CN114257380A - Digital signature method, system and equipment - Google Patents

Digital signature method, system and equipment Download PDF

Info

Publication number
CN114257380A
CN114257380A CN202111565694.XA CN202111565694A CN114257380A CN 114257380 A CN114257380 A CN 114257380A CN 202111565694 A CN202111565694 A CN 202111565694A CN 114257380 A CN114257380 A CN 114257380A
Authority
CN
China
Prior art keywords
signature
preset rule
random number
intermediate number
signature part
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111565694.XA
Other languages
Chinese (zh)
Inventor
杨艳
刘杰兵
华力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Goke Microelectronics Co Ltd
Original Assignee
Hunan Goke Microelectronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Goke Microelectronics Co Ltd filed Critical Hunan Goke Microelectronics Co Ltd
Priority to CN202111565694.XA priority Critical patent/CN114257380A/en
Publication of CN114257380A publication Critical patent/CN114257380A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a digital signature method, a system and a device, comprising: acquiring a signature key, a message digest, a first random number and elliptic curve points; based on a first preset rule, calculating the signature key to obtain a first intermediate number, wherein the first preset rule comprises inverse operation; obtaining a first signature part based on the message digest and the elliptic curve point operation; based on a second preset rule, operating the first intermediate number, the first signature part and the first random number to obtain a second signature part; a digital signature is determined based on the first signature portion and the second signature portion. Therefore, the signature key only participates in inversion operation, compared with the participation of various operations in the standard SM2 algorithm, the risk of being attacked is reduced, and the safety of the digital signature can be improved on the premise of not influencing the performance of the SM2 algorithm.

Description

Digital signature method, system and equipment
Technical Field
The present application relates to the field of information security technologies, and in particular, to a digital signature method, system, and device.
Background
The SM2 algorithm is a secure algorithm that ensures that the algorithm itself is not deciphered and cannot be operated in reverse. However, the SM2 algorithm is an open source algorithm, and if the key information is obtained during the use process, the whole process of the algorithm can be copied. Therefore, protection of the key during use is crucial. At present, the main key attack means is side channel attack, for example, sensitive information is obtained by means of obtaining an energy curve, an electromagnetic curve and the like in an algorithm operation process to perform template analysis, DPA (energy) and the like. The operation process of the SM2 signing algorithm includes a message and a key, wherein the key is a private key and needs to be private to a signing authority. The private key participates in the dot multiplication and inversion processes, energy curves of the two processes are greatly different from those of point addition operation of other points, and an attacker can analyze a real private key value through extracting the dot multiplication or inversion processes for multiple times.
At present, for the key protection of the SM2 signature process, a common method is to increase the difficulty of being attacked by adding interference items, such as adding useless inversion process or dot product, and hiding the real process, wherein the purpose of confusing audio and video and thus increasing the difficulty of attack is achieved, but the performance of the SM2 algorithm is affected.
Disclosure of Invention
In view of this, an object of the present application is to provide a digital signature method, system and device, which can improve the security of digital signature without affecting the performance of SM2 algorithm. The specific scheme is as follows:
in a first aspect, the present application discloses a digital signature method, which is applied to an SM2 algorithm encryption device, and the method includes:
acquiring a signature key, a message digest, a first random number and elliptic curve points;
based on a first preset rule, calculating the signature key to obtain a first intermediate number, wherein the first preset rule comprises inverse operation;
obtaining a first signature part based on the message digest and the elliptic curve point operation;
based on a second preset rule, operating the first intermediate number, the first signature part and the first random number to obtain a second signature part;
a digital signature is determined based on the first signature portion and the second signature portion.
Alternatively to this, the first and second parts may,
the first predetermined rule is that formula S1 ═ 1+ dA)-1mod n, where s1Is a first intermediate number, dAIs a signature key, n is a modulus;
the second predetermined rule is that the formula s ═ s(s)1(k + r) -r) modn, where k is a first random number, r is a first signature part, and s is a second signature part.
Optionally, the method further includes:
acquiring a second random number;
the calculating the signature key based on the first preset rule to obtain a first intermediate number includes: calculating the signature key based on the second random number and the first preset rule to obtain a first intermediate number;
the calculating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part comprises: and calculating the first intermediate number, the first signature part and the first random number based on the second random number and the second preset rule to obtain a second signature part.
Alternatively to this, the first and second parts may,
based on the second random number and the first preset rule, calculating the signature key to obtain a first intermediate number, including:
based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number;
based on the second random number and the second preset rule, calculating the first intermediate number, the first signature part and the first random number to obtain a second signature part, including:
based on the formula s ═ s1(k+r)r2-r) modn operation results in a second signature part.
Optionally, based on the second random number and the second preset rule, performing an operation on the first intermediate number, the first signature part, and the first random number to obtain a second signature part, including:
calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
calculating the second random number, the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
Alternatively to this, the first and second parts may,
the third preset rule is s2=(k+r)modn,s2Is a second intermediate number;
the fourth preset rule is s3=(s1s2r2)modn,s1Is a first intermediate number, s3Is a third intermediate number;
the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
Optionally, the calculating the first intermediate number, the first signature part, and the first random number based on the second preset rule to obtain the second signature part includes:
calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
calculating the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
Alternatively to this, the first and second parts may,
the third preset rule is s2=(k+r)modn,s2Is a second intermediate number;
the fourth preset rule is s3=(s1s2)modn,s1Is a first intermediate number, s3Is a third intermediate number;
the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
In a second aspect, the present application discloses a digital signature system, which is applied in an SM2 algorithm encryption device, and the system includes:
the acquisition module is used for acquiring a signature key, a message digest, a first random number and elliptic curve points;
the first intermediate number operation module is used for operating the signature key based on a first preset rule to obtain a first intermediate number, and the first preset rule comprises inverse operation;
the first signature part operation module is used for obtaining a first signature part based on the message digest and the elliptic curve point operation;
the second signature part operation module is used for operating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part;
a digital signature determination module to determine a digital signature based on the first signature portion and the second signature portion.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the aforementioned digital signature method.
It can be seen that, in the present application, a signature key, a message digest, a first random number, and elliptic curve points are obtained first, and then, based on a first preset rule, the signature key is operated to obtain a first intermediate number, the first preset rule includes an inverse operation, and based on the message digest and the elliptic curve points are operated to obtain a first signature part, and then, based on a second preset rule, the first intermediate number, the first signature part, and the first random number are operated to obtain a second signature part, and finally, based on the first signature part and the second signature part, a digital signature is determined. Therefore, the signature key only participates in inversion operation, compared with the participation of various operations in the standard SM2 algorithm, the risk of being attacked is reduced, and the safety of the digital signature can be improved on the premise of not influencing the performance of the SM2 algorithm.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a digital signature method provided herein;
FIG. 2 is a flow chart of a standard SM2 algorithm provided herein;
fig. 3 is a schematic structural diagram of a digital signature apparatus provided in the present application;
fig. 4 is a block diagram of an electronic device provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, for the key protection of the SM2 signature process, a common method is to increase the difficulty of being attacked by adding interference items, such as adding useless inversion process or dot product, and hiding the real process, wherein the purpose of confusing audio and video and thus increasing the difficulty of attack is achieved, but the performance of the SM2 algorithm is affected. Therefore, the digital signature scheme is provided, and the safety of the digital signature can be improved on the premise of not influencing the performance of the SM2 algorithm.
Referring to fig. 1, an embodiment of the present application discloses a digital signature method, where the signature method is applied to an SM2 algorithm encryption device, and the method includes:
step S11: and acquiring a signature key, a message digest, a first random number and elliptic curve points.
In some embodiments, a cryptographic hash function may be used to compress message data including a hash value and a message to be signed to obtain a message digest.
In a specific implementation manner, the embodiment of the present application may obtain a message to be signed, and based on a formula
Figure BDA0003421891390000051
Calculating to obtain a message digest, wherein e is the message digest, M is the message to be signed, and ZAIs a hash value of a discernable identification about user A, partial elliptic curve system parameters and user A public key, HvIs a cryptographic hash function with a message digest length of v bits. And, a first random number k ∈ [1, n-1 ] may be generated]。
Step S12: and calculating the signature key to obtain a first intermediate number based on a first preset rule, wherein the first preset rule comprises inverse operation.
Wherein the first preset rule is a formula S1=(1+dA)-1mod n, where s1Is a first intermediate number, dAN is the modulus, which is the signing key, i.e. the private key of user a.
Step S13: and calculating to obtain a first signature part based on the message digest and the elliptic curve points.
In particular embodiments, may be based on (x)1,y1)=[k]G calculates the points of the elliptic curve, wherein G is a base point of the elliptic curve, and the order of the base point is prime number, (x)1,y1) Are elliptic curve points.
The first signature part can be obtained by operation based on the message digest and the coordinate value of the abscissa of the elliptic curve point.
Further, it may be based on r ═ e + x1) mod n yields a first signature part, where x1Is the x-axis coordinate value of the elliptic curve point, and r is the first signature part.
Step S14: and calculating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part.
Wherein the second predetermined rule is that the formula s ═ s(s)1(k + r) -r) modn, where k is a first random number, r is a first signature part, and s is a second signature part.
Step S15: a digital signature is determined based on the first signature portion and the second signature portion.
In particular embodiments, a digital signature [ r, s ] may be obtained.
Referring to fig. 2, fig. 2 is a flowchart of a standard SM2 algorithm provided in the embodiment of the present application. The formula of the signature key participating in the operation is as follows:
s=((1+dA)-1(k-rdA))modn;
as can be seen from the above equation, d in the standard SM2 algorithm flowAWill directly participate in (1+ d)A)-1And rdAIn the dot product operation of (1). Further, the formula of the signature key participating operation in the standard SM2 algorithm can be equivalently transformed:
s=((1+dA)-1(k-rdA))modn
=((1+dA)-1(k+r-r-rdA))modn
=((1+dA)-1((k+r)-r(1+rdA)))modn
=((1+dA)-1(k+r)-((1+dA)-1r(1+rdA)))modn
=((1+dA)-1(k+r)-r)modn
so as to perform conversion d after the conversionAOnly participate in the inversion operation, and based on this, in the embodiment of the present application, firstly, based on the first preset rule, the signature key is operated to obtain the secondAnd the first preset rule comprises inverse operation, and then the first intermediate number, the first signature part and the first random number are operated to obtain a second signature part based on a second preset rule. Because of the pair d in the first predetermined ruleAThe first intermediate number is obtained by inversion operation, and the second preset rule only needs to calculate the first intermediate number, the first signature part and the first random number, and does not include dAThe operation of the method realizes the optimization of the SM2 signing process key operation process, the optimized SM2 key only participates in the inversion operation in the SM2 operation process, and the SM2 private key is effectively protected from being attacked by an external side channel attack means on the premise of not influencing the SM2 operation performance, so that the aim of improving the security of the SM2 signcryption private key is fulfilled.
In some embodiments, the operating the first intermediate number, the first signature part, and the first random number based on the second preset rule to obtain the second signature part specifically includes:
step 001: calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
step 002: calculating the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
step 003: and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
Wherein the third predetermined rule is s2=(k+r)modn,s2Is a second intermediate number; the fourth preset rule is s3=(s1s2)modn,s1Is a first intermediate number, s3Is a third intermediate number; the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
That is, the embodiment of the present application may be based on formula S1=(1+dA)-1modn、r=(e+x1)modn、s2=(k+r)modn、s3=(s1s2)modn、s=(s3-r) modn calculation resulting in a first signature part and a second signature part of the digital signature.
It should be noted that the curves of the operation types on the energy curve have large differences, and the curves of the same operation type have large similarities. Therefore, in order to protect the first signature part in the standard algorithm, i.e. to determine the intermediate variables of the second signature part, the present application prevents interception of the information of the first signature part by a modulo addition operation. The calculation process of the first signature part is placed in S1=(1+dA)-1mod n and s2The number of the modules is (k + r) mod n, so that the two-time modular addition operation can achieve a good shielding effect, and the attack difficulty is improved.
Further, in the embodiment of the present application, a second random number may be obtained; correspondingly, the calculating the signature key based on the first preset rule to obtain a first intermediate number includes: calculating the signature key based on the second random number and the first preset rule to obtain a first intermediate number; the calculating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part comprises: and calculating the first intermediate number, the first signature part and the first random number based on the second random number and the second preset rule to obtain a second signature part.
In a specific embodiment, the operating the signing key based on the second random number and the first preset rule to obtain a first intermediate number includes: based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number; based on the second random number and the second preset rule, calculating the first intermediate number, the first signature part and the first random number to obtain a second signature part, including: based on the formula s ═ s1(k+r)r2-r) modn operation results in a second signature part.
Note that for s ((1+ d)A)-1The inversion operation in (k + r) -r) modn may further be performed with a randomized masking operation as follows:
s=((1+dA)-1(k+r)-r)modn
=((r2)-1(1+dA)-1(k+r)r2-r)modn
=((r2+r2dA)-1(k+r)r2-r)modn
based on this, the embodiment of the present application is based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number; then based on the formula s ═ s(s)1(k+r)r2-r) modn operation results in a second signature part. Thus, after passing through the randomized mask, dAOnly directly participate in r2dAIs calculated, and r is2Is a random number, so the operation result of the dot product operation is the random number r2The difference occurs each time, and the attack difficulty is greatly improved from the method of side channel attack such as electromagnetic attack or template attack, so that the secret key dAThe safety of the device is greatly improved.
Further, in some embodiments, the calculating the first intermediate number, the first signature part, and the first random number based on the second random number and the second preset rule to obtain the second signature part specifically includes:
step 011: calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
step 012: calculating the second random number, the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
step 013: and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
Wherein the third presetRule is s2=(k+r)modn,s2Is a second intermediate number; the fourth preset rule is s3=(s1s2r2)modn,s1Is a first intermediate number, s3Is a third intermediate number; the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
That is, the embodiments of the present application may be based on the formula s1=(r2+r2dA)-1modn、r=(e+x1)modn、s2=(k+r)modn、s3=(s1s2r2)modn、s=(s3-r) modn calculation resulting in a first signature part and a second signature part of the digital signature.
It can be seen that, in the embodiments of the present application, in order to protect the first signature part, that is, determine the intermediate variable of the second signature part, the information of the first signature part is prevented from being intercepted by the modulo addition operation. Determining that the formula for the first signature part is hidden to s2Before the operation, the two modulo addition operations can achieve good shielding effect, and the attack difficulty is improved.
Taking SOC chip as an example, based on the formula s1=(r2+r2dA)-1modn、r=(e+x1)modn、s2=(k+r)modn、s3=(s1s2r2)modn、s=(s3-r) modn compiles an SM2 signature algorithm program, wherein r is for a second random number2The random number generating function of the SOC chip can be called to generate, and a software random number interface in an algorithm library (such as a C library) can be called to generate. And, edit the test case test SM2 whether the signature result is normal. The scheme provided by the application improves the safety on the premise of not influencing the performance of the SM2 algorithm.
Further, in some embodiments, the fourth preset rule may comprise s'3=(s2r2)modn、s3=(s1s’3) mod n, i.e. may be based on the formula s1=(r2+r2dA)-1modn、r=(e+x1)modn、s2=(k+r)modn、s’3=(s2r2)modn、s3=(s1s’3)modn、s=(s3-r) modn calculation resulting in a first signature part and a second signature part of the digital signature.
Referring to fig. 3, an embodiment of the present application discloses a digital signature system, where the signature system is applied to an SM2 algorithm encryption device, and the system includes:
an obtaining module 11, configured to obtain a signature key, a message digest, a first random number, and elliptic curve points;
a first median operation module 12, configured to perform an operation on the signature key based on a first preset rule to obtain a first median, where the first preset rule includes an inverse operation;
a first signature part operation module 13, configured to obtain a first signature part based on the message digest and the elliptic curve point operation;
a second signature part operation module 14, configured to perform operation on the first intermediate number, the first signature part, and the first random number based on a second preset rule to obtain a second signature part;
a digital signature determination module 15 for determining a digital signature based on the first signature part and the second signature part.
Therefore, in the embodiment of the application, the signature key only participates in the inversion operation, compared with the participation in various operations in the standard SM2 algorithm, the risk of being attacked is reduced, and the security of the digital signature can be improved on the premise of not influencing the performance of the SM2 algorithm.
Wherein the first preset rule is a formula S1=(1+dA)-1mod n, where s1Is a first intermediate number, dAIs a signature key, n is a modulus; the second predetermined rule is that the formula s ═ s(s)1(k + r) -r) modn, where k is a first random number, r is a first signature part, and s is a second signature part.
Further, the system further comprises: and the second random number acquisition module is used for acquiring a second random number.
Correspondingly, the first intermediate number operation module 12 is specifically configured to operate the signature key based on the second random number and the first preset rule to obtain a first intermediate number; the second signature part operation module 14 is specifically configured to perform operation on the first intermediate number, the first signature part, and the first random number based on the second random number and the second preset rule to obtain a second signature part.
And, the first intermediate number operation module 12 is specifically configured to operate based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number; the second signature part operation module 14 is specifically configured to calculate(s) based on the formula s ═ s1(k+r)r2-r) modn operation results in a second signature part.
In an embodiment, the second signature part operation module 14 specifically includes:
a second intermediate number operation sub-module, configured to operate on the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, where the third preset rule is a modulo addition operation;
a third intermediate number operation sub-module, configured to operate the second random number, the first intermediate number, and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, where the fourth preset rule is a modular multiplication operation;
and the second signature part operation submodule is used for operating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, and the fifth preset rule is a modulo reduction operation.
Wherein the third predetermined rule is s2=(k+r)modn,s2Is a second intermediate number; the fourth preset rule is s3=(s1s2r2)modn,s1Is a first intermediate number, s3Is a third intermediate number; the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
In another embodiment, the second signature part operation module 14 specifically includes:
a second intermediate number operation sub-module, configured to operate on the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, where the third preset rule is a modulo addition operation;
a third intermediate number operation sub-module, configured to perform an operation on the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, where the fourth preset rule is a modular multiplication operation;
and the second signature part operation submodule is used for operating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, and the fifth preset rule is a modulo reduction operation.
Wherein the third predetermined rule is s2=(k+r)modn,s2Is a second intermediate number; the fourth preset rule is s3=(s1s2)modn,s1Is a first intermediate number, s3Is a third intermediate number; the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
Referring to fig. 4, an embodiment of the present application discloses an electronic device 20, which includes a processor 21 and a memory 22; wherein, the memory 22 is used for saving computer programs; the processor 21 is configured to execute the computer program and the digital signature method disclosed in the foregoing embodiments.
For the specific process of the digital signature method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
The memory 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, and the storage mode may be a transient storage mode or a permanent storage mode.
In addition, the electronic device 20 further includes a power supply 23, a communication interface 24, an input-output interface 25, and a communication bus 26; the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to a specific application requirement, which is not specifically limited herein.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above detailed description is provided for a digital signature method, system and device, and specific examples are applied in this document to explain the principle and implementation of the present application, and the description of the above embodiments is only used to help understand the method and core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A digital signature method, wherein the signature method is applied to an SM2 algorithm encryption device, and the method comprises:
acquiring a signature key, a message digest, a first random number and elliptic curve points;
based on a first preset rule, calculating the signature key to obtain a first intermediate number, wherein the first preset rule comprises inverse operation;
obtaining a first signature part based on the message digest and the elliptic curve point operation;
based on a second preset rule, operating the first intermediate number, the first signature part and the first random number to obtain a second signature part;
a digital signature is determined based on the first signature portion and the second signature portion.
2. The digital signature method as claimed in claim 1,
the first preset rule is a formula S1=(1+dA)-1mod n, where s1Is a first intermediate number, dAIs a signature key, n is a modulus;
the second predetermined rule is that the formula s ═ s(s)1(k + r) -r) mod n, where k is a first random number, r is a first signature part, and s is a second signature part.
3. The digital signature method of claim 1, wherein the method further comprises:
acquiring a second random number;
the calculating the signature key based on the first preset rule to obtain a first intermediate number includes: calculating the signature key based on the second random number and the first preset rule to obtain a first intermediate number;
the calculating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part comprises: and calculating the first intermediate number, the first signature part and the first random number based on the second random number and the second preset rule to obtain a second signature part.
4. The digital signature method as claimed in claim 3,
based on the second random number and the first preset rule, calculating the signature key to obtain a first intermediate number, including:
based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number;
based on the second random number and the second preset rule, calculating the first intermediate number, the first signature part and the first random number to obtain a second signature part, including:
based on the formula s ═ s1(k+r)r2-r) mod n operation results in a second signature part.
5. The digital signature method of claim 3, wherein computing the first intermediate number, the first signature part and the first random number to obtain a second signature part based on the second random number and the second preset rule comprises:
calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
calculating the second random number, the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
6. The digital signature method as claimed in claim 5,
the third preset rule is s2=(k+r)modn,s2Is a second intermediate number;
the fourth preset rule is s3=(s1s2r2)mod n,s1Is a first intermediate number, s3Is a third intermediate number;
the fifth predetermined rule is s ═ s(s)3-r) mod n, s is the second signature part.
7. The method according to claim 1, wherein the operating the first intermediate number, the first signature part, and the first random number based on a second preset rule to obtain a second signature part comprises:
calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
calculating the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
8. The digital signature method as claimed in claim 7,
the third preset rule is s2=(k+r)modn,s2Is a second intermediate number;
the fourth preset rule is s3=(s1s2)mod n,s1Is a first intermediate number, s3Is a third intermediate number;
the fifth predetermined rule is s ═ s(s)3-r) mod n, s is the second signature part.
9. A digital signature system, wherein the signature system is applied to an SM2 algorithm encryption device, and the system comprises:
the acquisition module is used for acquiring a signature key, a message digest, a first random number and elliptic curve points;
the first intermediate number operation module is used for operating the signature key based on a first preset rule to obtain a first intermediate number, and the first preset rule comprises inverse operation;
the first signature part operation module is used for obtaining a first signature part based on the message digest and the elliptic curve point operation;
the second signature part operation module is used for operating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part;
a digital signature determination module to determine a digital signature based on the first signature portion and the second signature portion.
10. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the digital signature method of any one of claims 1 to 8.
CN202111565694.XA 2021-12-20 2021-12-20 Digital signature method, system and equipment Pending CN114257380A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111565694.XA CN114257380A (en) 2021-12-20 2021-12-20 Digital signature method, system and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111565694.XA CN114257380A (en) 2021-12-20 2021-12-20 Digital signature method, system and equipment

Publications (1)

Publication Number Publication Date
CN114257380A true CN114257380A (en) 2022-03-29

Family

ID=80796131

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111565694.XA Pending CN114257380A (en) 2021-12-20 2021-12-20 Digital signature method, system and equipment

Country Status (1)

Country Link
CN (1) CN114257380A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844650A (en) * 2022-05-24 2022-08-02 北京宏思电子技术有限责任公司 Equipment signature method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120069994A1 (en) * 2010-09-16 2012-03-22 Stmicroelectronics S.R.L. Method for genertaing a digital signature
CN103427997A (en) * 2013-08-16 2013-12-04 西安西电捷通无线网络通信股份有限公司 Method and device for generating digital signature
CN103546288A (en) * 2013-09-25 2014-01-29 中国科学院数据与通信保护研究教育中心 SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device
CN109309569A (en) * 2018-09-29 2019-02-05 北京信安世纪科技股份有限公司 The method, apparatus and storage medium of collaboration signature based on SM2 algorithm
CN112118111A (en) * 2020-09-04 2020-12-22 中国科学院大学 SM2 digital signature method suitable for threshold calculation
US20210028946A1 (en) * 2019-07-25 2021-01-28 EMC IP Holding Company LLC Blinding Techniques for Protection of Private Keys in Message Signing Based on Elliptic Curve Cryptography
CN113158258A (en) * 2021-03-31 2021-07-23 郑州信大捷安信息技术股份有限公司 Collaborative signature method, device and system based on elliptic curve

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120069994A1 (en) * 2010-09-16 2012-03-22 Stmicroelectronics S.R.L. Method for genertaing a digital signature
CN103427997A (en) * 2013-08-16 2013-12-04 西安西电捷通无线网络通信股份有限公司 Method and device for generating digital signature
CN103546288A (en) * 2013-09-25 2014-01-29 中国科学院数据与通信保护研究教育中心 SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device
CN109309569A (en) * 2018-09-29 2019-02-05 北京信安世纪科技股份有限公司 The method, apparatus and storage medium of collaboration signature based on SM2 algorithm
US20210028946A1 (en) * 2019-07-25 2021-01-28 EMC IP Holding Company LLC Blinding Techniques for Protection of Private Keys in Message Signing Based on Elliptic Curve Cryptography
CN112118111A (en) * 2020-09-04 2020-12-22 中国科学院大学 SM2 digital signature method suitable for threshold calculation
CN113158258A (en) * 2021-03-31 2021-07-23 郑州信大捷安信息技术股份有限公司 Collaborative signature method, device and system based on elliptic curve

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844650A (en) * 2022-05-24 2022-08-02 北京宏思电子技术有限责任公司 Equipment signature method and system
CN114844650B (en) * 2022-05-24 2023-12-01 北京宏思电子技术有限责任公司 Equipment signature method and system

Similar Documents

Publication Publication Date Title
Bauer et al. Horizontal collision correlation attack on elliptic curves: –Extended Version–
EP3424175B1 (en) Converting a boolean masked value to an arithmetically masked value for cryptographic operations
US7603560B2 (en) Method and apparatus for digital signature authentication
US7908641B2 (en) Modular exponentiation with randomized exponent
CN107004084B (en) Multiplicative mask for cryptographic operations
JP2004501385A (en) Elliptic curve encryption method
US20220166614A1 (en) System and method to optimize generation of coprime numbers in cryptographic applications
WO2020092257A1 (en) Constant time secure arithmetic-to-boolean mask conversion
CN113158258A (en) Collaborative signature method, device and system based on elliptic curve
CN114257380A (en) Digital signature method, system and equipment
JP2006259735A (en) Elliptic curve point octupling using single instruction multiple data processing
Arunachalam et al. FPGA implementation of time-area-efficient Elliptic Curve Cryptography for entity authentication
CN114567448A (en) Collaborative signature method and collaborative signature system
CN117910024B (en) Key generation method and device, electronic equipment and storage medium
EP4024755B1 (en) Secured performance of an elliptic curve cryptographic process
WO2023151171A1 (en) Elliptic curve digital signature calculation method resistant to memory information leakage attacks, and apparatus
CN117278213B (en) Polynomial commitment based method, electronic device and readable storage medium
CN117155539B (en) Confusion of analog radio frequency circuit netlist, restoration method, device, terminal and medium thereof
Han et al. Algorithm-based countermeasures against power analysis attacks for public-key cryptography SM2
CN115426113A (en) Digital signature operation method and intellectual property IP core
US20240137216A1 (en) Simplified masking for signed cryptography operations
CN116827547A (en) Elliptic curve point multiplication operation method, signature method and device, medium and equipment
JP2008141385A (en) Encryption method, encryption device, and encryption program
TW202416161A (en) Low-cost, high-security solutions for digital signature algorithm
CN118157860A (en) Data processing method and device based on identification password algorithm and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination