CN113055163B - Blind signature generation method based on SM9 digital signature algorithm - Google Patents
Blind signature generation method based on SM9 digital signature algorithm Download PDFInfo
- Publication number
- CN113055163B CN113055163B CN202110263080.XA CN202110263080A CN113055163B CN 113055163 B CN113055163 B CN 113055163B CN 202110263080 A CN202110263080 A CN 202110263080A CN 113055163 B CN113055163 B CN 113055163B
- Authority
- CN
- China
- Prior art keywords
- user
- signature
- signer
- temporary variable
- receiving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3257—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a blind signature generation method based on SM9 digital signature algorithm, wherein the generation process has two parties participating together, one party is Signer, and the other party is usedThe User, generates a blind signature as follows: 1) signer generates random numbersCalculating a first temporary variable R ═ r.P 1 And sending R to a User; 2) after receiving R, the User generates two random numbersCalculating the second temporary variable w ═ e (α · R + α · β · P 1 ,P pub‑s ) Converting the data type of w into a bit string, and then calculating the hash value H of the message M to be signed as H 2 (M | | w, N) and a third temporary variable h' ═ α ‑1 H- β mod N, finally sends h' to Signer; 3) after receiving h ', the Signer calculates a fourth temporary variable S ═ r-h' · D ID And sending S' to the User; 4) upon receiving S ', the User calculates the signature value S ═ α · S', and outputs a signature (h, S). The invention blinds the signed message in the signing process on the basis of not changing the whole framework of the SM9 signing algorithm, and can complete signing under the condition of ensuring that the message is not leaked.
Description
Technical Field
The invention relates to an information security technology, in particular to a blind signature generation method based on an SM9 digital signature algorithm.
Background
Digital signature is a security technology that appears with the development of information network technology, and the purpose is to realize the function of traditional handwritten signature through technical means, and is used for identifying the identity of a signer and the legality of data content. The method can also verify whether the original text of the file changes in the transmission process, and ensure the integrity, authenticity and non-repudiation of the transmitted electronic file. Digital signatures are an important part of public key cryptography, and have an important role in many occasions.
Typically, the signer must know what the message he signed to sign. In many cases, when a signer is required to sign a message, the content of the signature is unknown, and the signature of the signer cannot be tracked after signing. With the promotion of this need to protect privacy, blind signatures come into force. Blind signatures have been used in a number of fields such as electronic voting, mobile payment, digital currency, and the like.
Aiming at the situation, the efficient blind signature generation scheme based on the SM9 digital signature algorithm is designed, in the signature process, a user firstly blinds the message, a signer signs the blinded message, and finally the user obtains the digital signature of the real message. The signer does not know the specific content of the signed message and cannot trace the signature after signing. According to the scheme, the Signer (Signer) and the User (User) execute the scheme together, so that the correctness of the signature can be guaranteed, and the privacy of the signature message can be guaranteed.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a blind signature generation method based on an SM9 digital signature algorithm aiming at the defects in the prior art.
The technical scheme adopted by the invention for solving the technical problems is as follows: a blind signature generation method based on SM9 digital signature algorithm is provided, the generation process has two parties participating together, one party is Signer, the other party is User, the steps of generating blind signature are as follows:
1) signer generates random numbersCalculating a first temporary variable R ═ r.P 1 And sending R to a User;
wherein the content of the first and second substances,is a set consisting of the integers 1,2, …, N-1; n is a cyclic groupAndand N > 2 191 Is a prime number; p 1 Is a circulating groupA generator of (2);
2) after receiving R, the User generates two random numbersCalculating the second temporary variable w ═ e (α · R + α · β · P 1 ,P pub-s ) Converting the data type of w into a bit string, and then calculating the hash value H of the message M to be signed as H 2 (M | | w, N) and a third temporary variable h' ═ α -1 H- β mod N, finally sends h' to Signer;
wherein e is selected fromToOf bilinear pairs, P pub-s Is the master public key of the system, P pub-s =ks·P 2 Wherein P is 1 Is a circulating groupIs a system private key, and is a set of key generation centers KGCSelecting randomly;
3) after receiving h ', the Signer calculates a fourth temporary variable S ═ r-h' · D ID And sending S' to the User;
wherein D is ID The private key of the user generated for the key generation center KGC,
D ID =t 2 ·P 1 ,
4) Upon receiving S ', the User calculates the signature value S ═ α · S', and outputs a signature (h, S).
The invention has the following beneficial effects:
according to the invention, on the basis of not changing the whole framework of the SM9 signature algorithm, the signed message is blinded in the signature process, and the signature can be completed under the condition that the message is not leaked, namely, a signer does not know the signature content, and a user can obtain the SM9 signature of the real message. Meanwhile, the invention realizes the function of two-party distributed generation of SM9 signature, and the two parties must participate simultaneously when generating the signature. Under the condition of keeping strong security and high efficiency of the existing SM9 signature, the correctness of the signature can be ensured and the privacy of the signature message can be ensured in the signature process.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flow chart of a method of an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The reference numerals in this example mean:
KGC: key generation center
Signer, User: and (4) communication parties.
ID U : the identity of the correspondent U can uniquely determine the public key of the correspondent U.
D ID : the signing key of the correspondent U.
mod N: and (4) performing modulo N operation.
ks: a system master private key.
P pub-s : master public key of system, here P pub-s =ks·P 2 。
x | | y: the concatenation of x and y, where x and y are bit strings or byte strings.
As shown in fig. 1, a blind signature generation method based on SM9 digital signature algorithm, in which two parties participate together in the generation process, one party is Signer, and the other party is User, and the steps of generating the blind signature are as follows:
1) signer generates random numbersCalculating a first temporary variable R ═ r.P 1 And sending R to a User;
wherein the content of the first and second substances,is a set consisting of the integers 1,2, …, N-1; n is a cyclic groupAndand N > 2 191 Is a prime number; p 1 Is a circulating groupA generator of (2);
2) after receiving R, the User generates two random numbersCalculating the second temporary variable w ═ e (α · R + α · β · P 1 ,P pub-s ) Converting the data type of w into a bit string, and then calculating the hash value H of the message M to be signed as H 2 (M | | w, N) and a third temporary variable h' ═ α -1 H- β mod N, finally sends h' to Signer;
wherein e is selected fromToOf bilinear pairs, P pub-s Is the master public key of the system, P pub-s =ks·P 2 Wherein P is 1 Is a circulating groupIs a system private key, and is a set of key generation centers KGCSelecting randomly;
3) after receiving h ', the Signer calculates a fourth temporary variable S ═ r-h' · D ID And sending S' to the User;
wherein D is ID The private key of the user generated for the key generation center KGC,
D ID =t 2 ·P 1 ,
4) Upon receiving S ', the User calculates the signature value S ═ α · S', and outputs a signature (h, S).
The invention has the characteristics of low implementation complexity, high safety, easy verification and the like, is used for generating the correct blind signature under the condition that a Signer does not know the message, needs two parties of a Signer and a User to participate simultaneously in the process of generating the signature, and does not leak the signed message to the Signer in the process of generating the blind signature, thereby ensuring the anonymity and the untraceability of the signature scheme of the invention.
It will be understood that modifications and variations can be made by persons skilled in the art in light of the above teachings and all such modifications and variations are intended to be included within the scope of the invention as defined in the appended claims.
Claims (1)
1. A blind signature generation method based on SM9 digital signature algorithm, the generation process has two parties participating together, one party is Signer, another party is User, characterized in that, the steps of generating blind signature are as follows:
1) signer generates random numbersCalculating a first temporary variable R ═ r.P 1 And sending R to a User;
wherein the content of the first and second substances,is a set consisting of the integers 1,2, …, N-1; n is a cyclic groupAndorder of (1), and N>2 191 Is a prime number; p 1 Is a circulating groupA generator of (2);
2) after receiving R, the User generates two random numbersCalculating the second temporary variable w ═ e (α · R + α · β · P 1 ,P pub-s ) Converting the data type of w into a bit string, and then calculating the hash value H of the message M to be signed as H 2 (M | | w, N) and a third temporary variable h ′ =α -1 H- β mod N, finally sends h' to Signer;
wherein e is selected fromToOf bilinear pairs, P pub-s Is the master public key of the system, P pub-s =ks·P 2 Wherein P is 1 Is a circulating groupIs a system private key, and is a set of key generation centers KGCSelecting randomly;
3) after receiving h ', the Signer calculates a fourth temporary variable S ═ r-h' · D ID And sending S' to the User;
wherein D is ID The private key of the user generated for the key generation center KGC,
D ID =t 2 ·P 1 ,
4) Upon receiving S ', the User calculates the signature value S ═ α · S', and outputs a signature (h, S).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110263080.XA CN113055163B (en) | 2021-03-11 | 2021-03-11 | Blind signature generation method based on SM9 digital signature algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110263080.XA CN113055163B (en) | 2021-03-11 | 2021-03-11 | Blind signature generation method based on SM9 digital signature algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113055163A CN113055163A (en) | 2021-06-29 |
CN113055163B true CN113055163B (en) | 2022-08-05 |
Family
ID=76511846
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110263080.XA Active CN113055163B (en) | 2021-03-11 | 2021-03-11 | Blind signature generation method based on SM9 digital signature algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113055163B (en) |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2010217154A1 (en) * | 2009-02-27 | 2011-09-15 | Certicom Corp. | System and method for securely communicating with electronic meters |
CN108551392B (en) * | 2018-04-13 | 2021-07-06 | 武汉大学 | Blind signature generation method and system based on SM9 digital signature |
CN110011802B (en) * | 2019-02-27 | 2021-07-06 | 武汉大学 | Efficient method and system for cooperatively generating digital signature by two parties of SM9 |
CN110213048A (en) * | 2019-05-31 | 2019-09-06 | 武汉大学 | A kind of lightweight SM2 Proxy Signature generation method and system |
-
2021
- 2021-03-11 CN CN202110263080.XA patent/CN113055163B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN113055163A (en) | 2021-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
CN109474422B (en) | Method for generating SM2 digital signature by cooperation of multiple parties | |
CN108809658B (en) | SM 2-based identity base digital signature method and system | |
CN107579819B (en) | A kind of SM9 digital signature generation method and system | |
CN110912708B (en) | Ring signature generation method based on SM9 digital signature algorithm | |
CN109660361B (en) | Method for generating SM9 digital signature by combining multiple parties under symmetric environment | |
CN110011803B (en) | Method for cooperatively generating digital signature by two parties of light SM2 | |
CN107707358A (en) | A kind of EC KCDSA digital signature generation method and system | |
CN109450640B (en) | SM 2-based two-party signature method and system | |
CN112532394B (en) | Block chain anti-signature traceable certificateless blind signature generation method | |
CN103259662A (en) | Novel procuration signature and verification method based on integer factorization problems | |
CN115664675A (en) | Traceable ring signature method, system, device and medium based on SM2 algorithm | |
CN112511314B (en) | Recoverable message blind signature generation method based on identity | |
CN102064940B (en) | High-efficiency on-line/off-line digital signature method | |
CN110932865A (en) | Linkable ring signature generation method based on SM2 digital signature algorithm | |
CN110943845A (en) | Method and medium for cooperatively generating SM9 signature by two light-weight parties | |
CN112989436B (en) | Multi-signature method based on block chain platform | |
CN113014398B (en) | Aggregate signature generation method based on SM9 digital signature algorithm | |
CN108667619B (en) | White box implementation method and device for SM9 digital signature | |
CN113055163B (en) | Blind signature generation method based on SM9 digital signature algorithm | |
Yang et al. | Certificateless universal designated verifier signature schemes | |
Wang et al. | Perfect ambiguous optimistic fair exchange | |
CN114065233A (en) | Digital signature aggregation method for big data and block chain application | |
Zhang et al. | Strong designated verifier signature scheme resisting replay attack | |
CN111274613B (en) | Iterative SM2 digital signature generation method, system, medium and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |