CN112737783A - Decryption method and device based on SM2 elliptic curve - Google Patents

Decryption method and device based on SM2 elliptic curve Download PDF

Info

Publication number
CN112737783A
CN112737783A CN201911033315.5A CN201911033315A CN112737783A CN 112737783 A CN112737783 A CN 112737783A CN 201911033315 A CN201911033315 A CN 201911033315A CN 112737783 A CN112737783 A CN 112737783A
Authority
CN
China
Prior art keywords
message
private key
elliptic curve
ciphertext
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911033315.5A
Other languages
Chinese (zh)
Other versions
CN112737783B (en
Inventor
卞芳
刘茜
魏国
龚征
马昌社
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201911033315.5A priority Critical patent/CN112737783B/en
Publication of CN112737783A publication Critical patent/CN112737783A/en
Application granted granted Critical
Publication of CN112737783B publication Critical patent/CN112737783B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Abstract

The invention discloses a decryption method and a decryption device based on an SM2 elliptic curve, which are used for decomposing a private key into two private key components, respectively storing the two private key components in two different places to protect the security of the private key, and realizing the decryption of an encrypted message by utilizing the two private key components. The method comprises the following steps: blinding the first part of the ciphertext according to the randomly selected point coordinates on the SM2 elliptic curve and the first private key of the first object to obtain a blinded message; sending the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain an decapsulating message; and receiving the decapsulation message obtained by the second object, and decrypting the decapsulation message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.

Description

Decryption method and device based on SM2 elliptic curve
Technical Field
The invention relates to the technical field of network security, in particular to a decryption method and device based on an SM2 elliptic curve.
Background
With the development of intelligent terminal technology, mobile internet technology and cloud computing technology, more and more internet applications start to migrate to the intelligent mobile terminal, for example: the mobile terminal is used for payment treasures, WeChat, internet banking and the like of the mobile terminal, so that a user can use the mobile terminal to pay, shop, send network messages and the like anytime and anywhere in the moving process, but a lot of security risk problems are brought along with the payment treasures, the WeChat, the internet banking and the like.
At present, a cryptographic operation security chip is not integrated in an intelligent terminal, so that a cryptographic algorithm is used in the intelligent terminal, and user keys such as an encryption key and a signature key can only be stored in a memory card of the intelligent terminal, so that the security risk of copying and illegally obtaining the user key is invisibly increased, and great potential safety hazard is brought to the security application of the user.
Disclosure of Invention
The invention provides a decryption method and a decryption device based on an SM2 elliptic curve, which are used for decomposing a private key into two private key components, respectively storing the two private key components in two different places to protect the security of the private key, and realizing the decryption of an encrypted message by utilizing the two private key components.
In a first aspect, the present invention provides a decryption method based on SM2 elliptic curve, applied to a first object, the method including:
blinding the first part of the ciphertext according to the randomly selected point coordinates on the SM2 elliptic curve and the first private key of the first object to obtain a blinded message;
sending the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain an decapsulating message;
and receiving the decapsulation message obtained by the second object, and decrypting the decapsulation message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.
As a possible implementation, the first private key of the first object is generated by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the first public key and the received second public key of the second object.
As a possible implementation, after determining the first public key according to the first private key and the base point of the SM2 elliptic curve, the method further includes:
and sending the first public key to the second object so that the second object generates an encryption key according to the first public key and a second public key of the second object.
As a possible implementation, the decapsulated message received is decrypted by using a first private key generated by the first object based on an SM2 elliptic curve public key cryptographic algorithm by the following formula:
(x2,y2)=CS1-R;
Figure BDA0002250758390000021
v=Hash(x2||M||y2);
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3Is the third part of the ciphertext, (x)2,y2) As point coordinates on the SM2 elliptic curve, CS1For the decapsulation message, R is a point coordinate on the randomly selected SM2 elliptic curve, and klen is the bit length of the ciphertext;
if v ═ C3Then the decrypted message is determined to be M.
In a second aspect, the present invention provides a decryption method based on SM2 elliptic curve, applied to a second object, the method including:
receiving a first part of a ciphertext and a blinding message sent by a first object, wherein the blinding message is obtained by blinding the first part of the ciphertext by the first object according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key generated by the first object;
based on an SM2 elliptic curve public key cryptographic algorithm, decapsulating the blinded message according to the first part of the ciphertext and a second private key of the second object to obtain an decapsulated message;
and sending the decapsulation message to the first object so that the first object decrypts the received decapsulation message by using a first private key of the first object.
As a possible implementation, the second private key of the second object is generated by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a second public key according to the second private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the received first public key and the second public key of the first object.
As a possible implementation, after determining the second public key according to the second private key and the base point of the SM2 elliptic curve, the method further includes:
and sending the second public key to the first object so that the first object generates an encryption key according to the first public key and the second public key of the second object.
As a possible implementation manner, the blinded message is decapsulated according to the first part of the ciphertext and the second private key of the second object to obtain a decapsulated message based on an SM2 elliptic curve public key cryptographic algorithm by using the following formula:
CS1=[eS]C1+CA1
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3As a third part of the ciphertext, CS1For the decapsulated message, CA1For the blinded message, eSIs the second private key.
In a third aspect, the present invention provides a decryption method based on SM2 elliptic curve, applied to a device, the method including:
blinding a first part of a ciphertext according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key stored in a first storage medium to obtain a blinding message;
decapsulating the blinded message according to the first part of the ciphertext and a second private key stored in a second storage medium to obtain an decapsulated message;
and decrypting the decapsulated message by using the first private key based on an SM2 elliptic curve public key cryptographic algorithm.
As a possible implementation, the first private key is generated by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating the second private key by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and the base point of the SM2 elliptic curve, determining a second public key according to the second private key and the base point of the SM2 elliptic curve, and generating an encryption key according to the first public key and the second public key.
In a fourth aspect, the present invention provides a first decryption device based on SM2 elliptic curves, the device comprising: a processor and a memory, wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps of the method of:
blinding the first part of the ciphertext according to the randomly selected point coordinates on the SM2 elliptic curve and the first private key of the first object to obtain a blinded message;
sending the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain an decapsulating message;
and receiving the decapsulation message obtained by the second object, and decrypting the decapsulation message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.
As a possible implementation, the processor is specifically configured to:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
determining a first public key according to the first private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the first public key and the received second public key of the second object.
As a possible implementation, the processor is specifically further configured to:
and sending the first public key to the second object so that the second object generates an encryption key according to the first public key and a second public key of the second object.
As a possible implementation, the processor is specifically configured to:
(x2,y2)=CS1-R;
Figure BDA0002250758390000051
v=Hash(x2||M||y2);
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3As a third part of the ciphertext (a)x2,y2) As point coordinates on the SM2 elliptic curve, CS1For the decapsulation message, R is a point coordinate on the randomly selected SM2 elliptic curve, and klen is the bit length of the ciphertext;
if v ═ C3Then the decrypted message is determined to be M.
In a fifth aspect, the present invention provides a second decryption device based on SM2 elliptic curves, the device comprising: a processor and a memory, wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps of the method of:
receiving a first part of a ciphertext and a blinding message sent by a first object, wherein the blinding message is obtained by blinding the first part of the ciphertext by the first object according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key generated by the first object;
based on an SM2 elliptic curve public key cryptographic algorithm, decapsulating the blinded message according to the first part of the ciphertext and a second private key of the second object to obtain an decapsulated message;
and sending the decapsulation message to the first object so that the first object decrypts the received decapsulation message by using a first private key of the first object.
As a possible implementation, the processor is specifically configured to:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
determining a second public key according to the second private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the received first public key and the second public key of the first object.
As a possible implementation, the processor is specifically further configured to:
and sending the second public key to the first object so that the first object generates an encryption key according to the first public key and the second public key of the second object.
As a possible implementation, the processor is specifically configured to:
CS1=[eS]C1+CA1
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3As a third part of the ciphertext, CS1For the decapsulated message, CA1For the blinded message, eSIs the second private key.
In a sixth aspect, the present invention provides a third decryption device based on SM2 elliptic curves, the device comprising: a processor and a memory, wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps of the method of:
blinding a first part of a ciphertext according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key stored in a first storage medium to obtain a blinding message;
decapsulating the blinded message according to the first part of the ciphertext and a second private key stored in a second storage medium to obtain an decapsulated message;
and decrypting the decapsulated message by using the first private key based on an SM2 elliptic curve public key cryptographic algorithm.
As a possible implementation, the processor is specifically configured to:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
determining a first public key according to the first private key and the base point of the SM2 elliptic curve, determining a second public key according to the second private key and the base point of the SM2 elliptic curve, and generating an encryption key according to the first public key and the second public key.
In a seventh aspect, the present invention provides a first decryption apparatus based on SM2 elliptic curve, the apparatus comprising: blinding module, sending module, decryption module, wherein:
the blinding module is used for blinding the first part of the ciphertext according to the point coordinate on the randomly selected SM2 elliptic curve and the first private key of the first object to obtain a blinding message;
the sending module is configured to send the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain an decapsulating message;
and the decryption module is used for receiving the decapsulation message obtained by the second object and decrypting the decapsulation message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.
As an optional implementation, the apparatus is specifically configured to:
generating a first private key of the first object by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the first public key and the received second public key of the second object.
As an optional implementation manner, the apparatus further includes a sending module configured to:
and sending the first public key to the second object so that the second object generates an encryption key according to the first public key and a second public key of the second object.
As an optional implementation manner, the decryption module is specifically configured to:
decrypting the received decapsulated message using a first private key generated by the first object based on an SM2 elliptic curve public key cryptographic algorithm by:
(x2,y2)=CS1-R;
Figure BDA0002250758390000071
v=Hash(x2||M||y2);
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3Is the third part of the ciphertext, (x)2,y2) As point coordinates on the SM2 elliptic curve, CS1For the decapsulation message, R is a point coordinate on the randomly selected SM2 elliptic curve, and klen is the bit length of the ciphertext;
if v ═ C3Then the decrypted message is determined to be M.
In an eighth aspect, the present invention provides a first decryption apparatus based on SM2 elliptic curve, the apparatus comprising: receiving module, decapsulation module, sending module, wherein:
the receiving module is used for receiving a first part of a ciphertext and a blinding message sent by a first object, wherein the blinding message is obtained by blinding the first part of the ciphertext by the first object according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key generated by the first object;
the decapsulation module is configured to decapsulate the blinded message according to the first part of the ciphertext and the second private key of the second object based on an SM2 elliptic curve public key cryptographic algorithm to obtain an decapsulated message;
the sending module is configured to send the decapsulation message to the first object, so that the first object decrypts the received decapsulation message by using a first private key of the first object.
As an optional implementation, the apparatus is specifically configured to:
generating a second private key for the second object by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a second public key according to the second private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the received first public key and the second public key of the first object.
As an optional implementation manner, the apparatus further includes a sending module configured to:
and sending the second public key to the first object so that the first object generates an encryption key according to the first public key and the second public key of the second object.
As an optional implementation manner, the decapsulation module is specifically configured to:
decapsulating the blinded message according to the first part of the ciphertext and the second private key of the second object to obtain an decapsulated message by using the following formula based on an SM2 elliptic curve public key cryptographic algorithm:
CS1=[eS]C1+CA1
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3As a third part of the ciphertext, CS1For the decapsulated message, CA1For the blinded message, eSIs the second private key.
In a ninth aspect, the present invention provides a first decryption apparatus based on SM2 elliptic curve, the apparatus comprising: blinding module, decapsulation module, decryption module, wherein:
the blinding module is used for blinding the first part of the ciphertext according to the point coordinate on the randomly selected SM2 elliptic curve and a first private key stored in a first storage medium to obtain a blinding message;
the decapsulation module is configured to decapsulate the blinded message according to the first portion of the ciphertext and a second private key stored in a second storage medium to obtain a decapsulated message;
and the decryption module is used for decrypting the decapsulation message by using the first private key based on an SM2 elliptic curve public key cryptographic algorithm.
As an optional implementation, the apparatus is specifically configured to:
generating the first private key by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating the second private key by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and the base point of the SM2 elliptic curve, determining a second public key according to the second private key and the base point of the SM2 elliptic curve, and generating an encryption key according to the first public key and the second public key.
In a tenth aspect, the present invention provides a computer storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of the first aspect.
In an eleventh aspect, the present invention provides a computer storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of the second aspect described above.
In a twelfth aspect, the present invention provides a computer storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of the third aspect.
The decryption method and the decryption equipment based on the SM2 elliptic curve have the following beneficial effects:
the method is used for decomposing the private key into two private key components, storing the two private key components in two different places respectively to protect the safety of the private key, providing decryption algorithms of two parties under the condition of keeping the original encryption algorithm unchanged, realizing decryption of the encrypted message by using the two private key components, and ensuring that only one party can obtain a final decryption result in the decryption process.
Drawings
Fig. 1 is a schematic diagram of a decryption system based on an SM2 elliptic curve according to an embodiment of the present invention;
fig. 2 is a flowchart of a key generation method based on an SM2 elliptic curve according to an embodiment of the present invention;
fig. 3 is a flowchart of a decryption method based on an SM2 elliptic curve according to an embodiment of the present invention;
fig. 4 is a specific flowchart of a key generation method based on an SM2 elliptic curve according to an embodiment of the present invention;
fig. 5 is a flowchart of a specific decryption method based on an SM2 elliptic curve according to an embodiment of the present invention;
fig. 6 is a flowchart of a decryption method based on SM2 elliptic curve applied to a device according to an embodiment of the present invention;
fig. 7 is a flowchart of a decryption method based on SM2 elliptic curve applied to a first object according to an embodiment of the present invention;
fig. 8 is a flowchart of a decryption method based on SM2 elliptic curve applied to a second object according to an embodiment of the present invention;
fig. 9 is a schematic diagram of a first decryption device based on SM2 elliptic curves according to an embodiment of the present invention;
fig. 10 is a schematic diagram of a second decryption apparatus based on SM2 elliptic curves according to an embodiment of the present invention;
fig. 11 is a schematic diagram of a third decryption apparatus based on SM2 elliptic curves according to an embodiment of the present invention;
fig. 12 is a schematic diagram of a first decryption apparatus based on SM2 elliptic curve according to an embodiment of the present invention;
fig. 13 is a schematic diagram of a second decryption apparatus based on SM2 elliptic curves according to an embodiment of the present invention;
fig. 14 is a schematic diagram of a third decryption apparatus based on SM2 elliptic curve according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
With the development of intelligent terminal technology, mobile internet technology and cloud computing technology, more and more internet applications start to migrate to the intelligent mobile terminal, for example: the mobile terminal is used for payment treasures, WeChat, internet banking and the like of the mobile terminal, so that a user can use the mobile terminal to pay, shop, send network messages and the like at any time and any place in the moving process. But this also brings with it a number of security risk issues.
In the traditional internet, these applications involving sensitive operations, such as payment, order, money transfer, etc., usually require cryptographic operations, such as encryption, signature, etc., to secure the process of information transmission and processing. The non-temporary keys involved in the cryptographic operations are usually stored in a non-derivable cryptographic device, such as: the USBKEY, the IC card, the password card and the like ensure that the secret key can not appear in the computer memory used by the user in the processes of generation, encryption, decryption, calculation and the like, and fully ensure the safety of the operation of using the password.
However, current mobile intelligent terminals are generally designed to satisfy user portability, and if a user inserts a password peripheral such as a usb key or an IC card into the mobile intelligent terminal for security while using the mobile terminal, the significance of the portability of the mobile intelligent terminal is lost. Meanwhile, no cryptographic operation security chip is integrated in the current intelligent terminal, so that a cryptographic algorithm and a user key are used in the intelligent terminal, for example: the encryption key, the signature key and the like can only be stored in a memory card of the intelligent terminal, so that the security risk of copying and illegally obtaining the user key is increased virtually, and great potential safety hazard is brought to the security application of the user.
In order to solve the above technical problem, an embodiment of the present invention provides a two-party decryption calculation method based on an SM2 elliptic curve, in which a private key is decomposed into two private key components by a secure key partitioning calculation method, and the two private key components are respectively stored in two different places to protect the security of the private key. Meanwhile, under the condition of keeping the original encryption calculation method unchanged, a decryption calculation method of the two parties is provided, decryption of the encrypted message is achieved, and it is guaranteed that only one party can obtain a final decryption result.
As shown in fig. 1, an embodiment of the present invention provides a decryption system based on an SM2 elliptic curve, including: a first object, a second object, wherein:
the first object is to:
blinding the first part of the ciphertext according to the randomly selected point coordinates on the SM2 elliptic curve and the first private key of the first object to obtain a blinded message;
sending the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain an decapsulating message;
and receiving the decapsulation message obtained by the second object, and decrypting the decapsulation message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.
The second object is to:
receiving a first part of a ciphertext and a blinding message sent by a first object, wherein the blinding message is obtained by blinding the first part of the ciphertext by the first object according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key generated by the first object;
based on an SM2 elliptic curve public key cryptographic algorithm, decapsulating the blinded message according to the first part of the ciphertext and a second private key of the second object to obtain an decapsulated message;
and sending the decapsulation message to the first object so that the first object decrypts the received decapsulation message by using a first private key of the first object.
It should be noted that, the first object in this embodiment may be a client or a server, and the second object in this embodiment may be a client or a server, which is not limited in this implementation; the first object in this embodiment may be a client and the second object may be a server, or the first object in this embodiment may be a server and the second object may be a client, which is not limited in this embodiment.
In the method provided by this embodiment, the private keys of the first object and the second object are needed to complete the decryption process together, and the private keys of the first object and the second object are stored in different places respectively, so that the security of the private keys can be enhanced, and in the decryption process, the second object only needs to decapsulate the blinded message by using the second private key of the second object, and the decryption result can be obtained only by the first object finally, which ensures that only one party can obtain the final decryption result in the decryption process, for example, the first object is a client, the second object is a server, only the client can obtain the final decryption result, and the server only provides the decrypted second key, participates in the decryption process but cannot obtain the final decryption result, thereby ensuring the privacy of the decryption result.
It should be noted that the parameters in the SM2 elliptic curve in the embodiment are defined by SM2 curve parameters and symbols specified by the national crypto authority, which can be specifically referred to "SM 2 elliptic curve public key crypto algorithm" (GM/T0003-.
Some symbols are defined as follows:
g: the order of a base point of the elliptic curve is prime.
[k] P: the k-times point of the point P on the elliptic curve, i.e., [ k ] P ═ P + … + P, k being a positive integer.
[ x, y ]: a set of integers greater than or equal to x and less than or equal to y.
x | | y: and splicing x and y, wherein x and y can be bit strings or byte strings.
Hash (): a cryptographic hash function.
KDF (), key derivation function.
≧ l: two bit strings of equal length are subjected to bit-wise exclusive-or operation.
In implementation, before decryption calculation, a first object and a second object are required to generate decrypted private keys, an encryption key is generated by using the private keys to encrypt a message to obtain a ciphertext, and the ciphertext is decrypted by using the private keys generated by the first object and the second object;
as shown in fig. 2, the generation process of the first private key and the generation process of the key of the first object, and the generation process of the second private key and the generation process of the key of the second object are as follows:
first, let the elliptic curve be E (F)q) The base point is G ═ xG,yG) Order n, the parties involved in the decryption calculation being the first object A and the second object S, with k]P represents a point multiplication operation on the elliptic curve, where k is an integer and P is a point on the elliptic curve.
Step 200, a first object A generates a first private key and a first public key;
in implementation, a first private key is generated by using a random number based on an SM2 elliptic curve public key cryptographic algorithm; determining a first public key according to the first private key and a base point of the SM2 elliptic curve;
the calculation principle is as follows:
the first object A selects a random number eA∈[1,n-1]As a first private key of a, a first public key W is determined from the first private key and the base point of the SM2 elliptic curveA=[eA]G, and sends a first public key WAGiving the second object S;
step 201, the first object A sends the first public key to a second object S;
step 202, the second object S generates a second private key and a second public key;
in implementation, a second private key is generated by using a random number based on an SM2 elliptic curve public key cryptographic algorithm; determining a second public key according to the second private key and a base point of the SM2 elliptic curve;
the calculation principle is as follows:
the second object S selects a random number eS∈[1,n-1]As a second private key of S, a second public key W is determined from the second private key and the base point of the SM2 elliptic curveS=[eS]G, and sends a second public key WSGiving the first object A;
step 203, the second object S sends the second public key to the first object A;
step 204, the first object a receives a second public key of the second object S, and generates an encryption key according to the first public key and the second public key;
specifically, the first object a calculates an encryption key P that the first object a and the second object S commonly possess by the following formulaA
PA=WA+WS=[eA+eS]G;
Step 205, the second object S receives the first public key of the first object a, and generates an encryption key according to the first public key and the second public key;
specifically, the second object S calculates an encryption key P that the second object S shares with the first object a by the following formulaA
PA=WS+WA=[eA+eS]G;
In the process, the first object a and the second object S cannot obtain any information of the private key decrypted by the other party, that is, the first object a cannot obtain the second private key of the second object S, the second object S cannot obtain the first private key of the first object a, and the first object a and the second object S cannot obtain the private key d shared by the first object a and the second object SA=eA+eS
According to the public key encryption algorithm in SM2 elliptic curve public key cryptography (GM/T0003-AThe encrypted ciphertext is C ═ C1||C2||C3
Wherein C is1Is point C on the SM2 elliptic curve1=[k]G=(x1,y1) K is encryptionA random number selected; c2Is a check code, C2=Hash(x2||M||y2),(x2,y2)=[k]PA,PAIs a public key commonly owned by A and S; c3Which is a cipher-text, is,
Figure BDA0002250758390000151
t=KDF(x2||y2klen), klen being the bit length of M;
in this embodiment, the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3Is the third portion of the ciphertext.
As shown in fig. 3, the specific process of the first object and the second object decrypting the ciphertext is as follows:
step 300, the first object A blinds the first part of the ciphertext according to the point coordinate on the randomly selected SM2 elliptic curve and the first private key of the first object to obtain a blinding message;
the calculation principle is as follows:
randomly selecting a point R epsilon E [ a, b ] of the first object A on the SM2 elliptic curve]And a section C for combining R pairs of ciphertext C1Blinding is carried out, and a blinded message C is obtained through the following formulaA1
CA1=[eA]C1+R;
Step 301, sending the first part of the ciphertext and the blinding message to a second object;
the first object A blinds the message CA1And C1Sending the data to a second object S;
step 302, the second object S receives the first part of the ciphertext and the blinding message, and decapsulates the blinding message according to the first part of the ciphertext and the second private key of the second object based on an SM2 elliptic curve public key cryptographic algorithm to obtain an decapsulating message;
the calculation principle is as follows:
the second object receives a blinding message CA1And C1By usingSecond private key eSFor blinded message CA1Decapsulating is carried out, and a decapsulated message C is obtained through the following formulaS1
CS1=[eS]C1+CA1
Step 303, the second object S sends the decapsulation message to the first object a;
step 304, the first object A receives the decapsulation message, and decrypts the decapsulation message by using a first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm;
the calculation principle is as follows:
(x2,y2)=CS1-R;
Figure BDA0002250758390000161
v=Hash(x2||M||y2);
wherein (x)2,y2) As point coordinates on the SM2 elliptic curve, CS1For the decapsulation message, R is a point coordinate on the randomly selected SM2 elliptic curve, and klen is the bit length of the ciphertext; if v ═ C3When the message is decrypted, the decrypted message is determined to be M, if v is not equal to C3Then, it is determined that the decryption failed.
In the embodiment, the decryption calculation process of two parties (including the first object a and the second object S) does not synthesize the private key d commonly owned by the objects a and SA=eA+eSUnder the condition, the decryption of the ciphertext is completed, the respective decryption private keys of the A and the S are not exposed, the safety of the whole secret key is guaranteed, and meanwhile, the final decryption result can only be obtained by the A party, so that the privacy of the message is guaranteed.
The following describes the decryption process in this embodiment in detail with the first object a as the client and the second object S as the server:
wherein the first private key e generated by the first object AAA second object S generated by the second object S, stored in the local non-volatile storage of the clientPrivate key eSAnd storing the decryption request in a server database, initiating a decryption request to the server database by the server database, carrying out cooperative decryption calculation by the server database and the server database, and finally obtaining a plaintext (namely a decrypted message) M by the server database.
As shown in fig. 4, the first object a and the second object S generate respective private keys and commonly owned decryption keys (i.e., public keys) as follows:
step 400: a random selection of eA∈[1,n-1]Decrypt the first private key as Party A and calculate WA=[eA]G, a handle WATransmitting to S;
step 401: s random selection of eS∈[1,n-1]Decrypts the second private key as party S, and calculates WS=[eS]G, a handle WSTransmitting to A;
step 402: public key P shared by A and S computingA=WA+WS
As shown in fig. 5, the process of the first object a and the second object S cooperatively decrypting is as follows:
step 500, a follows the ciphertext C ═ C1||C2||C3To get C1
Step 501, A randomly selects a point R epsilon E [ a, b ] on an SM2 elliptic curve;
step 502, A uses its own decryption private key component eACiphertext C1And the random point R is calculated as follows:
CA1=[eA]C1+R;
step 503, A sends C1And CA1Feeding S;
step 504, S receives C1And CA1Thereafter, use its own decryption second private key eSThe following calculations were made:
CS1=[eS]C1+CA1
step 505, S and CS1And sending the signal to A.
Step 506, A receives CS1The following calculation is made:
(x2,y2)=CS1-R;
Figure BDA0002250758390000171
step 507, a calculates v ═ Hash (x)2||M||y2);
If v ═ C3When the message is decrypted, the decrypted message is determined to be M, if v is not equal to C3Then, it is determined that the decryption failed.
The decryption system based on the SM2 elliptic curve provided by this embodiment can generate respective decryption private key components (i.e. the first private key and the second private key) for both parties in a secure calculation manner, and calculate a public key (i.e. an encryption key) that both parties have in common. In the decryption calculation process of the two parties, private keys which the two parties commonly own cannot be synthesized, the decryption private key components of the two parties cannot be exposed to the opposite party or any third party, on the premise that the safety of the whole secret key is guaranteed, decryption calculation of a ciphertext is achieved, the final plaintext can be obtained only by one party, the privacy of information is guaranteed, the original encryption system is not influenced by the calculation method, and the encryption of the message can still be calculated by the original calculation method.
The embodiment also provides a decryption method based on the SM2 elliptic curve, which is applied to a device, where the device in this embodiment may be a client, such as a PC or a terminal, or may be a server, and this embodiment is not limited too much.
As shown in fig. 6, the specific implementation flow of the method is as follows:
step 600, blinding a first part of a ciphertext according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key stored in a first storage medium to obtain a blinding message;
step 601, decapsulating the blinded message according to the first part of the ciphertext and a second private key stored in a second storage medium to obtain a decapsulated message;
and step 602, decrypting the decapsulated message by using the first private key based on an SM2 elliptic curve public key cryptographic algorithm.
In this embodiment, the first storage medium and the second storage medium are two different storage media of the device, and the first private key and the second private key are respectively stored in the two different storage media, so that the security of the private key is improved.
In implementation, the first private key is generated by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating the second private key by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and the base point of the SM2 elliptic curve, determining a second public key according to the second private key and the base point of the SM2 elliptic curve, and generating an encryption key according to the first public key and the second public key.
For the method for generating the first private key and the second private key, reference may be made to the above-mentioned embodiment, for the method for generating the encryption key, reference may be made to the above-mentioned embodiment, and for the process of performing decryption by using the first private key and the second private key, reference may be made to the above-mentioned embodiment, which is not described herein again.
The decryption method based on the SM2 elliptic curve provided by the embodiment of the invention realizes the safe division calculation of the private key of the user, so that the private key of the user can be separately stored in two different places (namely, the private key is divided into a first private key and a second private key) in a component mode, the overall safety of the private key is improved, under the condition that the original encryption calculation method and system are not changed, the decryption calculation of the embodiment of the invention does not need to synthesize the two private key components, but both sides decrypt a ciphertext in a safe calculation mode, and the decrypted message can be obtained only by one side, thereby ensuring the privacy of the message. The method provided by the embodiment of the invention can be applied to application scenes that the mobile intelligent terminal needs to decrypt the security of the private key and any application scenes that the security of the private key needs to be decrypted by using distributed storage.
As shown in fig. 7, an embodiment of the present invention further provides a decryption method based on an SM2 elliptic curve, which is applied to a first object, and the specific implementation flow of the method is as follows:
step 700, blinding a first part of a ciphertext according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key of the first object to obtain a blinding message;
step 701, sending the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain a decapsulating message;
and step 702, receiving the decapsulation message obtained by the second object, and decrypting the decapsulation message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.
As a possible implementation, the first private key of the first object is generated by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the first public key and the received second public key of the second object.
As a possible implementation, after determining the first public key according to the first private key and the base point of the SM2 elliptic curve, the method further includes:
and sending the first public key to the second object so that the second object generates an encryption key according to the first public key and a second public key of the second object.
As a possible implementation, the decapsulated message received is decrypted by using a first private key generated by the first object based on an SM2 elliptic curve public key cryptographic algorithm by the following formula:
(x2,y2)=CS1-R;
Figure BDA0002250758390000191
v=Hash(x2||M||y2);
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3Is the third part of the ciphertext, (x)2,y2) As point coordinates on the SM2 elliptic curve, CS1For the decapsulation message, R is a point coordinate on the randomly selected SM2 elliptic curve, and klen is the bit length of the ciphertext;
if v ═ C3Then the decrypted message is determined to be M.
As shown in fig. 8, an embodiment of the present invention further provides a decryption method based on an SM2 elliptic curve, which is applied to a second object, and the specific implementation flow of the method is as follows:
step 800, receiving a first part of a ciphertext and a blinding message sent by a first object, wherein the blinding message is obtained by blinding the first part of the ciphertext by the first object according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key generated by the first object;
step 801, based on an SM2 elliptic curve public key cryptographic algorithm, decapsulating the blinded message according to the first part of the ciphertext and the second private key of the second object to obtain a decapsulated message;
step 802, sending the decapsulation message to the first object, so that the first object decrypts the received decapsulation message by using a first private key of the first object.
As a possible implementation, the second private key of the second object is generated by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a second public key according to the second private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the received first public key and the second public key of the first object.
As a possible implementation, after determining the second public key according to the second private key and the base point of the SM2 elliptic curve, the method further includes:
and sending the second public key to the first object so that the first object generates an encryption key according to the first public key and the second public key of the second object.
As a possible implementation manner, the blinded message is decapsulated according to the first part of the ciphertext and the second private key of the second object to obtain a decapsulated message based on an SM2 elliptic curve public key cryptographic algorithm by using the following formula:
CS1=[eS]C1+CA1
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3As a third part of the ciphertext, CS1For the decapsulated message, CA1For the blinded message, eSIs the second private key.
Based on the same inventive concept, the embodiment of the present invention provides a first decryption device based on an SM2 elliptic curve, and since the device is the device in the method in the embodiment of the present invention, and the principle of the device to solve the problem is similar to that of the method, the implementation of the device may refer to the implementation of the method, and repeated details are not repeated.
As shown in fig. 9, the apparatus includes: a processor 900 and a memory 901, wherein the memory 901 stores program code which, when executed by the processor 900, causes the processor 900 to perform the steps of the method of:
blinding the first part of the ciphertext according to the randomly selected point coordinates on the SM2 elliptic curve and the first private key of the first object to obtain a blinded message;
sending the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain an decapsulating message;
and receiving the decapsulation message obtained by the second object, and decrypting the decapsulation message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.
As a possible implementation, the processor 900 is specifically configured to:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
determining a first public key according to the first private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the first public key and the received second public key of the second object.
As a possible implementation manner, the processor 900 is further specifically configured to:
and sending the first public key to the second object so that the second object generates an encryption key according to the first public key and a second public key of the second object.
As a possible implementation, the processor 900 is specifically configured to:
(x2,y2)=CS1-R;
Figure BDA0002250758390000211
v=Hash(x2||M||y2);
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3Is the third part of the ciphertext, (x)2,y2) As point coordinates on the SM2 elliptic curve, CS1Is the solutionEncapsulating a message, wherein R is a point coordinate on the randomly selected SM2 elliptic curve, and klen is the bit length of the ciphertext;
if v ═ C3Then the decrypted message is determined to be M.
Based on the same inventive concept, the embodiment of the present invention provides a second decryption device based on an SM2 elliptic curve, and since the device is the device in the method in the embodiment of the present invention, and the principle of the device to solve the problem is similar to that of the method, the implementation of the device may refer to the implementation of the method, and repeated details are not repeated.
As shown in fig. 10, the apparatus includes: a processor 1000 and a memory 1001, wherein the memory 1001 stores program code, which when executed by the processor 1000 causes the processor 1000 to perform the steps of the method of:
receiving a first part of a ciphertext and a blinding message sent by a first object, wherein the blinding message is obtained by blinding the first part of the ciphertext by the first object according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key generated by the first object;
based on an SM2 elliptic curve public key cryptographic algorithm, decapsulating the blinded message according to the first part of the ciphertext and a second private key of the second object to obtain an decapsulated message;
and sending the decapsulation message to the first object so that the first object decrypts the received decapsulation message by using a first private key of the first object.
As a possible implementation, the processor 1000 is specifically configured to:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
determining a second public key according to the second private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the received first public key and the second public key of the first object.
As a possible implementation, the processor 1000 is specifically further configured to:
and sending the second public key to the first object so that the first object generates an encryption key according to the first public key and the second public key of the second object.
As a possible implementation, the processor 1000 is specifically configured to:
CS1=[eS]C1+CA1
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3As a third part of the ciphertext, CS1For the decapsulated message, CA1For the blinded message, eSIs the second private key.
Based on the same inventive concept, the embodiment of the present invention provides a third decryption device based on an SM2 elliptic curve, and since the device is the device in the method in the embodiment of the present invention, and the principle of the device to solve the problem is similar to that of the method, the implementation of the device may refer to the implementation of the method, and repeated details are not repeated.
As shown in fig. 11, the apparatus includes: a processor 1100 and a memory 1101, wherein the memory 1101 stores program code, which when executed by the processor 1100 causes the processor 1100 to perform the steps of the method of:
blinding a first part of a ciphertext according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key stored in a first storage medium to obtain a blinding message;
decapsulating the blinded message according to the first part of the ciphertext and a second private key stored in a second storage medium to obtain an decapsulated message;
and decrypting the decapsulated message by using the first private key based on an SM2 elliptic curve public key cryptographic algorithm.
As a possible implementation, the processor 1100 is specifically configured to:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
determining a first public key according to the first private key and the base point of the SM2 elliptic curve, determining a second public key according to the second private key and the base point of the SM2 elliptic curve, and generating an encryption key according to the first public key and the second public key.
Based on the same inventive concept, the embodiment of the present invention provides a first decryption apparatus based on an SM2 elliptic curve, and since the apparatus is an apparatus in the method in the embodiment of the present invention, and the principle of the apparatus to solve the problem is similar to that of the method, the implementation of the apparatus may refer to the implementation of the method, and repeated details are not repeated.
As shown in fig. 12, the apparatus includes: a blinding module 1200, a sending module 1201, a decrypting module 1202, wherein:
the blinding module 1200 is configured to blindly obtain a blinding message by using a first private key of the first object and point coordinates on an SM2 elliptic curve selected randomly;
the sending module 1201 is configured to send the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain an decapsulating message;
the decryption module 1202 is configured to receive the decapsulated message obtained by the second object, and decrypt the decapsulated message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.
As an optional implementation, the apparatus is specifically configured to:
generating a first private key of the first object by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the first public key and the received second public key of the second object.
As an optional implementation manner, the apparatus further includes a sending module 1201 configured to:
and sending the first public key to the second object so that the second object generates an encryption key according to the first public key and a second public key of the second object.
As an optional implementation manner, the decryption module 1202 is specifically configured to:
decrypting the received decapsulated message using a first private key generated by the first object based on an SM2 elliptic curve public key cryptographic algorithm by:
(x2,y2)=CS1-R;
Figure BDA0002250758390000251
v=Hash(x2||M||y2);
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3Is the third part of the ciphertext, (x)2,y2) As point coordinates on the SM2 elliptic curve, CS1For the decapsulation message, R is a point coordinate on the randomly selected SM2 elliptic curve, and klen is the bit length of the ciphertext;
if v ═ C3Then the decrypted message is determined to be M.
The embodiment of the present invention provides a first decryption apparatus based on an SM2 elliptic curve, and since the apparatus is an apparatus in the method in the embodiment of the present invention, and the principle of the apparatus for solving the problem is similar to that of the method, the implementation of the apparatus may refer to the implementation of the method, and repeated details are not described again.
As shown in fig. 13, the apparatus includes: a receiving module 1300, a decapsulating module 1301, and a sending module 1302, wherein:
the receiving module 1300 is configured to receive a first part of a ciphertext and a blinding message sent by a first object, where the blinding message is obtained by the first object blinding the first part of the ciphertext according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key generated by the first object;
the decapsulation module 1301 is configured to decapsulate the blinded message according to the first part of the ciphertext and the second private key of the second object based on an SM2 elliptic curve public key cryptographic algorithm to obtain an decapsulated message;
the sending module 1302 is configured to send the decapsulation message to the first object, so that the first object decrypts the received decapsulation message by using the first private key of the first object.
As an optional implementation, the apparatus is specifically configured to:
generating a second private key for the second object by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a second public key according to the second private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the received first public key and the second public key of the first object.
As an optional implementation manner, the apparatus further includes a sending module 1302 for:
and sending the second public key to the first object so that the first object generates an encryption key according to the first public key and the second public key of the second object.
As an optional implementation, the decapsulation module 1301 is specifically configured to:
decapsulating the blinded message according to the first part of the ciphertext and the second private key of the second object to obtain an decapsulated message by using the following formula based on an SM2 elliptic curve public key cryptographic algorithm:
CS1=[eS]C1+CA1
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3As a third part of the ciphertext, CS1For the decapsulated message, CA1For the blinded message, eSIs the second private key.
Based on the same inventive concept, the embodiment of the present invention provides a first decryption apparatus based on an SM2 elliptic curve, and since the apparatus is an apparatus in the method in the embodiment of the present invention, and the principle of the apparatus to solve the problem is similar to that of the method, the implementation of the apparatus may refer to the implementation of the method, and repeated details are not repeated.
As shown in fig. 14, the apparatus includes: blinding module 1400, decapsulation module 1401, decryption module 1402, wherein:
the blinding module is used for blinding the first part of the ciphertext according to the point coordinate on the randomly selected SM2 elliptic curve and a first private key stored in a first storage medium to obtain a blinding message;
the decapsulation module is configured to decapsulate the blinded message according to the first portion of the ciphertext and a second private key stored in a second storage medium to obtain a decapsulated message;
and the decryption module is used for decrypting the decapsulation message by using the first private key based on an SM2 elliptic curve public key cryptographic algorithm.
As an optional implementation, the apparatus is specifically configured to:
generating the first private key by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating the second private key by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and the base point of the SM2 elliptic curve, determining a second public key according to the second private key and the base point of the SM2 elliptic curve, and generating an encryption key according to the first public key and the second public key.
The present invention also provides a computer storage medium having stored thereon a computer program for, when executed by a processor, performing the steps of:
blinding the first part of the ciphertext according to the randomly selected point coordinates on the SM2 elliptic curve and the first private key of the first object to obtain a blinded message;
sending the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain an decapsulating message;
and receiving the decapsulation message obtained by the second object, and decrypting the decapsulation message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.
The present invention also provides a computer storage medium having stored thereon a computer program for, when executed by a processor, performing the steps of:
receiving a first part of a ciphertext and a blinding message sent by a first object, wherein the blinding message is obtained by blinding the first part of the ciphertext by the first object according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key generated by the first object;
based on an SM2 elliptic curve public key cryptographic algorithm, decapsulating the blinded message according to the first part of the ciphertext and a second private key of the second object to obtain an decapsulated message;
and sending the decapsulation message to the first object so that the first object decrypts the received decapsulation message by using a first private key of the first object.
The present invention also provides a computer storage medium having stored thereon a computer program for, when executed by a processor, performing the steps of:
blinding a first part of a ciphertext according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key stored in a first storage medium to obtain a blinding message;
decapsulating the blinded message according to the first part of the ciphertext and a second private key stored in a second storage medium to obtain an decapsulated message;
and decrypting the decapsulated message by using the first private key based on an SM2 elliptic curve public key cryptographic algorithm.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A decryption method based on SM2 elliptic curve, applied to a first object, the method comprising:
blinding the first part of the ciphertext according to the randomly selected point coordinates on the SM2 elliptic curve and the first private key of the first object to obtain a blinded message;
sending the first part of the ciphertext and the blinding message to a second object, so that the second object decapsulates the blinding message by using a second private key of the second object to obtain an decapsulating message;
and receiving the decapsulation message obtained by the second object, and decrypting the decapsulation message by using the first private key of the first object based on an SM2 elliptic curve public key cryptographic algorithm.
2. The method of claim 1, wherein the first private key of the first object is generated by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the first public key and the received second public key of the second object.
3. The method of claim 2, wherein after determining the first public key from the first private key and the base point of the SM2 elliptic curve, further comprising:
and sending the first public key to the second object so that the second object generates an encryption key according to the first public key and a second public key of the second object.
4. The method of claim 1, wherein the received decapsulation message is decrypted using a first private key generated by the first object based on an SM2 elliptic curve public key cryptographic algorithm by the following formula:
(x2,y2)=CS1-R;
Figure FDA0002250758380000011
v=Hash(x2||M||y2);
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3Is the third part of the ciphertext, (x)2,y2) As point coordinates on the SM2 elliptic curve, CS1For the decapsulation message, R is a point coordinate on the randomly selected SM2 elliptic curve, and klen is a bit of the ciphertextA length;
if v ═ C3Then the decrypted message is determined to be M.
5. A decryption method based on SM2 elliptic curve, applied to a second object, the method comprising:
receiving a first part of a ciphertext and a blinding message sent by a first object, wherein the blinding message is obtained by blinding the first part of the ciphertext by the first object according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key generated by the first object;
based on an SM2 elliptic curve public key cryptographic algorithm, decapsulating the blinded message according to the first part of the ciphertext and a second private key of the second object to obtain an decapsulated message;
and sending the decapsulation message to the first object so that the first object decrypts the received decapsulation message by using a first private key of the first object.
6. The method of claim 5, wherein the second private key for the second object is generated by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a second public key according to the second private key and a base point of the SM2 elliptic curve;
and generating an encryption key according to the received first public key and the second public key of the first object.
7. The method of claim 6, wherein after determining the second public key from the second private key and the base point of the SM2 elliptic curve, further comprising:
and sending the second public key to the first object so that the first object generates an encryption key according to the first public key and the second public key of the second object.
8. The method of claim 5, wherein decapsulating the blinded message according to the first portion of the ciphertext and the second private key of the second object results in an decapsulated message based on an SM2 elliptic curve public key cryptographic algorithm by:
CS1=[eS]C1+CA1
wherein the ciphertext is C ═ C1||C2||C3,C1As a first part of the ciphertext, C2As a second part of the ciphertext, C3As a third part of the ciphertext, CS1For the decapsulated message, CA1For the blinded message, eSIs the second private key.
9. A decryption method based on SM2 elliptic curve is applied to equipment, and the method comprises the following steps:
blinding a first part of a ciphertext according to a point coordinate on a randomly selected SM2 elliptic curve and a first private key stored in a first storage medium to obtain a blinding message;
decapsulating the blinded message according to the first part of the ciphertext and a second private key stored in a second storage medium to obtain an decapsulated message;
and decrypting the decapsulated message by using the first private key based on an SM2 elliptic curve public key cryptographic algorithm.
10. The method of claim 9, wherein the first private key is generated by:
generating a first private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating the second private key by:
generating a second private key by using a random number based on an SM2 elliptic curve public key cryptographic algorithm;
generating an encryption key for the ciphertext by:
determining a first public key according to the first private key and the base point of the SM2 elliptic curve, determining a second public key according to the second private key and the base point of the SM2 elliptic curve, and generating an encryption key according to the first public key and the second public key.
CN201911033315.5A 2019-10-28 2019-10-28 Decryption method and device based on SM2 elliptic curve Active CN112737783B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911033315.5A CN112737783B (en) 2019-10-28 2019-10-28 Decryption method and device based on SM2 elliptic curve

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911033315.5A CN112737783B (en) 2019-10-28 2019-10-28 Decryption method and device based on SM2 elliptic curve

Publications (2)

Publication Number Publication Date
CN112737783A true CN112737783A (en) 2021-04-30
CN112737783B CN112737783B (en) 2022-08-12

Family

ID=75589311

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911033315.5A Active CN112737783B (en) 2019-10-28 2019-10-28 Decryption method and device based on SM2 elliptic curve

Country Status (1)

Country Link
CN (1) CN112737783B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113742670A (en) * 2021-08-30 2021-12-03 建信金融科技有限责任公司 Multi-party cooperative decryption method and device
CN115412239A (en) * 2022-08-29 2022-11-29 中国人民解放军国防科技大学 SM 2-based public key encryption and decryption method with re-randomness

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120163581A1 (en) * 2010-12-23 2012-06-28 Morega Systems Inc. Elliptic curve cryptograhy with fragmented key processing and methods for use therewith
US20160277179A1 (en) * 2015-03-20 2016-09-22 Cryptography Research, Inc. Multiplicative blinding for cryptographic operations
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN109257176A (en) * 2018-10-18 2019-01-22 天津海泰方圆科技有限公司 Decruption key segmentation and decryption method, device and medium based on SM2 algorithm
CN109274503A (en) * 2018-11-05 2019-01-25 北京仁信证科技有限公司 Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system
CN109818741A (en) * 2017-11-22 2019-05-28 航天信息股份有限公司 A kind of decryption calculation method and device based on elliptic curve

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120163581A1 (en) * 2010-12-23 2012-06-28 Morega Systems Inc. Elliptic curve cryptograhy with fragmented key processing and methods for use therewith
US20160277179A1 (en) * 2015-03-20 2016-09-22 Cryptography Research, Inc. Multiplicative blinding for cryptographic operations
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN109818741A (en) * 2017-11-22 2019-05-28 航天信息股份有限公司 A kind of decryption calculation method and device based on elliptic curve
CN109257176A (en) * 2018-10-18 2019-01-22 天津海泰方圆科技有限公司 Decruption key segmentation and decryption method, device and medium based on SM2 algorithm
CN109274503A (en) * 2018-11-05 2019-01-25 北京仁信证科技有限公司 Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113742670A (en) * 2021-08-30 2021-12-03 建信金融科技有限责任公司 Multi-party cooperative decryption method and device
CN113742670B (en) * 2021-08-30 2023-06-06 建信金融科技有限责任公司 Multiparty collaborative decryption method and device
CN115412239A (en) * 2022-08-29 2022-11-29 中国人民解放军国防科技大学 SM 2-based public key encryption and decryption method with re-randomness
CN115412239B (en) * 2022-08-29 2024-04-19 中国人民解放军国防科技大学 SM 2-based public key encryption and decryption method with re-randomness

Also Published As

Publication number Publication date
CN112737783B (en) 2022-08-12

Similar Documents

Publication Publication Date Title
CN108292402B (en) Determination of a common secret and hierarchical deterministic keys for the secure exchange of information
CN109309569B (en) SM2 algorithm-based collaborative signature method and device and storage medium
CN108199835B (en) Multi-party combined private key decryption method
CN110213044B (en) Quantum-computation-resistant HTTPS signcryption communication method and system based on multiple asymmetric key pools
US9705683B2 (en) Verifiable implicit certificates
CN109818741B (en) Decryption calculation method and device based on elliptic curve
CN110289968B (en) Private key recovery method, collaborative address creation method, collaborative address signature device and storage medium
CN109245903B (en) Signature method and device for cooperatively generating SM2 algorithm by two parties and storage medium
CN109068322B (en) Decryption method, system, mobile terminal, server and storage medium
CN107425971B (en) Certificateless data encryption/decryption method and device and terminal
CN108491184B (en) Entropy source acquisition method of random number generator, computer equipment and storage medium
CN112564907B (en) Key generation method and device, encryption method and device, and decryption method and device
CN110545169B (en) Block chain method and system based on asymmetric key pool and implicit certificate
EP1330702B1 (en) Method and system of using an insecure crypto-accelerator
CN109005184A (en) File encrypting method and device, storage medium, terminal
CN112737783B (en) Decryption method and device based on SM2 elliptic curve
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
CN116318696A (en) Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties
CN113572604B (en) Method, device and system for sending secret key and electronic equipment
CN106911625B (en) Text processing method, device and system for safe input method
CN112713989B (en) Decryption method and device
KR101793528B1 (en) Certificateless public key encryption system and receiving terminal
WO2022185328A1 (en) System and method for identity-based key agreement for secure communication
CN107483387A (en) A kind of method of controlling security and device
CN114070549A (en) Key generation method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant