted that, under the (n, t) model, that is, in the case that the signature can be performed by determining t signature parties among n signature parties, the secrets can be combined by each signature party according to the lagrangian difference formula. I.e. secret sharing (id) given t signatoriesi,f(idi) I is 1, 2, …, t, and then calculating to obtain Lagrangian coefficient according to Lagrangian difference formula
Figure BDA0002545810840000141
i is 1, 2, …, t, and the signature can be completed correctly by using the Lagrange coefficient, namely according to the Lagrange coefficient
Figure BDA0002545810840000142
Then S in the joint signature S can be obtained.
Specifically, after generating the joint public key and the first intermediate signature, the process of generating the first signature may include:
step 21: and obtaining a first Lagrange coefficient according to the identity information.
Specifically, the following may be mentioned:
Figure BDA0002545810840000143
generating a first Lagrangian coefficient, wherein LiIs the first lagrangian coefficient.
Step 22: and acquiring a second intermediate signature published by a target signature party in other signature parties, performing signature modulus processing by using the first Lagrange coefficient, the joint public key, the first intermediate signature and the second intermediate signature to obtain a first signature, and publishing the first signature.
The target signing party is other signing parties participating in the current signature, and only the second intermediate signature sent by the target signing party needs to be acquired when the second intermediate signature is acquired, and after the second intermediate signature is acquired, the method can be as follows:
R=R1+R2+…+Rn
an intermediate signature is generated and is as follows:
Figure BDA0002545810840000144
a first signature is generated and published.
The process of generating the signature result after publishing the first signature may include:
step 31: and acquiring a second signature published by the destination label name party.
The target signing party is other signing parties participating in the current signature, and when a signature result is generated, only the second signature published by the target signing party is needed to be obtained.
Step 32: and calculating a second Lagrange coefficient corresponding to the target label name party.
After the second signature is obtained, calculating a second lagrangian coefficient corresponding to each target signature party, wherein the specific calculation method is the same as that of the first lagrangian coefficient, and is not repeated herein.
Step 33: and generating a signature result by utilizing the first Lagrange coefficient, the second Lagrange coefficient, the first signature and the second signature.
Before generating the signature result, the signature verification of the second signature may also be performed, specifically, the signature verification may be performed according to:
Figure BDA0002545810840000151
and (4) performing signature validity verification, namely judging whether the above formula is satisfied, if so, indicating that the second signature is valid and generating a signature result, and if not, indicating that the second signature is illegal and terminating the signature.
After determining that the second signature is legitimate, according to:
S=L1·S1+L2·S2+…+Lt·St
=(r1+r2+…+rt+H(R,A,M)(L1·d1+L2·d2+…+Lt·dt))mod L
=(r+H(R,A,M)·s)mod L
and generating a joint signature, wherein S is the joint signature, and forming a signature result (R, S) by using the joint signature S and the intermediate signature R to finish the signature process. Other contents can also be included in the signature result, for example, the information M to be signed and the joint public key a, and the signature result is (a, M, R, S).
Based on the above embodiments, the present embodiment will explain a verification process of a target signature result. Referring to fig. 3, fig. 3 is a flowchart of a target signature result verification method according to an embodiment of the disclosure, including:
s301: and acquiring a target signature result.
The target signature result is a signature result that needs to be verified, and the specific content of the target signature result may include a joint signature, an intermediate signature, information to be signed, and a joint public key.
S302: and performing signature verification on the target signature result according to the system information, and judging whether the target signature result passes the verification.
And acquiring information required by signature verification from the system information, and performing signature verification on a target signature result. Specifically, if the target signature result is obtained based on the signature method in the above embodiment, the ellipse base point B may be determined from the system information, and the method may be as follows:
S·B=R+H(R,A,M)·A
and (4) signature verification is carried out, namely whether the above formula is established or not is judged, if so, the verification is determined to be passed, and if not, the verification is determined not to be passed.
S303: and determining that the target signature result is correct.
After the verification is passed, the target signature result can be determined to be correct, that is, the signature result is a normal and legal signature.
S304: and determining that the target signature result is wrong.
When the verification fails, it can be determined that the target signature result is incorrect, i.e., the signature result is an improper illegal signature.
In the following description of the distributed EdDSA signature apparatus provided by the embodiments of the present disclosure, the distributed EdDSA signature apparatus described below and the distributed EdDSA signature method described above may be referred to in correspondence.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a distributed EdDSA signature apparatus according to an embodiment of the present disclosure, including:
the public key generating module 410 is configured to generate a first private key, and generate and publish a first public key corresponding to the first private key by using the system information and the first private key;
the joint public key generation module 420 is configured to obtain second public keys corresponding to other signing parties, and generate a joint public key by using the first public key and the second public key;
the intermediate signature acquiring module 430 is configured to acquire information to be signed, perform signature processing on the information to be signed by using a first private key, and obtain and publish a first intermediate signature;
the first signature generation module 440 is configured to obtain a second intermediate signature published by another signer, and perform signature modulo processing by using the joint public key, the first intermediate signature, and the second intermediate signature to obtain and publish a first signature;
and the signature result generating module 450 is configured to obtain a second signature published by the other signing parties, and generate a signature result using the first signature and the second signature.
Optionally, the method further comprises:
the first shared information generating module is used for acquiring the identity information and generating first shared information by using the identity information;
the second shared information acquisition module is used for sending the first shared information to other signatory parties through a secure channel and acquiring second shared information sent by other signatory parties through the secure channel;
the first shared private key generation module is used for generating a first shared private key by utilizing the first shared information and the second shared information;
and the second shared public key generating module is used for generating a first shared public key corresponding to the first shared private key by using the system information and the first shared private key and publishing the first shared public key.
Optionally, the first signature generating module 440 includes:
the first coefficient calculation unit is used for obtaining a first Lagrange coefficient according to the identity information;
and the first coefficient signature unit is used for acquiring a second intermediate signature published by a target signature party in other signature parties, performing signature modulo processing by using the first Lagrangian coefficient, the joint public key, the first intermediate signature and the second intermediate signature to obtain a first signature, and publishing the first signature.
Optionally, the signature result generating module 450 includes:
the acquisition unit is used for acquiring a second signature published by a target label name party;
the second coefficient calculation unit is used for calculating a second Lagrange coefficient corresponding to the target label name party;
and the second coefficient signature unit is used for generating a signature result by utilizing the first Lagrange coefficient, the second Lagrange coefficient, the first signature and the second signature.
Optionally, the public key generating module 410 includes:
a first private key generation unit configured to generate a first random number and determine it as a first private key;
the private key intermediate value generating unit is used for generating a private key hash value corresponding to the first private key and calculating by using the private key hash value to obtain a private key intermediate value;
the first public key generating unit is used for determining an ellipse base point from the system information and acquiring a first public key according to the intermediate value of the private key based on the ellipse base point;
and the first public key publishing unit is used for publishing the first public key.
Optionally, the intermediate signature obtaining module 430 includes:
acquiring information to be signed, and determining a private key hash value corresponding to the first private key;
signing the private key hash value and the information to be signed to obtain a first intermediate signature;
the first intermediate signature is published.
Optionally, the first signature generating module 440 includes:
an intermediate signature generation unit configured to acquire a second intermediate signature and generate an intermediate signature using the first intermediate signature and the second intermediate signature;
the signature intermediate value generating unit is used for determining a private key intermediate value corresponding to the private key hash value and generating a signature intermediate value by using the private key intermediate value, the intermediate signature, the information to be signed, the joint public key and the private key hash value;
and the modulus processing unit is used for performing modulus processing on the intermediate value of the signature to obtain a first signature and publishing the first signature.
Optionally, the method further comprises:
the signature legal verification module is used for carrying out signature legal verification by utilizing the second signature, the system information, the second intermediate signature, the joint public key, the information to be signed, the first intermediate signature and the second public key;
the signature termination module is used for terminating the signature if the signature is not verified legally;
accordingly, the signature result generating module 450 is a module for generating a signature result by using the first signature and the second signature if the signature is verified legally.
Optionally, the method further comprises:
the acquisition module is used for acquiring a target signature result;
the signature verification module is used for performing signature verification on the target signature result according to the system information and judging whether the target signature result passes the verification;
the first determining module is used for determining that the target signature result is correct if the signature passes the verification;
and the second determining module is used for determining that the target signature result is wrong if the signature verification fails.
The following introduces a distributed EdDSA signature device provided by an embodiment of the present disclosure, and a distributed EdDSA signature device described below and a distributed EdDSA signature method described above may be referred to in correspondence with each other.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a distributed EdDSA signature device according to an embodiment of the present disclosure. Wherein the distributed EdDSA signature apparatus 400 may include a processor 501 and a memory 502, and may further include one or more of a multimedia component 503, an information input/information output (I/O) interface 504, and a communication component 505.
The processor 501 is configured to control the overall operation of the distributed EdDSA signature apparatus 400, so as to complete all or part of the steps in the above-described distributed EdDSA signature method; the memory 502 is used to store various types of data to support the operation of the distributed EdDSA signing device 400, which may include, for example, instructions for any application or method operating on the distributed EdDSA signing device 400, as well as application-related data. The Memory 502 may be implemented by any type or combination of volatile and non-volatile Memory devices, such as one or more of Static Random Access Memory (SRAM), electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic or optical disk.
The multimedia component 503 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 502 or transmitted through the communication component 505. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 504 provides an interface between the processor 501 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 505 is used for wired or wireless communication between the distributed EdDSA signing device 400 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, or 4G, or a combination of one or more of them, so that the corresponding Communication component 505 may include: Wi-Fi part, Bluetooth part, NFC part.
The distributed EdDSA signature apparatus 400 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components, and is configured to perform the distributed EdDSA signature method according to the above embodiments.
The following describes a computer-readable storage medium provided by an embodiment of the present disclosure, and the computer-readable storage medium described below and the distributed EdDSA signature method described above may be referred to in correspondence.
The present disclosure also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the distributed EdDSA signature method described above.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relationships such as first and second, etc., are intended only to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms include, or any other variation is intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that includes a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
The distributed EdDSA signature method, the distributed EdDSA signature apparatus, the distributed EdDSA signature device, and the computer readable storage medium provided by the present disclosure are introduced in detail, and specific examples are applied herein to explain the principles and embodiments of the present disclosure, and the descriptions of the above embodiments are only used to help understand the method and the core ideas of the present disclosure; meanwhile, for a person skilled in the art, based on the idea of the present disclosure, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present disclosure should not be construed as a limitation to the present disclosure.

Claims (12)

1. A distributed EdDSA signature method is characterized by comprising the following steps:
generating a first private key, and generating and publishing a first public key corresponding to the first private key by using system information and the first private key;
acquiring second public keys corresponding to other signing parties, and generating a combined public key by using the first public key and the second public key;
acquiring information to be signed, and signing the information to be signed by using the first private key to obtain and publish a first intermediate signature;
acquiring a second intermediate signature published by the other signers, and performing signature modulus processing by using the joint public key, the first intermediate signature and the second intermediate signature to obtain and publish a first signature;
and acquiring a second signature published by the other signers, and generating a signature result by using the first signature and the second signature.
2. The distributed EdDSA signature method of claim 1, further comprising:
acquiring identity information, and generating first sharing information by using the identity information;
sending the first shared information to other signatory parties through a secure channel, and acquiring second shared information sent by other signatory parties through the secure channel;
generating a first shared private key by using the first shared information and the second shared information;
and generating a first shared public key corresponding to the first shared private key by using the system information and the first shared private key, and publishing the first shared public key.
3. The distributed EdDSA signature method as claimed in claim 2, wherein the obtaining a second intermediate signature published by the other signers, and performing signature modulo processing by using the joint public key, the first intermediate signature and the second intermediate signature to obtain and publish a first signature comprises:
obtaining a first Lagrange coefficient according to the identity information;
and acquiring the second intermediate signature published by a target signature party in the other signature parties, performing signature modulo processing by using the first Lagrangian coefficient, the joint public key, the first intermediate signature and the second intermediate signature to obtain the first signature, and publishing the first signature.
4. The distributed EdDSA signature method of claim 3 wherein the obtaining a second signature published by the other signers and generating a signature result using the first signature and the second signature comprises:
acquiring the second signature published by the target label name party;
calculating a second Lagrange coefficient corresponding to the target label name party;
generating the signature result using the first Lagrangian coefficient, the second Lagrangian coefficient, the first signature, and the second signature.
5. The distributed EdDSA signature method as recited in claim 1, wherein the generating a first private key and generating and publishing a first public key corresponding to the first private key using system information and the first private key comprises:
generating a first random number and determining the first random number as the first private key;
generating a private key hash value corresponding to the first private key, and calculating by using the private key hash value to obtain a private key intermediate value;
determining an ellipse base point from the system information, and acquiring the first public key according to the intermediate value of the private key based on the ellipse base point;
and publishing the first public key.
6. The distributed EdDSA signature method according to claim 1, wherein the obtaining information to be signed and signing the information to be signed with the first private key to obtain and publish a first intermediate signature comprises:
acquiring the information to be signed, and determining a private key hash value corresponding to the first private key;
signing the private key hash value and the information to be signed to obtain the first intermediate signature;
publishing the first intermediate signature.
7. The distributed EdDSA signature method as claimed in claim 6, wherein the obtaining a second intermediate signature published by the other signers, and performing signature modulo processing by using the joint public key, the first intermediate signature and the second intermediate signature to obtain and publish a first signature comprises:
acquiring the second intermediate signature, and generating an intermediate signature by using the first intermediate signature and the second intermediate signature;
determining a private key intermediate value corresponding to the private key hash value, and generating a signature intermediate value by using the private key intermediate value, the intermediate signature, the information to be signed, the joint public key and the private key hash value;
and performing modulus processing on the signature intermediate value to obtain the first signature, and publishing the first signature.
8. A distributed EdDSA signature method as claimed in any of claims 1 to 7 further comprising, after said obtaining a second signature published by said other signers, before said generating a signature result using said first signature and said second signature:
carrying out signature legal verification by utilizing the second signature, the system information, a second intermediate signature, the joint public key, the information to be signed, the first intermediate signature and the second public key;
if the signature is not verified legally, terminating the signature;
and if the signature is verified legally, executing the step of generating a signature result by using the first signature and the second signature.
9. The distributed EdDSA signature method of claim 1, further comprising:
acquiring a target signature result;
performing signature verification on the target signature result according to the system information, and judging whether the target signature result passes the verification;
if the signature passes the verification, determining that the target signature result is correct;
and if the signature verification fails, determining that the target signature result is wrong.
10. A distributed EdDSA signature apparatus, comprising:
the public key generating module is used for generating a first private key, and generating and publishing a first public key corresponding to the first private key by using system information and the first private key;
the combined public key generating module is used for acquiring second public keys corresponding to other signing parties and generating a combined public key by using the first public key and the second public key;
the intermediate signature acquisition module is used for acquiring information to be signed and signing the information to be signed by using the first private key to obtain and publish a first intermediate signature;
the first signature generation module is used for acquiring a second intermediate signature published by the other signers, and performing signature modulo processing by using the joint public key, the first intermediate signature and the second intermediate signature to obtain and publish a first signature;
and the signature result generating module is used for acquiring a second signature published by the other signers and generating a signature result by using the first signature and the second signature.
11. A distributed EdDSA signature device comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor for executing the computer program to implement the distributed EdDSA signature method as claimed in any one of claims 1 to 9.
12. A computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the distributed EdDSA signature method of any of claims 1 to 9.
CN202010559653.9A 2020-06-18 2020-06-18 Distributed EdDSA signature method, device, equipment and storage medium Pending CN111740843A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010559653.9A CN111740843A (en) 2020-06-18 2020-06-18 Distributed EdDSA signature method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010559653.9A CN111740843A (en) 2020-06-18 2020-06-18 Distributed EdDSA signature method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111740843A true CN111740843A (en) 2020-10-02

Family

ID=72649740

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010559653.9A Pending CN111740843A (en) 2020-06-18 2020-06-18 Distributed EdDSA signature method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111740843A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112636915A (en) * 2020-11-27 2021-04-09 杭州趣链科技有限公司 Batch signature verification method, device, equipment and medium based on SM2 cryptographic algorithm
CN112653554A (en) * 2020-12-30 2021-04-13 成都卫士通信息产业股份有限公司 Signature method, system, equipment and readable storage medium
CN114679281A (en) * 2022-03-15 2022-06-28 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506156A (en) * 2016-12-15 2017-03-15 北京三未信安科技发展有限公司 A kind of distributed Threshold Signature method based on elliptic curve
EP3461053A1 (en) * 2017-09-20 2019-03-27 Nagravision S.A. Fault attacks counter-measures for eddsa
CN110784320A (en) * 2019-11-04 2020-02-11 张冰 Distributed key implementation method and system and user identity management method and system
CN110995441A (en) * 2019-11-25 2020-04-10 武汉大学 Multi-party collaborative EdDSA digital signature generation method and medium
CN111082945A (en) * 2019-12-20 2020-04-28 浙江工商大学 Two-party EdDSA (EdDSA) collaborative signature protocol
CN111147254A (en) * 2019-12-24 2020-05-12 矩阵元技术(深圳)有限公司 Method and device for generating EdDSA digital signature with two parties cooperating

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506156A (en) * 2016-12-15 2017-03-15 北京三未信安科技发展有限公司 A kind of distributed Threshold Signature method based on elliptic curve
EP3461053A1 (en) * 2017-09-20 2019-03-27 Nagravision S.A. Fault attacks counter-measures for eddsa
CN110784320A (en) * 2019-11-04 2020-02-11 张冰 Distributed key implementation method and system and user identity management method and system
CN110995441A (en) * 2019-11-25 2020-04-10 武汉大学 Multi-party collaborative EdDSA digital signature generation method and medium
CN111082945A (en) * 2019-12-20 2020-04-28 浙江工商大学 Two-party EdDSA (EdDSA) collaborative signature protocol
CN111147254A (en) * 2019-12-24 2020-05-12 矩阵元技术(深圳)有限公司 Method and device for generating EdDSA digital signature with two parties cooperating

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
YOLAN ROMAILLER;SYLVAIN PELISSIER: ""Practical Fault Attack against the Ed25519 and EdDSA Signature Schemes"", 《2017 WORKSHOP ON FAULT DIAGNOSIS AND TOLERANCE IN CRYPTOGRAPHY (FDTC)》 *
成娟娟等: "Curve25519椭圆曲线算法GPU高速实现", 《信息网络安全》 *
涂彬彬等: "门限密码系统综述", 《密码学报》 *
罗敏等: "一类(t,n)门限群签名方案的安全性分析", 《计算机工程与应用》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112636915A (en) * 2020-11-27 2021-04-09 杭州趣链科技有限公司 Batch signature verification method, device, equipment and medium based on SM2 cryptographic algorithm
CN112636915B (en) * 2020-11-27 2024-03-22 杭州趣链科技有限公司 Batch signature verification method, device, equipment and medium based on SM2 cryptographic algorithm
CN112653554A (en) * 2020-12-30 2021-04-13 成都卫士通信息产业股份有限公司 Signature method, system, equipment and readable storage medium
CN114679281A (en) * 2022-03-15 2022-06-28 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and device
CN114679281B (en) * 2022-03-15 2023-12-01 北京宏思电子技术有限责任公司 RSA-based joint signature generation method and apparatus

Similar Documents

Publication Publication Date Title
US10270597B2 (en) Combined authorization process
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
CN110971405B (en) SM2 signing and decrypting method and system with cooperation of multiple parties
CN111740843A (en) Distributed EdDSA signature method, device, equipment and storage medium
US10419422B2 (en) Combined authorization process
US11444766B2 (en) Combined authorization process
JP2020537362A (en) Preventing inaccurate notification of input data by participants in secure multi-party calculations
CN112906039B (en) Certificateless distributed signature method, certificateless distributed signature device, certificateless distributed signature medium and electronic equipment
CN112219371A (en) Bidirectional block chain
CN111769955B (en) Electronic signature generation method and device, electronic signature verification method and device and related components
CN112187469B (en) SM2 multiparty collaborative digital signature method and system based on key factors
CN116566626B (en) Ring signature method and apparatus
CN115460019B (en) Method, apparatus, device and medium for providing digital identity-based target application
CN115001711B (en) Information signing method, device, electronic equipment and computer readable storage medium
CN111931209A (en) Contract information verification method and device based on zero knowledge certification
CN114070556A (en) Threshold ring signature method and device, electronic equipment and readable storage medium
Shirvanian et al. On the pitfalls of end-to-end encrypted communications: A study of remote key-fingerprint verification
CN113055189B (en) SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN108833104A (en) A kind of signature method, verification method and the device of file
CN116170144B (en) Smart power grid anonymous authentication method, electronic equipment and storage medium
US20200057871A1 (en) Apparatuses and methods for signing a legal document
CN112541759A (en) Hidden transaction method and device based on UTXO model in block chain system and related products
CN115277197B (en) Model ownership verification method, electronic device, medium and program product
CN111769953B (en) Digital certificate certification method, device, equipment and readable storage medium
CN115906109A (en) Data auditing method and device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201002

RJ01 Rejection of invention patent application after publication