CN113849831A - Two-party collaborative signature and decryption method and system based on SM2 algorithm - Google Patents

Two-party collaborative signature and decryption method and system based on SM2 algorithm Download PDF

Info

Publication number
CN113849831A
CN113849831A CN202110994073.7A CN202110994073A CN113849831A CN 113849831 A CN113849831 A CN 113849831A CN 202110994073 A CN202110994073 A CN 202110994073A CN 113849831 A CN113849831 A CN 113849831A
Authority
CN
China
Prior art keywords
party
sub
communication
communication party
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110994073.7A
Other languages
Chinese (zh)
Inventor
王慧
张渊
郑江东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Co ltd
Original Assignee
Beijing Watchdata Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Watchdata Co ltd filed Critical Beijing Watchdata Co ltd
Priority to CN202110994073.7A priority Critical patent/CN113849831A/en
Publication of CN113849831A publication Critical patent/CN113849831A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a two-party cooperative signature and decryption method and system based on SM2 algorithm, belonging to the technical field of cryptography application, wherein the cooperative signature method comprises the following steps: the two communication parties generate own sub-private keys, wherein one party calculates a part of public keys according to the own sub-private keys and sends the public keys to the other communication party; the other communication party calculates and discloses a complete public key according to the self-sub private key and the partial public key; the first communication party calculates the abstract of the message to be signed, generates a first part signature according to the own sub private key and sends the first part signature to the second communication party; the second communication party calculates a second part signature according to the received data and the own sub private key and sends the second part signature to the first communication party; and the first communication party generates a complete signature according to the self sub private key and the second partial signature and outputs the complete signature. Meanwhile, the invention relates to a two-party cooperative decryption method. The invention can fully ensure the safety of the SM2 algorithm private key; the communication and computing cost is low, the practical operability is strong, and the cloud computing environment with low delay and less interaction can be met.

Description

Two-party collaborative signature and decryption method and system based on SM2 algorithm
Technical Field
The invention belongs to the technical field of cryptography application, and particularly relates to a two-party collaborative signature and decryption method and system based on SM2 algorithm.
Background
The cryptographic technology is a core technology of information security, wherein a public key cryptosystem is more suitable for application scenarios such as digital signatures and the like due to asymmetry of a public key and a private key, and can effectively solve the problem of key distribution. Digital signature and encryption and decryption technologies based on a public key cryptosystem are widely applied to electronic commerce, identity authentication and the like, and in the public key cryptosystem, how to ensure the safety of a user private key is a very important problem. Often the user's private key needs to be securely generated, stored and used in specialized hardware. However, with the popularization of public key cryptographic algorithms and the popularization of SM2 elliptic curve public key cryptographic algorithms independently developed in China, the SM2 algorithm also plays an increasingly important role in Internet of things applications such as car networking, intelligent medical systems and intelligent home systems, and cloud computing systems. Many systems and terminals using the SM2 algorithm, especially mobile intelligent terminals, do not have hardware cryptographic modules configured in the forms of cryptographic chips, secure elements, etc., and we call "weak terminals", which can only rely on software cryptographic modules to complete cryptographic operations, and the private key needs to be stored in the local storage medium of the user terminal. Although the private key can be protected by means of encryption, PIN code protection and the like, the private key is still easily stolen by attackers.
How to protect the security of the private key in the 'weak terminal' is a very important problem in the implementation process of the cryptographic algorithm. One possible solution to this problem is to use a multi-party cooperative signature or decryption method, where the private key is split into multiple shares and stored separately in different terminals. When the private key operation is carried out, each terminal uses the own sub-private key to carry out operation and interacts partial operation results, so that a final private key operation result is finally obtained at a certain party. In the processes of private key generation and private key operation, the complete private key can be avoided, so that the safety of the private key can be effectively improved.
At present, some schemes for two-party collaborative signing or decryption based on the SM2 algorithm exist, however, the problems of large calculation amount, large interactive data amount, large storage space, low signing or decryption efficiency and the like exist, the performance overhead is large, and a better technical solution needs to be sought.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a two-party collaborative signing and decryption method and system based on an SM2 algorithm, and the method and system can fully ensure the security of an SM2 algorithm private key; the communication and calculation cost is low, the basic operation module of the SM2 algorithm can be multiplexed, the actual operability is strong, and the cloud computing environment with low delay and less interaction can be met.
In order to achieve the above object, in a first aspect, the present invention provides a two-party cooperative signature method based on SM2 algorithm, involving a first communication party and a second communication party, the method including a public key generation phase and a cooperative signature phase, where the public key generation phase includes the following steps:
the two communication parties respectively generate own sub-private keys, one of the two communication parties calculates a part of public keys according to the own sub-private keys and sends the part of public keys to the other communication party;
the other communication party calculates and opens a complete public key according to the own sub-private key and the received partial public key;
the co-signing stage comprises the following steps:
the first communication party calculates the message digest of the message to be signed, generates a first part signature according to a self sub private key, and sends the message digest and the first part signature to the second communication party;
the second communication party calculates a second part of signature according to the received message digest, the first part of signature and the own sub private key, and sends the second part of signature to the first communication party;
and the first communication party generates a complete signature according to the own sub private key and the received second partial signature and outputs the complete signature.
Further, as described above, in the two-party cooperative signature method based on the SM2 algorithm, the calculation method of the complete public key is:
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1Calculating a partial public key P1=D1[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2And the received partial public key P1Calculating complete public key P ═ D2[*](P1+G)+P1
If P is O, regenerating a random number, otherwise, disclosing P as a complete public key, wherein O is an infinite point of the elliptic curve E;
or the calculation method of the complete public key comprises the following steps:
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2Calculating a partial public key P2=D2[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1And the received partial public key P2Calculating complete public key P ═ D1[*](P2+G)+P2
If P ═ O, then the random number is regenerated, otherwise P is published as the complete public key, where O is the infinity point of the elliptic curve E.
Further, according to the two-party cooperative signing method based on the SM2 algorithm, the first communication party calculates the message digest of the message to be signed, and the specific steps of generating the first partial signature according to the own sub-private key based on the SM2 algorithm are as follows:
for a message M to be signed, a first communication party splices a corresponding Z value in an SM2 algorithm and the message M to be signed into M ', namely M ' ═ Z | | M, and then calculates a message digest e ═ H (M '), wherein Z represents an identity common to the first communication party and a second communication party, and H () represents a predetermined cryptographic hash function;
the first communication party generates a random number k1∈[1,n-1]According to k1Calculating a first partial signature Q1=k1(1+D1)[*]G。
Further, as described above, in the two-party cooperative signature method based on the SM2 algorithm, the second partial signature is calculated by:
the second party generates a random number k2∈[1,n-1]According to k2And the received first partial signature Q1Calculating Q2=(1+D2)[*]Q1+k2[*]G=(x1,y1) And calculating r ═ x1mod n, if r is 0, the second communication party regenerates the random number, wherein mod is modulo operation;
if r ≠ 0, the second party calculates s2=(1+D2)-1(r+k2) mod n to obtain a second partial signature r and s2
Further, in the two-party cooperative signature method based on the SM2 algorithm, the generating, by the first communication party, a complete signature according to the own sub-private key and the received second partial signature and outputting specifically are:
the first communication party according to the sub-private key D1And the received second partial signatures r and s2Calculating the signature component s ═ 1+ D1)-1s2+k1-r mod n;
And if s is 0 or n-r, restarting the signature process, otherwise, outputting (r, s) as a complete signature.
In a second aspect, the present invention provides a two-party cooperative decryption method based on SM2 algorithm, involving a first communication party and a second communication party, the method includes a public key generation phase and a cooperative decryption phase, wherein the public key generation phase includes the following steps:
the two communication parties respectively generate own sub-private keys, one of the two communication parties calculates a part of public keys according to the own sub-private keys and sends the part of public keys to the other communication party;
the other communication party calculates and opens a complete public key according to the own sub-private key and the received partial public key;
the collaborative decryption phase comprises the following steps:
the first communication party extracts a first part of ciphertext from the acquired ciphertext and sends the first part of ciphertext to the second communication party;
the second communication party carries out partial decryption on the first part of ciphertext according to the own sub private key to obtain a part of ciphertext and sends the part of ciphertext to the first communication party;
and the first communication party decrypts the ciphertext completely according to the own sub private key and the received partial ciphertext to obtain a complete plaintext and outputs the complete plaintext.
Further, as described above, in the two-party cooperative decryption method based on the SM2 algorithm, the calculation method of the complete public key is:
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1Calculating a partial public key P1=D1[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2And the received partial public key P1Calculating complete public key P ═ D2[*](P1+G)+P1
If P is O, regenerating a random number, otherwise, disclosing P as a complete public key, wherein O is an infinite point of the elliptic curve E;
or the calculation method of the complete public key comprises the following steps:
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2Calculating a partial public key P2=D2[*]G, wherein G is SM2 algorithm ellipse shared by both communication partiesBase point of the circular curve E, n is the order of the base point [. X ]]Represents a dot product operation on the elliptic curve E;
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1And the received partial public key P2Calculating complete public key P ═ D1[*](P2+G)+P2
If P ═ O, then the random number is regenerated, otherwise P is published as the complete public key, where O is the infinity point of the elliptic curve E.
Further, in the two-party cooperative decryption method based on the SM2 algorithm, the extracting, by the first communication party, the first part of the ciphertext from the obtained ciphertext, and sending the first part of the ciphertext to the second communication party specifically includes:
the first communication party slave cipher text C ═ C1||C3||C2Extract the first part of the ciphertext C1And C is1Is converted into a point on the elliptic curve E, and C is judged1If the point is not the infinite point, if so, C is added1To a second communication party, where C1、C3、C2Is a bit string.
Further, in the two-party cooperative decryption method based on the SM2 algorithm, a calculation formula for the second communication party to obtain a partial ciphertext is as follows: t ═ D2[*]C1
Further, in the two-party cooperative decryption method based on the SM2 algorithm, the specific process that the first communication party completely decrypts the ciphertext according to the sub private key of the first communication party and the received partial ciphertext to obtain a complete plaintext and outputs the complete plaintext includes:
first communication partner calculates D1[*]C1+(1+D1)[*]T=(x2,y2) And will coordinate x2,y2Converting into a bit string;
the first communication partner calculates t ═ KDF (x)2||y2Klen), where KDF () represents a predetermined key derivation function and klen represents the length of key data to be obtained, reports an error and exits if t is an all-zero bit string;
If t ≠ 0, the first communication party follows the ciphertext C ═ C1||C3||C2Extract the second part of the ciphertext C2Calculating M ═ C2⊕t;
The first communication party calculates u ═ H (x)2||M”||y2) From the ciphertext C ═ C1||C3||C2Extract a third portion of ciphertext C3If u ≠ C3If not, the complete plaintext M' is output.
In a third aspect, the present invention provides a two-party cooperative signature system based on SM2 algorithm, including a first communication party and a second communication party, where the first communication party and the second communication party are in communication connection, and the two-party cooperative signature system is configured to execute the two-party cooperative signature method based on SM2 algorithm of the first aspect.
In a fourth aspect, the present invention provides a two-party cooperative decryption system based on SM2 algorithm, including a first communication party and a second communication party, where the first communication party and the second communication party are connected in communication, and the two-party cooperative decryption system is configured to execute the two-party cooperative decryption method based on SM2 algorithm described in the second aspect.
The two-party collaborative signing and decryption method and system based on the SM2 algorithm can independently generate and store part of private keys at two communication parties, and then carry out two-party collaborative signing and decryption. Compared with the prior art, the invention has the beneficial effects that:
1. the whole private key of the SM2 algorithm never appears in the whole process, so that the safety of the private key of the SM2 algorithm is improved;
2. the private key is divided into two parts which can be respectively stored in different terminals, so that the method is more suitable for application scenes in which a plurality of mobile intelligent terminals participate at present;
3. the two parties need less computation in the signing or decryption operation process, and the transmitted data in the communication process are less, so that the method is more suitable for the cloud computing environment requiring low delay and high interaction;
4. the basic operation module of the SM2 algorithm can be multiplexed, a new operation module is not required to be added, the realization is simple, and the arrangement cost is low.
Drawings
Fig. 1 is a flowchart of a two-party cooperative signature method based on SM2 algorithm according to an embodiment of the present invention;
fig. 2 is an implementation mechanism of a public key generation phase provided in the embodiment of the present invention;
FIG. 3 is a mechanism for implementing the collaborative signing phase according to an embodiment of the present invention;
fig. 4 is a flowchart of a two-party cooperative decryption method based on the SM2 algorithm according to an embodiment of the present invention;
fig. 5 is a mechanism for implementing the cooperative decryption phase according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems solved, the technical solutions adopted, and the technical effects achieved by the present invention clearer, the technical solutions of the embodiments of the present invention will be further described in detail with reference to the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
For convenience of understanding, the basic concepts and terms involved in the embodiments of the present invention will be briefly described.
Both communication parties share SM2 algorithm elliptic curve parameter E (F)q) The elliptic curve E is defined in a finite field FqThe elliptic curve above, wherein G is a base point of the elliptic curve, the order of the base point is n, and O is an infinite point of the elliptic curve. The invention uses]Denotes the dot-product operation on E, k [. sup. ]]G represents a k-fold point of G; mod n represents a modulo n operation; for elliptic curve point addition and numerical addition, the addition is represented by a plus sign +: if the addition is the point addition of the elliptic curve, the + represents the point addition operation; if the numerical value is added, the + represents the addition operation of the numerical value; h () represents a predetermined cryptographic hash function, KDF () represents a predetermined key derivation function, klen represents the length of key data to be obtained, and | represents concatenation。
For convenience of description, a first communication party and a second communication party are used to represent two communication parties respectively, wherein the first communication party may be a client or a server, and correspondingly, when the first communication party is a client, the second communication party is a server; and when the first communication party is the server side, the second communication party is the client side.
Fig. 1 shows a flow chart of a two-party cooperative signature method based on SM2 algorithm, which mainly includes a public key generation phase and a cooperative signature phase;
the public key generation stage mainly comprises the following steps:
and step S11, the two communication parties respectively generate own sub private keys, one party calculates a part of public keys according to the own sub private keys and sends the part of public keys to the other communication party.
And step S12, the other communication party calculates and opens the complete public key according to the own sub private key and the received partial public key.
In an alternative embodiment, the specific steps of generating the complete public key are as follows:
as shown in fig. 2, the first communication party generates a random number D1As its own private sub-key, D1Belong to [1, n-2 ]]Any integer in the range, and then according to the sub-private key D1Calculating partial public key P1And sends it to the second party. Partial public key P1The calculation formula of (2) is as follows: p1=D1[*]G
Wherein, G is the base point of the SM2 algorithm elliptic curve E shared by both communication parties, n is the order of the base point, and [ ] represents the dot multiplication operation on the elliptic curve E;
the second party generates a random number D2As its own private sub-key, D2Belong to [1, n-2 ]]Any integer within the range and according to the sub-private key D2And P1And (3) calculating a complete public key P, wherein the calculation formula of P is as follows:
P=D2[*](P1+G)+P1
if P ═ O, then the random number needs to be regenerated, otherwise P is published as the complete public key, where O is the infinite point of the elliptic curve E.
In the public key generation phase, the identities of the first communication party and the second communication party are interchangeable, that is, the method for generating the complete public key may also be:
the second party generates a random number D2As its own private sub-key, D2Belong to [1, n-2 ]]Any integer in the range, and then according to the sub-private key D2Calculating partial public key P2And sends it to the second party. Partial public key P2The calculation formula of (2) is as follows: p2=D2[*]G
Wherein, G is the base point of the SM2 algorithm elliptic curve E shared by both communication parties, n is the order of the base point, and [ ] represents the dot multiplication operation on the elliptic curve E;
the first communication party generates a random number D1As its own private sub-key, D1Belong to [1, n-2 ]]Any integer within the range and according to the sub-private key D1And P2And (3) calculating a complete public key P, wherein the calculation formula of P is as follows:
P=D1[*](P2+G)+P2
if P ═ O, then the random number needs to be regenerated, otherwise P is published as the complete public key, where O is the infinite point of the elliptic curve E.
Referring to fig. 3, the collaborative signing phase mainly includes the following steps:
step S13, the first communication party calculates the message digest of the message to be signed, generates the first part signature according to the own sub private key, and sends the message digest and the first part signature to the second communication party.
In an optional implementation manner, the step S13 of calculating the message digest of the message to be signed and generating the first partial signature specifically includes:
for a message M to be signed, a first communication party splices a corresponding Z value in an SM2 algorithm and the message M to be signed into M ', namely M ' ═ Z | | M, and then calculates a message digest e ═ H (M '), wherein Z represents an identity common to the first communication party and a second communication party, and H () represents a predetermined cryptographic hash function;
the first communication party generates a random number k1∈[1,n-1]According to k1Calculating a first partial signature Q1=k1(1+D1)[*]G。
And step S14, the second communication party calculates a second part signature according to the received message digest, the first part signature and the own sub private key, and sends the second part signature to the first communication party.
In an alternative embodiment, the specific step of calculating the second partial signature in step S14 includes:
the second party generates a random number k2∈[1,n-1]According to k2And the received first partial signature Q1Calculating Q2=(1+D2)[*]Q1+k2[*]G=(x1,y1) And calculating r ═ x1mod n, if r is 0, the second communication party regenerates the random number, wherein mod is modulo operation;
if r ≠ 0, the second party calculates s2=(1+D2)-1(r+k2) mod n to obtain a second partial signature r and s2
And step S15, the first communication party generates a complete signature according to the sub private key and the received second partial signature and outputs the complete signature.
In an optional implementation manner, the step of generating the complete signature in step S15 specifically includes:
the first communication party according to the sub-private key D1And the received second partial signatures r and s2Calculating the signature component s ═ 1+ D1)-1s2+k1-r mod n;
And if s is 0 or n-r, restarting the signature process, otherwise, outputting (r, s) as a complete signature.
The subsequent signature verification process is consistent with the signature verification process in the SM2 algorithm.
In the embodiment, in the public key generation stage, both communication parties independently generate own sub-private keys respectively, one party can calculate and disclose the public key through one round of information transmission, and the complete private key of SM2 does not appear in the whole process, so that the safety of the SM2 private key is improved; in the cooperative signature stage, two communication parties use respective sub private keys to generate a complete signature on one communication party through two rounds of information transmission, and any third party obtaining the signature can verify the signature through public key information and an SM2 algorithm.
The public key generation stage only needs to transmit one data, and only two data are transmitted in each round in the collaborative signature stage, so that the communication data amount is small; the public key generation stage does not use point subtraction operation or modular inverse budget which is high in consumption, only two point multiplication operations are needed, and only three point multiplication operations are used in the collaborative signature stage, so that the calculation cost is greatly reduced.
Fig. 4 shows a flowchart of a two-party cooperative decryption method based on SM2 algorithm, which mainly includes a public key generation phase and a cooperative decryption phase;
the public key generation phase is the same as the steps S11 and S12 in the public key generation phase in the two-party collaborative signing method based on the SM2 algorithm, and will not be described in detail here.
Referring to fig. 5, the collaborative decryption phase mainly includes the following steps:
step S23, the first communication party extracts a first part of the ciphertext from the obtained ciphertext, and sends the first part of the ciphertext to the second communication party.
In an alternative embodiment, the first communication partner reads the ciphertext C ═ C from the ciphertext C1||C3||C2Extract the first part of the ciphertext C1And C is1Is converted into a point on the elliptic curve E, and C is judged1If the point is not the infinite point, if so, C is added1To a second communication party, where C1、C3、C2Is a bit string.
And step S24, the second communication party partially decrypts the first part of ciphertext according to the own sub private key to obtain a part of ciphertext and sends the part of ciphertext to the first communication party.
In an alternative embodiment, the partial ciphertext is calculated as: t ═ D2[*]C1
And step S25, the first communication party decrypts the ciphertext completely according to the own sub private key and the received partial ciphertext to obtain a complete plaintext and outputs the complete plaintext.
In an alternative embodiment, the specific decryption process in step S25 is:
first communication partner calculates D1[*]C1+(1+D1)[*]T=(x2,y2) And will coordinate x2,y2Converting into a bit string;
the first communication partner calculates t ═ KDF (x)2||y2Klen), if t is an all-zero bit string, reporting an error and exiting, where KDF () represents a predetermined key derivation function, and klen represents the length of key data to be obtained;
if t ≠ 0, the first communication party follows the ciphertext C ═ C1||C3||C2Extract the second part of the ciphertext C2Calculating M ═ C2⊕t;
The first communication party calculates u ═ H (x)2||M”||y2) From the ciphertext C ═ C1||C3||C2Extract a third portion of ciphertext C3If u ≠ C3If not, the complete plaintext M' is output.
In this embodiment, the two communicating parties can decrypt the legal ciphertext encrypted by the public key information and the SM2 algorithm disclosed by any third party at one party through two rounds of information transfer by using respective sub private keys. The whole decryption process (including a key generation stage and a cooperative decryption stage) does not need modular inverse operation, only one data needs to be transmitted in each round, the computation is less, and the method is more suitable for a cloud computing environment requiring low delay and high interaction.
According to the two-party collaborative signing method based on the SM2 algorithm, the invention provides a two-party collaborative signing system based on the SM2 algorithm, which comprises a first communication party and a second communication party, wherein the first communication party and the second communication party are in communication connection, and the two-party collaborative signing system is configured to execute the two-party collaborative signing method based on the SM2 algorithm.
According to the two-party cooperative decryption method based on the SM2 algorithm, the invention provides a two-party cooperative decryption system based on the SM2 algorithm, the system comprises a first communication party and a second communication party, the first communication party and the second communication party are in communication connection, and the two-party cooperative decryption system is configured to execute the two-party cooperative decryption method based on the SM2 algorithm.
The invention provides a two-party cooperative signature and decryption method and a two-party cooperative signature and decryption system based on SM2 algorithm, and simultaneously provides a technical scheme of cooperative signature and cooperative decryption, wherein in a public key generation stage, two communication parties respectively and independently generate own sub private keys, and one party can calculate and disclose a public key through one round of information transmission; in the cooperative signature stage, both communication parties use respective sub-private keys to generate a complete signature on one communication party through two rounds of information transmission, any third party obtaining the signature can check the signature through public key information and an SM2 algorithm, and the signature checking process is consistent with that in the SM2 algorithm; in the cooperative decryption stage, both communication parties use respective sub private keys, and through two rounds of information transmission, any third party can decrypt a legal ciphertext encrypted by public key information and an SM2 algorithm through the public key information and the SM2 algorithm. Through the above means, the beneficial effects obtained are as follows:
in the whole process, the complete private key of the SM2 algorithm never appears, so that the security of the private key of the SM2 algorithm is improved; the private key is divided into two parts which can be respectively stored in different terminals, so that the method is more suitable for application scenes in which a plurality of mobile intelligent terminals participate at present; the two parties need less computation in the signing or decryption operation process, and transmit less data in the communication process, so that the method is more suitable for the cloud computing environment requiring low delay and high interaction; the basic operation module of the SM2 algorithm can be multiplexed, a new operation module is not required to be added, the realization is simple, and the arrangement cost is low.
It will be understood by those skilled in the art that the present invention is not limited to the embodiments described in the detailed description, and the detailed description is for the purpose of explanation and not limitation. Other embodiments will be apparent to those skilled in the art from the following detailed description, which is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention as defined by the appended claims.

Claims (12)

1. A two-party cooperative signature method based on SM2 algorithm, involving a first communication party and a second communication party, the method comprising a public key generation phase and a cooperative signature phase, wherein the public key generation phase comprises the steps of:
the two communication parties respectively generate own sub-private keys, one of the two communication parties calculates a part of public keys according to the own sub-private keys and sends the part of public keys to the other communication party;
the other communication party calculates and opens a complete public key according to the own sub-private key and the received partial public key;
the co-signing stage comprises the following steps:
the first communication party calculates the message digest of the message to be signed, generates a first part signature according to a self sub private key, and sends the message digest and the first part signature to the second communication party;
the second communication party calculates a second part of signature according to the received message digest, the first part of signature and the own sub private key, and sends the second part of signature to the first communication party;
and the first communication party generates a complete signature according to the own sub private key and the received second partial signature and outputs the complete signature.
2. The SM2 algorithm-based two-party cooperative signature method of claim 1, wherein the complete public key is calculated by:
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1Calculating a partial public key P1=D1[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2And the received partial public key P1Calculate the complete publicThe key P is D2[*](P1+G)+P1
If P is O, regenerating a random number, otherwise, disclosing P as a complete public key, wherein O is an infinite point of the elliptic curve E;
or the calculation method of the complete public key comprises the following steps:
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2Calculating a partial public key P2=D2[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1And the received partial public key P2Calculating complete public key P ═ D1[*](P2+G)+P2
If P ═ O, then the random number is regenerated, otherwise P is published as the complete public key, where O is the infinity point of the elliptic curve E.
3. The two-party cooperative signing method based on SM2 algorithm of claim 2, wherein the first communication party calculates the message digest of the message to be signed, and the specific steps of generating the first partial signature based on SM2 algorithm according to its own sub-private key are:
for a message M to be signed, a first communication party splices a corresponding Z value in an SM2 algorithm and the message M to be signed into M ', namely M ' ═ Z | | M, and then calculates a message digest e ═ H (M '), wherein Z represents an identity common to the first communication party and a second communication party, and H () represents a predetermined cryptographic hash function;
the first communication party generates a random number k1∈[1,n-1]According to k1Calculating a first partial signature Q1=k1(1+D1)[*]G。
4. The SM2 algorithm-based two-party cooperative signature method of claim 3, wherein the second partial signature is calculated by:
the second party generates a random number k2∈[1,n-1]According to k2And the received first partial signature Q1Calculating Q2=(1+D2)[*]Q1+k2[*]G=(x1,y1) And calculating r ═ x1mod n, if r is 0, the second communication party regenerates the random number, wherein mod is modulo operation;
if r ≠ 0, the second party calculates s2=(1+D2)-1(r+k2) mod n to obtain a second partial signature r and s2
5. The two-party cooperative signature method based on the SM2 algorithm of claim 4, wherein the first communication party generates a complete signature from its own sub-private key and the received second partial signature and outputs:
the first communication party according to the sub-private key D1And the received second partial signatures r and s2Calculating the signature component s ═ 1+ D1)-1s2+k1-r mod n;
And if s is 0 or n-r, restarting the signature process, otherwise, outputting (r, s) as a complete signature.
6. A two-party cooperative decryption method based on SM2 algorithm, which relates to a first communication party and a second communication party, the method comprises a public key generation phase and a cooperative decryption phase, wherein the public key generation phase comprises the following steps:
the two communication parties respectively generate own sub-private keys, one of the two communication parties calculates a part of public keys according to the own sub-private keys and sends the part of public keys to the other communication party;
the other communication party calculates and opens a complete public key according to the own sub-private key and the received partial public key;
the collaborative decryption phase comprises the following steps:
the first communication party extracts a first part of ciphertext from the acquired ciphertext and sends the first part of ciphertext to the second communication party;
the second communication party carries out partial decryption on the first part of ciphertext according to the own sub private key to obtain a part of ciphertext and sends the part of ciphertext to the first communication party;
and the first communication party decrypts the ciphertext completely according to the own sub private key and the received partial ciphertext to obtain a complete plaintext and outputs the complete plaintext.
7. The two-party cooperative decryption method based on the SM2 algorithm of claim 6, wherein the complete public key is calculated by:
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1Calculating a partial public key P1=D1[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2And the received partial public key P1Calculating complete public key P ═ D2[*](P1+G)+P1
If P is O, regenerating a random number, otherwise, disclosing P as a complete public key, wherein O is an infinite point of the elliptic curve E;
or the calculation method of the complete public key comprises the following steps:
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2Calculating a partial public key P2=D2[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1And the received partial public key P2Calculating complete public key P ═ D1[*](P2+G)+P2
If P ═ O, then the random number is regenerated, otherwise P is published as the complete public key, where O is the infinity point of the elliptic curve E.
8. The two-party cooperative decryption method based on the SM2 algorithm of claim 7, wherein the extracting, by the first communication party, the first part of the ciphertext from the obtained ciphertext, and sending the first part of the ciphertext to the second communication party specifically includes:
the first communication party slave cipher text C ═ C1||C3||C2Extract the first part of the ciphertext C1And C is1Is converted into a point on the elliptic curve E, and C is judged1If the point is not the infinite point, if so, C is added1To a second communication party, where C1、C3、C2Is a bit string.
9. The two-party cooperative decryption method based on the SM2 algorithm of claim 8, wherein the calculation formula for the second communication party to obtain the partial ciphertext is as follows: t ═ D2[*]C1
10. The two-party cooperative decryption method based on the SM2 algorithm of claim 9, wherein the specific process of the first communication party completely decrypting the ciphertext according to its own sub-private key and the received partial ciphertext to obtain a complete plaintext and outputting the complete plaintext is as follows:
first communication partner calculates D1[*]C1+(1+D1)[*]T=(x2,y2) And will coordinate x2,y2Converting into a bit string;
the first communication partner calculates t ═ KDF (x)2||y2Klen), if t is an all-zero bit string, reporting an error and exiting, where KDF () represents a predetermined key derivation function, and klen represents the length of key data to be obtained;
if t ≠ 0, the first communication party follows the ciphertext C ═ C1||C3||C2Extract the second part of the ciphertext C2Calculating the complete plaintext M ═ C2⊕t;
The first communication party calculates u ═ H (x)2||M”||y2) From the ciphertext C ═ C1||C3||C2Extract a third portion of ciphertext C3If u ≠ C3If not, the complete plaintext M' is output.
11. A two-party collaborative signing system based on SM2 algorithm, comprising a first communication party and a second communication party, the first and second communication parties being communicatively connected, the two-party collaborative signing system being configured to perform the two-party collaborative signing method based on SM2 algorithm as recited in any one of claims 1-5.
12. A two-party cooperative decryption system based on SM2 algorithm, comprising a first communication party and a second communication party, the first communication party and the second communication party being communicatively connected, the two-party cooperative decryption system being configured to perform the two-party cooperative decryption method based on SM2 algorithm of any one of claims 6 to 10.
CN202110994073.7A 2021-08-27 2021-08-27 Two-party collaborative signature and decryption method and system based on SM2 algorithm Pending CN113849831A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110994073.7A CN113849831A (en) 2021-08-27 2021-08-27 Two-party collaborative signature and decryption method and system based on SM2 algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110994073.7A CN113849831A (en) 2021-08-27 2021-08-27 Two-party collaborative signature and decryption method and system based on SM2 algorithm

Publications (1)

Publication Number Publication Date
CN113849831A true CN113849831A (en) 2021-12-28

Family

ID=78976281

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110994073.7A Pending CN113849831A (en) 2021-08-27 2021-08-27 Two-party collaborative signature and decryption method and system based on SM2 algorithm

Country Status (1)

Country Link
CN (1) CN113849831A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314205A (en) * 2022-10-11 2022-11-08 中安网脉(北京)技术股份有限公司 Collaborative signature system and method based on key segmentation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115314205A (en) * 2022-10-11 2022-11-08 中安网脉(北京)技术股份有限公司 Collaborative signature system and method based on key segmentation
CN115314205B (en) * 2022-10-11 2023-01-03 中安网脉(北京)技术股份有限公司 Collaborative signature system and method based on key segmentation

Similar Documents

Publication Publication Date Title
CN109088726B (en) SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN107196763B (en) SM2 algorithm collaborative signature and decryption method, device and system
CN108768607B (en) Voting method, device, equipment and medium based on block chain
CN109309569B (en) SM2 algorithm-based collaborative signature method and device and storage medium
CN108418686B (en) Multi-distributed SM9 decryption method and medium, and key generation method and medium
CN111314089B (en) SM 2-based two-party collaborative signature method and decryption method
CN111049650B (en) SM2 algorithm-based collaborative decryption method, device, system and medium
CN107707358B (en) EC-KCDSA digital signature generation method and system
Vaudenay Provable security for block ciphers by decorrelation
CN110247757B (en) Block chain processing method, device and system based on cryptographic algorithm
CN108667625B (en) Digital signature method of cooperative SM2
CN111130804B (en) SM2 algorithm-based collaborative signature method, device, system and medium
CN107395368B (en) Digital signature method, decapsulation method and decryption method in media-free environment
CN104243456A (en) Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
CN109450640B (en) SM 2-based two-party signature method and system
US11223486B2 (en) Digital signature method, device, and system
WO2014205570A1 (en) Key agreement protocol
CN111030801A (en) Multi-party distributed SM9 key generation and ciphertext decryption method and medium
CN110855425A (en) Lightweight multiparty cooperative SM9 key generation and ciphertext decryption method and medium
CN113162773A (en) Heterogeneous blind signcryption method capable of proving safety
Diffie Conventional versus public key cryptosystems
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN108055134B (en) Collaborative computing method and system for elliptic curve point multiplication and pairing operation
CN113849831A (en) Two-party collaborative signature and decryption method and system based on SM2 algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination