CN111817848B - ECDSA signature method and system for ECC private key segmented storage - Google Patents
ECDSA signature method and system for ECC private key segmented storage Download PDFInfo
- Publication number
- CN111817848B CN111817848B CN202010563126.5A CN202010563126A CN111817848B CN 111817848 B CN111817848 B CN 111817848B CN 202010563126 A CN202010563126 A CN 202010563126A CN 111817848 B CN111817848 B CN 111817848B
- Authority
- CN
- China
- Prior art keywords
- client
- server
- signature
- private key
- session data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Abstract
An ECDSA signature method and system for ECC private key segment storage. The method comprises two sub-algorithms: a public and private key pair generation sub-algorithm and a digital signature sub-algorithm; the first step is public and private key pair generation sub-algorithm: the client randomly generates a client private key factor, generates a corresponding public key factor and sends the public key factor to the server; the second step of digital signature sub-algorithm: aiming at a plaintext message, the client calculates a digital abstract of the plaintext message, generates signature session data of the plaintext message digital abstract, namely client signature session data, and sends the client signature session data to the server; the invention relates to an ECDSA signature method for ECC private key segmented storage.
Description
The technical field is as follows:
the invention relates to an ECDSA signature method and system for ECC private key segmented storage.
Background art:
elliptic Curve Cryptography (ECC) is a public key cryptographic algorithm, and can implement cryptographic operations such as encryption and decryption and digital signature verification, wherein the signature algorithm standard is an Elliptic curve digital signature algorithm ECDSA.
In ECC, the private key is the core of the ECC, and security is lost once the private key is compromised. In order to protect the security of the private key, the partial scheme provides that the SM2 private key in the smart card chip is divided into two parts, the two parts can realize signature operation on the message only through cooperative computing, both the operating parts can not obtain any information of the private key of the other part and any information of the ECC private key, and even if any one part is mastered by an attacker, the signature can not be forged.
However, in the current implementation schemes, some schemes have more interaction steps and poorer performance, and some schemes use complex cryptographic operations such as zero knowledge proof, homomorphic encryption and the like, so that the efficiency is lower.
The invention content is as follows:
the invention aims to provide an ECDSA signature method and system for ECC private key segmented storage, which have higher efficiency.
The above purpose is realized by the following technical scheme:
an ECDSA signature method for ECC private key segmented storage comprises two sub-algorithms: a public and private key pair generation sub-algorithm and a digital signature sub-algorithm;
a first step of generating a sub algorithm by public and private key pairs:
the client randomly generates a client private key factor, generates a corresponding public key factor and sends the public key factor to the server;
the server receives the client public key factor sent by the client, randomly generates a server private key factor, and generates a public key which finally represents the identity of the client based on the client public key factor and a preset base point;
the second step of digital signature sub-algorithm:
aiming at a plaintext message, the client calculates a digital abstract of the plaintext message, generates signature session data of the plaintext message digital abstract, namely client signature session data, and sends the client signature session data to the server;
the server receives the signature session data sent by the client, generates server-side signature session data based on the client-side signature session data and the server private key factor, and sends the server-side signature session data to the client;
and the client receives the server-side signature session data, and generates an elliptic curve digital signature algorithm ECDSA digital signature of the plaintext message based on a client private key factor and the server-side signature session data.
According to the ECDSA signature method for the ECC private key segmented storage, a client and a server randomly generate respective private key factors and relevant data according to the following procedures, and finally generate a public key representing a client A:
c1: client A randomly generates d 1 ∈[1,n-1];
C2: client A calculates P 1 =[d 1 ]G;
C3: client A sends P 1 Sending the data to a server;
s1: server side random generation d 2 ∈[1,n-1],d 3 ∈[1,n-1];
S2: and (3) server side calculation: p A =[d 2 ]P 1 +[d 3 ]G and discloses P A 。
According to the ECDSA signature method for the ECC private key segmented storage, a client and a server execute the following processes on a message m, and finally generate an elliptic curve digital signature algorithm ECDSA digital signature (r, s) on the message m:
c4: the client A carries out Hash operation on the message m and calculates e = H (m);
c5: client A randomly generates integer k 1 ∈[1,n-1]Calculating Q 1 =[k 1 ]G,Q 1 Points on the elliptic curve;
c6: client A will (e, Q) 1 ) The signature session data serving as the client side is sent to the server side;
s3: the server receives the client signed session data (e, Q) 1 ) Randomly generating k 2 ∈[1,n-1],k 3 ∈[1,n-1];
S4: server side computation Q 2 =[k 2 ]G,Q'=[k 2 ]Q 1 =(x 1 ',y 1 ') wherein Q' is a point on an elliptic curve with the coordinates (x) 1 ',y 1 ') and calculate r' = x 1 'mod n;
S6: server side will (Q) 2 ,s 1 ,s 2 ) The signature session data serving as the server side is sent to the client side;
c7: client A receives (Q) 2 ,s 1 ,s 2 ) Then, calculate Q = [ k = 1 ]Q 2 =(x 1 ,y 1 ) Where Q is a point on an elliptic curve with the coordinate (x) 1 ,y 1 ) And calculating r = x 1 mod n;
Has the advantages that:
1. according to the invention, the ECC private key is divided into two parts, wherein one part is at the client side, the other part is at the server side, the client side and the server side do not know the private key factor of the other side, and meanwhile, the corresponding ECC private key cannot be calculated.
2. The invention does not use complex password operation such as zero knowledge proof, homomorphic password and the like, and has higher efficiency.
Description of the drawings:
FIG. 1 is a flow chart of the algorithm of the present invention.
The specific implementation mode is as follows:
the technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings of the present invention.
Example 1:
an ECDSA signature method for ECC private key segmented storage comprises two sub-algorithms: a public and private key pair generation sub-algorithm and a digital signature sub-algorithm;
the first step is public and private key pair generation sub-algorithm:
the client randomly generates a client private key factor, generates a corresponding public key factor and sends the public key factor to the server;
the server receives the client public key factor sent by the client, randomly generates a server private key factor, and generates a public key which finally represents the identity of the client based on the client public key factor and a preset base point;
the second step of digital signature sub-algorithm:
aiming at a plaintext message, the client calculates a digital abstract of the plaintext message, generates signature session data of the plaintext message digital abstract, namely client signature session data, and sends the client signature session data to the server;
the server receives the signature session data sent by the client, generates server-side signature session data based on the client-side signature session data and the server private key factor, and sends the server-side signature session data to the client;
and the client receives the server-side signature session data, and generates an elliptic curve digital signature algorithm ECDSA digital signature of the plaintext message based on a client private key factor and the server-side signature session data.
Wherein, in elliptic curve cryptography, the system parameter used is an elliptic curve E (F) p ) G and n, wherein E (F) p ) (p is a large prime number) as defined in the finite field F p An elliptic curve E of (1) defined at F p The above elliptic curve equation is y 2 =x 3 + ax + b, where a, b ∈ F p And (4 a) 3 +27b 2 ) modp ≠ 0, where G is a base point of the elliptic curve and n is the order of the base point G, [ quart ≠ 0 ≠ G]G denotes the multiplication of a large number of quarts with point G.
Example 2:
in the ECDSA signing method for ECC private key segment storage according to embodiment 1, the client and the server randomly generate their private key factors and related data according to the following procedures, and finally generate a public key representing the client a:
c1: client A randomly generates d 1 ∈[1,n-1];
C2: client A calculates P 1 =[d 1 ]G;
C3: client A sends P 1 Sending the data to a server;
s1: server side random generation d 2 ∈[1,n-1],d 3 ∈[1,n-1];
S2: and (3) server side calculation: p A =[d 2 ]P 1 +[d 3 ]G, hegongOpening P A 。
Example 3:
in the ECDSA signature method for ECC private key segment storage according to embodiment 1, the client and the server execute the following procedures on the message m, and finally generate an elliptic curve digital signature algorithm ECDSA digital signature (r, s) for the message m:
c4: the client A carries out Hash operation on the message m and calculates e = H (m);
c5: client A randomly generates integer k 1 ∈[1,n-1]Calculating Q 1 =[k 1 ]G,Q 1 Points on the elliptic curve;
c6: client A will (e, Q) 1 ) The signature session data serving as the client side is sent to the server side;
s3: the server receives the client signed session data (e, Q) 1 ) Randomly generating k 2 ∈[1,n-1],k 3 ∈[1,n-1];
S4: server side computation Q 2 =[k 2 ]G,Q'=[k 2 ]Q 1 =(x 1 ',y 1 ') wherein Q' is a point on an elliptic curve with the coordinates (x) 1 ',y 1 ') and calculate r' = x 1 'mod n;
S6: server side will (Q) 2 ,s 1 ,s 2 ) The signature session data serving as the server side is sent to the client side;
c7: client A receives (Q) 2 ,s 1 ,s 2 ) Then, calculate Q = [ k = 1 ]Q 2 =(x 1 ,y 1 ) Where Q is a point on an elliptic curve with the coordinate (x) 1 ,y 1 ) And calculating r = x 1 mod n;
Claims (1)
1. An ECDSA signature method for ECC private key segmented storage is characterized by comprising two sub-algorithms: a public and private key pair generation sub-algorithm and a digital signature sub-algorithm;
the first step is public and private key pair generation sub-algorithm:
the client randomly generates a client private key factor, generates a corresponding public key factor and sends the public key factor to the server;
the server receives the client public key factor sent by the client, randomly generates a server private key factor, and generates a public key which finally represents the identity of the client based on the client public key factor and a preset base point;
the second step of digital signature sub-algorithm:
aiming at a plaintext message, the client calculates a digital abstract of the plaintext message, generates signature session data of the plaintext message digital abstract, namely client signature session data, and sends the client signature session data to the server;
the server receives the signature session data sent by the client, generates server-side signature session data based on the client-side signature session data and the server private key factor, and sends the server-side signature session data to the client;
the client receives the server-side signature session data, and generates an elliptic curve digital signature algorithm ECDSA digital signature of the plaintext message based on a client private key factor and the server-side signature session data;
the client and the server randomly generate respective private key factors and related data according to the following procedures, and finally generate a public key representing the client A:
c1: client A randomly generates d 1 ∈[1 ,n-1];
C2: client A calculates P 1 =[d 1 ]G;
C3: client A sends P 1 Sending to a server;
s1: garmentServer side random generation d 2 ∈[1 ,n-1],d 3 ∈[1 ,n-1];
S2: and (3) server side calculation: p A =[d 2 ]P 1 +[d 3 ]G and discloses P A ;
The client and the server execute the following processes on the message m, and finally generate an elliptic curve digital signature algorithm ECDSA digital signature (r, s) on the message m:
c4: the client A carries out Hash operation on the message m and calculates e = H (m);
c5: client A randomly generates integer k 1 ∈[1 ,n-1]Calculating Q 1 =[k 1 ]G,Q 1 Points on the elliptic curve;
c6: client A will (e, Q) 1 ) The signature session data serving as the client side is sent to the server side;
s3: the server receives the client signed session data (e, Q) 1 ) Randomly generating k 2 ∈[1 ,n-1],k 3 ∈[1 ,n-1];
S4: server side computation Q 2 =[k 2 ]G,Q '=[k 2 ]Q 1 =(x 1 ',y 1 ') wherein Q' is a point on an elliptic curve with the coordinates (x) 1 ',y 1 ') and calculate r' = x 1 'mod n;
S6: server side will (Q) 2 ,s 1 ,s 2 ) The signature session data serving as the server side is sent to the client side;
c7: client A receives (Q) 2 ,s 1 ,s 2 ) Then, calculate Q = [ k = 1 ]Q 2 =(x 1 ,y 1 ) Where Q is a point on an elliptic curve, which sits
Is marked as (x) 1 ,y 1 ) And calculating r = x 1 mod n;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010563126.5A CN111817848B (en) | 2020-06-19 | 2020-06-19 | ECDSA signature method and system for ECC private key segmented storage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010563126.5A CN111817848B (en) | 2020-06-19 | 2020-06-19 | ECDSA signature method and system for ECC private key segmented storage |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111817848A CN111817848A (en) | 2020-10-23 |
CN111817848B true CN111817848B (en) | 2023-01-17 |
Family
ID=72846223
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010563126.5A Active CN111817848B (en) | 2020-06-19 | 2020-06-19 | ECDSA signature method and system for ECC private key segmented storage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111817848B (en) |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2937484B1 (en) * | 2008-10-22 | 2011-06-17 | Paycool Int Ltd | DIGITAL SIGNATURE METHOD IN TWO STEPS |
CN107370599B (en) * | 2017-08-07 | 2020-07-10 | 收付宝科技有限公司 | Management method, device and system for remotely destroying private key |
CN107483212B (en) * | 2017-08-15 | 2021-04-30 | 武汉信安珞珈科技有限公司 | Method for generating digital signature by cooperation of two parties |
CN109246129B (en) * | 2018-10-12 | 2020-12-25 | 天津赢达信科技有限公司 | SM2 collaborative signature method and system capable of verifying client identity |
CN110138567B (en) * | 2019-05-22 | 2021-11-26 | 广州安研信息科技有限公司 | ECDSA (electronic signature system) based collaborative signature method |
-
2020
- 2020-06-19 CN CN202010563126.5A patent/CN111817848B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN111817848A (en) | 2020-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108667626B (en) | Secure two-party collaboration SM2 signature method | |
CN107733648B (en) | Identity-based RSA digital signature generation method and system | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN110830236B (en) | Identity-based encryption method based on global hash | |
CN110138567B (en) | ECDSA (electronic signature system) based collaborative signature method | |
CN107483191B (en) | SM2 algorithm key segmentation signature system and method | |
US9800418B2 (en) | Signature protocol | |
CN110113150B (en) | Encryption method and system based on non-certificate environment and capable of repudiation authentication | |
CN109951292B (en) | Simplified SM9 digital signature separation interaction generation method and system | |
CN112118111A (en) | SM2 digital signature method suitable for threshold calculation | |
CN114448641A (en) | Privacy encryption method, electronic equipment, storage medium and chip | |
CN114726546A (en) | Digital identity authentication method, device, equipment and storage medium | |
US20150006900A1 (en) | Signature protocol | |
CN108055134B (en) | Collaborative computing method and system for elliptic curve point multiplication and pairing operation | |
CN110798313B (en) | Secret dynamic sharing-based collaborative generation method and system for number containing secret | |
CN115174056B (en) | Chameleon signature generation method and chameleon signature generation device based on SM9 signature | |
Liu et al. | Identity-based threshold proxy signature from bilinear pairings | |
CN111817848B (en) | ECDSA signature method and system for ECC private key segmented storage | |
Ahirwal et al. | Signcryption scheme that utilizes elliptic curve for both encryption and signature generation | |
CN111740837A (en) | Distributed signature method and system based on SM9 | |
CN115174052B (en) | Adapter signature generation method and device based on SM9 signature | |
CN109150545B (en) | ECC-based (m, N) threshold group signature method | |
CN115174054B (en) | Certificate-free signature generation method and device based on SM9 signature | |
CN115174055B (en) | Certificate signature generation method and device based on SM9 signature | |
CN112511310B (en) | Confusion method for encrypted identity blind signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder | ||
CP02 | Change in the address of a patent holder |
Address after: Room 903, 904, East Tower, Building 5, No. 22, Kaihua Road, Huayuan Industrial Zone, Binhai, Tianjin, 300000 Patentee after: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD. Address before: 300000 202, building C07, north of Fuyuan Road, development zone, Wuqing District, Tianjin Patentee before: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD. |