CN111817848B - ECDSA signature method and system for ECC private key segmented storage - Google Patents

ECDSA signature method and system for ECC private key segmented storage Download PDF

Info

Publication number
CN111817848B
CN111817848B CN202010563126.5A CN202010563126A CN111817848B CN 111817848 B CN111817848 B CN 111817848B CN 202010563126 A CN202010563126 A CN 202010563126A CN 111817848 B CN111817848 B CN 111817848B
Authority
CN
China
Prior art keywords
client
server
signature
private key
session data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010563126.5A
Other languages
Chinese (zh)
Other versions
CN111817848A (en
Inventor
张秋璞
彭竹
曹伟
程学彬
李宝盛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Yingdaxin Technology Co ltd
Original Assignee
Tianjin Yingdaxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Yingdaxin Technology Co ltd filed Critical Tianjin Yingdaxin Technology Co ltd
Priority to CN202010563126.5A priority Critical patent/CN111817848B/en
Publication of CN111817848A publication Critical patent/CN111817848A/en
Application granted granted Critical
Publication of CN111817848B publication Critical patent/CN111817848B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Abstract

An ECDSA signature method and system for ECC private key segment storage. The method comprises two sub-algorithms: a public and private key pair generation sub-algorithm and a digital signature sub-algorithm; the first step is public and private key pair generation sub-algorithm: the client randomly generates a client private key factor, generates a corresponding public key factor and sends the public key factor to the server; the second step of digital signature sub-algorithm: aiming at a plaintext message, the client calculates a digital abstract of the plaintext message, generates signature session data of the plaintext message digital abstract, namely client signature session data, and sends the client signature session data to the server; the invention relates to an ECDSA signature method for ECC private key segmented storage.

Description

ECDSA signature method and system for ECC private key segmented storage
The technical field is as follows:
the invention relates to an ECDSA signature method and system for ECC private key segmented storage.
Background art:
elliptic Curve Cryptography (ECC) is a public key cryptographic algorithm, and can implement cryptographic operations such as encryption and decryption and digital signature verification, wherein the signature algorithm standard is an Elliptic curve digital signature algorithm ECDSA.
In ECC, the private key is the core of the ECC, and security is lost once the private key is compromised. In order to protect the security of the private key, the partial scheme provides that the SM2 private key in the smart card chip is divided into two parts, the two parts can realize signature operation on the message only through cooperative computing, both the operating parts can not obtain any information of the private key of the other part and any information of the ECC private key, and even if any one part is mastered by an attacker, the signature can not be forged.
However, in the current implementation schemes, some schemes have more interaction steps and poorer performance, and some schemes use complex cryptographic operations such as zero knowledge proof, homomorphic encryption and the like, so that the efficiency is lower.
The invention content is as follows:
the invention aims to provide an ECDSA signature method and system for ECC private key segmented storage, which have higher efficiency.
The above purpose is realized by the following technical scheme:
an ECDSA signature method for ECC private key segmented storage comprises two sub-algorithms: a public and private key pair generation sub-algorithm and a digital signature sub-algorithm;
a first step of generating a sub algorithm by public and private key pairs:
the client randomly generates a client private key factor, generates a corresponding public key factor and sends the public key factor to the server;
the server receives the client public key factor sent by the client, randomly generates a server private key factor, and generates a public key which finally represents the identity of the client based on the client public key factor and a preset base point;
the second step of digital signature sub-algorithm:
aiming at a plaintext message, the client calculates a digital abstract of the plaintext message, generates signature session data of the plaintext message digital abstract, namely client signature session data, and sends the client signature session data to the server;
the server receives the signature session data sent by the client, generates server-side signature session data based on the client-side signature session data and the server private key factor, and sends the server-side signature session data to the client;
and the client receives the server-side signature session data, and generates an elliptic curve digital signature algorithm ECDSA digital signature of the plaintext message based on a client private key factor and the server-side signature session data.
According to the ECDSA signature method for the ECC private key segmented storage, a client and a server randomly generate respective private key factors and relevant data according to the following procedures, and finally generate a public key representing a client A:
c1: client A randomly generates d 1 ∈[1,n-1];
C2: client A calculates P 1 =[d 1 ]G;
C3: client A sends P 1 Sending the data to a server;
s1: server side random generation d 2 ∈[1,n-1],d 3 ∈[1,n-1];
S2: and (3) server side calculation: p A =[d 2 ]P 1 +[d 3 ]G and discloses P A
According to the ECDSA signature method for the ECC private key segmented storage, a client and a server execute the following processes on a message m, and finally generate an elliptic curve digital signature algorithm ECDSA digital signature (r, s) on the message m:
c4: the client A carries out Hash operation on the message m and calculates e = H (m);
c5: client A randomly generates integer k 1 ∈[1,n-1]Calculating Q 1 =[k 1 ]G,Q 1 Points on the elliptic curve;
c6: client A will (e, Q) 1 ) The signature session data serving as the client side is sent to the server side;
s3: the server receives the client signed session data (e, Q) 1 ) Randomly generating k 2 ∈[1,n-1],k 3 ∈[1,n-1];
S4: server side computation Q 2 =[k 2 ]G,Q'=[k 2 ]Q 1 =(x 1 ',y 1 ') wherein Q' is a point on an elliptic curve with the coordinates (x) 1 ',y 1 ') and calculate r' = x 1 'mod n;
S5: server-side computing
Figure BDA0002546847920000031
S6: server side will (Q) 2 ,s 1 ,s 2 ) The signature session data serving as the server side is sent to the client side;
c7: client A receives (Q) 2 ,s 1 ,s 2 ) Then, calculate Q = [ k = 1 ]Q 2 =(x 1 ,y 1 ) Where Q is a point on an elliptic curve with the coordinate (x) 1 ,y 1 ) And calculating r = x 1 mod n;
C8: client A computation
Figure BDA0002546847920000032
Then (r, s) is the ECDSA digital signature for message m.
Has the advantages that:
1. according to the invention, the ECC private key is divided into two parts, wherein one part is at the client side, the other part is at the server side, the client side and the server side do not know the private key factor of the other side, and meanwhile, the corresponding ECC private key cannot be calculated.
2. The invention does not use complex password operation such as zero knowledge proof, homomorphic password and the like, and has higher efficiency.
Description of the drawings:
FIG. 1 is a flow chart of the algorithm of the present invention.
The specific implementation mode is as follows:
the technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings of the present invention.
Example 1:
an ECDSA signature method for ECC private key segmented storage comprises two sub-algorithms: a public and private key pair generation sub-algorithm and a digital signature sub-algorithm;
the first step is public and private key pair generation sub-algorithm:
the client randomly generates a client private key factor, generates a corresponding public key factor and sends the public key factor to the server;
the server receives the client public key factor sent by the client, randomly generates a server private key factor, and generates a public key which finally represents the identity of the client based on the client public key factor and a preset base point;
the second step of digital signature sub-algorithm:
aiming at a plaintext message, the client calculates a digital abstract of the plaintext message, generates signature session data of the plaintext message digital abstract, namely client signature session data, and sends the client signature session data to the server;
the server receives the signature session data sent by the client, generates server-side signature session data based on the client-side signature session data and the server private key factor, and sends the server-side signature session data to the client;
and the client receives the server-side signature session data, and generates an elliptic curve digital signature algorithm ECDSA digital signature of the plaintext message based on a client private key factor and the server-side signature session data.
Wherein, in elliptic curve cryptography, the system parameter used is an elliptic curve E (F) p ) G and n, wherein E (F) p ) (p is a large prime number) as defined in the finite field F p An elliptic curve E of (1) defined at F p The above elliptic curve equation is y 2 =x 3 + ax + b, where a, b ∈ F p And (4 a) 3 +27b 2 ) modp ≠ 0, where G is a base point of the elliptic curve and n is the order of the base point G, [ quart ≠ 0 ≠ G]G denotes the multiplication of a large number of quarts with point G.
Example 2:
in the ECDSA signing method for ECC private key segment storage according to embodiment 1, the client and the server randomly generate their private key factors and related data according to the following procedures, and finally generate a public key representing the client a:
c1: client A randomly generates d 1 ∈[1,n-1];
C2: client A calculates P 1 =[d 1 ]G;
C3: client A sends P 1 Sending the data to a server;
s1: server side random generation d 2 ∈[1,n-1],d 3 ∈[1,n-1];
S2: and (3) server side calculation: p A =[d 2 ]P 1 +[d 3 ]G, hegongOpening P A
Example 3:
in the ECDSA signature method for ECC private key segment storage according to embodiment 1, the client and the server execute the following procedures on the message m, and finally generate an elliptic curve digital signature algorithm ECDSA digital signature (r, s) for the message m:
c4: the client A carries out Hash operation on the message m and calculates e = H (m);
c5: client A randomly generates integer k 1 ∈[1,n-1]Calculating Q 1 =[k 1 ]G,Q 1 Points on the elliptic curve;
c6: client A will (e, Q) 1 ) The signature session data serving as the client side is sent to the server side;
s3: the server receives the client signed session data (e, Q) 1 ) Randomly generating k 2 ∈[1,n-1],k 3 ∈[1,n-1];
S4: server side computation Q 2 =[k 2 ]G,Q'=[k 2 ]Q 1 =(x 1 ',y 1 ') wherein Q' is a point on an elliptic curve with the coordinates (x) 1 ',y 1 ') and calculate r' = x 1 'mod n;
S5: server-side computing
Figure BDA0002546847920000051
S6: server side will (Q) 2 ,s 1 ,s 2 ) The signature session data serving as the server side is sent to the client side;
c7: client A receives (Q) 2 ,s 1 ,s 2 ) Then, calculate Q = [ k = 1 ]Q 2 =(x 1 ,y 1 ) Where Q is a point on an elliptic curve with the coordinate (x) 1 ,y 1 ) And calculating r = x 1 mod n;
C8: client A computation
Figure BDA0002546847920000052
Then (r, s) is the ECDSA digital signature for message m.

Claims (1)

1. An ECDSA signature method for ECC private key segmented storage is characterized by comprising two sub-algorithms: a public and private key pair generation sub-algorithm and a digital signature sub-algorithm;
the first step is public and private key pair generation sub-algorithm:
the client randomly generates a client private key factor, generates a corresponding public key factor and sends the public key factor to the server;
the server receives the client public key factor sent by the client, randomly generates a server private key factor, and generates a public key which finally represents the identity of the client based on the client public key factor and a preset base point;
the second step of digital signature sub-algorithm:
aiming at a plaintext message, the client calculates a digital abstract of the plaintext message, generates signature session data of the plaintext message digital abstract, namely client signature session data, and sends the client signature session data to the server;
the server receives the signature session data sent by the client, generates server-side signature session data based on the client-side signature session data and the server private key factor, and sends the server-side signature session data to the client;
the client receives the server-side signature session data, and generates an elliptic curve digital signature algorithm ECDSA digital signature of the plaintext message based on a client private key factor and the server-side signature session data;
the client and the server randomly generate respective private key factors and related data according to the following procedures, and finally generate a public key representing the client A:
c1: client A randomly generates d 1 ∈[1 ,n-1];
C2: client A calculates P 1 =[d 1 ]G;
C3: client A sends P 1 Sending to a server;
s1: garmentServer side random generation d 2 ∈[1 ,n-1],d 3 ∈[1 ,n-1];
S2: and (3) server side calculation: p A =[d 2 ]P 1 +[d 3 ]G and discloses P A
The client and the server execute the following processes on the message m, and finally generate an elliptic curve digital signature algorithm ECDSA digital signature (r, s) on the message m:
c4: the client A carries out Hash operation on the message m and calculates e = H (m);
c5: client A randomly generates integer k 1 ∈[1 ,n-1]Calculating Q 1 =[k 1 ]G,Q 1 Points on the elliptic curve;
c6: client A will (e, Q) 1 ) The signature session data serving as the client side is sent to the server side;
s3: the server receives the client signed session data (e, Q) 1 ) Randomly generating k 2 ∈[1 ,n-1],k 3 ∈[1 ,n-1];
S4: server side computation Q 2 =[k 2 ]G,Q '=[k 2 ]Q 1 =(x 1 ',y 1 ') wherein Q' is a point on an elliptic curve with the coordinates (x) 1 ',y 1 ') and calculate r' = x 1 'mod n;
S5: server-side computing
Figure 620617DEST_PATH_IMAGE001
S6: server side will (Q) 2 ,s 1 ,s 2 ) The signature session data serving as the server side is sent to the client side;
c7: client A receives (Q) 2 ,s 1 ,s 2 ) Then, calculate Q = [ k = 1 ]Q 2 =(x 1 ,y 1 ) Where Q is a point on an elliptic curve, which sits
Is marked as (x) 1 ,y 1 ) And calculating r = x 1 mod n;
C8: client A computation
Figure 741020DEST_PATH_IMAGE002
Then (r, s) is the ECDSA digital signature for message m.
CN202010563126.5A 2020-06-19 2020-06-19 ECDSA signature method and system for ECC private key segmented storage Active CN111817848B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010563126.5A CN111817848B (en) 2020-06-19 2020-06-19 ECDSA signature method and system for ECC private key segmented storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010563126.5A CN111817848B (en) 2020-06-19 2020-06-19 ECDSA signature method and system for ECC private key segmented storage

Publications (2)

Publication Number Publication Date
CN111817848A CN111817848A (en) 2020-10-23
CN111817848B true CN111817848B (en) 2023-01-17

Family

ID=72846223

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010563126.5A Active CN111817848B (en) 2020-06-19 2020-06-19 ECDSA signature method and system for ECC private key segmented storage

Country Status (1)

Country Link
CN (1) CN111817848B (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2937484B1 (en) * 2008-10-22 2011-06-17 Paycool Int Ltd DIGITAL SIGNATURE METHOD IN TWO STEPS
CN107370599B (en) * 2017-08-07 2020-07-10 收付宝科技有限公司 Management method, device and system for remotely destroying private key
CN107483212B (en) * 2017-08-15 2021-04-30 武汉信安珞珈科技有限公司 Method for generating digital signature by cooperation of two parties
CN109246129B (en) * 2018-10-12 2020-12-25 天津赢达信科技有限公司 SM2 collaborative signature method and system capable of verifying client identity
CN110138567B (en) * 2019-05-22 2021-11-26 广州安研信息科技有限公司 ECDSA (electronic signature system) based collaborative signature method

Also Published As

Publication number Publication date
CN111817848A (en) 2020-10-23

Similar Documents

Publication Publication Date Title
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN107733648B (en) Identity-based RSA digital signature generation method and system
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN110830236B (en) Identity-based encryption method based on global hash
CN110138567B (en) ECDSA (electronic signature system) based collaborative signature method
CN107483191B (en) SM2 algorithm key segmentation signature system and method
US9800418B2 (en) Signature protocol
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
CN109951292B (en) Simplified SM9 digital signature separation interaction generation method and system
CN112118111A (en) SM2 digital signature method suitable for threshold calculation
CN114448641A (en) Privacy encryption method, electronic equipment, storage medium and chip
CN114726546A (en) Digital identity authentication method, device, equipment and storage medium
US20150006900A1 (en) Signature protocol
CN108055134B (en) Collaborative computing method and system for elliptic curve point multiplication and pairing operation
CN110798313B (en) Secret dynamic sharing-based collaborative generation method and system for number containing secret
CN115174056B (en) Chameleon signature generation method and chameleon signature generation device based on SM9 signature
Liu et al. Identity-based threshold proxy signature from bilinear pairings
CN111817848B (en) ECDSA signature method and system for ECC private key segmented storage
Ahirwal et al. Signcryption scheme that utilizes elliptic curve for both encryption and signature generation
CN111740837A (en) Distributed signature method and system based on SM9
CN115174052B (en) Adapter signature generation method and device based on SM9 signature
CN109150545B (en) ECC-based (m, N) threshold group signature method
CN115174054B (en) Certificate-free signature generation method and device based on SM9 signature
CN115174055B (en) Certificate signature generation method and device based on SM9 signature
CN112511310B (en) Confusion method for encrypted identity blind signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: Room 903, 904, East Tower, Building 5, No. 22, Kaihua Road, Huayuan Industrial Zone, Binhai, Tianjin, 300000

Patentee after: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.

Address before: 300000 202, building C07, north of Fuyuan Road, development zone, Wuqing District, Tianjin

Patentee before: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.