CN113158258A - Collaborative signature method, device and system based on elliptic curve - Google Patents

Collaborative signature method, device and system based on elliptic curve Download PDF

Info

Publication number
CN113158258A
CN113158258A CN202110345941.9A CN202110345941A CN113158258A CN 113158258 A CN113158258 A CN 113158258A CN 202110345941 A CN202110345941 A CN 202110345941A CN 113158258 A CN113158258 A CN 113158258A
Authority
CN
China
Prior art keywords
signature
elliptic curve
partial signature
communication party
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110345941.9A
Other languages
Chinese (zh)
Other versions
CN113158258B (en
Inventor
雷宗华
彭金辉
孙晓鹏
廖正赟
李鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN202110345941.9A priority Critical patent/CN113158258B/en
Publication of CN113158258A publication Critical patent/CN113158258A/en
Application granted granted Critical
Publication of CN113158258B publication Critical patent/CN113158258B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a collaborative signature method, a device and a system based on an elliptic curve, wherein a key is generated in the method: the two communication parties carry out cooperative signature by calculating and interacting partial signature information, random numbers and message digests; in the invention, two communication parties respectively store partial private key information, the two parties can complete the signature of the message by cooperation, and any party cannot acquire complete private key information, thereby improving the security of the private key; in the signature generation process, the first communication party needs to perform a dot product operation when calculating the first part of the signature, and the dot product operation supports pre-operation; the second communication party needs to perform point multiplication operation once when calculating the second elliptic curve random point, and the point multiplication operation supports pre-operation, so that the calculation overhead required by the whole collaborative signing process is obviously reduced, the communication interaction is simple, the communication data volume is reduced, and great convenience is brought to the realization of the algorithm.

Description

Collaborative signature method, device and system based on elliptic curve
Technical Field
The invention relates to the technical field of information security, in particular to a collaborative signature method, a collaborative signature device and a collaborative signature system based on an elliptic curve.
Background
In terms of information security, digital signatures are a very important part. The safe digital signature determines the identity of the other party in the application of electronic documents, electronic contracts and the like, and is the basis of true information. In the public key cryptosystem, it is a very important issue to ensure the security of the private key. The private key of the user usually needs to be securely stored and used in a special Hardware Security Module (HSM), and the private key cannot be derived from the cryptographic Hardware. Common HSMs include usb key (U shield), smart Card, TF Card (Trans-flash Card), and cryptographic chip.
At present, there are various schemes aimed at improving the security of private keys. Based on a scheme of threshold cryptography, a private key is split and stored by different entities, and any party cannot acquire all private key information; the generation of the digital signature can be completed only when the entity not less than the threshold number participates in the operation. In addition, in the scheme, interaction among the entities is complex, various operations such as point addition, point multiplication, point subtraction and the like are involved, the communication times are more, the communication data volume is larger, and the calculation overhead is larger.
Therefore, how to design a collaborative signature method based on an elliptic curve is a problem which needs to be solved urgently at present, and the security of a private key can be ensured, the interaction of each communication party is simple, and the communication times and the data volume are reduced.
Disclosure of Invention
In view of the above problems, it is necessary to provide a collaborative signing method, apparatus and system based on elliptic curve, which can ensure security of private key, simple interaction of each communication party, and reduced communication times and data volume.
The invention provides a collaborative signature method based on an elliptic curve, which is applied to a first communication party for collaborative signature, and the collaborative signature method comprises the following steps:
generating a first random number, calculating and generating a first part signature according to the first random number and an elliptic curve base point, and sending a message digest generated by calculation according to a message to be signed and the first part signature to a second communication party so that the second communication party can calculate and determine a second elliptic curve random point based on the generated second random number and the first part signature;
receiving a second partial signature and a third partial signature sent by a second communication party; wherein a second partial signature is generated by the second communication party from the message digest and the second elliptic curve random point calculation; a third partial signature is generated by the second correspondent based on the second random number and the held second private key component when the second partial signature is a non-zero value;
calculating and generating a fourth partial signature according to the first random number, the held first private key component, the second partial signature and the third partial signature;
and when the fourth part signature is a non-zero value, outputting a complete signature of the message to be signed, which is formed by the second part signature and the fourth part signature, to the outside.
Further, calculating the first random number and an elliptic curve base point by adopting a point multiplication algorithm to generate the first partial signature;
calculating the message to be signed by adopting a formula e-Hash (ZA | M) to generate a message digest;
wherein e is a message digest, ZARepresenting a user identity common to the first and second communicating parties, Hash () representing a predetermined cryptographic Hash function;
using the formula s = (k)1 -1d1 r s1) mod n computing a fourth partial signature over the first random number, the held first private key component, the second partial signature, and the third partial signature;
where s is the fourth partial signature, k1 -1Is k1Inverse k of (2)1 -1mod n,d1Is a first private key component, and k1、d1Respectively consisting of one or more than one of [1, n-1 ]]N is the order of the base point on the elliptic curve E, which is the elliptic curve defined on the finite field Fq, the operation includesLinear operation, multiplication and inversion; r is the second partial signature, s1Signing the third portion.
Further, the user identity common to the first communication party and the second communication party at least comprises an elliptic curve parameter of an elliptic curve algorithm shared by the first communication party and the second communication party and a public key generated by the first communication party and the second communication party according to the first private key component, the second private key component and a security computing protocol based on the elliptic curve algorithm.
The second aspect of the present invention provides a collaborative signature method based on elliptic curves, which is applied to a second communication party performing collaborative signature, and the collaborative signature method includes:
receiving a message digest and a first partial signature sent by a first communication party, wherein the message digest is generated by the first communication party according to the calculation of a message to be signed, and the first partial signature is generated by the first communication party according to the calculation of a first generated random number and an elliptic curve base point;
generating a second random number, calculating and generating a second elliptic curve random point according to the second random number and the first partial signature, and generating a third partial signature based on the second random number and a held second private key component when the second partial signature is a non-zero value;
and sending the second partial signature and the third partial signature to the first communication party, so that the first communication party generates a fourth partial signature by calculation according to the first random number, the held first private key component, the second partial signature and the third partial signature, and when the fourth partial signature is a non-zero value, outputting a complete signature of the message to be signed, which is formed by the second partial signature and the fourth partial signature, to the outside.
Further, formula (x) is adopted1,y1)=[k2][k1G]= [k1 k2]G, calculating the second random number and the first partial signature to generate a second elliptic curve random point;
wherein the content of the first and second substances,(x1,y1) Is a random point, x, of the second elliptic curve1And y1Respectively the horizontal and vertical coordinates of the random point of the second elliptic curve; k is a radical of1Is the first random number, [ k ]1G]For the first partial signature, k2Is the second random number, and k1、k2Respectively consisting of one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion; g represents a base point on an elliptic curve E, n is the order of the base point on the elliptic curve E, and the elliptic curve E is an elliptic curve defined on a finite field Fq;
adopting the formula r = (e + x)1) mod n computing the message digest and the second elliptic curve random points to generate the second partial signature;
wherein r is the second partial signature, x1The abscissa of the random point of the second elliptic curve is, E is an integer converted from the summary message, n is the order of a base point G of the elliptic curve E, and mod represents the modulo operation;
using the formula s1 =(k2 -1d2) mod n computing a third partial signature over the second random number and the held second private key component;
wherein s is1For the third partial signature, k2 -1Is k2Inverse k of (2)2 -1mod n,d2Is the fourth random number, and k2、d2Respectively consisting of one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion; n is the order of the base point G of the elliptic curve E and mod represents the modulo operation.
The invention provides a cooperative signature device based on elliptic curve, which is applied to a first communication party for performing cooperative signature and comprises at least one processor and a memory connected with the at least one processor; wherein the memory stores instructions executable by the at least one processor, and the at least one processor executes the co-signing algorithm applied to the first party performing the co-signing by executing the instructions stored by the memory.
The invention provides a cooperative signature device based on elliptic curves, which is applied to a second communication party performing cooperative signature and comprises at least one processor and a memory connected with the at least one processor; wherein the memory stores instructions executable by the at least one processor, and the at least one processor executes the co-signing algorithm applied to the second party performing the co-signing by executing the instructions stored by the memory.
The fifth aspect of the present invention provides a collaborative signing system based on elliptic curves, which includes a first collaborative signing apparatus and a second collaborative signing apparatus, where the first collaborative signing apparatus is a collaborative signing apparatus applied to a first communication party performing collaborative signing, and the second collaborative signing apparatus is a collaborative signing apparatus applied to a second communication party performing collaborative signing.
A sixth aspect of the present invention provides a computer-readable storage medium storing computer instructions which, when executed on a computer, cause the computer to perform the aforementioned co-signing algorithm applied to a first party performing a co-signing.
A second aspect of the present invention proposes a computer-readable storage medium storing computer instructions which, when run on a computer, cause the computer to perform the aforementioned co-signing algorithm applied to a second communication party performing a co-signing.
The invention has prominent substantive characteristics and remarkable progress, in particular to the following steps:
(1) in the invention, two communication parties respectively store partial private key information, wherein any party can not deduce complete private key information, so that the complete signature private key is further protected, and the two parties can finish signing the message only by cooperation, thereby improving the security of the signature.
(2) The technical scheme of the invention fully ensures the security of the cryptographic algorithm through the algorithm design of key splitting, and can also achieve the effect of user data security and confidentiality when being used in a software cryptographic module independent of cryptographic hardware;
(3) in the process of performing collaborative signing, a first communication party needs to perform inverse element operation once when calculating a fourth partial signature, and needs to perform dot product operation once when calculating a first partial signature, and the dot product operation supports pre-operation; the second communication party needs to perform one-time dot multiplication operation when calculating the random point of the second elliptic curve, needs to perform one-time inverse element operation when calculating the third part signature, and the dot multiplication operation supports pre-operation, so that only two-time inverse element operation and two-time dot multiplication operation are needed in the whole collaborative signature process, the required calculation overhead is obviously reduced, the communication interaction is simple, the communication data volume is reduced, and great convenience is brought to the realization of the algorithm.
(4) In the invention, the fourth part signature comprises the random numbers respectively selected by the two parties of the collaborative signature and the private key components respectively held by the two parties, so that the fourth part signature not only has better confusion effect, but also has the signature function, thereby improving the signature safety of the two parties of the collaborative signature.
(5) In the cooperative signing process, the first communication party and the second communication party complete signing of the message to be signed through two times of communication, so that the total time of transmitting the signature data in the network is reduced, and the application requirements of low delay and less interaction in a wireless mobile communication or cloud computing environment can be met.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a flowchart of a cooperative signing method based on elliptic curves, applied to a first communication party performing cooperative signing according to an embodiment of the present invention;
FIG. 2 is a flowchart of public key generation in an elliptic curve-based collaborative signing method according to an embodiment of the present invention;
fig. 3 is a flowchart of a co-signing method based on elliptic curves, applied to a second communication party performing co-signing according to an embodiment of the present invention;
fig. 4 is a flowchart of two-party interaction in a collaborative signing method based on elliptic curves according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that when an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.
In order to solve the technical problems, the general idea of the embodiment of the present application is as follows: generating a first random number, calculating and generating a first part signature according to the first random number and an elliptic curve base point, and sending a message digest generated by calculation according to a message to be signed and the first part signature to a second communication party so that the second communication party can calculate and determine a second elliptic curve random point based on the generated second random number and the first part signature;
receiving a second partial signature and a third partial signature sent by a second communication party; wherein a second partial signature is generated by the second communication party from the message digest and the second elliptic curve random point calculation; a third partial signature is generated by the second correspondent based on the second random number and the held second private key component when the second partial signature is a non-zero value;
calculating and generating a fourth partial signature according to the first random number, the held first private key component, the second partial signature and the third partial signature;
and when the fourth part signature is a non-zero value, outputting a complete signature of the message to be signed, which is formed by the second part signature and the fourth part signature, to the outside.
In the invention, two communication parties respectively store partial private key information, wherein any party can not deduce complete private key information, so that the complete signature private key is further protected, and the two parties can finish signing the message only by cooperation, thereby improving the security of the signature.
The technical scheme of the invention fully ensures the security of the cryptographic algorithm through the algorithm design of key splitting, and can also achieve the effect of user data security and confidentiality when being used in a software cryptographic module independent of cryptographic hardware.
For better understanding of the technical solutions, the technical solutions of the present invention are described in detail below with reference to the accompanying drawings and specific embodiments, and it should be understood that the specific features of the embodiments and examples of the present invention are detailed descriptions of the technical solutions of the present invention, and are not limitations of the technical solutions of the present invention, and the technical features of the embodiments and examples of the present invention may be combined with each other without conflict.
Hereinafter, the cooperative signature method will be described from the perspective of the first and second communication parties, respectively:
example 1
Fig. 1 is a flowchart of a cooperative signing method based on elliptic curves, applied to a first communication party performing cooperative signing, according to an embodiment of the present invention, and as shown in fig. 1, the cooperative signing method includes:
101, generating a first random number k, calculating and generating a first partial signature according to the first random number k and an elliptic curve base point, and sending a message digest generated by calculation according to a message to be signed and the first partial signature to a second communication party, so that the second communication party can calculate and determine a second elliptic curve random point based on the generated second random number and the first partial signature;
specifically, the first random number k is subjected to a dot product algorithm1Calculating the first partial signature [ k ] with an elliptic curve base point G1]G;
Specifically, when generating the message digest, the first communication party identifies the user identity Z common to the first communication party and the second communication partyASplicing with a message M to be signed to form M ', and calculating Hash (M'), namely adopting a formula e ═ Hash (Z)AI M) calculating the message to be signed to generate a message digest e;
where | represents concatenation and Hash () represents a predetermined cryptographic Hash function.
It should be noted that: before the cooperative signature is carried out, two communication parties, namely a first communication party and a second communication party need to meet the parameters E (Fq), G and n of a shared elliptic curve, wherein the elliptic curve E is an elliptic curve defined on a finite field Fq, G represents a base point of an n-order on the elliptic curve E, and specific values and the like of the parameters are preset according to an elliptic curve algorithm.
Specifically, the user identity Z common to the first communication party and the second communication partyAAt least comprising elliptic curve parameters of an elliptic curve algorithm shared by the first communication party and the second communication party and public keys generated by the first communication party and the second communication party according to respective private key components and a security calculation protocol based on the elliptic curve algorithm.
In specific implementation, after the two parties share the above parameters of the elliptic curve e (fp), the two communicating parties generate their own private key components and cooperatively generate a complete public signature key, which includes the following specific steps as shown in fig. 2:
the first communication party generates a random number d1∈[1,n-1]As a first private key component of the first party;
the first party is based on the first private key component d1Calculating and generating point P on elliptic curve by using base point G1=[d1]G, and point P1Sending the information to a second communication party;
the second communication party generates a random number d2∈[1,n-1]A second private key component as a second party to the second communication;
the second party is based on the second private key component d2Point P1Calculating and generating public key P = [ d ] with base point G1][d2]G=[d1 d2]G, and the public key P is published.
Wherein in the present invention, like [ k ]]The form of G represents a dot product operation on the elliptic curve E, [ k ]]G represents a point K times the point G, k being a positive integer. Multiplication of values by omission of multiplication, e.g. k1 k2Is represented by k1And k is2Multiplication.
After a first communication party and a second communication party both have complete public signature keys, when a signature operation needs to be performed on a message to be signed located on the first communication party, the first communication party needs to generate a first random number, calculate the first random number and an elliptic curve base point to generate a first part of signature and send the first part of signature to the second communication party, so that the second communication party can calculate and determine a second elliptic curve random point based on the generated second random number and the first part of signature, calculate and generate a second part of signature according to the message digest and the second elliptic curve random point, and generate a third part of signature based on the second random number and a held second private key component when the second part of signature is a non-zero value.
The first communication party can perform step 102 after receiving the second partial signature and the third partial signature sent by the second communication party;
102, calculating and generating a fourth partial signature according to the first random number, the held first private key component, the second partial signature and the third partial signature;
and when the fourth part signature is a non-zero value, outputting a complete signature of the message to be signed, which is formed by the second part signature and the fourth part signature, to the outside.
Specifically, the first communication party adopts the formula s = (k)1 -1d1 r s1) mod n computing a fourth partial signature over the first random number, the held first private key component, the second partial signature, and the third partial signature;
wherein mod n represents a modulo n operation, s is a fourth partial signature, k1 -1Is k1Inverse k on the elliptic curve E (Fp)1 -1mod n,d1Is a first private key component, and k1、d1Respectively consisting of one or more than one of [1, n-1 ]]The random number operation is carried out, n is the order of a base point on the elliptic curve E, and the operation comprises linear operation, multiplication and inversion; r is the second partial signature, s1Signing the third portion.
In the process of performing collaborative signing, a first communication party needs to perform inverse element operation once when calculating a fourth partial signature, and needs to perform dot product operation once when calculating a first partial signature, and the dot product operation supports pre-operation; the second communication party needs to perform one-time dot multiplication operation when calculating the random point of the second elliptic curve, needs to perform one-time inverse element operation when calculating the third part signature, and the dot multiplication operation supports pre-operation, so that only two-time inverse element operation and two-time dot multiplication operation are needed in the whole collaborative signature process, the required calculation overhead is obviously reduced, the communication interaction is simple, the communication data volume is reduced, and great convenience is brought to the realization of the algorithm.
Example 2
This embodiment describes the cooperative signature method from the perspective of the second communication party, and as shown in fig. 3, the cooperative signature method includes:
step 201, receiving a message digest and a first partial signature sent by a first communication party, wherein the message digest is generated by the first communication party according to the calculation of a message to be signed, and the first partial signature is generated by the first communication party according to the calculation of a generated first random number and an elliptic curve base point.
Step 202, generating a second random number, and calculating and generating a second elliptic curve random point according to the second random number and the first partial signature, specifically, adoptingFormula (x)1,y1)=[k2][k1G]= [k1 k2]G, calculating the second random number and the first partial signature to generate a second elliptic curve random point.
Wherein (x)1,y1) Is a random point, x, of the second elliptic curve1And y1Respectively the horizontal and vertical coordinates of the random point of the second elliptic curve; k is a radical of1Is the first random number, [ k ]1G]For the first partial signature, k2Is the second random number, and k1、k2Respectively consisting of one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion; g denotes a base point on the elliptic curve E, n is the order of the base point on the elliptic curve E, which is an elliptic curve defined over the finite field Fq.
And after the random point of the second elliptic curve is obtained, generating the second partial signature according to the message digest and the random point of the second elliptic curve.
Specifically, the formula r = (e + x)1) mod n computing the message digest and the second elliptic curve random points to generate the second partial signature;
wherein r is the second partial signature, x1And E is an abscissa of the random point of the second elliptic curve, E is an integer converted from the summary message, n is an order of a base point G of the elliptic curve E, and mod represents a modulo operation.
After the second partial signature is obtained, it is further required to determine whether the second partial signature r is equal to 0, and if the second partial signature r is equal to 0, the second random number k needs to be generated again2According to the second random number k2And recalculating the first partial signature to generate a second elliptic curve random point, and regenerating the second partial signature r according to the message digest and the second elliptic curve random point until the second partial signature r is not equal to 0.
Based on the second random number k when the second partial signature r is non-zero value2And the held second private key component generates a third partial signature;
specifically, the formula s is adopted1 =(k2 -1d2) mod n to the second random number k2And the held second private key component is calculated to generate a third partial signature;
wherein s is1For the third partial signature, k2 -1Is k2Inverse k on the elliptic curve E (Fp)2 -1mod n,d2Is the fourth random number, and k2、d2Respectively consisting of one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion; n is the order of the base point G of the elliptic curve E and mod represents the modulo operation.
Step 203, signing the second partial signature r and the third partial signature s1Sending the first random number k to the first communication party so that the first communication party can perform the random number k1The held first private key component, the second partial signature r and the third partial signature s1And calculating to generate a fourth partial signature s, and outputting a complete signature (r, s) of the message to be signed, which is formed by the second partial signature r and the fourth partial signature s, to the outside when the fourth partial signature s is a non-zero value.
Example 3
In order to make the above-mentioned collaborative signing process more clearly understood by those skilled in the art, the present embodiment describes in detail a process of interacting between the first communication party and the second communication party, as shown in fig. 4.
The collaborative signing process is as follows:
step 301, the first communication party generates a first random number k1And according to said first random number k1Calculating with an elliptic curve base point G to generate a first partial signature; k is a radical of1By one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion; g denotes a base point of the nth order on an elliptic curve E defined on a finite field Fq.
In practice, the first communication party adoptsThe dot multiplication algorithm is used for the first random number k1Calculating the first partial signature [ k ] with an elliptic curve base point G1G]Using the formula e ═ Hash (Z)AI M) calculating the message to be signed to generate a message digest e; wherein Z isA isThe first communication party identifies the user identity which is common to the first communication party and the second communication party, M is the message to be signed, | | represents splicing, and Hash () represents a preset cryptographic Hash function.
Step 302, the first communication party calculates a generated message digest e and the first partial signature [ k ] according to the message to be signed1G]And sending the information to the second communication party.
Step 303, the second communication party generates a second random number k2And according to said second random number k2And the first partial signature [ k ]1G]Calculating to generate a second elliptic curve random point (x)1,y1) Wherein k is1By one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion.
Specifically, the first communication party adopts the formula (x)1,y1)=[k2][k1G]= [k1 k2]G pairs of the second random number k2And the first partial signature [ k ]1G]Calculating to generate the second elliptic curve random point (x)1,y1);
Wherein x is1And y1Respectively, the horizontal and vertical coordinates of the random point of the second elliptic curve.
Step 304, the second party, based on the message digest e and the second elliptic curve random point (x)1,y1) Generating the second partial signature;
specifically, the second communication party adopts the formula r = (e + x)1) mod n computing the message digest e and the second elliptic curve random points to generate the second partial signature;
wherein r is the second partial signature, x1Is the abscissa of the random point of the second elliptic curve, n is the order of the base point G of the elliptic curve E, mod representsAnd (5) performing modulo operation.
Step 305, the second communication party determines whether the second partial signature r is zero, and regenerates the second random number k if the second partial signature r is zero2And returns to step 303-305 until the second partial signature r is a non-zero value.
Step 306, the second communication party is based on the second random number k2And a held second private key component d2Generating a third partial signature s1
Specifically, the second communication party adopts a formula s1 =(k2 -1d2) mod n to the second random number k2And a held second private key component d2Computing a third partial signature s1
Wherein k is2 -1Is k2Inverse k of (2)2 -1mod n, and d2By one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion.
Step 307, the second communication party signs the second partial signature r and the third partial signature s1And sending the message to the first communication party.
Step 308, the first communication party according to the first random number k1The held first private key component d1The second partial signature r and the third partial signature s1Calculating to generate a fourth partial signature;
specifically, the first communication party adopts the formula s = (k)1 -1d1 r s1) mod n to the first random number k1The held first private key component d1The second partial signature r and the third partial signature s1Calculating to generate a fourth partial signature s;
wherein k is1 -1Is k1Inverse k of (2)1 -1mod n,d1By one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion.
Step 309, the first communication determines whether the fourth partial signature s is zero, and if the fourth partial signature s is zero, the first random number k is regenerated1And the step 301 and 308 are executed again until the fourth partial signature s is a non-zero value;
and 310, the first communication party outputs a complete signature (r, s) of the message to be signed, which is formed by the second partial signature r and the fourth partial signature s, to the outside.
The correctness process of the generated collaborative signature in this embodiment is as follows:
will s1 Substitution of s = (k)1 -1d1 r s1) mod n, the number of available,
s = (k1 -1d1 r k2 -1d2)mod n
=((k1 -1k2 -1) r (d1 d2) Mod n, let k = k1k2 ,d=d1 d2
= (k-1rd) mod n, consistent with the signature formula.
Example 4
The embodiment provides a collaborative signing device based on elliptic curves, which is applied to a first communication party performing collaborative signing and comprises at least one processor and a memory connected with the at least one processor; wherein the memory stores instructions executable by the at least one processor, and the at least one processor executes the co-signing algorithm of embodiment 1 by executing the instructions stored by the memory.
Example 5
The embodiment provides a collaborative signing device based on elliptic curves, which is applied to a second communication party performing collaborative signing and comprises at least one processor and a memory connected with the at least one processor; wherein the memory stores instructions executable by the at least one processor, and the at least one processor executes the co-signing algorithm of embodiment 2 by executing the instructions stored by the memory.
Example 6
This embodiment provides an elliptic curve-based collaborative signing system, which includes a first collaborative signing apparatus and a second collaborative signing apparatus, where the first collaborative signing apparatus is the collaborative signing apparatus according to the foregoing embodiment 4, and the second collaborative signing apparatus is the collaborative signing apparatus according to the foregoing embodiment 5.
Example 7
This embodiment proposes a computer-readable storage medium storing computer instructions that, when executed on a computer, cause the computer to execute the collaborative signature algorithm of the foregoing embodiment 1.
Example 8
This embodiment proposes a computer-readable storage medium storing computer instructions that, when executed on a computer, cause the computer to execute the collaborative signature algorithm described in the foregoing embodiment 2.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (10)

1. A collaborative signing method based on elliptic curve is applied to a first communication party for collaborative signing, and is characterized in that:
generating a first random number, calculating and generating a first part signature according to the first random number and an elliptic curve base point, and sending a message digest generated by calculation according to a message to be signed and the first part signature to a second communication party so that the second communication party can calculate and determine a second elliptic curve random point based on the generated second random number and the first part signature;
receiving a second partial signature and a third partial signature sent by a second communication party; wherein a second partial signature is generated by the second communication party from the message digest and the second elliptic curve random point calculation; a third partial signature is generated by the second correspondent based on the second random number and the held second private key component when the second partial signature is a non-zero value;
calculating and generating a fourth partial signature according to the first random number, the held first private key component, the second partial signature and the third partial signature;
and when the fourth part signature is a non-zero value, outputting a complete signature of the message to be signed, which is formed by the second part signature and the fourth part signature, to the outside.
2. The collaborative signing method of claim 1, wherein:
calculating the first random number and an elliptic curve base point by adopting a point multiplication algorithm to generate the first partial signature;
using the formula e ═ Hash (Z)AI M) calculating the message to be signed to generate a message digest;
wherein e is the message digest, | | | represents concatenation, ZARepresenting a user identity common to the first and second communicating parties, Hash () representing a predetermined cryptographic Hash function;
using the formula s = (k)1 -1d1 r s1) mod n computing a fourth partial signature over the first random number, the held first private key component, the second partial signature, and the third partial signature;
where s is the fourth partial signature, k1 -1Is k1Inverse k of (2)1 -1mod n,d1Is a first private key component, and k1、d1Respectively consisting of one or more than one of [1, n-1 ]]The operation of random numbers is obtained, n is the order of a base point on an elliptic curve E, the elliptic curve E is an elliptic curve defined on a finite field Fq, and the operation comprises linear operation, multiplication and inversion; r is the second partial signature, s1Signing the third portion.
3. The collaborative signing method of claim 1, wherein: the user identity common to the first communication party and the second communication party at least comprises an elliptic curve parameter of an elliptic curve algorithm shared by the first communication party and the second communication party and a public key generated by the first communication party and the second communication party according to the first private key component, the second private key component and a security calculation protocol based on the elliptic curve algorithm.
4. A collaborative signing method based on elliptic curve is applied to a second communication party for collaborative signing, and is characterized in that:
receiving a message digest and a first partial signature sent by a first communication party, wherein the message digest is generated by the first communication party according to the calculation of a message to be signed, and the first partial signature is generated by the first communication party according to the calculation of a first generated random number and an elliptic curve base point;
generating a second random number, calculating and generating a second elliptic curve random point according to the second random number and the first partial signature, generating a second partial signature according to the message digest and the second elliptic curve random point, and generating a third partial signature based on the second random number and a held second private key component when the second partial signature is a non-zero value;
and sending the second partial signature and the third partial signature to the first communication party, so that the first communication party generates a fourth partial signature by calculation according to the first random number, the held first private key component, the second partial signature and the third partial signature, and when the fourth partial signature is a non-zero value, outputting a complete signature of the message to be signed, which is formed by the second partial signature and the fourth partial signature, to the outside.
5. The collaborative signing method of claim 4, wherein: using the formula (x)1,y1)=[k2][k1G]= [k1k2]G to theCalculating a second random number and the first partial signature to generate a second elliptic curve random point;
wherein (x)1,y1) Is a random point, x, of the second elliptic curve1And y1Respectively the horizontal and vertical coordinates of the random point of the second elliptic curve; k is a radical of1Is the first random number, [ k ]1G]For the first partial signature, k2Is the second random number, and k1、k2Respectively consisting of one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion; g represents a base point on an elliptic curve E, n is the order of the base point on the elliptic curve E, and the elliptic curve E is an elliptic curve defined on a finite field Fq;
adopting the formula r = (e + x)1) mod n computing the message digest and the second elliptic curve random points to generate the second partial signature;
wherein r is the second partial signature, x1The abscissa of the random point of the second elliptic curve is, E is an integer converted from the summary message, n is the order of a base point G of the elliptic curve E, and mod represents the modulo operation;
using the formula s1 =(k2 -1d2) mod n computing a third partial signature over the second random number and the held second private key component;
wherein s is1For the third partial signature, k2 -1Is k2Inverse k of (2)2 -1mod n,d2Is the fourth random number, and k2、d2Respectively consisting of one or more than one of [1, n-1 ]]The random number operation is obtained, and the operation comprises linear operation, multiplication and inversion; n is the order of the base point G of the elliptic curve E and mod represents the modulo operation.
6. An elliptic curve-based collaborative signing device applied to a first communication party for collaborative signing, characterized in that: comprises at least one processor and a memory connected with the at least one processor; wherein the memory stores instructions executable by the at least one processor, the at least one processor executing the co-signing algorithm of any one of claims 1-3 by executing the instructions stored by the memory.
7. An elliptic curve-based collaborative signing device applied to a second communication party for collaborative signing, characterized in that: comprises at least one processor and a memory connected with the at least one processor; wherein the memory stores instructions executable by the at least one processor, the at least one processor executing the co-signing algorithm of any one of claims 4-5 by executing the instructions stored by the memory.
8. An elliptic curve-based collaborative signature system, characterized in that: the method comprises a first collaborative signing apparatus and a second collaborative signing apparatus, wherein the first collaborative signing apparatus is the collaborative signing apparatus in claim 6, and the second collaborative signing apparatus is the collaborative signing apparatus in claim 7.
9. A computer-readable storage medium characterized by: the computer readable storage medium stores computer instructions which, when executed on a computer, cause the computer to perform the co-signing algorithm of any one of claims 1 to 3.
10. A computer-readable storage medium characterized by: the computer readable storage medium stores computer instructions which, when executed on a computer, cause the computer to perform the co-signing algorithm of any one of claims 4 to 5.
CN202110345941.9A 2021-03-31 2021-03-31 Collaborative signature method, device and system based on elliptic curve Active CN113158258B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110345941.9A CN113158258B (en) 2021-03-31 2021-03-31 Collaborative signature method, device and system based on elliptic curve

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110345941.9A CN113158258B (en) 2021-03-31 2021-03-31 Collaborative signature method, device and system based on elliptic curve

Publications (2)

Publication Number Publication Date
CN113158258A true CN113158258A (en) 2021-07-23
CN113158258B CN113158258B (en) 2022-02-11

Family

ID=76885728

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110345941.9A Active CN113158258B (en) 2021-03-31 2021-03-31 Collaborative signature method, device and system based on elliptic curve

Country Status (1)

Country Link
CN (1) CN113158258B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113595730A (en) * 2021-09-28 2021-11-02 统信软件技术有限公司 Processing method and device for generating ECC curve in engineering
CN114257380A (en) * 2021-12-20 2022-03-29 湖南国科微电子股份有限公司 Digital signature method, system and equipment
CN114567448A (en) * 2022-04-29 2022-05-31 华南师范大学 Collaborative signature method and collaborative signature system
CN115442052A (en) * 2022-08-30 2022-12-06 云海链控股股份有限公司 Collaborative signature method, system, equipment and computer readable storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140164765A1 (en) * 2011-05-13 2014-06-12 Telefonica, S.A. Procedure for a multiple digital signature
US9489522B1 (en) * 2013-03-13 2016-11-08 Hrl Laboratories, Llc Method for secure and resilient distributed generation of elliptic curve digital signature algorithm (ECDSA) based digital signatures with proactive security
CN108964906A (en) * 2018-07-19 2018-12-07 数安时代科技股份有限公司 The digital signature method of co-EC C
CN109088726A (en) * 2018-07-19 2018-12-25 郑州信大捷安信息技术股份有限公司 Communicating pair collaboration signature and decryption method and system based on SM2 algorithm
CN110365487A (en) * 2019-07-19 2019-10-22 北京向芯力科技有限公司 A kind of collaboration endorsement method and device based on SM2 algorithm
CN110535636A (en) * 2019-07-19 2019-12-03 北京向芯力科技有限公司 A kind of collaboration endorsement method and device based on SM2 algorithm of lightweight
CN110943826A (en) * 2018-09-21 2020-03-31 郑州信大捷安信息技术股份有限公司 Split key signature method and system based on SM2 algorithm

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140164765A1 (en) * 2011-05-13 2014-06-12 Telefonica, S.A. Procedure for a multiple digital signature
US9489522B1 (en) * 2013-03-13 2016-11-08 Hrl Laboratories, Llc Method for secure and resilient distributed generation of elliptic curve digital signature algorithm (ECDSA) based digital signatures with proactive security
CN108964906A (en) * 2018-07-19 2018-12-07 数安时代科技股份有限公司 The digital signature method of co-EC C
CN109088726A (en) * 2018-07-19 2018-12-25 郑州信大捷安信息技术股份有限公司 Communicating pair collaboration signature and decryption method and system based on SM2 algorithm
CN110943826A (en) * 2018-09-21 2020-03-31 郑州信大捷安信息技术股份有限公司 Split key signature method and system based on SM2 algorithm
CN110365487A (en) * 2019-07-19 2019-10-22 北京向芯力科技有限公司 A kind of collaboration endorsement method and device based on SM2 algorithm
CN110535636A (en) * 2019-07-19 2019-12-03 北京向芯力科技有限公司 A kind of collaboration endorsement method and device based on SM2 algorithm of lightweight

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DAVID DERLER等: "Short Double- and N-Times-Authentication-Preventing Signatures from ECDSA and More", 《 2018 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY》 *
王婧等: "安全高效的两方协同ECDSA签名方案", 《通信学报 》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113595730A (en) * 2021-09-28 2021-11-02 统信软件技术有限公司 Processing method and device for generating ECC curve in engineering
CN113595730B (en) * 2021-09-28 2022-02-22 统信软件技术有限公司 Processing method and device for generating ECC curve in engineering
CN114257380A (en) * 2021-12-20 2022-03-29 湖南国科微电子股份有限公司 Digital signature method, system and equipment
CN114567448A (en) * 2022-04-29 2022-05-31 华南师范大学 Collaborative signature method and collaborative signature system
CN114567448B (en) * 2022-04-29 2022-08-02 华南师范大学 Collaborative signature method and collaborative signature system
CN115442052A (en) * 2022-08-30 2022-12-06 云海链控股股份有限公司 Collaborative signature method, system, equipment and computer readable storage medium
CN115442052B (en) * 2022-08-30 2023-06-23 云海链控股股份有限公司 Collaborative signature method, collaborative signature system, collaborative signature equipment and computer-readable storage medium

Also Published As

Publication number Publication date
CN113158258B (en) 2022-02-11

Similar Documents

Publication Publication Date Title
CN113158258B (en) Collaborative signature method, device and system based on elliptic curve
CN109088726B (en) SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties
CN108989047B (en) SM2 algorithm-based cooperative signature method and system for two communication parties
CN103427997B (en) A kind of method generating digital signature and device
McGrew et al. Fundamental elliptic curve cryptography algorithms
CA2308170C (en) Masked digital signatures
JP3862500B2 (en) High-speed elliptic curve encryption method and apparatus by direct embedding method
CN100414492C (en) Elliptic curve cipher system and implementing method
CN107623570B (en) SM2 signature method based on addition key segmentation
CA2855099C (en) Key agreement protocol for generating a shared secret key for use by a pair of entities in a data communication system
CN107911217B (en) Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system
CN109743166B (en) Multiparty signature generation method and security information verification system
CN110535635B (en) Cooperative signature method and system supporting information hiding
CN112187469B (en) SM2 multiparty collaborative digital signature method and system based on key factors
CN101753306A (en) Digital signature authentication method for applying Montgomery elliptic curve
JP2004501385A (en) Elliptic curve encryption method
Dawahdeh et al. A new modification for menezes-vanstone elliptic curve cryptosystem
CA2669472C (en) Compressed ecdsa signatures
Dawahdeh et al. Modified ElGamal elliptic curve cryptosystem using hexadecimal representation
CN110535636B (en) Lightweight cooperative signature method and device based on SM2 algorithm
US10425227B2 (en) Computer-readable recording medium, shared key generation method, and information processing terminal
CN112350827B (en) Koblitz curve-based elliptic curve encryption and decryption method and system for acceleration scalar multiplication calculation
CN110943826B (en) Split key signature method and system based on SM2 algorithm
Chande et al. An improvement of a elliptic curve digital signature algorithm
CN114567448B (en) Collaborative signature method and collaborative signature system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A collaborative signature method, device, and system based on elliptic curves

Granted publication date: 20220211

Pledgee: Bank of Zhengzhou Co.,Ltd. Zhongyuan Science and Technology City Sub branch

Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd.

Registration number: Y2024980007004